modelaudit 0.2.32__tar.gz → 0.2.34__tar.gz

{modelaudit-0.2.32 → modelaudit-0.2.34}/.github/PULL_REQUEST_TEMPLATE.md

@@ -4,9 +4,9 @@ Describe the change and user impact.
 
 ## Validation
 
-- [ ] `uv run ruff format --check modelaudit/ tests/`
-- [ ] `uv run ruff check modelaudit/ tests/`
-- [ ] `uv run mypy modelaudit/`
+- [ ] `uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/`
+- [ ] `uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/`
+- [ ] `uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests`
 - [ ] `uv run pytest -n auto -m "not slow and not integration" --maxfail=1`
 
 ## Checklist

{modelaudit-0.2.32 → modelaudit-0.2.34}/.github/workflows/perf.yml

@@ -139,7 +139,7 @@ jobs:
           always() &&
           github.event_name == 'pull_request' &&
           github.event.pull_request.head.repo.full_name == github.repository
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         env:
           COMMENT_BODY_PATH: ${{ steps.paths.outputs.artifact_dir }}/benchmark-comment.md
         with:

{modelaudit-0.2.32 → modelaudit-0.2.34}/.github/workflows/release-please.yml

@@ -68,6 +68,23 @@ jobs:
             echo "✓ uv.lock committed and pushed"
           fi
 
+      - name: Sync standalone package lock with pyproject.toml
+        if: steps.check-pr.outputs.has_pr == 'true'
+        working-directory: packages/modelaudit-picklescan
+        run: |
+          uv lock
+          if git diff --quiet uv.lock; then
+            echo "✓ packages/modelaudit-picklescan/uv.lock already in sync"
+          else
+            echo "→ packages/modelaudit-picklescan/uv.lock updated to match pyproject.toml"
+            git config user.name "github-actions[bot]"
+            git config user.email "github-actions[bot]@users.noreply.github.com"
+            git add uv.lock
+            git commit -m "chore: sync standalone package lock"
+            git push
+            echo "✓ packages/modelaudit-picklescan/uv.lock committed and pushed"
+          fi
+
       - name: Setup Node.js
         if: steps.check-pr.outputs.has_pr == 'true'
         uses: actions/setup-node@v6
@@ -115,18 +132,18 @@ jobs:
       - name: Sync dependencies
         run: uv sync --extra all-ci
 
-      - name: Lint with Ruff
+      - name: Lint root package with Ruff
         run: uv run ruff check modelaudit/ tests/
 
-      - name: Check formatting with Ruff
+      - name: Check root package formatting with Ruff
         run: uv run ruff format --check modelaudit/ tests/
 
-      - name: Type check with mypy
-        run: uv run mypy modelaudit/
+      - name: Type check root package with mypy
+        run: uv run mypy modelaudit/ tests/
 
-      - name: Run tests
+      - name: Run root package tests
         run: |
-          uv run pytest -n auto -m "not slow and not integration and not performance" --tb=short
+          uv run pytest tests -n auto -m "not slow and not integration and not performance" --tb=short
 
       - name: Build package
         run: uv build
@@ -231,20 +248,20 @@ jobs:
           fi
           WHEEL_ARTIFACT="${wheel_artifacts[0]}"
 
-          python -m venv /tmp/modelaudit-wheel-smoke
-          source /tmp/modelaudit-wheel-smoke/bin/activate
+          uv venv /tmp/modelaudit-wheel-smoke
 
-          python -m pip install --upgrade pip
-          python -m pip install "${WHEEL_ARTIFACT}"
+          uv pip install --python /tmp/modelaudit-wheel-smoke/bin/python "${WHEEL_ARTIFACT}"
 
-          INSTALLED_VERSION="$(python -c "import importlib.metadata as m; print(m.version('modelaudit'))")"
+          INSTALLED_VERSION="$(
+            /tmp/modelaudit-wheel-smoke/bin/python -c "import importlib.metadata as m; print(m.version('modelaudit'))"
+          )"
           if [[ "$INSTALLED_VERSION" != "$EXPECTED_VERSION" ]]; then
             echo "ERROR: Wheel install version mismatch: expected $EXPECTED_VERSION, got $INSTALLED_VERSION"
             exit 1
           fi
 
           # Validate required project URLs in installed metadata.
-          python - <<'PY'
+          /tmp/modelaudit-wheel-smoke/bin/python - <<'PY'
           import importlib.metadata as md
 
           # Keep these expected URLs in sync with [project.urls] in pyproject.toml.
@@ -269,10 +286,18 @@ jobs:
           print("Project URL metadata validated.")
           PY
 
-          modelaudit --version
+          /tmp/modelaudit-wheel-smoke/bin/modelaudit --version
+
+          /tmp/modelaudit-wheel-smoke/bin/python - <<'PY'
+          import modelaudit_picklescan
+
+          report = modelaudit_picklescan.scan_bytes(b"\x80\x04}q\x00.")
+          assert report.status.value == "complete", report
+          print("modelaudit_picklescan import and scan smoke test passed.")
+          PY
 
           # Basic CLI smoke run from the installed wheel.
-          python - <<'PY'
+          /tmp/modelaudit-wheel-smoke/bin/python - <<'PY'
           import pathlib
           import pickle
           import subprocess
@@ -285,7 +310,7 @@ jobs:
                   pickle.dump({"smoke": True}, f)
 
               completed = subprocess.run(
-                  ["modelaudit", str(test_file), "--format", "json"],
+                  ["/tmp/modelaudit-wheel-smoke/bin/modelaudit", str(test_file), "--format", "json"],
                   capture_output=True,
                   text=True,
                   check=False,
@@ -309,22 +334,30 @@ jobs:
           fi
           SDIST_ARTIFACT="${sdist_artifacts[0]}"
 
-          python -m venv /tmp/modelaudit-sdist-smoke
-          source /tmp/modelaudit-sdist-smoke/bin/activate
+          uv venv /tmp/modelaudit-sdist-smoke
 
-          python -m pip install --upgrade pip
-          python -m pip install "${SDIST_ARTIFACT}"
+          uv pip install --python /tmp/modelaudit-sdist-smoke/bin/python "${SDIST_ARTIFACT}"
 
-          INSTALLED_VERSION="$(python -c "import importlib.metadata as m; print(m.version('modelaudit'))")"
+          INSTALLED_VERSION="$(
+            /tmp/modelaudit-sdist-smoke/bin/python -c "import importlib.metadata as m; print(m.version('modelaudit'))"
+          )"
           if [[ "$INSTALLED_VERSION" != "$EXPECTED_VERSION" ]]; then
             echo "ERROR: sdist install version mismatch: expected $EXPECTED_VERSION, got $INSTALLED_VERSION"
             exit 1
           fi
 
-          modelaudit --version
+          /tmp/modelaudit-sdist-smoke/bin/modelaudit --version
+
+          /tmp/modelaudit-sdist-smoke/bin/python - <<'PY'
+          import modelaudit_picklescan
+
+          report = modelaudit_picklescan.scan_bytes(b"\x80\x04}q\x00.")
+          assert report.status.value == "complete", report
+          print("modelaudit_picklescan import and scan smoke test passed.")
+          PY
 
           # Basic CLI smoke run from the installed sdist.
-          python - <<'PY'
+          /tmp/modelaudit-sdist-smoke/bin/python - <<'PY'
           import pathlib
           import pickle
           import subprocess
@@ -337,7 +370,7 @@ jobs:
                   pickle.dump({"smoke": True}, f)
 
               completed = subprocess.run(
-                  ["modelaudit", str(test_file), "--format", "json"],
+                  ["/tmp/modelaudit-sdist-smoke/bin/modelaudit", str(test_file), "--format", "json"],
                   capture_output=True,
                   text=True,
                   check=False,
@@ -354,9 +387,83 @@ jobs:
           name: dist
           path: dist/
 
+  build-picklescan-package:
+    if: needs.release-please.outputs.release_created == 'true'
+    runs-on: ubuntu-latest
+    needs: release-please
+    permissions:
+      contents: read
+    defaults:
+      run:
+        working-directory: packages/modelaudit-picklescan
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Pin Python version
+        run: |
+          uv python pin 3.12
+
+      - name: Check standalone package lock is in sync
+        run: |
+          uv lock --check
+
+      - name: Lint standalone package with Ruff
+        run: uv run --with ruff ruff check src tests
+
+      - name: Check standalone package formatting with Ruff
+        run: uv run --with ruff ruff format --check src tests
+
+      - name: Type check standalone package with mypy
+        run: uv run --with mypy mypy src tests
+
+      - name: Run standalone package tests
+        run: uv run --with pytest --with pytest-xdist pytest -n auto tests --tb=short
+
+      - name: Build standalone package
+        run: uv build --out-dir /tmp/modelaudit-picklescan-dist
+
+      - name: Validate standalone package metadata
+        run: uvx twine check /tmp/modelaudit-picklescan-dist/*
+
+      - name: Smoke test standalone package wheel install
+        run: |
+          set -euo pipefail
+          uv venv /tmp/modelaudit-picklescan-wheel-smoke
+
+          shopt -s nullglob
+          picklescan_wheels=(/tmp/modelaudit-picklescan-dist/modelaudit_picklescan-*.whl)
+          if [[ ${#picklescan_wheels[@]} -ne 1 ]]; then
+            echo "ERROR: Expected exactly 1 modelaudit_picklescan wheel artifact, found ${#picklescan_wheels[@]}"
+            ls -la /tmp/modelaudit-picklescan-dist/
+            exit 1
+          fi
+
+          uv pip install --python /tmp/modelaudit-picklescan-wheel-smoke/bin/python "${picklescan_wheels[0]}"
+
+          smoke_dir="$(mktemp -d)"
+          (
+            cd "$smoke_dir"
+            PYTHONPATH= /tmp/modelaudit-picklescan-wheel-smoke/bin/python -I - <<'PY'
+          import importlib.util
+
+          import modelaudit_picklescan
+
+          assert importlib.util.find_spec("modelaudit") is None
+          report = modelaudit_picklescan.scan_bytes(b"\x80\x04}q\x00.")
+          assert report.status.value == "complete", report
+          assert report.verdict.value == "clean", report
+          print("standalone modelaudit_picklescan wheel loaded without modelaudit")
+          PY
+          )
+
   publish-pypi:
     if: needs.release-please.outputs.release_created == 'true'
-    needs: [build, release-please]
+    needs: [build, build-picklescan-package, release-please]
     runs-on: ubuntu-latest
     environment:
       name: pypi
@@ -379,7 +486,7 @@ jobs:
 
   provenance:
     if: needs.release-please.outputs.release_created == 'true'
-    needs: [build, publish-pypi, release-please]
+    needs: [build, build-picklescan-package, publish-pypi, release-please]
     runs-on: ubuntu-latest
     permissions:
       contents: write

{modelaudit-0.2.32 → modelaudit-0.2.34}/.github/workflows/test.yml

@@ -28,6 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       python: ${{ steps.filter.outputs.python }}
+      picklescan: ${{ steps.filter.outputs.picklescan }}
       docker: ${{ steps.filter.outputs.docker }}
       workflows: ${{ steps.filter.outputs.workflows }}
       dependencies: ${{ steps.filter.outputs.dependencies }}
@@ -41,6 +42,8 @@ jobs:
               - '**.py'
               - 'pyproject.toml'
               - 'uv.lock'
+            picklescan:
+              - 'packages/modelaudit-picklescan/**'
             docker:
               - 'Dockerfile*'
               - '.dockerignore'
@@ -370,7 +373,7 @@ jobs:
 
       - name: Run fast tests with fail-fast
         run: |
-          uv run pytest -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --tb=short --durations=10
+          uv run pytest tests -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --tb=short --durations=10
 
   windows-tests:
     name: Windows Tests (Python 3.11)
@@ -395,7 +398,7 @@ jobs:
 
       - name: Run fast tests with fail-fast
         run: |
-          uv run pytest -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --tb=short --durations=10
+          uv run pytest tests -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --tb=short --durations=10
 
   test:
     name: Test Python ${{ matrix.python-version }}
@@ -443,12 +446,12 @@ jobs:
       - name: Run fast tests with fail-fast (PRs, Python 3.12 with coverage)
         if: github.event_name == 'pull_request' && matrix.python-version == '3.12'
         run: |
-          uv run pytest -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --cov=modelaudit --cov-report=xml --tb=short --durations=15
+          uv run pytest tests -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --cov=modelaudit --cov-report=xml --tb=short --durations=15
 
       - name: Run fast tests with fail-fast (PRs, non-3.12)
         if: github.event_name == 'pull_request' && matrix.python-version != '3.12'
         run: |
-          uv run pytest -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --tb=short --durations=15
+          uv run pytest tests -x --maxfail=1 -n auto -m "not slow and not integration and not performance" --tb=short --durations=15
 
       - name: Run slow/integration tests on PR (if labeled)
         # Run slow tests on PRs when the 'run-slow-tests' label is added
@@ -457,17 +460,17 @@ jobs:
         timeout-minutes: 20
         run: |
           echo "Running slow/integration tests due to 'run-slow-tests' label"
-          uv run pytest -n auto -m "slow or integration or performance" --tb=short --durations=20
+          uv run pytest tests -n auto -m "slow or integration or performance" --tb=short --durations=20
 
       - name: Run fast tests with coverage (main branch only)
         if: github.ref == 'refs/heads/main' && matrix.python-version == '3.12'
         run: |
-          uv run pytest -n auto -m "not slow and not integration and not performance" --cov=modelaudit --cov-report=xml --tb=short --durations=15
+          uv run pytest tests -n auto -m "not slow and not integration and not performance" --cov=modelaudit --cov-report=xml --tb=short --durations=15
 
       - name: Run fast tests without coverage (main branch, non-3.12)
         if: github.ref == 'refs/heads/main' && matrix.python-version != '3.12'
         run: |
-          uv run pytest -n auto -m "not slow and not integration and not performance" --tb=short --durations=15
+          uv run pytest tests -n auto -m "not slow and not integration and not performance" --tb=short --durations=15
 
       - name: Run slow/integration tests (main branch only)
         # Run ALL slow/integration/performance tests on main branch.
@@ -477,7 +480,7 @@ jobs:
         timeout-minutes: 20
         run: |
           # Run all slow, integration, and performance tests
-          uv run pytest -n auto -m "slow or integration or performance" --tb=short --durations=20
+          uv run pytest tests -n auto -m "slow or integration or performance" --tb=short --durations=20
 
       - name: Upload coverage to Codecov
         if: matrix.python-version == '3.12'
@@ -713,8 +716,8 @@ jobs:
   build:
     name: Build and Package
     needs: changes
-    # Always build on main, otherwise only if Python files changed
-    if: github.ref == 'refs/heads/main' || needs.changes.outputs.python == 'true' || needs.changes.outputs.dependencies == 'true'
+    # Always build on main, otherwise only if Python/dependency/workflow files changed
+    if: github.ref == 'refs/heads/main' || needs.changes.outputs.python == 'true' || needs.changes.outputs.dependencies == 'true' || needs.changes.outputs.workflows == 'true'
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
@@ -754,12 +757,117 @@ jobs:
         run: |
           uvx twine check dist/*
 
+      - name: Smoke test wheel install
+        run: |
+          set -euo pipefail
+          uv venv /tmp/modelaudit-wheel-smoke
+
+          uv pip install --python /tmp/modelaudit-wheel-smoke/bin/python dist/modelaudit-*.whl
+
+          smoke_dir="$(mktemp -d)"
+          (
+            cd "$smoke_dir"
+            PYTHONPATH= /tmp/modelaudit-wheel-smoke/bin/python -I - <<'PY'
+          import modelaudit
+          import modelaudit_picklescan
+
+          report = modelaudit_picklescan.scan_bytes(b"\x80\x04}q\x00.")
+          assert report.status.value == "complete", report
+          print(f"modelaudit {modelaudit.__version__} and modelaudit_picklescan loaded")
+          PY
+          )
+
       - name: Upload artifacts
         uses: actions/upload-artifact@v7
         with:
           name: dist
           path: dist/
 
+  picklescan-package:
+    name: Standalone Pickle Package
+    needs: changes
+    if: github.ref == 'refs/heads/main' || needs.changes.outputs.picklescan == 'true' || needs.changes.outputs.workflows == 'true'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    defaults:
+      run:
+        working-directory: packages/modelaudit-picklescan
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Pin Python version
+        run: |
+          uv python pin 3.12
+
+      - name: Check standalone package lock is in sync
+        run: |
+          uv lock --check
+
+      - name: Lint standalone package with Ruff
+        run: |
+          uv run --with ruff ruff check src tests
+
+      - name: Check standalone package import organization with Ruff
+        run: |
+          uv run --with ruff ruff check --select I src tests
+
+      - name: Check standalone package formatting with Ruff
+        run: |
+          uv run --with ruff ruff format --check src tests
+
+      - name: Type check standalone package with mypy
+        run: |
+          uv run --with mypy mypy src tests
+
+      - name: Run standalone package tests
+        run: |
+          uv run --with pytest --with pytest-xdist pytest -n auto tests --tb=short
+
+      - name: Build standalone package
+        run: |
+          uv build --out-dir /tmp/modelaudit-picklescan-dist
+
+      - name: Validate standalone package metadata
+        run: |
+          uvx twine check /tmp/modelaudit-picklescan-dist/*
+
+      - name: Smoke test standalone package wheel install
+        run: |
+          set -euo pipefail
+          uv venv /tmp/modelaudit-picklescan-wheel-smoke
+
+          shopt -s nullglob
+          picklescan_wheels=(/tmp/modelaudit-picklescan-dist/modelaudit_picklescan-*.whl)
+          if [[ ${#picklescan_wheels[@]} -ne 1 ]]; then
+            echo "ERROR: Expected exactly 1 modelaudit_picklescan wheel artifact, found ${#picklescan_wheels[@]}"
+            ls -la /tmp/modelaudit-picklescan-dist/
+            exit 1
+          fi
+
+          uv pip install --python /tmp/modelaudit-picklescan-wheel-smoke/bin/python "${picklescan_wheels[0]}"
+
+          smoke_dir="$(mktemp -d)"
+          (
+            cd "$smoke_dir"
+            PYTHONPATH= /tmp/modelaudit-picklescan-wheel-smoke/bin/python -I - <<'PY'
+          import importlib.util
+
+          import modelaudit_picklescan
+
+          assert importlib.util.find_spec("modelaudit") is None
+          report = modelaudit_picklescan.scan_bytes(b"\x80\x04}q\x00.")
+          assert report.status.value == "complete", report
+          assert report.verdict.value == "clean", report
+          print("standalone modelaudit_picklescan wheel loaded without modelaudit")
+          PY
+          )
+
   # Summary job to ensure all required checks pass
   ci-success:
     name: CI Success
@@ -779,6 +887,7 @@ jobs:
         test-proto-reproducibility,
         test-extras-smoke,
         build,
+        picklescan-package,
       ]
     if: always()
     runs-on: ubuntu-latest
@@ -800,12 +909,15 @@ jobs:
           PROTO_REPRO_RESULT="${{ needs.test-proto-reproducibility.result }}"
           EXTRAS_RESULT="${{ needs.test-extras-smoke.result }}"
           BUILD_RESULT="${{ needs.build.result }}"
+          PICKLESCAN_RESULT="${{ needs.picklescan-package.result }}"
           CHANGES_RESULT="${{ needs.changes.result }}"
 
           # Check if conditional jobs should have run
           ON_MAIN_BRANCH="${{ github.ref == 'refs/heads/main' }}"
           DEPENDENCIES_CHANGED="${{ needs.changes.outputs.dependencies == 'true' }}"
+          PICKLESCAN_CHANGED="${{ needs.changes.outputs.picklescan == 'true' }}"
           PYTHON_CHANGED="${{ needs.changes.outputs.python == 'true' }}"
+          WORKFLOWS_CHANGED="${{ needs.changes.outputs.workflows == 'true' }}"
           echo "Job results:"
           echo "  quick-feedback: $QUICK_FEEDBACK_RESULT"
           echo "  lint: $LINT_RESULT"
@@ -820,6 +932,7 @@ jobs:
           echo "  test-proto-reproducibility: $PROTO_REPRO_RESULT"
           echo "  test-extras-smoke: $EXTRAS_RESULT"
           echo "  build: $BUILD_RESULT"
+          echo "  picklescan-package: $PICKLESCAN_RESULT"
           echo "  changes: $CHANGES_RESULT"
 
           # Check if any job failed or was cancelled
@@ -836,7 +949,7 @@ jobs:
 
           # Conditional jobs: only fail if they should have run
           # License/lock checks run on main or when dependencies change
-          if [[ "$ON_MAIN_BRANCH" == "true" || "$DEPENDENCIES_CHANGED" == "true" ]]; then
+          if [[ "$ON_MAIN_BRANCH" == "true" || "$DEPENDENCIES_CHANGED" == "true" || "$WORKFLOWS_CHANGED" == "true" ]]; then
             [[ "$LICENSE_RESULT" == "failure" || "$LICENSE_RESULT" == "cancelled" ]] && FAILED=true
             [[ "$UV_LOCK_RESULT" == "failure" || "$UV_LOCK_RESULT" == "cancelled" ]] && FAILED=true
             [[ "$NUMPY_RESULT" == "failure" || "$NUMPY_RESULT" == "cancelled" ]] && FAILED=true
@@ -844,11 +957,15 @@ jobs:
           fi
 
           # Vendored protos jobs run on main or when python/dependencies change
-          if [[ "$ON_MAIN_BRANCH" == "true" || "$PYTHON_CHANGED" == "true" || "$DEPENDENCIES_CHANGED" == "true" ]]; then
+          if [[ "$ON_MAIN_BRANCH" == "true" || "$PYTHON_CHANGED" == "true" || "$DEPENDENCIES_CHANGED" == "true" || "$WORKFLOWS_CHANGED" == "true" ]]; then
             [[ "$PROTOS_RESULT" == "failure" || "$PROTOS_RESULT" == "cancelled" ]] && FAILED=true
             [[ "$PROTO_REPRO_RESULT" == "failure" || "$PROTO_REPRO_RESULT" == "cancelled" ]] && FAILED=true
           fi
 
+          if [[ "$ON_MAIN_BRANCH" == "true" || "$PICKLESCAN_CHANGED" == "true" || "$WORKFLOWS_CHANGED" == "true" ]]; then
+            [[ "$PICKLESCAN_RESULT" == "failure" || "$PICKLESCAN_RESULT" == "cancelled" ]] && FAILED=true
+          fi
+
           if [[ "$FAILED" == "true" ]]; then
             echo "Some CI checks failed!"
             exit 1

modelaudit-0.2.34/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.2.34"
+}

{modelaudit-0.2.32 → modelaudit-0.2.34}/AGENTS.md

@@ -25,9 +25,9 @@ This is the single source of truth for all AI coding agents (Claude, Gemini, oth
 uv sync --extra all-ci
 
 # Pre-commit workflow (MUST run before every commit)
-uv run ruff format modelaudit/ tests/
-uv run ruff check --fix modelaudit/ tests/
-uv run mypy modelaudit/ tests/
+uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
+uv run ruff check --fix modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
+uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/
 uv run pytest -n auto -m "not slow and not integration" --maxfail=1
 ```
 
@@ -36,7 +36,7 @@ uv run pytest -n auto -m "not slow and not integration" --maxfail=1
 1. **Understand:** Read nearby code, tests, and docs (`docs/agents/*.md`) before editing.
 2. **Plan:** For anything non-trivial, present a short multi-step plan; refine iteratively.
 3. **Implement:** Preserve security focus, follow `BaseScanner` patterns (see `docs/agents/architecture.md`), handle missing deps gracefully, and update `SCANNER_REGISTRY` when adding scanners.
-4. **Verify:** Run the validation commands above. Format/linters must be clean. Use targeted `pytest` when appropriate, and type-check modified tests as part of the normal `mypy modelaudit/ tests/` pass.
+4. **Verify:** Run the validation commands above. Format/linters must be clean. Use targeted `pytest` when appropriate, and type-check modified tests as part of the normal `mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/` pass.
 5. **Report:** Summarize changes with file references and note residual risks or follow-ups.
 
 ## Branch & Git Hygiene
@@ -71,18 +71,18 @@ gh pr create --title "feat: descriptive title" --body "Brief description"
 ## CI Compliance Requirements
 
 ```bash
-uv run ruff check modelaudit/ tests/          # Lint (no errors)
-uv run ruff format --check modelaudit/ tests/ # Format (no changes)
-uv run mypy modelaudit/ tests/                # Types (no errors)
+uv run ruff check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/          # Lint (no errors)
+uv run ruff format --check modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/ # Format (no changes)
+uv run mypy modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/                # Types (no errors)
 uv run pytest -n auto -m "not slow and not integration" --maxfail=1
 ```
 
-| Issue               | Fix                                                     |
-| ------------------- | ------------------------------------------------------- |
-| Import organization | `uv run ruff check --fix --select I modelaudit/ tests/` |
-| Format issues       | `uv run ruff format modelaudit/ tests/`                 |
-| Type errors         | Fix manually, re-run `mypy`                             |
-| Test failures       | Check output, fix issues, re-run tests                  |
+| Issue               | Fix                                                                                                                             |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| Import organization | `uv run ruff check --fix --select I modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/` |
+| Format issues       | `uv run ruff format modelaudit/ packages/modelaudit-picklescan/src packages/modelaudit-picklescan/tests tests/`                 |
+| Type errors         | Fix manually, re-run `mypy`                                                                                                     |
+| Test failures       | Check output, fix issues, re-run tests                                                                                          |
 
 ## Dependency Management
 
@@ -159,6 +159,7 @@ For the full multi-file workflow, see `docs/agents/new-scanner-quickstart.md` §
 
 ```bash
 modelaudit/
+├── packages/modelaudit-picklescan/ # Standalone pickle scanner package
 ├── modelaudit/           # Main package
 │   ├── analysis/         # Semantic and integrated analysis
 │   ├── auth/             # API authentication and config

{modelaudit-0.2.32 → modelaudit-0.2.34}/CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.34](https://github.com/promptfoo/modelaudit/compare/v0.2.33...v0.2.34) (2026-04-10)
+
+### Bug Fixes
+
+- harden native code detection in model scanners ([#897](https://github.com/promptfoo/modelaudit/issues/897)) ([f4f661a](https://github.com/promptfoo/modelaudit/commit/f4f661a09be0032e15aa8895864413e3878233f8))
+
+## [0.2.33](https://github.com/promptfoo/modelaudit/compare/v0.2.32...v0.2.33) (2026-04-09)
+
+### Features
+
+- extract standalone pickle scanner package with parity harness ([#832](https://github.com/promptfoo/modelaudit/issues/832)) ([e2986cd](https://github.com/promptfoo/modelaudit/commit/e2986cddaa592306cc10541865f011b3dc99a0ba))
+
+### Bug Fixes
+
+- harden helper routing for zip-backed pickle checkpoints ([#870](https://github.com/promptfoo/modelaudit/issues/870)) ([3ebe0c0](https://github.com/promptfoo/modelaudit/commit/3ebe0c04f02f51274b9c9588200212ad2cffe70b))
+- make return paths explicit ([#884](https://github.com/promptfoo/modelaudit/issues/884)) ([e31c254](https://github.com/promptfoo/modelaudit/commit/e31c254b820c78278289cf06acdf17f3f81d49b2))
+- skip extraction for suspicious ZIP entries ([358aa44](https://github.com/promptfoo/modelaudit/commit/358aa4498ce9d6a091340c6f23289523f98f3a55))
+
+### Documentation
+
+- clarify detection bypass severity policy ([d8117a1](https://github.com/promptfoo/modelaudit/commit/d8117a14b4f8ef3e1a93cb1d48eeba8d8af92677))
+
 ## [0.2.32](https://github.com/promptfoo/modelaudit/compare/v0.2.31...v0.2.32) (2026-04-05)
 
 ### Bug Fixes
@@ -20,8 +42,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Bug Fixes
 
 - avoid CoreML nested parse failures on bounded-read truncation
+- flag TensorFlow `LoadLibrary` and `LoadLibraryV2` graph ops as dangerous native-library loading
+- detect split CNTK native-user-function and native-library references
+- detect Linux/macOS native-library members in Keras archives and uppercase native-library members in PyTorch ZIPs
+- detect embedded Windows DLL/PE, Linux ELF shared-object, and TensorRT plugin entry-point markers in TensorRT engines
 - detect punctuation-delimited TensorRT `/tmp` plugin paths
+- preserve HuggingFace cache provenance for symlinked custom cache roots
+- ignore remote OCI `layers[].urls` entries during local layer discovery
+- fail closed on unterminated OpenVINO DOCTYPE declarations
 - avoid PMML `<Extension>` false positives for benign `subprocess` prose while preserving `subprocess.getoutput()`, `subprocess.getstatusoutput()`, and `importlib.import_module("subprocess")` detections
+- route helper-level ZIP-backed `.ckpt`/`.pkl` checkpoints through archive scanners
 
 ## [0.2.31](https://github.com/promptfoo/modelaudit/compare/v0.2.30...v0.2.31) (2026-04-04)
 
@@ -153,6 +183,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- **pickle:** bundle the standalone `modelaudit_picklescan` API in the root `modelaudit` wheel and add source-tree coverage for the package boundary
 - **tests:** enable existing PaddlePaddle scanner tests in CI by adding `test_paddle_scanner.py` to the allowed test files list (Python 3.10/3.12/3.13)
 - **security:** detect CVE-2026-1669 Keras HDF5 external weight references in standalone `.h5` and embedded `.keras` weights
 - **security:** detect CVE-2026-24747 PyTorch weights_only=True bypass via SETITEM/SETITEMS abuse and tensor metadata mismatch detection
@@ -179,6 +210,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **security:** reduce NeMo Hydra `_target_` false positives by matching suspicious identifiers on token boundaries, preserve CVE-2025-23304 details on suspicious-target findings, and reject oversized YAML members before parsing
 - **security:** detect protocol 0/1 pickle streams with trivial opcode prefixes even when `STOP` is followed by trailing junk, while preserving plain-text near-match rejection
 - **security:** detect protocol 0/1 pickle streams whose dangerous opcode appears after large trivial padding or after a non-trivial probe-boundary prelude, reject all-trivial no-`STOP` probe prefixes, and preserve rule codes across cached scan-result round trips
+- **pickle:** propagate standalone fallback parse and stream-read failures into merged scan success, preserve truncated `.bin` fail-closed behavior, reuse non-seekable stream spools for the legacy parity pass, clamp negative stream sizes, and reset post-budget scan state between reused scanner runs
 - **license:** bound binary header scans and reuse compiled patterns to avoid full-file regex passes on large model archives
 - **security:** stop iterating malformed TFLite models after excessive subgraph counts are detected
 - **openvino:** route forbidden-DOCTYPE IR XML into the OpenVINO scanner, fail closed on XML parse errors, and suppress warning-level format-validation noise for benign `.xml` models with no distinctive magic bytes

{modelaudit-0.2.32 → modelaudit-0.2.34}/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.13-slim@sha256:739e7213785e88c0f702dcdc12c0973afcbd606dbf021a589cab77d6b00b579d
+FROM python:3.13-slim@sha256:eefe082c4b73082d83b8e7705ed999bc8a1dae57fe1ea723f907a0fc4b90f088
 
 WORKDIR /app