[OpenVINO] fix: Respect `trust_remote_code` in export and improve safety for multimodal configs FIXES #1668 by MissLostCodes · Pull Request #1673 · huggingface/optimum-intel

MissLostCodes · 2026-04-02T13:55:09Z

Summary
This PR ensures that the trust_remote_code flag is consistently respected across the OpenVINO export pipeline and improves robustness when handling multimodal model configurations.

Motivation

Some multimodal models (e.g. LLaVA, Phi-3 Vision, Qwen-VL) rely on custom code from their Hugging Face repositories.

Previously:
- trust_remote_code was not consistently propagated
- In some places it was effectively ignored or hardcoded
- This could lead to:
  - unexpected failures
  - or unintended execution of remote code
A warning is added in infer_task() when trust_remote_code=False : This informs users that the model may require remote code appears before Transformers raises an exception
Defensive handling of multimodal configs
Added check: hasattr(config, "mm_vision_tower")
Reason :
- config objects may be modified, partially loaded, or differ across checkpoints
- prevents AttributeError during export
- ensures more robust handling of multimodal models

Behavior

Without --trust-remote-code

Warning is shown
Export fails safely (no remote code execution)

optimum-cli export openvino \
  --model Qwen/Qwen-VL \
  --task image-text-to-text \
  ./tmpdir

Output :

2026-04-02 13:18:31.022603: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:18:31.527521: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:18:31.732439: E external/local_xla/xla/stream_executor/cuda/cuda_fft.cc:467] Unable to register cuFFT factory: Attempting to register factory for plugin cuFFT when one has already been registered
WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
E0000 00:00:1775135911.776867   15390 cuda_dnn.cc:8579] Unable to register cuDNN factory: Attempting to register factory for plugin cuDNN when one has already been registered
E0000 00:00:1775135911.787531   15390 cuda_blas.cc:1407] Unable to register cuBLAS factory: Attempting to register factory for plugin cuBLAS when one has already been registered
W0000 00:00:1775135911.818199   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775135911.818289   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775135911.818295   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775135911.818300   15390 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
2026-04-02 13:18:31.827581: I tensorflow/core/platform/cpu_feature_guard.cc:210] This TensorFlow binary is optimized to use available CPU instructions in performance-critical operations.
To enable the following instructions: AVX2 FMA, in other operations, rebuild TensorFlow with the appropriate compiler flags.
WARNING:torchao.kernel.intmm:Warning: Detected no triton, on systems without Triton certain kernels will not work
Multiple distributions found for package optimum. Picked distribution: optimum
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
/content/optimum-intel/optimum/intel/openvino/modeling_base.py:590: SyntaxWarning: invalid escape sequence '\.'
  pattern=cls._search_pattern if not kwargs.get("from_onnx", False) else ".*\.onnx$",
config.json: 1.16kB [00:00, 4.72MB/s]

This model may require executing custom code from its repository. For security reasons, this is disabled by default. Please review the source and rerun with --trust-remote-code if needed.

Traceback (most recent call last):
  File "/usr/local/bin/optimum-cli", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/optimum/commands/optimum_cli.py", line 219, in main
    service.run()
  File "/content/optimum-intel/optimum/commands/export/openvino.py", line 468, in run
    main_export(
  File "/content/optimum-intel/optimum/exporters/openvino/__main__.py", line 291, in main_export
    task = infer_task(
           ^^^^^^^^^^^
  File "/content/optimum-intel/optimum/exporters/openvino/__main__.py", line 122, in infer_task
    config = AutoConfig.from_pretrained(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/transformers/models/auto/configuration_auto.py", line 1341, in from_pretrained
    trust_remote_code = resolve_trust_remote_code(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/transformers/dynamic_module_utils.py", line 782, in resolve_trust_remote_code
    raise ValueError(
ValueError: The repository Qwen/Qwen-VL contains custom code which must be executed to correctly load the model. You can inspect the repository content at https://hf.co/Qwen/Qwen-VL .
 You can inspect the repository content at https://hf.co/Qwen/Qwen-VL.
Please pass the argument `trust_remote_code=True` to allow custom code to be run.

With --trust-remote-code

Model loads correctly
Export proceeds as expected

!optimum-cli export openvino \
  --model llava-hf/llava-1.5-7b-hf \
  --task image-text-to-text \
  --trust-remote-code \
  ./tmpdir

Output:

2026-04-02 13:22:07.877253: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:22:07.882495: I external/local_xla/xla/tsl/cuda/cudart_stub.cc:32] Could not find cuda drivers on your machine, GPU will not be used.
2026-04-02 13:22:07.897407: E external/local_xla/xla/stream_executor/cuda/cuda_fft.cc:467] Unable to register cuFFT factory: Attempting to register factory for plugin cuFFT when one has already been registered
WARNING: All log messages before absl::InitializeLog() is called are written to STDERR
E0000 00:00:1775136127.921680   16309 cuda_dnn.cc:8579] Unable to register cuDNN factory: Attempting to register factory for plugin cuDNN when one has already been registered
E0000 00:00:1775136127.929257   16309 cuda_blas.cc:1407] Unable to register cuBLAS factory: Attempting to register factory for plugin cuBLAS when one has already been registered
W0000 00:00:1775136127.948168   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775136127.948254   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775136127.948261   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
W0000 00:00:1775136127.948266   16309 computation_placer.cc:177] computation placer already registered. Please check linkage and avoid linking the same target more than once.
2026-04-02 13:22:07.954122: I tensorflow/core/platform/cpu_feature_guard.cc:210] This TensorFlow binary is optimized to use available CPU instructions in performance-critical operations.
To enable the following instructions: AVX2 FMA, in other operations, rebuild TensorFlow with the appropriate compiler flags.
WARNING:torchao.kernel.intmm:Warning: Detected no triton, on systems without Triton certain kernels will not work
Multiple distributions found for package optimum. Picked distribution: optimum
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
Flax classes are deprecated and will be removed in Diffusers v1.0.0. We recommend migrating to PyTorch classes or pinning your version of Diffusers.
config.json: 100% 950/950 [00:00<00:00, 4.38MB/s]
`torch_dtype` is deprecated! Use `dtype` instead!
`torch_dtype` is deprecated! Use `dtype` instead!
model.safetensors.index.json: 70.1kB [00:00, 139MB/s]
Fetching 3 files:   0% 0/3 [00:00<?, ?it/s]
model-00002-of-00003.safetensors:   0% 0.00/4.96G [00:00<?, ?B/s]
model-00002-of-00003.safetensors:  93% 4.63G/4.96G [09:39<00:46, 7.05MB/s]
model-00002-of-00003.safetensors: 100% 4.96G/4.96G [09:42<00:00, 8.51MB/s]
.
.
.

testing_colab_notebook

All tests relevant tests were passed

Docs already include related info for flag... no need to change

Fixes #1668

MissLostCodes · 2026-04-02T14:08:18Z

@rkazants @popovaan
Please review <3

HuggingFaceDocBuilderDev · 2026-04-02T20:49:45Z

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

MissLostCodes · 2026-04-03T17:01:56Z

@echarlaix @popovaan @rkazants

From the failing CI logs, it appears that trust_remote_code was being passed to all OpenVINO config constructors, which caused runtime errors for configs that do not accept this argument (e.g. InternVL, MiniCPM, Qwen2VL).

This fix introduces:

Selective propagation of trust_remote_code
Pass trust_remote_code only to configs that explicitly support it (llava-qwen2, phi3_v), avoiding crashes in other OpenVINO config classes that do not accept this argument by using **kwargs.
Separation of model types
Use base_model_type for internal logic and export_model_type for export/config decisions, ensuring correct behavior for models that override their export type.

This fix ensures:

Correct handling of remote code execution
No breaking changes for other model configs
Cleaner separation of responsibilities

After these changes, the tests that were previously failing due to incorrect propagation of trust_remote_code now pass locally.

MissLostCodes · 2026-04-09T03:58:59Z

@echarlaix @rkazants @popovaan
Can someone please trigger the CI workflow ?

MissLostCodes · 2026-04-14T12:33:54Z

@echarlaix @popovaan @rkazants
i checked the failing test cases , here are the observations and actions taken -

Many tests in export , quantization and modeling are faling due to deprecation of _text_length in Sentence-transformers , addressed in this issue
In genai tests , some models were not added in remote-code-model list ...they are now added
Black formatting error has been fixed .
Some model fail due to mismatched quantization behavior (maybe FP8 instead of INT8) and failed to build model wrapper issues.
xglm passes tests when tested in isolation but fails when tested by running complete test pipeline
!pytest tests/openvino/test_genai.py -k "xglm or llama4 or granitemoe" -v ---> xglm passes
!pytest tests/openvino/test_genai.py -v ---> xglm fails

MissLostCodes · 2026-04-14T12:41:13Z

@rkazants @popovaan @echarlaix

The second last point indicates NNCF quantization behavior change as mentioned in this PR
The last issue is still unclear to me 😕 , and I would really appreciate your guidance on whether it’s expected behavior or something I should investigate further.

Here's the detailed test result notebook

Copilot

Pull request overview

This PR updates the OpenVINO export flow to consistently honor trust_remote_code (to prevent unintended remote code execution) and adds defensive handling for certain multimodal configs during export.

Changes:

Propagate trust_remote_code through key OpenVINO export entry points and multimodal export config construction.
Make multimodal config handling more robust (e.g., guard access to mm_vision_tower).
Add an early warning in task inference when trust_remote_code=False for Transformers models.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
`optimum/exporters/openvino/__main__.py`	Adds a warning when remote code trust is disabled and ensures `trust_remote_code` is passed to `AutoConfig.from_pretrained`.
`optimum/exporters/openvino/convert.py`	Threads `trust_remote_code` into submodel/export-config selection, and conditionally passes it into relevant multimodal config constructors.
`optimum/exporters/openvino/model_configs.py`	Stops hardcoding `trust_remote_code=True` for multimodal vision-tower config loads; adds defensive `hasattr` checks.
`tests/openvino/test_genai.py`	Updates the set of architectures treated as requiring remote code in GenAI tests.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

popovaan · 2026-04-21T14:30:55Z

+    if export_model_type in {"llava-qwen2", "phi3_v"}:
+        config_kwargs["trust_remote_code"] = trust_remote_code
+


Why is trust_remote_code flag propagated here only for "llava-qwen2" and "phi3_v"? Maybe we need to do it unconditionally?

other models do require trust_remote_code at the Transformers level but their corresponding OpenVINO config classes do not accept this parameter yet . So the condition is required

propagating trust_remote_code unconditionally, leads to :

TypeError: Qwen2VLOpenVINOConfig.__init__() got an unexpected keyword argument 'trust_remote_code' TypeError: InternVLChatOpenVINOConfig.__init__() got an unexpected keyword argument 'trust_remote_code' TypeError: MiniCPMVOpenVINOConfig.__init__() got an unexpected keyword argument 'trust_remote_code'

rkazants · 2026-04-28T12:17:24Z

+        "xglm",
+        "granitemoe",
+        "granite",
+        "llama4",
+        "zamba2",


why these changes are here? Looks not correct merge conflicts resolution

Please add tests to show that without 'trust_rmote_code' export of models do not work for certain models.
This test should check that error is raised for such models exporting wihtout this option. Quite useful test

…enVINO export

rkazants · 2026-05-05T12:04:17Z

            if len(only_onnx) > 0:
                logger.warning(f"The following architectures export {only_onnx} is supported by ONNX but not OpenVINO")

+    @parameterized.expand(OV_MULTIMODAL_REMOTE_CODE_MODELS)


we have a list of all trust remote code models. May be we can parameterize this test using this list.

But the models in that list donot support trust remote code propogation at openvino level , they handle it at hugging face level so running this test over all those models will throw TypeError for unexpected argument and fail these tests .

rkazants · 2026-05-05T12:04:47Z

@popovaan, please take a look at this PR

MissLostCodes added 3 commits April 2, 2026 17:32

Fix trust_remote_code propagation in OpenVINO export configs

05536a7

remove warnings as they are never reached

8954d32

add trust-remote-code warning

c42bf7f

MissLostCodes changed the title ~~FRespect trust_remote_code in OpenVINO export and improve safety for multimodal configs~~ fix: Respect trust_remote_code in OpenVINO export and improve safety for multimodal configs Apr 2, 2026

MissLostCodes changed the title ~~fix: Respect trust_remote_code in OpenVINO export and improve safety for multimodal configs~~ [OpenVINO] fix: Respect trust_remote_code in export and improve safety for multimodal configs Apr 2, 2026

added Selective propagation of trust_remote_code

12fd48e

MissLostCodes changed the title ~~[OpenVINO] fix: Respect trust_remote_code in export and improve safety for multimodal configs~~ [OpenVINO] fix: Respect trust_remote_code in export and improve safety for multimodal configs FIXES ISSUE #1668 Apr 4, 2026

MissLostCodes changed the title ~~[OpenVINO] fix: Respect trust_remote_code in export and improve safety for multimodal configs FIXES ISSUE #1668~~ [OpenVINO] fix: Respect trust_remote_code in export and improve safety for multimodal configs FIXES #1668 Apr 12, 2026

MissLostCodes added 6 commits April 13, 2026 21:56

Format code with Black

ec03941

add models to remote models list

6b79aac

propogate trc in llmpipeline

e74f020

oops wrong move

6890261

DEBUG: force for xglm

b20b34f

DEBUG: test proves it not due to trust-remote-code , xglm still fails

42695cf

rkazants requested review from andrey-churkin, Copilot, echarlaix and popovaan April 21, 2026 13:57

Copilot started reviewing on behalf of rkazants April 21, 2026 13:58 View session

Copilot AI reviewed Apr 21, 2026

View reviewed changes

Comment thread optimum/exporters/openvino/model_configs.py

Comment thread optimum/exporters/openvino/model_configs.py

popovaan reviewed Apr 21, 2026

View reviewed changes

t-r-c in with_behaviour for vision embedding- copilot suggestion applied

0fbf8ee

MissLostCodes requested a review from popovaan April 22, 2026 14:14

rkazants reviewed Apr 28, 2026

View reviewed changes

MissLostCodes added 2 commits April 28, 2026 22:08

Clean up

07e3dd4

Added tests to ensure trust_remote_code is required for multimodal Op…

aad0ac3

…enVINO export

MissLostCodes requested a review from rkazants April 29, 2026 05:03

ruff code style

91359e7

rkazants reviewed May 5, 2026

View reviewed changes

MissLostCodes requested a review from rkazants May 10, 2026 13:38

		if export_model_type in {"llava-qwen2", "phi3_v"}:
		config_kwargs["trust_remote_code"] = trust_remote_code

Conversation

MissLostCodes commented Apr 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

All tests relevant tests were passed

Docs already include related info for flag... no need to change

Uh oh!

MissLostCodes commented Apr 2, 2026

Uh oh!

HuggingFaceDocBuilderDev commented Apr 2, 2026

Uh oh!

MissLostCodes commented Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

MissLostCodes commented Apr 9, 2026

Uh oh!

MissLostCodes commented Apr 14, 2026

Uh oh!

MissLostCodes commented Apr 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

popovaan Apr 21, 2026

Choose a reason for hiding this comment

Uh oh!

MissLostCodes Apr 22, 2026

Choose a reason for hiding this comment

Uh oh!

rkazants Apr 28, 2026

Choose a reason for hiding this comment

Uh oh!

rkazants May 5, 2026

Choose a reason for hiding this comment

Uh oh!

MissLostCodes May 9, 2026

Choose a reason for hiding this comment

Uh oh!

rkazants commented May 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

MissLostCodes commented Apr 2, 2026 •

edited

Loading

MissLostCodes commented Apr 3, 2026 •

edited

Loading

MissLostCodes commented Apr 14, 2026 •

edited

Loading