Skip to content

scandiweb/tract-inference-binary

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
checksums.txt
checksums.txt
 
 

Repository files navigation

tract-inference-binary

Supply-chain controlled distribution of the sonos/tract ONNX inference CLI for Autokada image search.

Why this repo exists

Autokada uses MobileNetV3 ONNX embeddings for image search. The tract binary runs inference server-side from PHP via proc_open — no Python, no container changes required. Rather than downloading directly from the upstream sonos/tract releases on every deploy (which would be vulnerable to upstream supply-chain compromise), this repo acts as a verified distribution point under Scandiweb's control.

Updating the binary requires a deliberate human action in this repo, not an automated pull from a third party.

What is tract

tract is a self-contained, Rust-based ONNX/TensorFlow inference engine originally built by Sonos. It compiles to a fully static x86_64-linux-musl binary with no shared library dependencies. It has been production-tested at Sonos/Amazon scale.

How it is used in Autokada

  1. readymage.yaml post-deploy hook downloads the tarball from this repo's releases to /mnt/
  2. A Magento CLI command (autokada:tract:verify) checks the SHA256, makes it executable, and runs a smoke test
  3. Autokada\AIImageSearch\Service\MlCommonsImageIndexingService calls the binary via PHP proc_open to compute 576-dim MobileNetV3 embeddings for product images
  4. Embeddings are stored in the OpenSearch wk_aiimage_search_collection k-NN index

Current release

Version Upstream tag Binary SHA256 Tarball SHA256
v0.21.15 0.21.15 574bc46c9e58582635f5f70055ee09035bbf2af8ce25189e61523256204b37d2 96ca32f2b3f2cb266c6314c604053773adee6bace2f426644dd0565383d66969

Upgrading

  1. Download the new release tarball from sonos/tract releases.
  2. Verify the tarball checksum against the upstream release notes.
  3. Extract and verify the binary checksum independently.
  4. Update the table above with the new checksums.
  5. Upload the new tarball as a release asset on this repo.
  6. Update the SHA256 constant in Autokada\AIImageSearch\Service\TractVerifyService (or equivalent) in the Autokada codebase.
  7. Open a PR — another engineer reviews and merges.

Never update the binary without a code review. Never automate this step.

Verification (what the deploy does)

After download, Magento runs:

sha256sum /mnt/tract-x86_64-unknown-linux-musl-0.21.15.tgz

and compares against the hardcoded constant in the Autokada codebase. If they do not match, the deploy command exits non-zero and the binary is not made executable.

Platform

x86_64-unknown-linux-musl — fully static, no glibc dependency. Runs on the ReadyMage PHP/SSH pod (x86_64 Linux) without any container modification.

About

Verified tract ONNX inference binary for Autokada image search — supply-chain controlled distribution

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

tract 0.21.15 — x86_64-linux-musl Latest
May 29, 2026

Packages

 
 
 

Contributors