Validate downloaded model artifacts before caching (#740)

[Alex-Wengg]

Closes #740.

Problem

AsrModels.download(...) / DiarizerModels.downloadIfNeeded() write HuggingFace artifacts straight into the cache. When the network path is unhealthy (captive portal, corporate proxy, mirror 5xx/redirects), the HTTP body can be an HTML error page or a truncated file rather than the real artifact. It gets written under the expected filename, so the presence-based modelsExist(at:version:) check reports the model as installed. The failure only surfaces later at load/compile time as an opaque CoreML error, far from the root cause.

Change

All model downloads route through DownloadUtils. Each file is fetched to a temp path and validated before it is moved into the cache, so a bad fetch never poisons the cache dir. Validation is wired into both download paths — downloadRepo (via downloadFileWithRetry) and downloadSubdirectory:

• Reject Content-Type: text/html responses (proxy / captive-portal pages).
• Reject empty bodies.
• Sniff leading bytes for <!DOCTYPE html / <html / <?xml markup (error pages served with 200 under the model's filename).
• Exact size match against the size HuggingFace reports for the object, to catch truncation.

Failures throw a distinct HuggingFaceDownloadError.invalidArtifact(path:reason:) so callers can present "download corrupt — retry" instead of a downstream load crash. The error is classified retryable, so a transient bad fetch is retried with the existing bounded backoff rather than failing the whole repo download on the first blip.

Size check is safe for LFS

Verified against the HF tree API that the size field is the resolved LFS object size, not the 130-byte pointer (e.g. Encoder.mlmodelc/weights/weight.bin reports 445187200, matching lfs.size). So the exact-match truncation check won't false-positive on large weights. Legitimately-empty files (API size == 0) are still created directly and bypass validation.

Tests

Adds DownloadArtifactValidationTests (13 cases): HTML/XML/doctype detection, binary/JSON pass-through, content-type rejection, empty / truncated / oversized bodies, unknown-size skip, and the error description.

Note: tests were not run locally — this machine has only CommandLineTools (no full Xcode), so XCTest is unavailable and swift test can't compile any test target here. swift build is clean and swift format lint passes on the changed files; the new tests run in CI.

[github-actions]

Supertonic3 Smoke Test ✅

Check	Result
Build	✅
Model download (incl. VectorEstimatorVariants/ int4 buckets)	✅
Model load	✅
Synthesis pipeline (--ve-variant int4)	✅
Output WAV	✅ (364.7 KB)

_{Runtime: 0m19s}

_{Note: CI VMs lack a physical Neural Engine; the ANE-bucketed VectorEstimator falls back to CPU here. This validates download + variant resolution + synthesis, not ANE residency/perf.}

[github-actions]

Parakeet EOU Benchmark Results ✅

Status: Benchmark passed
Chunk Size: 320ms
Files Tested: 100/100

Performance Metrics

Metric	Value	Description
WER (Avg)	7.03%	Average Word Error Rate
WER (Med)	4.17%	Median Word Error Rate
RTFx	10.42x	Real-time factor (higher = faster)
Total Audio	470.6s	Total audio duration processed
Total Time	47.8s	Total processing time

Streaming Metrics

Metric	Value	Description
Avg Chunk Time	0.048s	Average chunk processing time
Max Chunk Time	0.096s	Maximum chunk processing time
EOU Detections	0	Total End-of-Utterance detections

_{Test runtime: 0m55s • 06/28/2026, 11:34 AM EST}

_{RTFx = Real-Time Factor (higher is better) • Processing includes: Model inference, audio preprocessing, state management, and file I/O}

[github-actions]

PocketTTS Smoke Test ✅

Check	Result
Build	✅
Model download	✅
Model load	✅
Synthesis pipeline	✅
Output WAV	✅ (165.0 KB)

_{Runtime: 0m6s}

_{Note: PocketTTS uses CoreML MLState (macOS 15) KV cache + Mimi streaming state. CI VM lacks physical GPU — audio quality and performance may differ from Apple Silicon.}

[github-actions]

Offline VBx Pipeline Results

Speaker Diarization Performance (VBx Batch Mode)

Optimal clustering with Hungarian algorithm for maximum accuracy

Metric	Value	Target	Status	Description
DER	10.4%	<20%	✅	Diarization Error Rate (lower is better)
RTFx	10.71x	>1.0x	✅	Real-Time Factor (higher is faster)

Offline VBx Pipeline Timing Breakdown

Time spent in each stage of batch diarization

Stage	Time (s)	%	Description
Model Download	15.111	15.4	Fetching diarization models
Model Compile	6.476	6.6	CoreML compilation
Audio Load	0.114	0.1	Loading audio file
Segmentation	32.294	33.0	VAD + speech detection
Embedding	97.619	99.7	Speaker embedding extraction
Clustering (VBx)	0.131	0.1	Hungarian algorithm + VBx clustering
Total	97.941	100	Full VBx pipeline

Speaker Diarization Research Comparison

Offline VBx achieves competitive accuracy with batch processing

Method	DER	Mode	Description
FluidAudio (Offline)	10.4%	VBx Batch	On-device CoreML with optimal clustering
FluidAudio (Streaming)	17.7%	Chunk-based	First-occurrence speaker mapping
Research baseline	18-30%	Various	Standard dataset performance

Pipeline Details:

• Mode: Offline VBx with Hungarian algorithm for optimal speaker-to-cluster assignment
• Segmentation: VAD-based voice activity detection
• Embeddings: WeSpeaker-compatible speaker embeddings
• Clustering: PowerSet with VBx refinement
• Accuracy: Higher than streaming due to optimal post-hoc mapping

_{🎯 Offline VBx Test • AMI Corpus ES2004a • 1049.0s meeting audio • 130.0s processing • Test runtime: 2m 10s • 06/28/2026, 11:43 AM EST}

[github-actions]

Speaker Diarization Benchmark Results

Speaker Diarization Performance

Evaluating "who spoke when" detection accuracy

Metric	Value	Target	Status	Description
DER	15.1%	<30%	✅	Diarization Error Rate (lower is better)
JER	24.9%	<25%	✅	Jaccard Error Rate
RTFx	28.15x	>1.0x	✅	Real-Time Factor (higher is faster)

Diarization Pipeline Timing Breakdown

Time spent in each stage of speaker diarization

Stage	Time (s)	%	Description
Model Download	9.612	25.8	Fetching diarization models
Model Compile	4.119	11.1	CoreML compilation
Audio Load	0.056	0.1	Loading audio file
Segmentation	11.180	30.0	Detecting speech regions
Embedding	18.634	50.0	Extracting speaker voices
Clustering	7.453	20.0	Grouping same speakers
Total	37.275	100	Full pipeline

Speaker Diarization Research Comparison

Research baselines typically achieve 18-30% DER on standard datasets

Method	DER	Notes
FluidAudio	15.1%	On-device CoreML
Research baseline	18-30%	Standard dataset performance

Note: RTFx shown above is from GitHub Actions runner. On Apple Silicon with ANE:

• M2 MacBook Air (2022): Runs at 150 RTFx real-time
• Performance scales with Apple Neural Engine capabilities

_{🎯 Speaker Diarization Test • AMI Corpus ES2004a • 1049.0s meeting audio • 37.3s diarization time • Test runtime: 2m 21s • 06/28/2026, 11:35 AM EST}

[github-actions]

VAD Benchmark Results

Performance Comparison

Dataset	Accuracy	Precision	Recall	F1-Score	RTFx	Files
MUSAN	92.0%	86.2%	100.0%	92.6%	737.3x faster	50
VOiCES	92.0%	86.2%	100.0%	92.6%	743.7x faster	50

Dataset Details

• MUSAN: Music, Speech, and Noise dataset - standard VAD evaluation
• VOiCES: Voices Obscured in Complex Environmental Settings - tests robustness in real-world conditions

✅: Average F1-Score above 70%

[github-actions]

Sortformer High-Latency Benchmark Results

ES2004a Performance (30.4s latency config)

Metric	Value	Target	Status
DER	30.3%	<35%	✅
Miss Rate	28.2%	-	-
False Alarm	0.9%	-	-
Speaker Error	1.2%	-	-
RTFx	9.9x	>1.0x	✅
Speakers	4/4	-	-

_{Sortformer High-Latency • ES2004a • Runtime: 4m 41s • 2026-06-28T15:37:47.495Z}

[github-actions]

ASR Benchmark Results ✅

Status: All benchmarks passed

Parakeet v3 (multilingual)

Dataset	WER Avg	WER Med	RTFx	Status
test-clean	0.57%	0.00%	5.70x	✅
test-other	1.59%	0.00%	3.74x	✅

Parakeet v2 (English-optimized)

Dataset	WER Avg	WER Med	RTFx	Status
test-clean	0.80%	0.00%	6.18x	✅
test-other	1.00%	0.00%	3.81x	✅

Streaming (v3)

Metric	Value	Description
WER	0.00%	Word Error Rate in streaming mode
RTFx	0.69x	Streaming real-time factor
Avg Chunk Time	1.323s	Average time to process each chunk
Max Chunk Time	1.777s	Maximum chunk processing time
First Token	1.637s	Latency to first transcription token
Total Chunks	31	Number of chunks processed

Streaming (v2)

Metric	Value	Description
WER	0.00%	Word Error Rate in streaming mode
RTFx	0.68x	Streaming real-time factor
Avg Chunk Time	1.308s	Average time to process each chunk
Max Chunk Time	1.381s	Maximum chunk processing time
First Token	1.299s	Latency to first transcription token
Total Chunks	31	Number of chunks processed

_{Streaming tests use 5 files with 0.5s chunks to simulate real-time audio streaming}

_{25 files per dataset • Test runtime: 8m48s • 06/28/2026, 11:46 AM EST}

_{RTFx = Real-Time Factor (higher is better) • Calculated as: Total audio duration ÷ Total processing time
Processing time includes: Model inference on Apple Neural Engine, audio preprocessing, state resets between files, token-to-text conversion, and file I/O
Example: RTFx of 2.0x means 10 seconds of audio processed in 5 seconds (2x faster than real-time)}

Expected RTFx Performance on Physical M1 Hardware:

• M1 Mac: ~28x (clean), ~25x (other)
• CI shows ~0.5-3x due to virtualization limitations

_{Testing methodology follows HuggingFace Open ASR Leaderboard}