From 97c67b5e1a2aad76285233c22a6040ac021c50b0 Mon Sep 17 00:00:00 2001 From: ambassadia Date: Wed, 20 May 2026 10:00:06 +0200 Subject: [PATCH] security: strip absolute paths leaking dev machine + private monorepo T.6 post-publish audit caught two leaks in the published artefacts: 1. `conversion_report.json` (4 hits on both HF and GitHub) exposed absolute paths from the build machine: "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/X.safetensors" "onnx": "/tmp/supertonic3/model/onnx/X.onnx" This revealed the dev Mac's username (transcrilive) + the private monorepo name (MLX_CONVERTOR) + the internal sub-projects layout. 2. `src/supertonic_3_mlx/pipeline.py` docstring (1 hit) had a from_pretrained example pointing at /tmp/supertonic3/model. Fixes: - conversion_report.json regenerated with basenames only ("vector_estimator.onnx" / "weights/vector_estimator.safetensors") - pipeline.py docstring example updated to use the canonical Hub repo id - the upstream converter tool (in the dev monorepo) patched so future regenerations of the report don't reintroduce the leak No tokens, credentials, or keys were ever exposed; tokens are kept only in env vars / keyrings and never enter the published artefacts. --- conversion_report.json | 16 ++++++++-------- src/supertonic_3_mlx/pipeline.py | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/conversion_report.json b/conversion_report.json index 4a2645e..5d9c81d 100644 --- a/conversion_report.json +++ b/conversion_report.json @@ -2,8 +2,8 @@ "models": [ { "model": "VectorEstimator", - "onnx": "/tmp/supertonic3/model/onnx/vector_estimator.onnx", - "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/vector_estimator.safetensors", + "onnx": "vector_estimator.onnx", + "safetensors": "weights/vector_estimator.safetensors", "bytes": 256053073, "sha256": "2359240f2dcaee03b4800102aa0bea00223d2867ab752ef01af2b1cfaf92f3a6", "weights_kept": 351, @@ -134,8 +134,8 @@ }, { "model": "TextEncoder", - "onnx": "/tmp/supertonic3/model/onnx/text_encoder.onnx", - "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/text_encoder.safetensors", + "onnx": "text_encoder.onnx", + "safetensors": "weights/text_encoder.safetensors", "bytes": 36022466, "sha256": "9df20bb79496718b36d2c0fc37636d3f78d6ef751b2899ff6dfeb975ae737ada", "weights_kept": 146, @@ -145,8 +145,8 @@ }, { "model": "DurationPredictor", - "onnx": "/tmp/supertonic3/model/onnx/duration_predictor.onnx", - "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/duration_predictor.safetensors", + "onnx": "duration_predictor.onnx", + "safetensors": "weights/duration_predictor.safetensors", "bytes": 3470807, "sha256": "cd473acb6e0ac27426084488ccb3b3cc184e70d05db90897e2b892846db5dcb3", "weights_kept": 98, @@ -156,8 +156,8 @@ }, { "model": "Vocoder", - "onnx": "/tmp/supertonic3/model/onnx/vocoder.onnx", - "safetensors": "/Users/transcrilive/MLX_CONVERTOR/sub-projects/supertonic3-mlx/hf_release/weights/vocoder.safetensors", + "onnx": "vocoder.onnx", + "safetensors": "weights/vocoder.safetensors", "bytes": 101364763, "sha256": "b2ec31ab7c554f6e15b9a6780554b5d3502345de7848b310966bfb4e1ea4e526", "weights_kept": 103, diff --git a/src/supertonic_3_mlx/pipeline.py b/src/supertonic_3_mlx/pipeline.py index 30f014f..2af0662 100644 --- a/src/supertonic_3_mlx/pipeline.py +++ b/src/supertonic_3_mlx/pipeline.py @@ -25,7 +25,7 @@ Flow: Public API: - pipe = SupertonicMLXPipeline.from_pretrained("/tmp/supertonic3/model") + pipe = SupertonicMLXPipeline.from_pretrained("ambassadia/supertonic-3-mlx") wav = pipe.generate("Hello world", voice="F1", lang="en") import soundfile as sf sf.write("out.wav", wav, pipe.sample_rate)