Harden inference API and add secure backend/deserialization architecture

[theproteinbot]

Summary

This PR delivers a production-hardening sequence across inference, API surface, packaging, and deserialization policy.

1) Inference architecture and API

• Extracts reusable inference service core.
• Adds backend abstraction for inference routing:
  • local backend
  • optional Modal HTTP backend
  • modal -> local fallback support
• Adds FastAPI app with:
  • GET /health
  • GET /ready
  • POST /predict

2) API security hardening

• Introduces secure-by-default request handling:
  • disables input_file requests unless explicitly enabled via env
  • disables request-time overrides (repo_root, python_executable) unless explicitly enabled
  • constrains results_dir under configured results root
  • constrains local/fallback checkpoint_dir under configured checkpoint root
  • limits input_rows cardinality and input_file size
• Extends readiness payload with effective API guardrail settings.

3) Packaging consistency

• Makes setup.cfg the single packaging metadata source.
• Reduces setup.py to a thin shim (setup() only).
• Preserves console scripts including catpred_web and web extra.

4) Deserialization policy and trust boundaries

• Adds centralized deserialization module:
  • trusted root enforcement
  • optional unsafe legacy loading toggle
  • unified wrappers for pickle/index/torch artifacts
• Rewires deserialization call sites to use policy wrappers across core paths.

New env controls

• CATPRED_API_INPUT_ROOT
• CATPRED_API_RESULTS_ROOT
• CATPRED_API_CHECKPOINT_ROOT
• CATPRED_API_ALLOW_INPUT_FILE
• CATPRED_API_ALLOW_UNSAFE_OVERRIDES
• CATPRED_API_MAX_INPUT_ROWS
• CATPRED_API_MAX_INPUT_FILE_BYTES
• CATPRED_TRUSTED_DESERIALIZATION_ROOTS
• CATPRED_ALLOW_UNSAFE_DESERIALIZATION

Validation

Ran real local validations during implementation:

• py_compile for touched modules
• FastAPI route/import checks
• API smoke with mock Modal backend (/health, /ready, /predict)
• modal failure fallback smoke (modal -> local)
• API guardrail smokes:
  • blocked unsafe request fields
  • blocked path escapes
  • enforced row/file limits
  • enforced checkpoint root for local/fallback
• Deserialization policy smoke:
  • trusted-root enforcement
  • unsafe toggle behavior (CATPRED_ALLOW_UNSAFE_DESERIALIZATION)
• Packaging/install smoke:
  • pip install -e . --no-deps
  • console script presence verification

Commit sequence

• a22e475 Fix prediction pipeline robustness and checkpoint compatibility
• 00416bb Update setup and usage docs for resilient local workflows
• 56c15d4 Phase 0: harden inference runtime and packaging entrypoints
• 89d6866 Phase 1: extract reusable inference service core
• 968b549 Phase 2: add web API and optional modal backend routing
• 7d11672 Phase 3.1: harden API request surface and path guardrails
• cd6f22a Phase 3.2: unify packaging metadata via setup.cfg
• 84f3e42 Phase 3.3: centralize deserialization policy and enforce trusted roots