nune-tadevosyan
diff --git a/‎nemo/collections/llm/gpt/model/baichuan.py‎
Lines changed: 39 additions & 8 deletions b/‎nemo/collections/llm/gpt/model/baichuan.py‎
Lines changed: 39 additions & 8 deletions
diff --git a/‎nemo/collections/llm/gpt/model/chatglm.py‎
Lines changed: 39 additions & 8 deletions b/‎nemo/collections/llm/gpt/model/chatglm.py‎
Lines changed: 39 additions & 8 deletions
diff --git a/‎nemo/collections/llm/gpt/model/deepseek.py‎
Lines changed: 38 additions & 7 deletions b/‎nemo/collections/llm/gpt/model/deepseek.py‎
Lines changed: 38 additions & 7 deletions
diff --git a/‎nemo/collections/llm/gpt/model/gpt_oss.py‎
Lines changed: 27 additions & 6 deletions b/‎nemo/collections/llm/gpt/model/gpt_oss.py‎
Lines changed: 27 additions & 6 deletions
@@ -21,7 +21,7 @@
 from torch import nn
 
 from nemo.collections.llm.gpt.model.base import GPTConfig, GPTModel, torch_dtype_from_mcore_config
-from nemo.collections.llm.utils import Config
+from nemo.collections.llm.utils import Config, is_safe_repo
 from nemo.lightning import OptimizerModule, io, teardown
 from nemo.lightning.io.state import TransformFns
 from nemo.lightning.pytorch.utils import dtype_from_hf
@@ -104,19 +104,28 @@ def init(self) -> Baichuan2Model:
         """
         return Baichuan2Model(self.config, tokenizer=self.tokenizer)
 
-    def apply(self, output_path: Path) -> Path:
+    def apply(self, output_path: Path, trust_remote_code: bool | None = None) -> Path:
         """
         Apply the conversion from HF to NeMo format.
 
         Args:
             output_path: Path where the converted model will be saved
+            trust_remote_code: Whether remote code execution should be trusted for a given HF path
 
         Returns:
             Path: Path to the saved NeMo model
         """
         from transformers import AutoModelForCausalLM
 
-        source = AutoModelForCausalLM.from_pretrained(str(self), trust_remote_code=True, torch_dtype='auto')
+        self.trust_remote_code = trust_remote_code
+        source = AutoModelForCausalLM.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+            torch_dtype='auto',
+        )
         target = self.init()
         trainer = self.nemo_setup(target)
         self.convert_state(source, target)
@@ -173,7 +182,13 @@ def tokenizer(self) -> "AutoTokenizer":
         """
         from nemo.collections.common.tokenizers.huggingface.auto_tokenizer import AutoTokenizer
 
-        return AutoTokenizer(self.save_hf_tokenizer_assets(str(self)), trust_remote_code=True)
+        return AutoTokenizer(
+            self.save_hf_tokenizer_assets(str(self)),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
 
     @property
     def config(self) -> Baichuan2Config:
@@ -188,7 +203,13 @@ def config(self) -> Baichuan2Config:
         """
         from transformers import AutoConfig as HFAutoConfig
 
-        source = HFAutoConfig.from_pretrained(str(self), trust_remote_code=True)
+        source = HFAutoConfig.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
 
         def make_vocab_size_divisible_by(vocab_size):
             base = 128
@@ -243,17 +264,27 @@ def init(self, dtype=torch.bfloat16, model_name=None) -> "AutoModelForCausalLM":
             # Since Baichuan2 is not importable from transformers, we can only initialize the HF model
             # from a known checkpoint folder containing the config file and modeling files.
             # The model_name will need to be passed in.
-            config = AutoConfig.from_pretrained(model_name, trust_remote_code=True)
+            config = AutoConfig.from_pretrained(
+                model_name,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=model_name,
+                ),
+            )
             hf_model = AutoModelForCausalLM.from_config(
                 config,
-                trust_remote_code=True,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=model_name,
+                ),
                 torch_dtype=dtype,
             )
             # Register the AutoModel Hook so that the custom modeling files are saved during save_pretrained()
             type(hf_model).register_for_auto_class("AutoModelForCausalLM")
             return hf_model
 
-    def apply(self, output_path: Path, target_model_name=None) -> Path:
+    def apply(self, output_path: Path, target_model_name=None, trust_remote_code: bool | None = None) -> Path:
+        self.trust_remote_code = trust_remote_code
         source, _ = self.nemo_load(str(self))
         target = self.init(torch_dtype_from_mcore_config(source.config), model_name=target_model_name)
         target = self.convert_state(source, target)
 
@@ -21,7 +21,7 @@
 from torch import nn
 
 from nemo.collections.llm.gpt.model.base import GPTConfig, GPTModel, torch_dtype_from_mcore_config
-from nemo.collections.llm.utils import Config
+from nemo.collections.llm.utils import Config, is_safe_repo
 from nemo.lightning import OptimizerModule, io, teardown
 from nemo.lightning.io.state import TransformFns
 from nemo.lightning.pytorch.utils import dtype_from_hf
@@ -114,19 +114,28 @@ def init(self) -> ChatGLMModel:
         """
         return ChatGLMModel(self.config, tokenizer=self.tokenizer)
 
-    def apply(self, output_path: Path) -> Path:
+    def apply(self, output_path: Path, trust_remote_code: bool | None = None) -> Path:
         """
         Apply the conversion from HF to NeMo format.
 
         Args:
             output_path: Path where the converted model will be saved
+            trust_remote_code: Whether remote code execution should be trusted for a given HF path
 
         Returns:
             Path: Path to the saved NeMo model
         """
         from transformers import AutoModelForCausalLM
 
-        source = AutoModelForCausalLM.from_pretrained(str(self), trust_remote_code=True, torch_dtype='auto')
+        self.trust_remote_code = trust_remote_code
+        source = AutoModelForCausalLM.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+            torch_dtype='auto',
+        )
         target = self.init()
         trainer = self.nemo_setup(target)
         self.convert_state(source, target)
@@ -177,7 +186,13 @@ def tokenizer(self) -> "AutoTokenizer":
         """
         from nemo.collections.common.tokenizers.huggingface.auto_tokenizer import AutoTokenizer
 
-        return AutoTokenizer(self.save_hf_tokenizer_assets(str(self)), trust_remote_code=True)
+        return AutoTokenizer(
+            self.save_hf_tokenizer_assets(str(self)),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
 
     @property
     def config(self) -> ChatGLMConfig:
@@ -192,7 +207,13 @@ def config(self) -> ChatGLMConfig:
         """
         from transformers import AutoConfig as HFAutoConfig
 
-        source = HFAutoConfig.from_pretrained(str(self), trust_remote_code=True)
+        source = HFAutoConfig.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
         output = ChatGLMConfig(
             num_layers=source.num_layers,
             hidden_size=source.hidden_size,
@@ -228,17 +249,27 @@ def init(self, dtype=torch.bfloat16, model_name=None) -> "AutoModelForCausalLM":
             # Since ChatGLM is not importable from transformers, we can only initialize the HF model
             # from a known checkpoint folder containing the config file and modeling files.
             # The model_name will need to be passed in.
-            config = AutoConfig.from_pretrained(model_name, trust_remote_code=True)
+            config = AutoConfig.from_pretrained(
+                model_name,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=model_name,
+                ),
+            )
             hf_model = AutoModelForCausalLM.from_config(
                 config,
-                trust_remote_code=True,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=model_name,
+                ),
                 torch_dtype=dtype,
             )
             # Register the AutoModel Hook so that the custom modeling files are saved during save_pretrained()
             type(hf_model).register_for_auto_class("AutoModelForCausalLM")
             return hf_model
 
-    def apply(self, output_path: Path, target_model_name=None) -> Path:
+    def apply(self, output_path: Path, target_model_name=None, trust_remote_code: bool | None = None) -> Path:
+        self.trust_remote_code = trust_remote_code
         source, _ = self.nemo_load(str(self))
         target = self.init(torch_dtype_from_mcore_config(source.config), model_name=target_model_name)
         target = self.convert_state(source, target)
 
@@ -35,6 +35,7 @@
     gpt_data_step,
     torch_dtype_from_dict_config,
 )
+from nemo.collections.llm.utils import is_safe_repo
 from nemo.export.trt_llm.nemo_ckpt_loader.nemo_file import load_distributed_model_weights
 from nemo.lightning import io, teardown
 from nemo.lightning.io.state import TransformFns, _ModelState
@@ -225,12 +226,20 @@ class HFDeepSeekImporter(io.ModelConnector["AutoModelForCausalLM", DeepSeekModel
     def init(self) -> DeepSeekModel:
         return DeepSeekModel(self.config, tokenizer=self.tokenizer)
 
-    def apply(self, output_path: Path, convert_mtp: bool = False) -> Path:
+    def apply(self, output_path: Path, convert_mtp: bool = False, trust_remote_code: bool | None = None) -> Path:
         from transformers import AutoModelForCausalLM
 
+        self.trust_remote_code = trust_remote_code
         self.convert_mtp = convert_mtp
         self._verify_source()
-        source = AutoModelForCausalLM.from_pretrained(str(self), trust_remote_code=True, torch_dtype='auto')
+        source = AutoModelForCausalLM.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+            torch_dtype='auto',
+        )
         target = self.init()
         trainer = self.nemo_setup(target)
         self.convert_state(source, target)
@@ -244,7 +253,13 @@ def apply(self, output_path: Path, convert_mtp: bool = False) -> Path:
         return output_path
 
     def _verify_source(self):
-        source_config = AutoConfig.from_pretrained(str(self), trust_remote_code=True)
+        source_config = AutoConfig.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
         assert 'quantization_config' not in source_config, (
             "HuggingFace cannot load DeepSeek V3's FP8 checkpoint directly. You must convert the checkpoint "
             "to BF16. See NeMo documentation for more details: "
@@ -407,7 +422,13 @@ def config(self) -> DeepSeekConfig:
         from transformers import AutoConfig as HFAutoConfig
         from transformers import GenerationConfig
 
-        source = HFAutoConfig.from_pretrained(str(self), trust_remote_code=True)
+        source = HFAutoConfig.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
         try:
             generation_config = GenerationConfig.from_pretrained(str(self))
         except OSError:
@@ -463,10 +484,19 @@ def init(self, dtype=torch.bfloat16, model_name="deepseek-ai/DeepSeek-V3") -> "A
             # Since DeepSeek is not importable from transformers, we can only initialize the HF model
             # from a known checkpoint folder containing the config file and modeling files.
             # The model_name will need to be passed in.
-            config = AutoConfig.from_pretrained(model_name, trust_remote_code=True)
+            config = AutoConfig.from_pretrained(
+                model_name,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=model_name,
+                ),
+            )
             hf_model = AutoModelForCausalLM.from_config(
                 config,
-                trust_remote_code=True,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=model_name,
+                ),
                 torch_dtype=dtype,
             )
             # Register the AutoModel Hook so that the custom modeling files are saved during save_pretrained()
@@ -528,8 +558,9 @@ def ckpt_load(self, path: Path) -> Tuple[Dict, Dict]:
                 state_dict[new_k] = v
         return state_dict, config['config']
 
-    def apply(self, output_path: Path, target_model_name=None) -> Path:
+    def apply(self, output_path: Path, target_model_name=None, trust_remote_code: bool | None = None) -> Path:
         logging.info("Loading DeepSeek NeMo checkpoint. This may take a while...")
+        self.trust_remote_code = trust_remote_code
         source, source_config = self.ckpt_load(self)
         logging.info("DeepSeek NeMo checkpoint loaded.")
         if target_model_name is None:
 
@@ -27,7 +27,7 @@
 from nemo.collections.common.tokenizers import AutoTokenizer
 from nemo.collections.common.tokenizers.tiktoken_tokenizer import TiktokenTokenizer
 from nemo.collections.llm.gpt.model.base import GPTConfig, GPTModel, torch_dtype_from_mcore_config
-from nemo.collections.llm.utils import Config
+from nemo.collections.llm.utils import Config, is_safe_repo
 from nemo.lightning import OptimizerModule, io, teardown
 from nemo.lightning.io.state import TransformFns, _ModelState
 from nemo.utils import logging
@@ -229,8 +229,9 @@ class HFGPTOSSImporter(_BaseGPTOSSImporter):
     """Importer for GPT-OSS models from Hugging Face"""
 
     # pylint: disable=C0115,C0116
-    def apply(self, output_path: Path) -> Path:
+    def apply(self, output_path: Path, trust_remote_code: bool | None = None) -> Path:
         logging.setLevel(logging.DEBUG)
+        self.trust_remote_code = trust_remote_code
         source_state = self.hf_ckpt_load()
         source = _ModelState(source_state)
         target = self.init()
@@ -307,14 +308,26 @@ def convert_state(self, source, target):
     def tokenizer(self) -> "AutoTokenizer":
         from nemo.collections.common.tokenizers.huggingface.auto_tokenizer import AutoTokenizer
 
-        return AutoTokenizer(self.save_hf_tokenizer_assets(str(self)), trust_remote_code=True)
+        return AutoTokenizer(
+            self.save_hf_tokenizer_assets(str(self)),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
 
     @cached_property
     def config(self) -> GPTOSSConfig:
         from transformers import AutoConfig as HFAutoConfig
         from transformers import GenerationConfig
 
-        source = HFAutoConfig.from_pretrained(str(self), trust_remote_code=True)
+        source = HFAutoConfig.from_pretrained(
+            str(self),
+            trust_remote_code=is_safe_repo(
+                trust_remote_code=self.trust_remote_code,
+                hf_path=str(self),
+            ),
+        )
         generation_config = GenerationConfig.from_pretrained(str(self))
         return GPTOSSConfig(
             num_layers=source.num_hidden_layers,
@@ -426,7 +439,14 @@ def init(self, dtype=torch.bfloat16) -> "AutoModelForCausalLM":
         from transformers.modeling_utils import no_init_weights
 
         with no_init_weights():
-            return AutoModelForCausalLM.from_config(self.config, trust_remote_code=True, torch_dtype=dtype)
+            return AutoModelForCausalLM.from_config(
+                self.config,
+                trust_remote_code=is_safe_repo(
+                    trust_remote_code=self.trust_remote_code,
+                    hf_path=str(self),
+                ),
+                torch_dtype=dtype,
+            )
 
     def apply(self, output_path: Path) -> Path:
         source, _ = self.nemo_load(str(self))
@@ -549,7 +569,7 @@ def init(self, dtype=torch.bfloat16) -> "AutoPeftModelForCausalLM":
         model.name_or_path = os.path.join(model_ckpt_path.split("/")[-2:])
         return get_peft_model(model, self.peft_config, autocast_adapter_dtype=False)
 
-    def apply(self, output_path: Path) -> Path:
+    def apply(self, output_path: Path, trust_remote_code: bool | None = None) -> Path:
         """Apply the conversion from NeMo PEFT model to HF format.
 
         Args:
@@ -560,6 +580,7 @@ def apply(self, output_path: Path) -> Path:
         """
         from nemo.collections.llm.peft import CanonicalLoRA, DoRA, LoRA
 
+        self.trust_remote_code = trust_remote_code
         self.peft_obj: Union[LoRA, DoRA, CanonicalLoRA] = io.load_context(str(self), subpath="model.model_transform")
 
         source, _ = self.nemo_load(str(self))