jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
343 commits 1 branch 0 tags 38 MiB
Commit graph

8 commits

Author SHA1 Message Date
Jeremie Fraeys
9434f4c8e6
feat(security): Artifact ingestion caps enforcement 
Add MaxArtifactFiles and MaxArtifactTotalBytes to SandboxConfig:
- Default MaxArtifactFiles: 10,000 (configurable via SecurityDefaults)
- Default MaxArtifactTotalBytes: 100GB (configurable via SecurityDefaults)
- ApplySecurityDefaults() sets defaults if not specified

Enforce caps in scanArtifacts() during directory walk:
- Returns error immediately when MaxArtifactFiles exceeded
- Returns error immediately when MaxArtifactTotalBytes exceeded
- Prevents resource exhaustion attacks from malicious artifact trees

Update all call sites to pass SandboxConfig for cap enforcement:
- Native bridge libs updated to pass caps argument
- Benchmark tests updated with nil caps (unlimited for benchmarks)
- Unit tests updated with nil caps

Closes: artifact ingestion caps items from security plan
 2026-02-23 19:43:28 -05:00
Jeremie Fraeys
3b194ff2e8
feat: GPU detection transparency and artifact scanner improvements
Some checks failed
Build CLI with Embedded SQLite / build (arm64, aarch64-linux) (push) Waiting to run
Details
Build CLI with Embedded SQLite / build (x86_64, x86_64-linux) (push) Waiting to run
Details
Build CLI with Embedded SQLite / build-macos (arm64) (push) Waiting to run
Details
Build CLI with Embedded SQLite / build-macos (x86_64) (push) Waiting to run
Details
Security Scan / Security Analysis (push) Waiting to run
Details
Security Scan / Native Library Security (push) Waiting to run
Details
Checkout test / test (push) Successful in 6s
Details
CI/CD Pipeline / Test (push) Failing after 1s
Details
CI/CD Pipeline / Dev Compose Smoke Test (push) Has been skipped
Details
CI/CD Pipeline / Build (push) Has been skipped
Details
CI/CD Pipeline / Test Scripts (push) Has been skipped
Details
CI/CD Pipeline / Test Native Libraries (push) Has been skipped
Details
CI/CD Pipeline / GPU Golden Test Matrix (push) Has been skipped
Details
Documentation / build-and-publish (push) Failing after 39s
Details
CI/CD Pipeline / Docker Build (push) Has been skipped
Details 
- Surface GPUDetectionInfo from parseGPUCountFromConfig for detection metadata
- Document FETCH_ML_TOTAL_CPU and FETCH_ML_GPU_SLOTS_PER_GPU env vars
- Add debug logging for all env var overrides to stderr
- Track config-layer auto-detection in GPUDetectionInfo.ConfigLayerAutoDetected
- Add --include-all flag to artifact scanner (includeAll parameter)
- Add AMD production mode enforcement (error in non-local mode)
- Add GPU detector unit tests for env overrides and AMD aliasing
 2026-02-23 12:29:34 -05:00
Jeremie Fraeys
be39b37aec
feat: native GPU detection and NVML bridge for macOS and Linux 
- Add dynamic NVML loading for Linux GPU detection
- Add macOS GPU detection via IOKit framework
- Add Zig NVML wrapper for cross-platform GPU queries
- Update native bridge to support platform-specific GPU libs
- Add CMake support for NVML dynamic library
 2026-02-21 17:59:59 -05:00
Jeremie Fraeys
e557313e08
fix: context reuse benchmark uses temp directory 
- Replace hardcoded testdata path with b.TempDir()
- Add createSmallDataset helper for self-contained benchmarks
- Fixes FAIL: BenchmarkContextReuse / BenchmarkSequentialHashes
 2026-02-21 14:38:00 -05:00
Jeremie Fraeys
90d702823b
fix: correct C type cast and add context reuse benchmark 
- Fix C.uint32_t cast for runtime.NumCPU() in native_bridge_libs.go
- Add context_reuse_bench_test.go to verify performance gains
- All native tests pass (8/8)
- Benchmarks functional
 2026-02-21 14:20:40 -05:00
Jeremie Fraeys
d1ac558107
perf: implement context reuse 
Go Worker (internal/worker/native_bridge_libs.go):
- Add global hashCtx with sync.Once for lazy initialization
- Eliminates 5-20ms fh_init/fh_cleanup per hash operation
- Uses runtime.NumCPU() for optimal thread count
- Log initialization time for observability

Zig CLI (cli/src/native/hash.zig):
- Add global_ctx with atomic flag and mutex
- Thread-safe initialization with double-check pattern
- Idempotent init() callable from multiple threads
- Log init time for debugging
 2026-02-21 14:19:14 -05:00
Jeremie Fraeys
96a8e139d5
refactor(internal): update native bridge and queue integration 
- Improve native queue integration in protocol layer
- Update native bridge library loading
- Clean up queue native implementation
 2026-02-18 12:45:59 -05:00
Jeremie Fraeys
a93b6715fd
feat: add native library bridge and queue integration 
- Add native_queue.go with CGO bindings for queue operations
- Add native_queue_stub.go for non-CGO builds
- Add hash_selector to choose between Go and native implementations
- Add native_bridge_libs.go for CGO builds with native_libs tag
- Add native_bridge_nocgo.go stub for non-CGO builds
- Update queue errors and task handling for native integration
- Update worker config and runloop for native library support
 2026-02-16 20:38:30 -05:00