From b234d3eb2f35a52f42838ab65d82752c61bb7277 Mon Sep 17 00:00:00 2001 From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Date: Fri, 29 May 2026 13:06:12 -0400 Subject: [PATCH] chore: comments Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --- syft/pkg/cataloger/ai/processor.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/syft/pkg/cataloger/ai/processor.go b/syft/pkg/cataloger/ai/processor.go index a6a706456..1bb4f046c 100644 --- a/syft/pkg/cataloger/ai/processor.go +++ b/syft/pkg/cataloger/ai/processor.go @@ -77,12 +77,7 @@ func ggufMergeProcessor(pkgs []pkg.Package, rels []artifact.Relationship, err er return namedPkgs, rels, err } -// safeTensorsMergeProcessor is the single owner of naming, license resolution, -// HF config.json mining, cross-shard rollup, and supporting-evidence attachment -// for safetensors packages. The parsers it processes are intentionally minimal -// — they only decode the safetensors-specific format and emit nameless packages -// with content-derived metadata. This function: -// +// safeTensorsMergeProcessor owns naming, license resolution, etc // 1. groups all nameless packages by parent directory (or a single sentinel // for OCI artifacts, since the ContainerImageModel resolver puts every // layer at virtual path "/"); @@ -143,6 +138,8 @@ func safeTensorsMergeProcessor(ctx context.Context, resolver file.Resolver, pkgs // groupSafeTensorsPackages buckets packages by the parent directory of their // primary-evidence location, or the OCI sentinel when the location lives at // the ContainerImageModel resolver's virtual "/" path. +// TODO: assemble a test where there are cases for DIR ran into for a single scan +// - safe tensors at the top level as well as sub directories func groupSafeTensorsPackages(pkgs []pkg.Package) map[string][]pkg.Package { out := make(map[string][]pkg.Package) for _, p := range pkgs {