Skip to content

fix: use huggingface_hub Python API for model pull#2

Merged
weklund merged 2 commits intomainfrom
fix/pull-use-python-api
Apr 2, 2026
Merged

fix: use huggingface_hub Python API for model pull#2
weklund merged 2 commits intomainfrom
fix/pull-use-python-api

Conversation

@weklund
Copy link
Copy Markdown
Owner

@weklund weklund commented Apr 1, 2026

Summary

  • Replaced subprocess shell-out to hf/huggingface-cli with a direct call to huggingface_hub.snapshot_download, which is already a declared dependency
  • Dropped the nonexistent [cli] extra from the huggingface-hub dependency in pyproject.toml
  • Removed dead code: _resolve_hf_cli(), _filter_traceback(), and associated subprocess plumbing
  • Added regression tests that assert _run_download uses the Python API and does not shell out to CLI binaries

Fixes #1

Test plan

  • All 1400 unit tests pass
  • New TestRunDownloadUsesSnapshotDownload class guards against regression:
    • Verifies snapshot_download is called with correct repo_id and local_dir
    • Verifies exceptions are wrapped in DownloadError
    • Inspects source to assert no subprocess/Popen/shutil.which usage
    • Asserts _resolve_hf_cli and _filter_traceback helpers are removed

🤖 Generated with Claude Code

weklund and others added 2 commits April 1, 2026 19:49
@weklund @claude
fix: use huggingface_hub Python API instead of CLI subprocess for pull
fac038d 
Replace the subprocess shell-out to hf/huggingface-cli with a direct
call to huggingface_hub.snapshot_download. This fixes pull failures when
mlx-stack is installed via uv tool or pipx, where dependency entry-points
are not exposed on PATH.

Also drops the nonexistent [cli] extra from the huggingface-hub dependency.

Fixes #1

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@weklund @claude
style: fix import sorting for ruff I001
a209296 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@weklund weklund merged commit 816ff0b into main Apr 2, 2026
1 check passed
@weklund weklund deleted the fix/pull-use-python-api branch April 2, 2026 00:56
@weklund weklund added the bug Something isn't working label Apr 2, 2026
@weklund weklund mentioned this pull request Apr 4, 2026
Open
12 tasks
weklund added a commit that referenced this pull request Apr 4, 2026
@weklund @claude
fix: add explicit permissions to CI and integration workflows (#34)
0f8bfb0 
## Summary
- Adds `permissions: contents: read` to `ci.yml`,
`integration-nightly.yml`, and `integration-prerelease.yml`
- Resolves all 4 open CodeQL code-scanning alerts
([#1](https://github.com/weklund/mlx-stack/security/code-scanning/1),
[#2](https://github.com/weklund/mlx-stack/security/code-scanning/2),
[#3](https://github.com/weklund/mlx-stack/security/code-scanning/3),
[#4](https://github.com/weklund/mlx-stack/security/code-scanning/4))
- Follows least-privilege principle — these workflows only need read
access to checkout code and run tests
- `release-please.yml` and `publish.yml` already had explicit
permissions

## Test plan
- [ ] CI passes on this PR (confirms `contents: read` is sufficient)
- [ ] CodeQL re-scan shows alerts resolved after merge

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

mlx-stack pull fails: huggingface-cli not on PATH when installed via uv tool / pipx

1 participant

@weklund