PyPI - invarlock - Versions diffs - 0.3.1__py3-none-any.whl → 0.3.3__py3-none-any.whl - Mend

invarlock 0.3.1py3-none-any.whl → 0.3.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

invarlock/__init__.py +1 -1
invarlock/_data/runtime/tiers.yaml +61 -0
invarlock/adapters/hf_loading.py +97 -0
invarlock/calibration/__init__.py +6 -0
invarlock/calibration/spectral_null.py +301 -0
invarlock/calibration/variance_ve.py +154 -0
invarlock/cli/app.py +15 -0
invarlock/cli/commands/calibrate.py +576 -0
invarlock/cli/commands/doctor.py +9 -3
invarlock/cli/commands/explain_gates.py +53 -9
invarlock/cli/commands/plugins.py +12 -2
invarlock/cli/commands/run.py +181 -79
invarlock/cli/commands/verify.py +40 -0
invarlock/cli/config.py +11 -1
invarlock/cli/determinism.py +252 -0
invarlock/core/auto_tuning.py +215 -17
invarlock/core/bootstrap.py +137 -5
invarlock/core/registry.py +9 -4
invarlock/core/runner.py +305 -35
invarlock/eval/bench.py +467 -141
invarlock/eval/bench_regression.py +12 -0
invarlock/eval/bootstrap.py +3 -1
invarlock/eval/data.py +29 -7
invarlock/eval/primary_metric.py +20 -5
invarlock/guards/rmt.py +536 -46
invarlock/guards/spectral.py +217 -10
invarlock/guards/variance.py +124 -42
invarlock/reporting/certificate.py +476 -45
invarlock/reporting/certificate_schema.py +4 -1
invarlock/reporting/guards_analysis.py +108 -10
invarlock/reporting/normalizer.py +24 -1
invarlock/reporting/policy_utils.py +97 -15
invarlock/reporting/primary_metric_utils.py +17 -0
invarlock/reporting/validate.py +10 -10
{invarlock-0.3.1.dist-info → invarlock-0.3.3.dist-info}/METADATA +12 -10
{invarlock-0.3.1.dist-info → invarlock-0.3.3.dist-info}/RECORD +40 -33
{invarlock-0.3.1.dist-info → invarlock-0.3.3.dist-info}/WHEEL +0 -0
{invarlock-0.3.1.dist-info → invarlock-0.3.3.dist-info}/entry_points.txt +0 -0
{invarlock-0.3.1.dist-info → invarlock-0.3.3.dist-info}/licenses/LICENSE +0 -0
{invarlock-0.3.1.dist-info → invarlock-0.3.3.dist-info}/top_level.txt +0 -0

invarlock/cli/commands/plugins.py CHANGED Viewed

@@ -897,11 +897,21 @@ def _check_plugin_extras(plugin_name: str, plugin_type: str) -> str:
     if not plugin_info or not plugin_info["packages"]:
         return ""  # No extra dependencies needed
-    # Check each required package using import to play nice with tests that mock __import__
+    # Check each required package. For most packages we use a light import so
+    # tests can monkeypatch __import__; for GPU-only stacks like bitsandbytes
+    # we only probe presence via importlib.util.find_spec to avoid crashing on
+    # CPU-only builds during simple listing.
     missing_packages: list[str] = []
     for pkg in plugin_info["packages"]:
         try:
-            __import__(pkg)
+            if pkg == "bitsandbytes":
+                import importlib.util as _util
+                spec = _util.find_spec(pkg)
+                if spec is None:
+                    raise ImportError("bitsandbytes not importable")
+            else:
+                __import__(pkg)
         except Exception:
             missing_packages.append(pkg)

invarlock/cli/commands/run.py CHANGED Viewed

@@ -9,6 +9,7 @@ prefer Compare & Certify via `invarlock certify --baseline ... --subject ...`.
 import copy
 import hashlib
+import inspect
 import json
 import math
 import os
@@ -300,6 +301,12 @@ def _hash_sequences(seqs: Sequence[Sequence[int]] | Iterable[Sequence[int]]) ->
     """Compute a stable digest for a sequence of integer token sequences."""
     hasher = hashlib.blake2s(digest_size=16)
     for seq in seqs:
+        try:
+            seq_len = len(seq)
+        except TypeError:
+            seq = list(seq)
+            seq_len = len(seq)
+        hasher.update(seq_len.to_bytes(4, "little", signed=False))
         arr = array("I", (int(token) & 0xFFFFFFFF for token in seq))
         hasher.update(arr.tobytes())
     return hasher.hexdigest()
@@ -818,6 +825,51 @@ def _resolve_provider_and_split(
     return data_provider, resolved_split, used_fallback_split
+def _extract_model_load_kwargs(cfg: InvarLockConfig) -> dict[str, Any]:
+    """Return adapter.load_model kwargs from config (excluding core fields)."""
+    try:
+        data = cfg.model_dump()
+    except Exception:
+        data = {}
+    model = data.get("model") if isinstance(data, dict) else None
+    if not isinstance(model, dict):
+        return {}
+    return {
+        key: value
+        for key, value in model.items()
+        if key not in {"id", "adapter", "device"} and value is not None
+    }
+def _load_model_with_cfg(adapter: Any, cfg: InvarLockConfig, device: str) -> Any:
+    """Load a model with config-provided kwargs, filtering for strict adapters."""
+    try:
+        model_id = cfg.model.id
+    except Exception:
+        try:
+            model_id = (cfg.model_dump().get("model") or {}).get("id")
+        except Exception:
+            model_id = None
+    if not isinstance(model_id, str) or not model_id:
+        raise ValueError("Missing model.id in config")
+    extra = _extract_model_load_kwargs(cfg)
+    try:
+        sig = inspect.signature(adapter.load_model)
+        accepts_var_kw = any(
+            p.kind == inspect.Parameter.VAR_KEYWORD for p in sig.parameters.values()
+        )
+        if accepts_var_kw:
+            return adapter.load_model(model_id, device=device, **extra)
+        allowed = {k: v for k, v in extra.items() if k in sig.parameters}
+        if allowed:
+            return adapter.load_model(model_id, device=device, **allowed)
+    except Exception:
+        # Fall back to the strictest call shape.
+        pass
+    return adapter.load_model(model_id, device=device)
 def _run_bare_control(
     *,
     adapter: Any,
@@ -899,6 +951,7 @@ def _run_bare_control(
         "errors": [],
         "checks": {},
         "source": f"{profile_normalized or 'ci'}_profile",
+        "mode": "bare",
     }
     if getattr(bare_report, "status", "").lower() not in {"success", "completed", "ok"}:
@@ -977,7 +1030,7 @@ def _postprocess_and_summarize(
     match_fraction: float | None,
     overlap_fraction: float | None,
     console: Console,
-) -> None:
+) -> dict[str, str]:
     """Finalize report windows stats and print/save summary artifacts."""
     try:
         ds = report.setdefault("dataset", {}).setdefault("windows", {})
@@ -1001,6 +1054,7 @@ def _postprocess_and_summarize(
     console.print(f"📄 Report: {saved_files['json']}")
     if run_config.event_path:
         console.print(f"📝 Events: {run_config.event_path}")
+    return saved_files
 def _compute_provider_digest(report: dict[str, Any]) -> dict[str, str] | None:
@@ -1537,6 +1591,7 @@ def run_command(
     no_cleanup = bool(_coerce_option(no_cleanup, False))
     # Use shared CLI coercers from invarlock.cli.utils
+    report_path_out: str | None = None
     def _fail_run(message: str) -> None:
         console.print(f"[red]❌ {message}[/red]")
@@ -1673,6 +1728,26 @@ def run_command(
             cfg, device=device, out=out, console=console
         )
+        determinism_meta: dict[str, Any] | None = None
+        try:
+            from invarlock.cli.determinism import apply_determinism_preset
+            preset = apply_determinism_preset(
+                profile=profile_label,
+                device=resolved_device,
+                seed=int(seed_bundle.get("python") or seed_value),
+                threads=int(os.environ.get("INVARLOCK_OMP_THREADS", 1) or 1),
+            )
+            if isinstance(preset, dict) and preset:
+                determinism_meta = preset
+                preset_seeds = preset.get("seeds")
+                if isinstance(preset_seeds, dict) and preset_seeds:
+                    for key in ("python", "numpy", "torch"):
+                        if key in preset_seeds:
+                            seed_bundle[key] = preset_seeds.get(key)
+        except Exception:
+            determinism_meta = None
         # Create run directory with timestamp
         timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
         run_dir = output_dir / timestamp
@@ -2934,7 +3009,23 @@ def run_command(
                 )
             guard_overhead_payload: dict[str, Any] | None = None
-            if measure_guard_overhead:
+            if skip_overhead and profile_normalized in {"ci", "release"}:
+                guard_overhead_payload = {
+                    "overhead_threshold": GUARD_OVERHEAD_THRESHOLD,
+                    "evaluated": False,
+                    "passed": True,
+                    "skipped": True,
+                    "skip_reason": "INVARLOCK_SKIP_OVERHEAD_CHECK",
+                    "mode": "skipped",
+                    "source": "env:INVARLOCK_SKIP_OVERHEAD_CHECK",
+                    "messages": [
+                        "Overhead check skipped via INVARLOCK_SKIP_OVERHEAD_CHECK"
+                    ],
+                    "warnings": [],
+                    "errors": [],
+                    "checks": {},
+                }
+            elif measure_guard_overhead:
                 guard_overhead_payload = _run_bare_control(
                     adapter=adapter,
                     edit_op=edit_op,
@@ -3076,6 +3167,8 @@ def run_command(
                 meta_payload["invarlock_version"] = invarlock_version
             if env_flags:
                 meta_payload["env_flags"] = env_flags
+            if determinism_meta:
+                meta_payload["determinism"] = determinism_meta
             report["meta"].update(meta_payload)
             if pm_acceptance_range:
                 report["meta"]["pm_acceptance_range"] = pm_acceptance_range
@@ -3235,87 +3328,90 @@ def run_command(
                 report["metrics"].update(metrics_payload)
             if guard_overhead_payload is not None:
-                # Compute guarded primary-metric snapshot; pass structured reports into validator
-                try:
-                    # Map loss type to ppl family kind
-                    lk = str(resolved_loss_type or "causal").lower()
-                    if lk == "mlm":
-                        pm_kind_for_overhead = "ppl_mlm"
-                    elif lk in {"seq2seq", "s2s", "t5"}:
-                        pm_kind_for_overhead = "ppl_seq2seq"
-                    else:
-                        pm_kind_for_overhead = "ppl_causal"
+                if bool(guard_overhead_payload.get("skipped", False)):
+                    report["guard_overhead"] = guard_overhead_payload
+                else:
+                    # Compute guarded primary-metric snapshot; pass structured reports into validator
+                    try:
+                        # Map loss type to ppl family kind
+                        lk = str(resolved_loss_type or "causal").lower()
+                        if lk == "mlm":
+                            pm_kind_for_overhead = "ppl_mlm"
+                        elif lk in {"seq2seq", "s2s", "t5"}:
+                            pm_kind_for_overhead = "ppl_seq2seq"
+                        else:
+                            pm_kind_for_overhead = "ppl_causal"
-                    # Prefer computing from the in-memory core_report windows to avoid ordering issues
-                    pm_guarded = _extract_pm_snapshot_for_overhead(
-                        core_report, kind=pm_kind_for_overhead
-                    )
-                    if not isinstance(pm_guarded, dict) or not pm_guarded:
+                        # Prefer computing from the in-memory core_report windows to avoid ordering issues
                         pm_guarded = _extract_pm_snapshot_for_overhead(
-                            report, kind=pm_kind_for_overhead
+                            core_report, kind=pm_kind_for_overhead
                         )
+                        if not isinstance(pm_guarded, dict) or not pm_guarded:
+                            pm_guarded = _extract_pm_snapshot_for_overhead(
+                                report, kind=pm_kind_for_overhead
+                            )
-                    guard_overhead_payload["guarded_report"] = (
-                        {"metrics": {"primary_metric": pm_guarded}}
-                        if isinstance(pm_guarded, dict) and pm_guarded
-                        else None
+                        guard_overhead_payload["guarded_report"] = (
+                            {"metrics": {"primary_metric": pm_guarded}}
+                            if isinstance(pm_guarded, dict) and pm_guarded
+                            else None
+                        )
+                    except Exception:
+                        guard_overhead_payload["guarded_report"] = None
+                    bare_struct = guard_overhead_payload.get("bare_report") or {}
+                    guarded_struct = guard_overhead_payload.get("guarded_report") or {}
+                    # Be robust to mocks or minimal objects returned by validators
+                    result = validate_guard_overhead(
+                        bare_struct,
+                        guarded_struct,
+                        overhead_threshold=guard_overhead_payload.get(
+                            "overhead_threshold", GUARD_OVERHEAD_THRESHOLD
+                        ),
                     )
-                except Exception:
-                    guard_overhead_payload["guarded_report"] = None
-                bare_struct = guard_overhead_payload.get("bare_report") or {}
-                guarded_struct = guard_overhead_payload.get("guarded_report") or {}
-                # Be robust to mocks or minimal objects returned by validators
-                result = validate_guard_overhead(
-                    bare_struct,
-                    guarded_struct,
-                    overhead_threshold=guard_overhead_payload.get(
-                        "overhead_threshold", GUARD_OVERHEAD_THRESHOLD
-                    ),
-                )
-                try:
-                    messages = list(getattr(result, "messages", []))
-                except Exception:  # pragma: no cover - defensive
-                    messages = []
-                try:
-                    warnings = list(getattr(result, "warnings", []))
-                except Exception:  # pragma: no cover - defensive
-                    warnings = []
-                try:
-                    errors = list(getattr(result, "errors", []))
-                except Exception:  # pragma: no cover - defensive
-                    errors = []
-                try:
-                    checks = dict(getattr(result, "checks", {}))
-                except Exception:  # pragma: no cover - defensive
-                    checks = {}
-                metrics_obj = getattr(result, "metrics", {})
-                if not isinstance(metrics_obj, dict):
-                    metrics_obj = {}
-                overhead_ratio = metrics_obj.get("overhead_ratio")
-                if overhead_ratio is None:
-                    overhead_ratio = getattr(result, "overhead_ratio", None)
-                overhead_percent = metrics_obj.get("overhead_percent")
-                if overhead_percent is None:
-                    overhead_percent = getattr(result, "overhead_percent", None)
-                passed_flag = bool(getattr(result, "passed", False))
-                guard_overhead_payload.update(
-                    {
-                        "messages": messages,
-                        "warnings": warnings,
-                        "errors": errors,
-                        "checks": checks,
-                        "overhead_ratio": overhead_ratio,
-                        "overhead_percent": overhead_percent,
-                        "passed": passed_flag,
-                        "evaluated": True,
-                    }
-                )
-                # Normalize for non-finite/degenerate cases
-                guard_overhead_payload = _normalize_overhead_result(
-                    guard_overhead_payload, profile=profile_normalized
-                )
-                report["guard_overhead"] = guard_overhead_payload
+                    try:
+                        messages = list(getattr(result, "messages", []))
+                    except Exception:  # pragma: no cover - defensive
+                        messages = []
+                    try:
+                        warnings = list(getattr(result, "warnings", []))
+                    except Exception:  # pragma: no cover - defensive
+                        warnings = []
+                    try:
+                        errors = list(getattr(result, "errors", []))
+                    except Exception:  # pragma: no cover - defensive
+                        errors = []
+                    try:
+                        checks = dict(getattr(result, "checks", {}))
+                    except Exception:  # pragma: no cover - defensive
+                        checks = {}
+                    metrics_obj = getattr(result, "metrics", {})
+                    if not isinstance(metrics_obj, dict):
+                        metrics_obj = {}
+                    overhead_ratio = metrics_obj.get("overhead_ratio")
+                    if overhead_ratio is None:
+                        overhead_ratio = getattr(result, "overhead_ratio", None)
+                    overhead_percent = metrics_obj.get("overhead_percent")
+                    if overhead_percent is None:
+                        overhead_percent = getattr(result, "overhead_percent", None)
+                    passed_flag = bool(getattr(result, "passed", False))
+                    guard_overhead_payload.update(
+                        {
+                            "messages": messages,
+                            "warnings": warnings,
+                            "errors": errors,
+                            "checks": checks,
+                            "overhead_ratio": overhead_ratio,
+                            "overhead_percent": overhead_percent,
+                            "passed": passed_flag,
+                            "evaluated": True,
+                        }
+                    )
+                    # Normalize for non-finite/degenerate cases
+                    guard_overhead_payload = _normalize_overhead_result(
+                        guard_overhead_payload, profile=profile_normalized
+                    )
+                    report["guard_overhead"] = guard_overhead_payload
             had_baseline = bool(baseline and Path(baseline).exists())
             if (
@@ -3860,7 +3956,7 @@ def run_command(
             except Exception:
                 pass
-            _postprocess_and_summarize(
+            saved_files = _postprocess_and_summarize(
                 report=report,
                 run_dir=run_dir,
                 run_config=run_config,
@@ -3870,6 +3966,11 @@ def run_command(
                 overlap_fraction=overlap_fraction,
                 console=console,
             )
+            try:
+                if isinstance(saved_files, dict) and saved_files.get("json"):
+                    report_path_out = str(saved_files["json"])
+            except Exception:
+                pass
             # Metrics display
             pm_obj = None
@@ -4060,6 +4161,7 @@ def run_command(
             pass
         # Normal path falls through; cleanup handled below in finally
+        return report_path_out
     except FileNotFoundError as e:
         console.print(f"[red]❌ Configuration file not found: {e}[/red]")

invarlock/cli/commands/verify.py CHANGED Viewed

@@ -35,6 +35,22 @@ from .run import _enforce_provider_parity, _resolve_exit_code
 console = Console()
+def _coerce_float(value: Any) -> float | None:
+    try:
+        out = float(value)
+    except (TypeError, ValueError):
+        return None
+    return out if math.isfinite(out) else None
+def _coerce_int(value: Any) -> int | None:
+    try:
+        out = int(value)
+    except (TypeError, ValueError):
+        return None
+    return out if out >= 0 else None
 def _load_certificate(path: Path) -> dict[str, Any]:
     """Load certificate JSON from disk."""
     with path.open("r", encoding="utf-8") as handle:
@@ -315,6 +331,30 @@ def _validate_certificate_payload(
         errors.extend(_validate_drift_band(certificate))
     errors.extend(_apply_profile_lints(certificate))
     errors.extend(_validate_tokenizer_hash(certificate))
+    # Release-only enforcement: guard overhead must be measured or explicitly skipped.
+    if prof == "release":
+        go = certificate.get("guard_overhead")
+        if not isinstance(go, dict) or not go:
+            errors.append(
+                "Release verification requires guard_overhead (missing). "
+                "Set INVARLOCK_SKIP_OVERHEAD_CHECK=1 to explicitly skip during certification."
+            )
+        else:
+            skipped = bool(go.get("skipped", False)) or (
+                str(go.get("mode", "")).strip().lower() == "skipped"
+            )
+            if not skipped:
+                evaluated = go.get("evaluated")
+                if evaluated is not True:
+                    errors.append(
+                        "Release verification requires evaluated guard_overhead (not evaluated). "
+                        "Set INVARLOCK_SKIP_OVERHEAD_CHECK=1 to explicitly skip during certification."
+                    )
+                ratio = go.get("overhead_ratio")
+                if ratio is None:
+                    errors.append(
+                        "Release verification requires guard_overhead.overhead_ratio (missing)."
+                    )
     # Legacy cross-checks removed; primary_metric is canonical
     return errors

invarlock/cli/config.py CHANGED Viewed

@@ -207,11 +207,21 @@ def _create_loader(base_dir: Path):
     class Loader(yaml.SafeLoader):
         pass
-    Loader._base_dir = Path(base_dir)
+    Loader._base_dir = Path(base_dir).resolve()
     def _construct_include(loader: yaml.SafeLoader, node: yaml.Node):
         rel = loader.construct_scalar(node)
         path = (loader._base_dir / rel).resolve()
+        allow_outside = os.environ.get("INVARLOCK_ALLOW_CONFIG_INCLUDE_OUTSIDE", "")
+        allow_outside = allow_outside.strip().lower() in {"1", "true", "yes", "on"}
+        if not allow_outside:
+            try:
+                path.relative_to(loader._base_dir)
+            except ValueError as exc:
+                raise ValueError(
+                    "Config !include must stay within the config directory. "
+                    "Set INVARLOCK_ALLOW_CONFIG_INCLUDE_OUTSIDE=1 to override."
+                ) from exc
         with path.open(encoding="utf-8") as fh:
             inc_loader = _create_loader(path.parent)
             return yaml.load(fh, Loader=inc_loader)

invarlock 0.3.1__py3-none-any.whl → 0.3.3__py3-none-any.whl

invarlock 0.3.1py3-none-any.whl → 0.3.3py3-none-any.whl