feat(huggingFace): add HuggingFaceModelResource for model browsing and media proxy by PG1204 · Pull Request #5124 · apache/texera

PG1204 · 2026-05-17T21:33:40Z

Summary

Related to issue #5041

First PR in a stacked series landing the HuggingFace operator end-to-end. This PR adds only the backend REST resource — no operator code yet. The resource is independently useful (the frontend can already integrate with it) and lets reviewers absorb the API surface before the operator class lands.

What's changes were proposed in this PR?

Introduces HuggingFaceModelResource, a Jersey resource registered at /api/huggingface/*:

Endpoint	Purpose
`GET /api/huggingface/models`	Browse / search models per task. Uses an in-process cache for browse mode and forwards to HF Hub for search.
`GET /api/huggingface/tasks`	Fetch HF pipeline tags filtered to tasks with hosted inference. Cached process-lifetime.
`POST /api/huggingface/upload-audio`	Upload audio bytes for HF audio tasks; stores in `/tmp/texera-hf-audio/` and returns the file path.
`GET /api/huggingface/audio-preview`	Stream uploaded audio (path-validated to prevent traversal).
`GET /api/huggingface/media-proxy`	Proxy remote media URLs (HF inference responses) to bypass browser CORS.

Also a one-line registration in TexeraWebApplication.scala.

Stacked PR plan

This is PR 1 of ~9. Subsequent PRs will add:

PR 2: refactored HuggingFaceInferenceOpDesc skeleton + text-generation codegen
PRs 3–5: per-task-family codegen (image, audio + media-gen, QA/ranking)
PRs 6–8: frontend (task/model selector, property-editor visibility, result-panel media)
PR 9: developer docs

Test plan

sbt "amber/test" passes locally
Hit GET /api/huggingface/tasks and confirm JSON list of supported tasks
Hit GET /api/huggingface/models?task=text-generation and confirm paginated model list
POST /api/huggingface/upload-audio with a small WAV, then fetch via /api/huggingface/audio-preview and confirm the bytes match
GET /api/huggingface/media-proxy?url=… with a known HF inference response URL and confirm the response is streamed

Authored / co-authored using generative AI tooling?

Co-authored with Claude Opus 4.7

…d media proxy Introduces a new Jersey REST resource exposing endpoints used by the upcoming HuggingFace operator UI: - GET /api/huggingface/models — browse / search models per task - GET /api/huggingface/tasks — list HF pipeline tags with hosted inference - POST /api/huggingface/upload-audio — upload audio for HF audio tasks - GET /api/huggingface/audio-preview — stream uploaded audio (path-validated) - GET /api/huggingface/media-proxy — proxy remote media URLs to bypass CORS This is the first PR in a stacked series landing the HF operator end-to-end. No operator code yet; this resource is independently useful and lets the frontend integrate with HF before the operator class lands.

PG1204 · 2026-05-17T21:39:22Z

/request-review @Ma77Ball

codecov-commenter · 2026-05-17T21:44:29Z

Codecov Report

❌ Patch coverage is 0% with 215 lines in your changes missing coverage. Please review.
✅ Project coverage is 42.95%. Comparing base (bfa79a7) to head (78633de).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...texera/web/resource/HuggingFaceModelResource.scala	0.00%	214 Missing ⚠️
...a/org/apache/texera/web/TexeraWebApplication.scala	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #5124      +/-   ##
============================================
- Coverage     43.17%   42.95%   -0.23%     
- Complexity     2209     2212       +3     
============================================
  Files          1045     1046       +1     
  Lines         40254    40469     +215     
  Branches       4250     4288      +38     
============================================
+ Hits          17380    17383       +3     
- Misses        21804    22016     +212     
  Partials       1070     1070

Flag	Coverage Δ		*Carryforward flag
access-control-service	`39.53% <ø> (ø)`		Carriedforward from bfa79a7
agent-service	`33.72% <ø> (ø)`		Carriedforward from bfa79a7
amber	`43.28% <0.00%> (-0.58%)`	⬇️
computing-unit-managing-service	`0.00% <ø> (ø)`		Carriedforward from bfa79a7
config-service	`0.00% <ø> (ø)`		Carriedforward from bfa79a7
file-service	`32.18% <ø> (ø)`		Carriedforward from bfa79a7
frontend	`34.05% <ø> (ø)`		Carriedforward from bfa79a7
python	`90.43% <ø> (ø)`		Carriedforward from bfa79a7
workflow-compiling-service	`56.81% <ø> (ø)`		Carriedforward from bfa79a7

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Yicong-Huang · 2026-05-18T04:33:58Z

@PG1204 Thanks for opening this PR! Please do the following:

please follow our PR template and make the description concise.
please make sure your code meets the test coverage.
please use issues to describe future plans such as stacked PRs. This is because each PR after merge will become immutable. Issues can hold information that is longer than a PR's life cycle, and can subject to updates. If you are planning for opening multiple PRs, I suggest you use an umbrella issue to contain multiple sub issues, each for one PR.
you can use /request-review @xxx to request reviewer for review.

PG1204 · 2026-05-18T04:39:04Z

@Yicong-Huang

Thank you for the suggestions. Will update the PR accordingly.

Ma77Ball · 2026-05-18T19:30:44Z

Hi @PG1204, while I begin my review, please address @Yicong-Huang's feedback. Specifically:

Update the PR description to follow this template exactly:

   ### What changes were proposed in this PR?
   ...
   ### Any related issues, documentation, or discussions?
   ...
   ### How was this PR tested?
   ...
   ### Was this PR authored or co-authored using generative AI tooling?
   ...

Add test coverage for as much of the new code as possible. At a minimum, please cover the main features and call paths introduced here.
Relocate the overall PR plan to the parent issue, and keep this PR's description scoped to the code changes it actually contains.
Document any architectural changes. If this PR modifies the architecture, please describe what changed and where, so reviewers can follow the design intent.

Thanks, and looking forward to the updates!

Ma77Ball

Please review and resolve the comments and ask any questions as needed.

Ma77Ball · 2026-05-18T19:33:33Z

+      @QueryParam("search") search: String
+  ): Response = {
+    try {
+      val hfToken = Option(System.getenv("HF_TOKEN")).getOrElse("")


How does the user add their token to the system? Is there a future PR to allow the user to specify a token in settings or the operator itself?

Ma77Ball · 2026-05-18T19:44:21Z

+  ): java.util.List[java.util.Map[String, Object]] = {
+    val allResults = new java.util.ArrayList[java.util.Map[String, Object]]()
+    var nextUrl: String = null
+    var pageCount = 0


MAX_PAGES does not exist in this PR. So what is pageCount used for, and is it needed in this pr?

Ma77Ball · 2026-05-18T19:46:54Z

+      if (hfResponse.getStatus != 200) {
+        // Stop paginating on error, return what we have so far
+        return allResults
+      }


Possibly add a message or log entry indicating that an error occurred, rather than caching and returning an incomplete list.

Ma77Ball · 2026-05-18T19:51:43Z

+  @Consumes(Array(MediaType.WILDCARD))
+  def uploadAudioReference(
+      @QueryParam("filename") filename: String,
+      bytes: Array[Byte]


There should be a size limit to prevent users from posting overly large audio files that will use up all the RAM. Please either implement a hard limit or improve how we handle large audio files so we don't store them in memory before writing to disk.

Ma77Ball · 2026-05-18T19:54:48Z

+        if (idx >= 0 && idx < safeFileName.length - 1) safeFileName.substring(idx) else ".bin"
+      }
+
+      val tempDir = Paths.get(System.getProperty("java.io.tmpdir"), "texera-hf-audio")


Please add a way to clean up this folder when no longer needed.

Ma77Ball · 2026-05-18T20:15:13Z

+
+import com.fasterxml.jackson.core.`type`.TypeReference
+import com.fasterxml.jackson.databind.{JsonNode, ObjectMapper}
+import kong.unirest.Unirest


This is used throughout the file and should include some configuration settings, as the default settings might not be optimal.

Ma77Ball · 2026-05-18T20:26:09Z

+      val cached = modelCache.get(task)
+      if (cached != null) {
+        return Response.ok(cached).build()
+      }
+
+      // Not cached — fetch all pages from HF Hub API
+      val allModels = fetchAllModelsForTask(task, hfToken)
+      val json = objectMapper.writeValueAsString(allModels)
+      modelCache.put(task, json)


The model cache needs cleanup logic, eviction policy, and a size limit. The current design only reads and puts the models in cache.

Ma77Ball · 2026-05-18T20:30:24Z

+          .entity("""{"error":"Media URL is required."}""")
+          .build()
+      }
+      if (!trimmedUrl.startsWith("http://") && !trimmedUrl.startsWith("https://")) {


The endpoint will fetch any URL it is given, allowing an attacker to reach internal services. An allowlist should be implemented to avoid this issue.

Ma77Ball · 2026-05-18T20:36:19Z

+          .status(Response.Status.INTERNAL_SERVER_ERROR)
+          .entity(s"""{"error":"Failed to fetch models: ${e.getMessage}"}""")
+          .build()
+    }


The current design returns the exact exception message, which exposes internal details to users. Suggestions:

Have Jackson handle escaping instead of concatenating the strings

import scala.jdk.CollectionConverters._ private def errorJson(message: String): String = { objectMapper.writeValueAsString(Map("error" -> message).asJava) }

Don't expose the e.getMessage to users. return a generic message (do this for all the try catch statements)

} catch { case e: Exception => logger.error("Model fetch failed", e) Response .status(Response.Status.INTERNAL_SERVER_ERROR) .entity(errorJson("Failed to fetch models.")) .build() }

Ma77Ball · 2026-05-18T21:39:41Z

+      .queryString("pipeline_tag", task)
+      .queryString("sort", "downloads")
+      .queryString("direction", "-1")
+      .queryString("limit", "100")


There should be a pagination loop or a way to let users know that they are viewing a truncated list.

github-actions Bot added the engine label May 17, 2026

github-actions Bot assigned PG1204 May 17, 2026

Ma77Ball suggested changes May 18, 2026

View reviewed changes

Conversation

PG1204 commented May 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

What's changes were proposed in this PR?

Stacked PR plan

Test plan

Authored / co-authored using generative AI tooling?

Uh oh!

PG1204 commented May 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov-commenter commented May 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Yicong-Huang commented May 18, 2026

Uh oh!

PG1204 commented May 18, 2026

Uh oh!

Ma77Ball commented May 18, 2026

Uh oh!

Ma77Ball left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

PG1204 commented May 17, 2026 •

edited

Loading

PG1204 commented May 17, 2026 •

edited

Loading

codecov-commenter commented May 17, 2026 •

edited

Loading