Skip to content

Add model supply chain final artifact provenance gates#1723

Open
DENGXUELIN wants to merge 1 commit into
UnitOneAI:mainfrom
DENGXUELIN:improve/model-supply-chain-artifact-provenance-1594
Open

Add model supply chain final artifact provenance gates#1723
DENGXUELIN wants to merge 1 commit into
UnitOneAI:mainfrom
DENGXUELIN:improve/model-supply-chain-artifact-provenance-1594

Conversation

@DENGXUELIN

@DENGXUELIN DENGXUELIN commented Jun 8, 2026

Copy link
Copy Markdown

Skill Improvement ($50-150 Bounty)

Skill Modified

Skill name: model-supply-chain
Skill path: skills/ai-security/model-supply-chain/

What Was Wrong

The skill did not consistently require evidence that the final served model artifact matches the reviewed source, weights, adapters, tokenizer, chat template, quantization config, and runtime bundle. That can miss remote-code and artifact-substitution risks where a trusted source model is reviewed but a different final bundle is deployed.

What This PR Fixes

This PR adds final-artifact provenance gates for model supply chain reviews, including:

  • trust_remote_code=True and custom code review evidence
  • final served bundle provenance and manifest coverage
  • adapter, tokenizer, chat-template, quantization, and Ollama Modelfile coverage
  • signed internal mirror false-positive handling
  • output fields that tie findings to final deployed artifact identity

Evidence

Before (skill misses this / false positive on this):

A review can approve a model based on upstream model card or source repository trust while the final served bundle includes unverified remote code, unpinned adapters, changed tokenizer/chat template files, or an unverified Modelfile.

After (now correctly handled):

The skill now requires final bundle manifests, artifact hashes, remote-code provenance, adapter/tokenizer/template coverage, and signed internal mirror evidence before treating the model supply chain as verified.

Test Cases Added/Updated

  • Added vulnerable test cases (tests/vulnerable/)
  • Added benign test cases (tests/benign/)
  • Existing tests still pass

Added:

  • skills/ai-security/model-supply-chain/tests/vulnerable/remote-code-unverified-final-bundle.md
  • skills/ai-security/model-supply-chain/tests/benign/signed-internal-mirror-final-manifest.md

Validation performed locally:

  • git merge-tree --write-tree origin/main HEAD
  • git diff --check origin/main...HEAD
  • Markdown fence-balance check for changed files
  • ASCII check for added lines

Bounty Tier

  • Minor ($50) - Doc update, small logic tweak, typo fix
  • Moderate ($100) - New edge case coverage, FP reduction with evidence
  • Substantial ($150) - Rewritten detection logic, major coverage expansion

Bounty Info

  • I have read and agree to the CONTRIBUTING.md bounty terms
  • Preferred payment method: PayPal; details can be provided privately after maintainer acceptance.

Closes #1594

@DENGXUELIN DENGXUELIN mentioned this pull request Jun 8, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[REVIEW] model-supply-chain: add remote-code and final-artifact provenance gates

1 participant

@DENGXUELIN