426e9eeabd
Benchmark Bridge Tests / benchmark (bunx @biomejs/biome check packages/lifeops-bench/src, benchmark-lint) (push) Waiting to run
Benchmark Bridge Tests / benchmark (bunx vitest run --config packages/lifeops-bench/vitest.config.ts --root packages/lifeops-bench --passWithNoTests, benchmark-tests) (push) Waiting to run
Build Agent Image / build-and-push (push) Waiting to run
Chat shell gestures / Chat shell gesture + parity e2e (push) Waiting to run
Cloud Gateway Discord / Test (push) Waiting to run
Cloud Gateway Webhook / Test (push) Waiting to run
Cloud Tests / lint-and-types (push) Waiting to run
Cloud Tests / unit-tests (push) Waiting to run
Cloud Tests / integration-tests (push) Waiting to run
Cloud Tests / e2e-tests (push) Blocked by required conditions
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Deploy Apps Worker (Product 2) / Determine environment (push) Waiting to run
Deploy Apps Worker (Product 2) / Deploy apps worker to apps-control host (${{ needs.determine-env.outputs.environment }}) (push) Blocked by required conditions
Deploy Eliza Provisioning Worker / Determine environment (push) Waiting to run
Deploy Eliza Provisioning Worker / Deploy worker to Hetzner host (${{ needs.determine-env.outputs.environment }} @ ${{ needs.determine-env.outputs.deployment_sha }}) (push) Blocked by required conditions
Dev Smoke / Classify changed paths (push) Waiting to run
Dev Smoke / bun run dev onboarding chat (push) Blocked by required conditions
Dev Smoke / Vite HMR dependency-level smoke (push) Blocked by required conditions
Electrobun Submodule Guard / electrobun gitlink is fetchable (push) Waiting to run
Publish @elizaos/example-code / check_npm (push) Waiting to run
Publish @elizaos/example-code / publish_npm (push) Blocked by required conditions
Publish @elizaos/plugin-elizacloud / verify_version (push) Waiting to run
Publish @elizaos/plugin-elizacloud / publish_npm (push) Blocked by required conditions
Sandbox Live Smoke / Sandbox live smoke (push) Waiting to run
Snap Build & Test / Build Snap (amd64) (push) Waiting to run
Snap Build & Test / Build Snap (arm64) (push) Waiting to run
supply-chain / sbom (push) Waiting to run
supply-chain / vulnerability-scan (push) Waiting to run
Build, Push & Deploy to Phala Cloud / build-and-push (push) Waiting to run
Test Packaging / Validate Packaging Configs (push) Waiting to run
Test Packaging / PyPI on Python ${{ matrix.python }} (push) Waiting to run
Test Packaging / Pack & Test JS Tarballs (push) Waiting to run
Test Packaging / elizaos CLI global-install smoke (node + bun) (push) Waiting to run
UI Fixture E2E / ui-fixture-e2e (push) Waiting to run
UI Fixture E2E / fixture-e2e (push) Waiting to run
UI Story Gate / story-gate (push) Waiting to run
vault-ci / test (macos-latest) (push) Waiting to run
vault-ci / test (ubuntu-latest) (push) Waiting to run
vault-ci / test (windows-latest) (push) Waiting to run
vault-ci / app-core wiring tests (push) Waiting to run
verify-patches / verify patches/CHECKSUMS.sha256 (push) Waiting to run
Voice Benchmark Smoke / voice-emotion fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voiceagentbench fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench-quality unit smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench TypeScript unit (no audio) (push) Waiting to run
Voice Benchmark Smoke / voice bench smoke summary (push) Blocked by required conditions
Windows CI / windows ([bun run --cwd packages/app-core test bun run --cwd packages/elizaos test bun run --cwd packages/cloud/shared test], app-and-cli) (push) Waiting to run
Windows CI / windows ([bun run --cwd packages/scenario-runner test bun run --cwd packages/vault test bun run --cwd packages/security test bun run --cwd plugins/plugin-coding-tools test], framework-packages) (push) Waiting to run
Windows CI / windows ([bun run --cwd plugins/plugin-elizacloud test bun run --cwd plugins/plugin-discord test bun run --cwd plugins/plugin-anthropic test bun run --cwd plugins/plugin-openai test bun run --cwd plugins/plugin-app-control test bun run --cwd plugins/pl… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run build --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/agent --concurrency=4 node packages/scripts/run-bash-linux-only.mjs scripts/verify-riscv64-buildpaths.sh node packages/scripts/run… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run typecheck --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/cloud-shared --concurrency=4 bun run --cwd packages/core test bun run --cwd packages/shared test], core-runtime, 75) (push) Waiting to run
Test Packaging / Build & Test PyPI Package (push) Waiting to run
Voice Workbench / headless workbench (mocked backends) (push) Has been cancelled
Voice Workbench / real acoustic lane (nightly, provisioned only) (push) Has been cancelled
ci / test (push) Has been cancelled
ci / lint-and-format (push) Has been cancelled
ci / build (push) Has been cancelled
ci / dev-startup (push) Has been cancelled
gitleaks / gitleaks (push) Has been cancelled
Markdown Links / Relative Markdown Links (push) Has been cancelled
Quality (Extended) / Homepage Build (PR smoke) (push) Has been cancelled
Quality (Extended) / Comment-only diff guard (push) Has been cancelled
Quality (Extended) / Format + Type Safety Ratchet (push) Has been cancelled
Quality (Extended) / Develop Gate (secret scan + UI determinism) (push) Has been cancelled
Quality (Extended) / Develop Gate (lint) (push) Has been cancelled
220 lines
6.5 KiB
JavaScript
220 lines
6.5 KiB
JavaScript
#!/usr/bin/env node
|
|
/**
|
|
* Idempotent model fetcher for the local GPU vision service. Downloads the
|
|
* pinned Unlimited-OCR GGUF + its F16 mmproj (and, under --with-vlm, a small
|
|
* Qwen3-VL Instruct GGUF + mmproj) into the gpu-vision cache, verifies every
|
|
* blob's sha256 against models.lock.json, and records the pin on first download.
|
|
*
|
|
* Fetch strategy: the `hf` CLI when present (resumable, revision-pinned),
|
|
* otherwise a direct HTTPS `resolve/<revision>` download. Either way the integrity
|
|
* gate is the same lockfile check — a corrupt or upstream-changed file fails loud
|
|
* instead of being served. Already-present + verified files are skipped, so
|
|
* re-running is cheap and safe.
|
|
*
|
|
* Usage:
|
|
* node scripts/gpu-vision/setup.mjs [--with-vlm]
|
|
*/
|
|
|
|
import { spawnSync } from "node:child_process";
|
|
import { createWriteStream } from "node:fs";
|
|
import fs from "node:fs/promises";
|
|
import path from "node:path";
|
|
import { Readable } from "node:stream";
|
|
import { pipeline } from "node:stream/promises";
|
|
import { fileURLToPath } from "node:url";
|
|
import {
|
|
assertPlausibleSize,
|
|
cacheDir,
|
|
formatBytes,
|
|
lockKey,
|
|
MODEL_SETS,
|
|
modelFilePath,
|
|
parseArgs,
|
|
readLockfile,
|
|
reconcileLock,
|
|
sha256File,
|
|
writeLockfile,
|
|
} from "./lib.mjs";
|
|
|
|
function hfCliPath() {
|
|
for (const bin of ["hf", "huggingface-cli"]) {
|
|
const probe = spawnSync(bin, ["version"], { encoding: "utf8" });
|
|
if (probe.status === 0) return bin;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
function resolveUrl(set, fileName) {
|
|
return `https://huggingface.co/${set.repo}/resolve/${set.revision}/${fileName}`;
|
|
}
|
|
|
|
async function fileExists(p) {
|
|
try {
|
|
await fs.stat(p);
|
|
return true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
async function downloadViaHf(hfBin, set, fileName, destDir) {
|
|
const result = spawnSync(
|
|
hfBin,
|
|
[
|
|
"download",
|
|
set.repo,
|
|
fileName,
|
|
"--revision",
|
|
set.revision,
|
|
"--local-dir",
|
|
destDir,
|
|
],
|
|
{ stdio: "inherit", encoding: "utf8" },
|
|
);
|
|
if (result.status !== 0) {
|
|
throw new Error(
|
|
`[gpu-vision] hf download failed for ${set.repo}/${fileName} (exit ${result.status})`,
|
|
);
|
|
}
|
|
// hf places the file at destDir/<fileName>; our layout stores it flat there.
|
|
return path.join(destDir, fileName);
|
|
}
|
|
|
|
async function downloadViaHttps(set, fileName, destPath) {
|
|
const url = resolveUrl(set, fileName);
|
|
process.stdout.write(` GET ${url}\n`);
|
|
const res = await fetch(url, { redirect: "follow" });
|
|
if (!res.ok || !res.body) {
|
|
throw new Error(`[gpu-vision] HTTP ${res.status} downloading ${url}`);
|
|
}
|
|
const tmp = `${destPath}.partial`;
|
|
await pipeline(Readable.fromWeb(res.body), createWriteStream(tmp));
|
|
await fs.rename(tmp, destPath);
|
|
return destPath;
|
|
}
|
|
|
|
/**
|
|
* Ensure one pinned blob is present and lockfile-verified. Exported so the unit
|
|
* suite can prove the skip-if-present path still runs the sha256 gate — a
|
|
* present-but-wrong file must fail here, never be served.
|
|
*/
|
|
export async function ensureFile({ setKey, role, hfBin, lock }) {
|
|
const set = MODEL_SETS[setKey];
|
|
const file = set.files[role];
|
|
const destPath = modelFilePath(setKey, role);
|
|
const destDir = path.dirname(destPath);
|
|
await fs.mkdir(destDir, { recursive: true });
|
|
|
|
const key = lockKey(setKey, role);
|
|
const pinned = lock[key];
|
|
|
|
if (await fileExists(destPath)) {
|
|
if (pinned) {
|
|
const observedSha = await sha256File(destPath);
|
|
reconcileLock(lock, key, { sha256: observedSha });
|
|
const { size } = await fs.stat(destPath);
|
|
process.stdout.write(
|
|
` skip ${file.name} (present, sha256 verified, ${formatBytes(size)})\n`,
|
|
);
|
|
return { bytes: size, downloaded: false };
|
|
}
|
|
// Present but unpinned (first-ever run interrupted mid-record): re-hash and pin below.
|
|
} else {
|
|
process.stdout.write(
|
|
` fetch ${file.name} from ${set.repo}@${set.revision.slice(0, 8)}\n`,
|
|
);
|
|
if (hfBin) {
|
|
const landed = await downloadViaHf(hfBin, set, file.name, destDir);
|
|
if (landed !== destPath && (await fileExists(landed))) {
|
|
await fs.rename(landed, destPath);
|
|
}
|
|
} else {
|
|
await downloadViaHttps(set, file.name, destPath);
|
|
}
|
|
}
|
|
|
|
// Cheap torn-download floor before the slower hash pass.
|
|
const { size } = await fs.stat(destPath);
|
|
assertPlausibleSize(size, file.approxBytes, file.name);
|
|
|
|
const observedSha = await sha256File(destPath);
|
|
const outcome = reconcileLock(lock, key, {
|
|
sha256: observedSha,
|
|
bytes: size,
|
|
repo: set.repo,
|
|
revision: set.revision,
|
|
file: file.name,
|
|
url: resolveUrl(set, file.name),
|
|
});
|
|
if (outcome.status === "recorded") {
|
|
lock[key] = outcome.entry;
|
|
process.stdout.write(
|
|
` WARN recorded NEW pin for ${file.name} — review the models.lock.json diff before committing\n` +
|
|
` sha256=${observedSha} (${formatBytes(size)})\n`,
|
|
);
|
|
} else {
|
|
process.stdout.write(
|
|
` ok ${file.name} sha256 verified (${formatBytes(size)})\n`,
|
|
);
|
|
}
|
|
return { bytes: size, downloaded: true };
|
|
}
|
|
|
|
async function main() {
|
|
const { flags } = parseArgs(process.argv.slice(2), {
|
|
booleans: ["with-vlm"],
|
|
});
|
|
const sets = flags["with-vlm"] ? ["ocr", "vlm"] : ["ocr"];
|
|
|
|
process.stdout.write(`[gpu-vision] cache: ${cacheDir()}\n`);
|
|
process.stdout.write(`[gpu-vision] model sets: ${sets.join(", ")}\n`);
|
|
|
|
const hfBin = hfCliPath();
|
|
process.stdout.write(
|
|
hfBin
|
|
? `[gpu-vision] using ${hfBin} for downloads\n`
|
|
: "[gpu-vision] hf CLI not found; using direct HTTPS resolve URLs\n",
|
|
);
|
|
|
|
const lock = await readLockfile();
|
|
let totalBytes = 0;
|
|
let downloadedAny = false;
|
|
|
|
for (const setKey of sets) {
|
|
const set = MODEL_SETS[setKey];
|
|
process.stdout.write(`\n[gpu-vision] ${set.label}\n`);
|
|
for (const role of Object.keys(set.files)) {
|
|
const { bytes, downloaded } = await ensureFile({
|
|
setKey,
|
|
role,
|
|
hfBin,
|
|
lock,
|
|
});
|
|
totalBytes += bytes;
|
|
downloadedAny = downloadedAny || downloaded;
|
|
}
|
|
}
|
|
|
|
await writeLockfile(lock);
|
|
process.stdout.write(
|
|
`\n[gpu-vision] done. total on disk: ${formatBytes(totalBytes)} across ${sets.length} set(s).\n`,
|
|
);
|
|
if (!downloadedAny) {
|
|
process.stdout.write(
|
|
"[gpu-vision] nothing to download — all files already present + verified.\n",
|
|
);
|
|
}
|
|
}
|
|
|
|
// Run only when invoked directly — the unit suite imports ensureFile from this
|
|
// module and must not trigger a download.
|
|
const isMain =
|
|
process.argv[1] &&
|
|
path.resolve(process.argv[1]) === fileURLToPath(import.meta.url);
|
|
if (isMain) {
|
|
main().catch((err) => {
|
|
process.stderr.write(`${err.stack || err.message}\n`);
|
|
process.exit(1);
|
|
});
|
|
}
|