Dead code removal, exception hygiene, tab reformat#411
Merged
Conversation
- Delete generate_prompts_from_image/generate_scene_from_image
(replaced by generate_scenes_batch + compose_prompts_from_scenes),
save_images_to_disk (replaced by generator_service._write_media),
and is_duplicate (replaced by compute_media_hash +
check_duplicate_in_db). All had zero callers.
- Delete get_service_info from openrouter/stabilityai services;
nothing calls it (the registry uses get_info()).
- Replace __import__("sqlite3").Row with a normal top-level
import sqlite3 in the three db stores (11 call sites).
Local generation produces no C2PA provenance, so its output fails validator verification. Keep the service as a reference implementation with a loud do-not-enable banner, and explain the disabled SERVICE_MAP entry instead of leaving it bare.
- Narrow the six remaining bare except: clauses — temp-file unlink cleanups to except OSError, the rest to except Exception with the error logged (chain metadata parsing, create_repo, CLIP cleanup). - Log (debug) instead of silently passing when _save_profiles_to_cache fails in generator_service. - Fix SyntaxWarning from an unescaped regex in a docstring (huggingface_uploads) by making it a raw string. - Gate E722 in CI so bare excepts can't return.
Whitespace-only: 2,362 tabs converted; AST verified identical modulo docstring indentation. Gate W191 in CI. Add this commit's SHA to .git-blame-ignore-revs to keep blame useful on this file.
Dependabot burndown (120 alerts on main). Three kinds of change: Removed — never imported anywhere in the repo: - onnx (inference happens in gasbench via its own onnxruntime-gpu; kills all 6 onnx alerts), python-multipart (no form endpoints; kills all 6), asyncpg (postgres era is over), and the cargo-culted transitive pins sympy/coloredlogs/flatbuffers/humanfriendly/ scikit-learn/nest-asyncio (still installed via their real requirers where needed). - black + pre-commit moved from runtime deps to the dev group. Bumped direct pins with CVEs: - pillow 10.4.0 -> 12.2.0 (OOB writes parsing malformed images — validators parse miner-submitted media, so this is the one that matters most), diffusers 0.36.0 -> 0.38.0 (trust_remote_code bypass), pyarrow 19.0.1 -> 23.0.1, python-dotenv 1.0.1 -> 1.2.2, httpcore 1.0.7 -> 1.0.9 (unblocks h11 0.16.0 — the one CRITICAL alert, malformed chunked-encoding). Lockfile-only upgrades (transitive): GitPython 3.1.50, urllib3 2.7.0, cryptography 49.0.0, msgpack 1.2.1, protobuf 5.29.6, ecdsa 0.19.2, requests, idna, pygments, and ~150 others via uv lock --upgrade. Added [tool.uv] constraint-dependencies = [torchaudio==2.7.1]: torchaudio wheels declare no torch dependency, so the resolver happily floats it to versions ABI-incompatible with our pinned torch 2.7.1. Deliberately NOT fixed: - aiohttp / starlette / setuptools alerts: blocked by bittensor 9.9.0's own pins (aiohttp~=3.9, fastapi~=0.110.1, setuptools~=70). Requires a bittensor SDK bump. - torch / transformers: major-version jumps; not worth the GPU-stack risk for medium-severity alerts. - ecdsa Minerva timing attack: no patch exists upstream.
The 2.x line vendors cyscale, which shares the scalecodec namespace and refuses to coexist with it — but substrate-interface (still used for Keypair in epistula.py) requires scalecodec. Caught by CI test collection.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Continuation of the code-quality burndown (#407, #409). Independent pieces, one commit each — the reformat commit is whitespace-only and safe to skip in review.
Dead code (
580f30a)Deletes three functions whose features live on in their replacements, all with zero callers:
generate_prompts_from_image/generate_scene_from_image→ replaced by the batch pipeline (generate_scenes_batch+compose_prompts_from_scenes)save_images_to_disk→ replaced bygenerator_service._write_mediais_duplicate→ replaced bycompute_media_hash+check_duplicate_in_dbAlso removes the never-called
get_service_infomethods (registry usesget_info()) and replaces the__import__("sqlite3").Rowinline-import hack with a normal top-level import in the three db stores.local_service signposting (
58d0beb)Kept as a reference implementation, now with an explicit do-not-enable banner: local generation produces no C2PA provenance, so its output fails validator verification.
Exception hygiene (
e69d4af)All six remaining bare
except:clauses fixed — temp-file cleanups narrowed toexcept OSError, the rest toexcept Exceptionwith the error logged. The silent_save_profiles_to_cacheswallows now log at debug. Also fixes aSyntaxWarningfrom an unescaped regex in a docstring.E722added to the CI lint gate.Tab reformat (
f5436f1+404da99)content_manager.pywas the repo's last tab-indented file (2,362 tabs). Converted to 4-space; AST verified identical modulo docstring whitespace.W191added to the CI gate, and the reformat SHA is recorded in.git-blame-ignore-revs(GitHub blame picks this up automatically; locally rungit config blame.ignoreRevsFile .git-blame-ignore-revsonce).Dependency security burndown (
8576233)Attacks the 120 Dependabot alerts (1 critical, 47 high). Fixes the critical and ~22 of the 27 unique highs.
Removed — verified never imported anywhere in the repo:
onnx(inference happens inside gasbench via its ownonnxruntime-gpu) — kills all 6 onnx alertspython-multipart(FastAPI only needs it for form parsing; we have no form endpoints) — kills all 6asyncpg(no postgres anywhere anymore)sympy,coloredlogs,flatbuffers,humanfriendly,scikit-learn,nest-asyncio— still installed via their real requirers where neededblack+pre-commitmoved from runtime deps to the dev groupBumped direct pins with CVEs:
pillow10.4.0 → 12.2.0 — OOB writes parsing malformed images; validators parse miner-submitted media, so this is the security bump that matters mostdiffusers0.36.0 → 0.38.0 (trust_remote_code bypass),pyarrow19.0.1 → 23.0.1,python-dotenv1.0.1 → 1.2.2httpcore1.0.7 → 1.0.9 — unblocksh110.16.0, the one critical (malformed chunked-encoding)Lockfile-only (transitive) upgrades: GitPython 3.1.50, urllib3 2.7.0, cryptography 49.0.0, msgpack 1.2.1, protobuf 5.29.6, ecdsa 0.19.2, and ~150 others via
uv lock --upgrade.New guard:
[tool.uv] constraint-dependencies = ["torchaudio==2.7.1"]— torchaudio wheels declare no torch dependency, so without this the resolver floats it to versions ABI-incompatible with pinned torch 2.7.1 (it had already drifted to 2.11.0 on the first lock upgrade).Deliberately not fixed:
aiohttp~=3.9,fastapi~=0.110.1,setuptools~=70); requires a bittensor SDK bumpNo behavior changes outside the dependency bumps. CI is green at every commit, not just HEAD.
🤖 Generated with Claude Code