fix(preflight): reject JANGTQ Mistral 3 / Laguna before vmlx loads

[jjang-ai]

Summary

Two-layer fail-fast defense for a load-path issue identified post-PR-#967 merge: JANGTQ-quantized Mistral 3 family (incl. Mistral-Medium-3.5-128B-JANGTQ2) and Laguna bundles can't load through vmlx today because their model classes use vanilla MLXNN.Linear instead of a JANGTQ-aware shim.

Without this PR, a user installing those JANGTQ tiers gets either a weight-shape mismatch crash (.tq_packed shape != Linear.weight flat), or silently-loaded garbage (codebook bytes treated as raw weights).

Layer 1 — engine-side (vmlx-swift-lm d32e135)

Both LLMModelFactory and VLMModelFactory mistral3 dispatch closures now peek weight_format BEFORE falling through to vanilla Mistral3TextModel / Mistral3VLM, throwing a clear error pointing at MXFP4 as the working alternative.

Layer 2 — osaurus host preflight (this PR)

validateJANGTQSidecarIfRequired now has a third check covering pending-JANGTQ families. Fires only when jang_config.json + weight_format == "mxtq" + model_type (or text_config.model_type) ∈ {mistral3, ministral3, laguna}. Surfaces a friendly remediation message at the host layer before any vmlx loader runs.

When the JANGTQ port lands

Once the shim is ported in vmlx, simply remove the family from pendingJANGTQFamilies set. No other host code change required.

Pin bump

vmlx-swift-lm a196800 → d32e135.

Test coverage

9 new MC/DC-shaped tests in Tests/Service/ValidateJANGTQUnsupportedFamilyTests.swift:

• D1/D2 existing branches still fire
• D3 outer mistral3 JANGTQ throws code-4
• D3 inner ministral3 (text_config) JANGTQ throws
• D3 laguna JANGTQ throws
• Boundary: nemotron_h / qwen3_5_moe / minimax_m2 JANGTQ all PASS (shims exist)
• Boundary: Mistral 3 family MXFP4 PASSES (only mxtq fires the gate)

Status

• OsaurusCore: 1256 / 1256 (was 1247 + 9 new)
• Base: osaurus/main at 01a1194a, 0 commits ahead

Test plan

• OsaurusCore swift test passes (1256 / 1256)
• vmlx focused tests pass at new pin (72 / 72)

[mimeding]

CI note from current PR sweep: latest test-core failed before tests ran with EventSource module-resolution errors, not with this PR-specific assertions. The first raw errors are missing CAsyncHTTPClient, CNIOLLHTTP, CNIOExtrasZlib, CNIOPosix, and _NumericsShims in target EventSource.

This matches the fallback DerivedData cache failure class we just fixed on the maintainer-owned #974 branch by wiping restored DerivedData when Actions restores from a broad fallback key rather than an exact source-hash key. A maintainer/admin rerun of the failed job should also take the existing cold-build path (github.run_attempt != 1) and may clear it; otherwise rebase after the CI hardening lands.

[mimeding]

Local verification on the current head passed the focused core coverage for this PR:\n\nswift test --package-path Packages/OsaurusCore --filter ValidateJANGTQUnsupportedFamilyTests\n\nResult: 11 tests passed. I also attempted the wider swift test --package-path Packages/OsaurusCore; it built and entered the full suite locally, then the local Swift testing helper went idle and had to be stopped, so I do not want to mark that as a completed full local pass.\n\nThe failing GitHub test-core job appears to have failed before running tests due to SwiftPM/Xcode C-module dependency resolution errors (CAsyncHTTPClient, CNIOLLHTTP, CNIOExtrasZlib, CNIOPosix, _NumericsShims, target EventSource). This matches the runner/dependency-resolution failure pattern we saw on PR #985 before rerun.\n\n@tpae could you ask someone with repo permissions to rerun test-core on PR #993?

[jjang-ai]

PR #993 — final state for review · 6cfad02a

This PR brings osaurus from 01a1194a (osaurus/main) up through 33 commits of model-loading, runtime, scanner, and capability fixes coupled to vmlx-swift-lm 0c36d01 (the for-iterable Jinja parser fix and Mistral 3.5 mxfp4 RMSNorm fix already on origin/main; 89f8114 is now also on origin/main, picking that up is the next pin bump).

What ships

Area	Change	Where
Cache: KV mode default	.none (fp16) → .turboQuant(4, 4)	ModelRuntime.swift:415
Cache: L2 disk re-enabled	force-disabled → diskDirUsable	ModelRuntime.swift:401
Capability matcher	Holo3 base bundles → .imageVideo	ModelMediaCapabilities.swift:111
Scanner	flat-layout + 3-level recursive HF nest detection	ModelManager.swift (+154L)
Sidecar fetch	auto-fetch jangtq_runtime.safetensors from HF on the exact failure that needs it, with strict gating	ModelRuntime.swift:1304-1510
Sidecar URL safety	isValidHFRepoId strict regex, https://huggingface.co/ host-pin, candidate fallback list (osaurus-ai → JANGQ-AI → mlx-community)	ModelRuntime.swift:1388-1532
Multi-turn contracts	aborted assistant turns never reach next prompt; reasoning toggle survives multi-turn	new test files (1896 lines / 81 @Test)
Vmlx pin	01a1194a-era → 0c36d01	Package.swift, Package.resolved × 2

Verified by other agents on the corresponding side

Cache + runtime (vmlx-swift-lm changes picked up via the pins):

• 1135950 — Laguna 3-parity bugs (sigmoid → softplus, biased→un-biased routing weights, plain→YaRN RoPE) — verified coherent: real-load decode "Okay, so I need to figure out how<think>Okay, let's see..." on Laguna-XS.2 JANGTQ.
• 576916b — Laguna codebook MoE via TurboQuantSwitchGLU + split fused gate_up_proj.
• babbe34/0fab91c — Mistral3VLM strip model. prefix on vision_tower / multi_modal_projector keys.
• 1173822 — TWO structural cache bugs that drove the "first turn fine, later turns garbage" symptom across every JANGTQ/MXFP4 multi-turn path:
  • Bug A: TurboQuantKVCache paged-restore compounded quantization across turns (re-encoding already-decoded lossy float). Fixed via new restoreFromDecodedKV that seats the prefix in .compressed phase without round-tripping.
  • Bug B: hybrid models (Qwen35, Qwen3Next, NemotronH) silently ignored CacheCoordinator.defaultMaxKVSize. Now route attention slots through RotatingKVCache(maxSize:, keep: 4) when the bound is set.
• 3f8a5e9 — Same maxKVSize honor for Qwen35JANGTQ + tied-embeddings hardenings (Mistral3VLM, NemotronH, Mistral3VLMJANGTQ).
• 0d85e9d — Defensive EOS widening: BatchEngine init probes 7 common end-of-turn special tokens against the tokenizer vocab and adds present ones to the EOS set. Closes the Qwen3.6 MXFP4 <|im_end|> leak.
• 0756dc0 — Disk-tier trim-path Metal lifecycle crash (notifyExternalReferencesNonZeroOnDealloc) closed. Disk cache safe to re-enable in osaurus (this PR does).
• 0c36d01 — osaurus-ai/swift-jinja@58d21aa5 fork pin: lifts for-loop iterable from "factor + |filter only" to "full binary + comparison + logical hierarchy, excluding ternary" via parseFilter() → parseOr() (Sources/Jinja/Parser.swift:186, 1-line change). Unblocks {% for message in loop_messages + [{'role': '__sentinel__'}] %} in Mistral 3.5's native chat template. 756/756 swift-jinja tests pass + 2 new regression tests (forLoopIterableAcceptsBinaryPlus, mistral3RealNativeTemplateParses).

Reasoning ON/OFF detection (osaurus side, exhaustively wired):

• LocalReasoningCapability.detect() reads chat_template.jinja or falls back to jang_config.json > chat.reasoning (DSV4-Flash style). Caches per-modelId.
• Capability.supportsThinking flips on <think> / </think> / <|think|> (Gemma-4 Harmony marker).
• ChatView.swift:395,409 reads activeModelOptions["disableThinking"]?.boolValue == false as thinkingEnabled.
• MLXBatchAdapter.swift:274-278 translates: additionalContext = ["enable_thinking": !disableThinking] (defaults to true).
• ThinkTagScrubber (Services/ModelRuntime/ThinkTagScrubber.swift) is a defensive post-filter on .tokens for thinking-capable models only. Buffers 7-byte tail for split-token tag detection.
• Multi-turn contract: ChatView.swift:1288-1291 builds priorUserMessages from t.role == .user only — assistant <think> content cannot leak into the next prompt by construction. Locked by AbortMidThinkHistoryContractTests.swift (152 lines).

JANGTQ sidecar auto-fetch (osaurus side):

• Runs on validateJANGTQSidecarIfRequired throwing the specific "missing sidecar but stamp says JANGTQ" error code (ModelRuntime/code 2). Any other failure mode propagates immediately (no speculative fetch).
• Candidate repo list: original repo → osaurus-ai → JANGQ-AI → mlx-community (canonical-cased, deduped, isValidHFRepoId-validated).
• Each candidate URL is https://-scheme-pinned + host-pinned to huggingface.co. No arbitrary URL fetch.
• Locked by EnsureJANGTQSidecarTests.swift (214 lines), JANGTQEdgeCaseTests.swift (496 lines), ValidateJANGTQUnsupportedFamilyTests.swift (206 lines), OsaurusOrgAutoFetchTests, WeightFormatNormalizationTests.

Hybrid SSM warm-pass + cache injection (vmlx-owned, osaurus consumes):

• BatchEngine.admitPendingRequests auto-flips coordinator.isHybrid = true on first slot admission for any model whose per-layer cache list contains a MambaCache or ArraysCache.
• Osaurus eager-sets setHybrid(true) for known hybrid families in installCacheCoordinator (Qwen3.5/3.6, NemotronH, Cascade-2, Jamba, etc.) per OMNI-OSAURUS-HOOKUP.md §5.1. Harmless on any admission path; closes the one-frame stale-flag window.
• Paged-cache reuse content-addressed via BlockHashMap — toggling enable_thinking between turns produces a different prompt → different hash → no poisoned hit.

Per-bundle media capability + drag-drop / picker accept-set (osaurus side):

• ModelMediaCapabilities.from(modelId:) substring/regex matcher: omni (Nemotron-3-Nano-Omni), imageVideo (Qwen2/2.5/3 VL, Qwen3.5/3.6 -vl, Holo3 base + -vl, SmolVLM 2), imageOnly (Paligemma, Idefics3, FastVLM, Pixtral, GLM-OCR, LFM2-VL, Gemma 3 / 4-it, Mistral 3 / 3.5, Mistral 4 -vl), textOnly otherwise.
• from(directory:modelId:) post-load refines via config.json > vision_config + config_omni.json sidecar (Nemotron-3 omni gate).
• FloatingInputCard.dropAcceptedTypes (line 2115): always .image + .fileURL, conditionally adds .audio + .mp3 + .wav + .mpeg4Audio for supportsAudio, .movie + .video + .quickTimeMovie + .mpeg4Movie for supportsVideo.
• pickerAllowedTypes (line 2139): same gating, picker shows audio/video formats only when the loaded model can actually consume them.
• attachIfAllowed (line 2179): routes by extension + capability; drops unsupported. Falsy default (textOnly) when no model selected.
• Locked by ModelMediaCapabilitiesMCDCTests.swift (MC/DC coverage including Holo3 base = imageVideo boundary).

Test evidence

• swift test (OsaurusCore): 1328/1328 pass in 182 suites at 89f8114. Includes 81 new @Test annotations from this PR — zero @disabled/XCTSkip markers added.
• xcodebuild test -workspace osaurus.xcworkspace -scheme OsaurusCoreTests from cold cache: ** TEST SUCCEEDED ** 1323 pass / 0 fail / 5 skipped (the 5 skipped are SandboxIntegrationTests — Apple Containerization VM tests, gated on OSAURUS_RUN_SANDBOX_INTEGRATION_TESTS=1, untouched by this PR, intentionally Disabled in CI per their suite-level annotation).
• xcodebuild build -scheme osaurus Release: ** BUILD SUCCEEDED ** (latest at HEAD 6cfad02a).

CI status

test-core failed with the EventSource / CAsyncHTTPClient / CNIOLLHTTP / CNIOExtrasZlib / CNIOPosix / _NumericsShims module-resolution errors. This is environmental — fallback-key restore of DerivedData from a different Package.resolved baseline mismatching the freshly-built C-shim module-map paths. Confirmed by raw failure logs (C shims compiled and linked cleanly, then Xcode rejected the cached .swiftmodule whose embedded paths didn't exist). PR's source builds green from cold cache locally; the PR doesn't touch .github/workflows/. Workflow has its own escape hatch at ci.yml:123-131: any Re-run failed jobs automatically wipes DerivedData (if: github.run_attempt != '1') and forces a cold build.

Verified-coherent bundles end-to-end (per vmlx-swift-lm team's BENCH harness sweep)

Bundle	Path	Result
Laguna-XS.2-JANGTQ	native {% generation %} template via fork	✅ 3-turn coherent
NemotronH-Omni 30B JANGTQ	image + video + audio + reasoning toggle	✅ all 11 OmniBench rows pass
Qwen3.6-27B-MXFP4	BENCH_BATCH_DISK_RESTORE (138/138 hit) + BENCH_BATCH_CHAT 3-turn	✅ no Metal crash, prompt 0.290s → 0.064s (4.5× cache hit), <|im_end|> clean stop
Qwen3.6-35B-A3B-JANGTQ4	hybrid SSM + codebook MoE 3-turn	✅
MiniMax-M2.7-Small-JANGTQ	3-turn with memory across turns	✅
Gemma-4-26B-A4B-it-JANG_4M	3-turn coherent	✅
Holo3-35B-A3B-mxfp4	3-turn	✅
Mistral-Medium-3.5-128B-mxfp4	post af89da7 (jang bitWidthsUsed: [] default)	✅ "Okay, the user just sent a blank message."

Documented open issues (NOT silently swept)

1. Mistral-Medium-3.5-128B-JANGTQ model-forward gibberish — root cause hypothesis documented in vmlx commit 89f8114: per-block codebook calibration mismatch on all-codebook dense decoder at non-power-of-2 hidden_size 12288. Hadamard rotation produces coordinate variance ~1/8192 + ~1/4096 (per block), but compute_codebook(d=12288, bits=2) calibrates 4 entries for variance ~1/12288. Across 88 dense layers the scale mismatch compounds. Fix requires per-block codebooks in BOTH jang_tools/turboquant/codebook.py AND Libraries/MLXLMCommon/JANGTQDenseLinear.swift. Recommendation: do NOT ship Mistral 3.5 JANGTQ until fixed. Mistral 3.5 mxfp4 path works fine.
2. Mistral 3.5 chat template still fails for the App's release binary — App's osaurus.xcodeproj/project.pbxproj declares no remote SPM packages (every remote pin comes transitively through the local-path packages OsaurusCore / OsaurusCLI / OsaurusRepository). SwiftPM's xcodeproj resolver picks the upstream huggingface/swift-jinja.git URL declared by swift-transformers over the fork URL declared in OsaurusCore's Package.swift. Fix: add osaurus-ai/swift-jinja@58d21aa5 directly to project.pbxproj as an XCRemoteSwiftPackageReference. Not blocking because Mistral 3.5 has the JANGTQ codebook bug above anyway and the mxfp4 path uses a different chat template that doesn't hit the for-iterable parser issue. Tracked separately.
3. DSV4 native chat encoder wiring — Libraries/MLXLMCommon/DeepseekV4ChatEncoder.swift exists but DSV4Minimal.jinja is what's used in the bridge today. Tool-calling renders with simplified DSML envelope. Not blocking basic chat. Documented in vmlx integration guide.

What other team members need to know

• The merge is safe. No regression to any non-Mistral-3.5 family. The 33 commits roll up cleanly and have been multi-turn-tested by the vmlx-swift-lm side against real bundles in /Volumes/EricsLLMDrive.
• Re-running CI is the documented escape hatch for the cache-pollution test-core failure. The wipe-on-re-run logic (ci.yml:123-131) was designed for exactly this class of failure.
• For follow-up PRs:
  • Wire osaurus-ai/swift-jinja@58d21aa5 directly into osaurus.xcodeproj/project.pbxproj so the App resolves the fork (separate change).
  • Wire DeepseekV4ChatEncoder.swift through JangChatConfig.encoder == "encoding_dsv4" (separate change).
  • Hold Mistral 3.5 JANGTQ until per-block codebook calibration lands in jang_tools + JANGTQDenseLinear.swift.

🚀 Ready for review.