[OpenVINO] fix: Respect trust_remote_code in export and improve safety for multimodal configs FIXES #1668

[MissLostCodes]

Summary
This PR ensures that the trust_remote_code flag is consistently respected across the OpenVINO export pipeline and improves robustness when handling multimodal model configurations.

Motivation

Some multimodal models (e.g. LLaVA, Phi-3 Vision, Qwen-VL) rely on custom code from their Hugging Face repositories.

• Previously:

  • trust_remote_code was not consistently propagated
  • In some places it was effectively ignored or hardcoded
  • This could lead to:
    • unexpected failures
    • or unintended execution of remote code

• A warning is added in infer_task() when trust_remote_code=False : This informs users that the model may require remote code appears before Transformers raises an exception

• Defensive handling of multimodal configs
  Added check: hasattr(config, "mm_vision_tower")

• Reason :

  • config objects may be modified, partially loaded, or differ across checkpoints
  • prevents AttributeError during export
  • ensures more robust handling of multimodal models

Behavior

Without --trust-remote-code

• Warning is shown
• Export fails safely (no remote code execution)

optimum-cli export openvino \
  --model Qwen/Qwen-VL \
  --task image-text-to-text \
  ./tmpdir

Output :

2026-04-02 13:18:31.022603: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:18:31.527521: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:18:31.732439: E external/local_xla/xla/stream_executor/cuda/cuda_fft.cc:467] Unable to register cuFFT factory: Attempting to register factory for plugin cuFFT when one has already been registered
WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
E0000 00:00:1775135911.776867   15390 cuda_dnn.cc:8579] Unable to register cuDNN factory: Attempting to register factory for plugin cuDNN when one has already been registered
E0000 00:00:1775135911.787531   15390 cuda_blas.cc:1407] Unable to register cuBLAS factory: Attempting to register factory for plugin cuBLAS when one has already been registered
W0000 00:00:1775135911.818199   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775135911.818289   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775135911.818295   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775135911.818300   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
2026-04-02 13:18:31.827581: I tensorflow/core/platform/cpu_feature_guard.cc:210] This TensorFlow binary is optimized to use available CPU instructions in performance-critical operations.
To enable the following instructions: AVX2 FMA, in other operations, rebuild TensorFlow with the appropriate compiler flags.
WARNING:torchao.kernel.intmm:Warning: Detected no triton, on systems without Triton certain kernels will not work
Multiple distributions found for package optimum. Picked distribution: optimum
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
/content/optimum-intel/optimum/intel/openvino/modeling_base.py:590: SyntaxWarning: invalid escape sequence '\.'
  pattern=cls._search_pattern if not kwargs.get("from_onnx", False) else ".*\.onnx$",
config.json: 1.16kB [00:00, 4.72MB/s]

This model may require executing custom code from its repository. For security reasons, this is disabled by default. Please review the source and rerun with --trust-remote-code if needed.

Traceback (most recent call last):
  File "/usr/local/bin/optimum-cli", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/optimum/commands/optimum_cli.py", line 219, in main
    service.run()
  File "/content/optimum-intel/optimum/commands/export/openvino.py", line 468, in run
    main_export(
  File "/content/optimum-intel/optimum/exporters/openvino/__main__.py", line 291, in main_export
    task = infer_task(
           ^^^^^^^^^^^
  File "/content/optimum-intel/optimum/exporters/openvino/__main__.py", line 122, in infer_task
    config = AutoConfig.from_pretrained(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/transformers/models/auto/configuration_auto.py", line 1341, in from_pretrained
    trust_remote_code = resolve_trust_remote_code(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/transformers/dynamic_module_utils.py", line 782, in resolve_trust_remote_code
    raise ValueError(
ValueError: The repository Qwen/Qwen-VL contains custom code which must be executed to correctly load the model. You can inspect the repository content at https://hf.co/Qwen/Qwen-VL .
 You can inspect the repository content at https://hf.co/Qwen/Qwen-VL.
Please pass the argument `trust_remote_code=True` to allow custom code to be run.

With --trust-remote-code

• Model loads correctly
• Export proceeds as expected

!optimum-cli export openvino \
  --model llava-hf/llava-1.5-7b-hf \
  --task image-text-to-text \
  --trust-remote-code \
  ./tmpdir

Output:

2026-04-02 13:22:07.877253: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:22:07.882495: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:22:07.897407: E external/local_xla/xla/stream_executor/cuda/cuda_fft.cc:467] Unable to register cuFFT factory: Attempting to register factory for plugin cuFFT when one has already been registered
WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
E0000 00:00:1775136127.921680   16309 cuda_dnn.cc:8579] Unable to register cuDNN factory: Attempting to register factory for plugin cuDNN when one has already been registered
E0000 00:00:1775136127.929257   16309 cuda_blas.cc:1407] Unable to register cuBLAS factory: Attempting to register factory for plugin cuBLAS when one has already been registered
W0000 00:00:1775136127.948168   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775136127.948254   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775136127.948261   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775136127.948266   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
2026-04-02 13:22:07.954122: I tensorflow/core/platform/cpu_feature_guard.cc:210] This TensorFlow binary is optimized to use available CPU instructions in performance-critical operations.
To enable the following instructions: AVX2 FMA, in other operations, rebuild TensorFlow with the appropriate compiler flags.
WARNING:torchao.kernel.intmm:Warning: Detected no triton, on systems without Triton certain kernels will not work
Multiple distributions found for package optimum. Picked distribution: optimum
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
config.json: 100% 950/950 [00:00<00:00, 4.38MB/s]
`torch_dtype` is deprecated! Use `dtype` instead!
`torch_dtype` is deprecated! Use `dtype` instead!
model.safetensors.index.json: 70.1kB [00:00, 139MB/s]
Fetching 3 files:   0% 0/3 [00:00<?, ?it/s]
model-00002-of-00003.safetensors:   0% 0.00/4.96G [00:00<?, ?B/s]
model-00002-of-00003.safetensors:  93% 4.63G/4.96G [09:39<00:46, 7.05MB/s]
model-00002-of-00003.safetensors: 100% 4.96G/4.96G [09:42<00:00, 8.51MB/s]
.
.
.

testing_colab_notebook

All tests relevant tests were passed

Docs already include related info for flag... no need to change

Fixes #1668

[MissLostCodes]

@rkazants @popovaan
Please review <3

[HuggingFaceDocBuilderDev]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

[MissLostCodes]

@echarlaix @popovaan @rkazants

From the failing CI logs, it appears that trust_remote_code was being passed to all OpenVINO config constructors, which caused runtime errors for configs that do not accept this argument (e.g. InternVL, MiniCPM, Qwen2VL).

This fix introduces:

• Selective propagation of trust_remote_code
  Pass trust_remote_code only to configs that explicitly support it (llava-qwen2, phi3_v), avoiding crashes in other OpenVINO config classes that do not accept this argument by using **kwargs.

• Separation of model types
  Use base_model_type for internal logic and export_model_type for export/config decisions, ensuring correct behavior for models that override their export type.

This fix ensures:

• Correct handling of remote code execution
• No breaking changes for other model configs
• Cleaner separation of responsibilities

After these changes, the tests that were previously failing due to incorrect propagation of trust_remote_code now pass locally.

[MissLostCodes]

@echarlaix @rkazants @popovaan
Can someone please trigger the CI workflow ?

[MissLostCodes]

@echarlaix @popovaan @rkazants
i checked the failing test cases , here are the observations and actions taken -

• Many tests in export , quantization and modeling are faling due to deprecation of _text_length in Sentence-transformers , addressed in this issue
• In genai tests , some models were not added in remote-code-model list ...they are now added
• Black formatting error has been fixed .
• Some model fail due to mismatched quantization behavior (maybe FP8 instead of INT8) and failed to build model wrapper issues.
• xglm passes tests when tested in isolation but fails when tested by running complete test pipeline
  !pytest tests/openvino/test_genai.py -k "xglm or llama4 or granitemoe" -v ---> xglm passes
  !pytest tests/openvino/test_genai.py -v ---> xglm fails

[MissLostCodes]

@rkazants @popovaan @echarlaix

• The second last point indicates NNCF quantization behavior change as mentioned in this PR
• The last issue is still unclear to me 😕 , and I would really appreciate your guidance on whether it’s expected behavior or something I should investigate further.

Here's the detailed test result notebook

[Copilot]

Pull request overview

This PR updates the OpenVINO export flow to consistently honor trust_remote_code (to prevent unintended remote code execution) and adds defensive handling for certain multimodal configs during export.

Changes:

• Propagate trust_remote_code through key OpenVINO export entry points and multimodal export config construction.
• Make multimodal config handling more robust (e.g., guard access to mm_vision_tower).
• Add an early warning in task inference when trust_remote_code=False for Transformers models.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
optimum/exporters/openvino/__main__.py	Adds a warning when remote code trust is disabled and ensures trust_remote_code is passed to AutoConfig.from_pretrained.
optimum/exporters/openvino/convert.py	Threads trust_remote_code into submodel/export-config selection, and conditionally passes it into relevant multimodal config constructors.
optimum/exporters/openvino/model_configs.py	Stops hardcoding trust_remote_code=True for multimodal vision-tower config loads; adds defensive hasattr checks.
tests/openvino/test_genai.py	Updates the set of architectures treated as requiring remote code in GenAI tests.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[popovaan]

Why is trust_remote_code flag propagated here only for "llava-qwen2" and "phi3_v"? Maybe we need to do it unconditionally?

[MissLostCodes]

other models do require trust_remote_code at the Transformers level but their corresponding OpenVINO config classes do not accept this parameter yet . So the condition is required

propagating trust_remote_code unconditionally, leads to :

TypeError: Qwen2VLOpenVINOConfig.__init__() got an unexpected keyword argument 'trust_remote_code'  
TypeError: InternVLChatOpenVINOConfig.__init__() got an unexpected keyword argument 'trust_remote_code'  
TypeError: MiniCPMVOpenVINOConfig.__init__() got an unexpected keyword argument 'trust_remote_code'

[rkazants]

why these changes are here? Looks not correct merge conflicts resolution

Please add tests to show that without 'trust_rmote_code' export of models do not work for certain models.
This test should check that error is raised for such models exporting wihtout this option. Quite useful test