Skip to content

[Feat] Support integrity verification for model artifacts#787

Open
akaashrp wants to merge 6 commits intomlc-ai:mainfrom
akaashrp:integrity
Open

[Feat] Support integrity verification for model artifacts#787
akaashrp wants to merge 6 commits intomlc-ai:mainfrom
akaashrp:integrity

Conversation

@akaashrp
Copy link
Collaborator

@akaashrp akaashrp commented Mar 17, 2026

No description provided.

hamzaydia and others added 6 commits February 27, 2026 14:54
@hamzaydia @akaashrp
feat: add optional integrity verification for model artifacts
5cfd0bf 
Add SRI (Subresource Integrity) hash verification for model config,
WASM, and tokenizer files via an optional `integrity` field on
`ModelRecord`. When specified, downloaded artifacts are verified
against cryptographic hashes (SHA-256/384/512) before loading.

- Add `ModelIntegrity` interface and `verifyIntegrity()` using Web Crypto API
- Add `IntegrityError` class for hash mismatch errors
- Verify config, WASM, and tokenizer in engine loading pipeline
- Support `onFailure: "error" | "warn"` behavior
- Zero new dependencies, fully backwards compatible
- 25 unit tests + 8 integration tests

Closes mlc-ai#761
@hamzaydia @akaashrp
refactor: address code review feedback
6e731e3 
- Show sha256/sha384/sha512 openssl commands in README hash generation
- Add `npx verifyfetch sign` as simpler alternative for hash generation
- Extract `verifyTokenizerIfNeeded` helper in cache_util.ts to
  eliminate duplicated tokenizer verification logic
- Unify config merging in engine.ts by separating fetch/verify from
  override spreading, reducing duplication between integrity and
  non-integrity code paths
@hamzaydia @akaashrp
refactor: simplify config fetch and add Windows hash generation note
c821988 
- Always fetch config as arraybuffer and conditionally verify,
  eliminating the if/else branching for fetch format
- Add Windows compatibility note recommending cross-platform
  `npx verifyfetch sign` or Git Bash/WSL for openssl commands
@akaashrp
Update README and example
4533a0b
@akaashrp
Update isValidSRI behavior and verifyIntegrity flow
dc804a0
@akaashrp
Miscellaneous fixes
975508b
@gemini-code-assist
Copy link

gemini-code-assist bot commented Mar 17, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly bolsters the security of WebLLM by integrating Subresource Integrity (SRI) verification for all critical model artifacts. This new feature allows the system to cryptographically ensure that model configurations, WebAssembly binaries, and tokenizer files have not been altered or corrupted during transit or storage. By providing a robust mechanism for verifying the integrity of these components, WebLLM enhances trust and reliability, safeguarding against potential security vulnerabilities in web-based LLM deployments.

Highlights

  • Introduced Integrity Verification: Added support for Subresource Integrity (SRI) hashes to verify the authenticity of downloaded model artifacts (config, WASM, tokenizer files).
  • Enhanced Model Configuration: Extended the ModelRecord interface to include an optional integrity field, allowing developers to specify SRI hashes for their models.
  • New IntegrityError Type: Implemented a dedicated IntegrityError class to provide specific error handling for failed integrity checks, with options to log warnings or throw errors.
  • Comprehensive Documentation and Example: Updated the README.md with a detailed section on how to use integrity verification and included a new example demonstrating its implementation.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • README.md
    • Updated with a new "Integrity Verification" section, including usage and hash generation instructions, and minor formatting improvements.
  • examples/integrity-verification/package.json
    • Added a new package.json for the integrity verification example.
  • examples/integrity-verification/src/integrity_verification.html
    • Added a new HTML file for the integrity verification example.
  • examples/integrity-verification/src/integrity_verification.ts
    • Added a new TypeScript file demonstrating the use of integrity verification.
  • src/cache_util.ts
    • Modified asyncLoadTokenizer to support integrity verification for tokenizer files and introduced maybeVerifyTokenizerIntegrity.
  • src/config.ts
    • Extended the ModelRecord interface with an optional integrity field to specify SRI hashes.
  • src/engine.ts
    • Integrated integrity checks for mlc-chat-config.json and WASM model library files during model loading.
  • src/error.ts
    • Defined a new IntegrityError class for specific handling of integrity verification failures.
  • src/index.ts
    • Exported new types and functions related to integrity verification for public API access.
  • src/integrity.ts
    • Introduced a new module containing types (SRIString, FileIntegrityMap, ModelIntegrity) and core functions (verifyIntegrity, isValidSRI) for SRI hash validation.
  • tests/cache_util.test.ts
    • Added unit tests to ensure correct application and skipping of integrity verification for tokenizer files.
  • tests/integrity.test.ts
    • Added comprehensive unit tests for the new integrity.ts module, covering hash parsing, validation, and error handling.
Activity
  • The pull request was created by akaashrp. No further activity (comments, reviews, or progress updates) is available in the provided context.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 17, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a valuable security feature: integrity verification for model artifacts using SRI hashes. The implementation is robust, leveraging the Web Crypto API for hashing and providing clear error handling with a new IntegrityError type. The changes are well-structured across the codebase, with modifications to the engine, configuration, and utility functions. The addition of a new integrity.ts module with comprehensive unit tests demonstrates high code quality. The documentation in README.md is clear and provides helpful examples and commands for generating hashes. A new example project is also included to showcase the feature. My review includes one suggestion to improve error reporting in the example code. Overall, this is an excellent contribution.

examples/integrity-verification/src/integrity_verification.ts
Comment on lines +83 to +85
} else {
setStatus("Error: " + error);
}
Copy link

@gemini-code-assist gemini-code-assist bot Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The current error handling for non-IntegrityError cases might not display a useful message, as it relies on the default toString() of the error object, which can result in [object Object]. It's better to explicitly handle Error instances to show the message property, and convert other types to a string for a more informative output.

    } else if (error instanceof Error) {
      setStatus("Error: " + error.message);
    } else {
      setStatus("Error: " + String(error));
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akaashrp @hamzaydia