Skip to content

Redesign CLI with unified format-agnostic interface #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dguido wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Redesign CLI with unified format-agnostic interface #212

dguido wants to merge 2 commits into from

Conversation

@dguido
Copy link
Member

@dguido dguido commented Jan 22, 2026
edited
Loading

Summary

Replaces the nested subcommand approach with a flat, auto-detecting CLI interface:

  • Auto-detection: The tool figures out if input is PyTorch, TorchScript, plain pickle, etc.
  • Flat commands: No nesting, just fickling <verb> <file>
  • Backward compatible: All existing flags (--check-safety, --inject, etc.) still work

New CLI Commands

# Core commands (auto-detect format)
fickling FILE                           # Decompile any pickle/model
fickling check FILE                     # Safety check any format
fickling inject FILE -c CODE -o OUT     # Inject into any format
fickling info FILE                      # Show format + properties
fickling create-polyglot F1 F2 -o OUT   # Create polyglot file

# Backward compatible (still works)
fickling --check-safety FILE            # Same as 'fickling check FILE'
fickling --inject CODE FILE             # Legacy injection syntax

Example Usage

# Just analyze a file (any format)
$ fickling model.pth
result0 = _rebuild_tensor_v2(...)

# Check if it's safe
$ fickling check model.pth
Detected format: PyTorch v1.3
No unsafe operations found.

# Get detailed info
$ fickling info model.pth
Format: PyTorch v1.3
Properties:
  is_torch_zip: true
  has_data_pkl: true
  ...

# Inject payload (works on any supported format)
$ fickling inject model.pth -c "print('pwned')" -o evil.pth
Detected format: PyTorch v1.3
Payload injected. Output: evil.pth

Key Changes

File Change
fickling/loader.py Added auto_load() function for format detection
fickling/cli.py Complete rewrite with flat command structure
fickling/cli_pytorch.py DELETED - functionality absorbed into cli.py
fickling/cli_polyglot.py DELETED - functionality absorbed into cli.py
test/test_cli.py Updated tests for new interface

Design Decisions

  1. Auto-detection via auto_load() - Tries PyTorch ZIP formats first (most common for ML), falls back to plain pickle
  2. Manual routing - Uses _get_first_positional() to detect if first arg is a command vs file
  3. Separate parsers - _create_command_parser() for new commands, _create_legacy_parser() for backward compat
  4. Unified handlers - Same _handle_check, _handle_inject, etc. work for any format

Test plan

  • All 20 CLI tests pass
  • All 41 tests in test_pickle.py and test_cli.py pass
  • Backward compatibility verified (--check-safety, --inject flags work)
  • Linting passes

Closes #101

🤖 Generated with Claude Code

@dguido @claude
Add PyTorch and polyglot subcommands to CLI
1f63c45 
Adds new subcommands to expose PyTorchModelWrapper and polyglot module
functionality via the CLI while maintaining full backward compatibility.

New commands:
- fickling pytorch identify FILE      - Detect PyTorch format(s)
- fickling pytorch show FILE          - Decompile internal pickle
- fickling pytorch check-safety FILE  - Safety check internal pickle
- fickling pytorch inject FILE ...    - Inject payload into model

- fickling polyglot identify FILE     - Identify all possible formats
- fickling polyglot properties FILE   - File property analysis
- fickling polyglot create F1 F2 -o O - Create polyglot file

All commands support --json output and gracefully handle missing torch
dependency with helpful installation instructions.

Closes #101

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@dguido dguido requested a review from ESultanik as a code owner January 22, 2026 06:17
@dguido @claude
Redesign CLI with unified format-agnostic interface
313981c 
Replace nested subcommands (pytorch/polyglot) with flat, auto-detecting commands:
- fickling check FILE: Safety check any pickle/model (auto-detects format)
- fickling inject FILE -c CODE -o OUT: Inject payload into any format
- fickling info FILE: Show format and properties
- fickling create-polyglot F1 F2 -o OUT: Create polyglot files

Key changes:
- Add auto_load() to loader.py for automatic format detection
- Rewrite cli.py with flat command structure
- Delete cli_pytorch.py and cli_polyglot.py (absorbed into cli.py)
- Maintain full backward compatibility with legacy flags
- Update tests for new interface

The tool now figures out if input is PyTorch, TorchScript, plain pickle, etc.
without users needing to specify format explicitly.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@dguido dguido changed the title Add PyTorch and polyglot subcommands to CLI Redesign CLI with unified format-agnostic interface Jan 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ESultanik ESultanik Awaiting requested review from ESultanik ESultanik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Further align the CLI and Python API

2 participants

@dguido