feat: offline-first model bundling -- disable HuggingFace downloads at runtime #45

New issue

Closed

opened 2026-05-26 23:05:25 -07:00 by pyr0ball · 1 comment

pyr0ball commented

2026-05-26 23:05:25 -07:00

Owner

Enterprise deployments in air-gapped or compliance-audited environments cannot make outbound HTTPS calls to huggingface.co. Turnstone must run without any runtime model downloads.

Changes needed:

Audit all transformers, sentence-transformers, and pipeline() calls for network activity at startup/first-use
Add TURNSTONE_OFFLINE_MODE=1 env var that disables or stubs all HF fetches
When offline mode is active and a model path is not found locally: log a warning, disable the feature gracefully (no crash)
Document how to pre-download models and mount them into the container (HF_HOME / HF_HUB_OFFLINE env vars)
Add a scripts/prefetch_models.sh helper that downloads required weights to a local dir for air-gapped transfer
Dockerfile: ensure HF_HUB_OFFLINE and TRANSFORMERS_OFFLINE are respected when set

Acceptance criteria: TURNSTONE_OFFLINE_MODE=1 container starts, indexes logs, and serves queries with zero outbound connections.

Enterprise deployments in air-gapped or compliance-audited environments cannot make outbound HTTPS calls to `huggingface.co`. Turnstone must run without any runtime model downloads. **Changes needed:** - Audit all `transformers`, `sentence-transformers`, and `pipeline()` calls for network activity at startup/first-use - Add `TURNSTONE_OFFLINE_MODE=1` env var that disables or stubs all HF fetches - When offline mode is active and a model path is not found locally: log a warning, disable the feature gracefully (no crash) - Document how to pre-download models and mount them into the container (`HF_HOME` / `HF_HUB_OFFLINE` env vars) - Add a `scripts/prefetch_models.sh` helper that downloads required weights to a local dir for air-gapped transfer - Dockerfile: ensure `HF_HUB_OFFLINE` and `TRANSFORMERS_OFFLINE` are respected when set **Acceptance criteria:** `TURNSTONE_OFFLINE_MODE=1` container starts, indexes logs, and serves queries with zero outbound connections.

pyr0ball added this to the Enterprise POC Deliverable milestone 2026-05-26 23:05:25 -07:00

pyr0ball added the

compliance

deployment

enhancement

labels 2026-05-26 23:05:25 -07:00

pyr0ball commented

2026-05-28 08:21:51 -07:00

Author

Owner

Implemented via TURNSTONE_OFFLINE_MODE=1 env var in app/rest.py.

Sets HF_HUB_OFFLINE=1 and TRANSFORMERS_OFFLINE=1 before any HuggingFace library loads — both the classifier (byviz/bylastic_classification_logs) and the embedder (BAAI/bge-small-en-v1.5) are blocked from phoning home. Falls back to pattern-based classifier and skips embedding when model cache is absent.

Pre-download commands added to .env.example. Full air-gap checklist in docs/air-gapped-deployment.md (see #47).

Implemented via `TURNSTONE_OFFLINE_MODE=1` env var in `app/rest.py`. Sets `HF_HUB_OFFLINE=1` and `TRANSFORMERS_OFFLINE=1` before any HuggingFace library loads — both the classifier (`byviz/bylastic_classification_logs`) and the embedder (`BAAI/bge-small-en-v1.5`) are blocked from phoning home. Falls back to pattern-based classifier and skips embedding when model cache is absent. Pre-download commands added to `.env.example`. Full air-gap checklist in docs/air-gapped-deployment.md (see #47).

pyr0ball closed this issue

2026-05-28 08:21:51 -07:00

pyr0ball referenced this issue from a commit

2026-05-29 14:18:48 -07:00

feat(diagnose): tech-level post-processor, offline mode, API auth, context harvest

pyr0ball referenced this issue from a commit

2026-06-13 21:54:47 -07:00

feat(diagnose): tech-level post-processor, offline mode, API auth, context harvest

pyr0ball referenced this issue from a commit

2026-06-13 22:18:24 -07:00

feat(diagnose): tech-level post-processor, offline mode, API auth, context harvest