Add Hub verification token to evaluation metadata

[lewtun]

This PR adds a new verifyToken field to the evaluation metadata schema to enable the Hub to verify whether evaluation results come from Hugging Face's evaluation service vs self-reported.

This is need to enable the following PRs:

• https://github.com/huggingface/moon-landing/pull/4037
• https://github.com/huggingface/autotrain-backend/pull/823

Note: I'm not sure what's the best practice to handle camelCase fields in Python codebases, so please let me know if I should refactor variable names :)

[HuggingFaceDocBuilderDev]

The documentation is not available anymore as the PR was closed or merged.

[lewtun]

I use camelCase here because that's what's implemented on the Hub side: https://github.com/huggingface/moon-landing/pull/4037/files#diff-e9eafbf94fe033bdaf22611fa3eab89f02aa8776685889dd5cace85d7ed82257R82

[Wauplin]

@lewtun Sorry to ask for a last change but would it be possible to use snake_case here ? I think keeping consistency within the hfh parameters is more important than keeping consistency with the server naming.

This would require to change both the getter and the setter in

# in model_index_to_eval_results
verify_token = metric.get("verifyToken")
(...)
verify_token=verify_token,

and

# in eval_results_to_model_index
"verifyToken": result.verify_token,

[lewtun]

Thanks, I agree snake_case is nicer :)

Fixed in f0d1cc4 and 6995d2a

[osanseviero]

Is the huggingface_hub library the best place to add support for these more internal use cases? Except us, nobody else should use this (and one could argue the same for the previous verified parameter). Looking at the PRs, I was wondering if doing something like

card.data.eval_results[0].metrics_token = "token"

or similar would make more sense, rather than supporting setting verified tokens out of the box

[lewtun]

Is the huggingface_hub library the best place to add support for these more internal use cases? Except us, nobody else should use this (and one could argue the same for the previous verified parameter). Looking at the PRs, I was wondering if doing something like

card.data.eval_results[0].metrics_token = "token"

or similar would make more sense, rather than supporting setting verified tokens out of the box

We currently rely on the metadata_update() function in AutoTrain to create Hub PRs for evaluation (see here), which means metadata like verifyToken is excluded unless it's included in the huggingface_hub schema.

If desired, we could roll our own version of this function using the commit API functions in huggingface_hub, although that's a bit more work on our side.

cc @abhishekkrthakur

[julien-c]

hmm yeah i think this should live in internal code (wdyt also @coyotte508 @allendorf?)

[coyotte508]

IMO verified / verifyToken should at least be in the schema if only to be read? I mean they will be in model cards / in the JSON from the hub API (at least verified will be), I don't see why they shouldn't be in the metrics type.

Take this with a grain of salt, I'm only a little familiar with the hub library and not at all with how metadata is used in its scope.

[Wauplin]

IMO verified / verifyToken should at least be in the schema if only to be read? I mean they will be in model cards / in the JSON from the hub API (at least verified will be), I don't see why they shouldn't be in the metrics type.

I would be of @coyotte508 's opinion, at least if I understand correctly what this token is. For what I have read in https://github.com/huggingface/moon-landing/issues/3263 (and more precisely https://github.com/huggingface/moon-landing/issues/3263#issuecomment-1239320855) (internal links), we want to generate a token that proves the metrics have been verified by HF and we want this token to be public so that everyone can check it is a valid one, right ? If that's the case, I'd definitely be ok to have them in hfh, maybe with more explanations in the docstring part on what this token is.

[lewtun]

we want to generate a token that proves the metrics have been verified by HF and we want this token to be public so that everyone can check it is a valid one, right ? If that's the case, I'd definitely be ok to have them in hfh, maybe with more explanations in the docstring part on what this token is.

Yes, verifyToken is a signed JWT that enables HF to verify if a model evaluation came from our evaluation service. I'm happy to clarify this with a better docstring (I'm also equally happy to move this logic to AutoTrain if desired)

[julien-c]

Ok i hadn't actually read the code so i thought the signing code was here (which wouldn't make sense IMO)

Yes the types in repocard_data.py could be here indeed (ie. the actual types from the API) but metrics_token not sure if it's useful to add it here (especially confusing as it's not the name from the API)

Up to you

[Wauplin]

Agree that metrics_token is misleading as the only token we have at the moment is the User Access Token. But well documented I guess it should be good. I don't expect a lot of users to use this feature anyway so we can expect someone interested in it will take the time to understand how it works/read the docstring.

[lewtun]

Thanks for the feedback @julien-c @Wauplin ! I'll update this PR accordingly

[Wauplin]

(@lewtun I have just merged main in your branch to make the CI pass. You need to do a git pull locally before making any new commits)

[codecov]

Codecov Report

Base: 84.61% // Head: 84.63% // Increases project coverage by +0.01% 🎉

Coverage data is based on head (06fb50b) compared to base (a02f2b9).
Patch coverage: 100.00% of modified lines in pull request are covered.

❗ Current head 06fb50b differs from pull request most recent head 514689b. Consider uploading reports for the commit 514689b to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1142      +/-   ##
==========================================
+ Coverage   84.61%   84.63%   +0.01%     
==========================================
  Files          41       41              
  Lines        4096     4100       +4     
==========================================
+ Hits         3466     3470       +4     
  Misses        630      630              

Impacted Files	Coverage Δ
src/huggingface_hub/repocard.py	93.85% <100.00%> (+0.06%)	⬆️
src/huggingface_hub/repocard_data.py	98.41% <100.00%> (+0.02%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[lewtun]

@Wauplin thanks for the reviews - I think this should be good to go once the CI runs. Let me know if you want any more changes :)

[Wauplin]

@lewtun sorry I just added a last comment in #1142 (comment) and then we should be good to go I think. Thanks in advance 🙏

[lewtun]

I found it useful to add this info to the unit test to be sure that these new fields are behaving as expected

[lewtun]

@Wauplin thanks for the snake_case feedback - should now be fixed and ready to go if the CI passes :)

[Wauplin]

Perfect ! Thanks @lewtun for taking care of all the details :) 🔥