fix(io_boundary): add huggingface_hub + sentence_transformers to net_send catalog (WI-jihuj)

The 2026-04-23 self-audit found that hypergumbo's embeddings extra
demonstrably contacts HuggingFace Hub (the dogfood run printed an
"unauthenticated requests to the HF Hub" warning), but io-boundaries
reported zero matching net_send chains.

Root cause: python.yaml#net_send covered the low-level HTTP clients
(requests, aiohttp.ClientSession, httpx.{Client,AsyncClient}) but the
HF stack lives one layer above them — sentence_transformers'
SentenceTransformer constructor calls into huggingface_hub, which calls
requests internally. The io-boundary tracer can only see edges into
hypergumbo's own source, not into vendored deps, so the wrapper-layer
constructor + huggingface_hub.* entries are required to surface the
chain.

Additions to python.yaml#net_send:
- huggingface_hub.snapshot_download / hf_hub_download (functions)
- huggingface_hub.HfApi.{model_info, list_repo_files, download_file}
- sentence_transformers.SentenceTransformer (constructor)

Test test_python_catalog_has_huggingface_hub_net_send asserts all three
are loaded as net_send primitives. All 243 io_boundary + catalog tests
pass.

Signed-off-by: jgstern-agent <josh-agent@iterabloom.com>

Author: jgstern-agent

.ci/affected-tests.txt

@@ -1,62 +1,12 @@
 # Test selection manifest
-# Generated by smart-test at 2026-04-23T14:09:10-04:00
+# Generated by smart-test at 2026-04-23T16:34:08-04:00
 # Mode: targeted
-# Baseline: d2c72ee02dc6adad34b7567209b7c0de210db152
-# Changed files: 6
-# Changed source files: 1
-# Selected tests: 51
+# Baseline: 7155820d35e44c8ef6a9551be48e9acc316241bc
+# Changed files: 8
+# Changed source files: 0
+0
+# Selected tests: 1
 #
 # === CHANGED_SOURCE_FILES ===
-packages/hypergumbo-core/src/hypergumbo_core/framework_patterns.py
 # === SELECTED_TESTS ===
-packages/hypergumbo-core/tests/BRANCHES_test_framework_patterns.py
-packages/hypergumbo-core/tests/test_backend_cli_flag.py
-packages/hypergumbo-core/tests/test_build_grammars.py
-packages/hypergumbo-core/tests/test_cli_basic.py
-packages/hypergumbo-core/tests/test_cli_cache.py
-packages/hypergumbo-core/tests/test_cli_commands.py
-packages/hypergumbo-core/tests/test_cli_config.py
-packages/hypergumbo-core/tests/test_cli_dead_code.py
-packages/hypergumbo-core/tests/test_cli_explain.py
-packages/hypergumbo-core/tests/test_cli_io_boundaries.py
-packages/hypergumbo-core/tests/test_cli_routes.py
-packages/hypergumbo-core/tests/test_cli_run_behavior_map.py
-packages/hypergumbo-core/tests/test_cli_search.py
-packages/hypergumbo-core/tests/test_cli_symbols.py
-packages/hypergumbo-core/tests/test_cli_test_coverage.py
-packages/hypergumbo-core/tests/test_cli_verify_claims.py
-packages/hypergumbo-core/tests/test_fastapi_patterns.py
-packages/hypergumbo-core/tests/test_file_excludes.py
-packages/hypergumbo-core/tests/test_framework_patterns.py
-packages/hypergumbo-core/tests/test_frameworks_flag.py
-packages/hypergumbo-core/tests/test_gitleaks.py
-packages/hypergumbo-core/tests/test_locale.py
-packages/hypergumbo-core/tests/test_max_tier.py
-packages/hypergumbo-core/tests/test_no_first_party_priority.py
-packages/hypergumbo-core/tests/test_profile.py
-packages/hypergumbo-core/tests/test_run_behavior_map.py
-packages/hypergumbo-core/tests/test_schema_compliance.py
-packages/hypergumbo-core/tests/test_sketch.py
-packages/hypergumbo-core/tests/test_sketch_sanity.py
-packages/hypergumbo-core/tests/test_slice_tier_filter.py
-packages/hypergumbo-core/tests/test_stable_shape_ids.py
-packages/hypergumbo-lang-common/tests/BRANCHES_test_dart.py
-packages/hypergumbo-lang-common/tests/BRANCHES_test_elixir.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_cpp.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_c.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_csharp.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_go.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_java.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_js_ts.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_kotlin.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_php.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_python_ast_analysis.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_ruby.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_rust.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_scala.py
-packages/hypergumbo-lang-mainstream/tests/BRANCHES_test_swift.py
-packages/hypergumbo-lang-mainstream/tests/test_html_analysis.py
-packages/hypergumbo-lang-mainstream/tests/test_java.py
-packages/hypergumbo-lang-mainstream/tests/test_js_ts.py
-packages/hypergumbo-lang-mainstream/tests/test_polyglot_call_site_coverage.py
-packages/hypergumbo-lang-mainstream/tests/test_python_ast_analysis.py
+packages/hypergumbo-core/tests/test_io_boundary.py

CHANGELOG.md

@@ -31,6 +31,10 @@ New `module_attr_ref` edge type emitted across six languages for attribute reads
 - **New flags `--taint-sources PATH` / `--taint-sinks PATH` / `--taint-sanitizers PATH`** (repeatable; each PATH is a YAML file or directory globbed as `*.yaml` in sorted order). Claims YAML can carry the same paths under a top-level `extra_catalogs: {sources, sinks, sanitizers}` key; relative paths resolve against the claims-file directory. User source/sink entries matching `(module, name, kind)` replace the auto-derived or built-in entry; user sanitizers concatenate.
 - **Public helper `hypergumbo_core.taint.load_full_taint_catalog(extra_source_paths, extra_sink_paths, extra_sanitizer_paths)`**; one-line stderr summary when extra catalogs are loaded.
 
+#### IO catalog — HuggingFace Hub network primitives (WI-jihuj)
+
+- **`io_primitives/python.yaml#net_send`** gains `huggingface_hub.{snapshot_download, hf_hub_download}`, `huggingface_hub.HfApi.{model_info, list_repo_files, download_file}`, and `sentence_transformers.SentenceTransformer`. Surfaced by the 2026-04-23 self-audit: hypergumbo's embeddings extra demonstrably contacts HF Hub (the dogfood run printed an "unauthenticated requests to the HF Hub" warning), but io-boundaries reported zero matching `net_send` chains because the HF stack lives one layer above the `requests` / `httpx` clients the catalog already covered. Adding the wrapper-layer entries lets `verify-claims` reason about the embeddings install's network surface without having to walk into third-party code.
+
 ### Changed
 
 #### Taint catalog auto-derivation (WI-lokuv)

packages/hypergumbo-core/src/hypergumbo_core/io_primitives/python.yaml

@@ -112,6 +112,18 @@ net_send:
     notes: "httpx sync/async HTTP client"
   - module: httpx.AsyncClient
     methods: [get, post, put, delete, head, patch, request, send]
+  # WI-jihuj: high-level network clients that wrap requests/httpx but live one
+  # layer above what the io-boundary tracer can see by walking edges in
+  # third-party code. Covers the embeddings extra's HF Hub download surface
+  # (sentence_transformers.SentenceTransformer constructor → hf_hub).
+  - module: huggingface_hub
+    functions: [snapshot_download, hf_hub_download]
+    notes: "HF Hub model/file download"
+  - module: huggingface_hub.HfApi
+    methods: [model_info, list_repo_files, download_file]
+  - module: sentence_transformers
+    functions: [SentenceTransformer]
+    notes: "Constructor downloads from HF Hub on first use (model not cached locally)"
 
 net_recv:
   - module: socket.socket

packages/hypergumbo-core/tests/test_io_boundary.py

@@ -80,6 +80,19 @@ def test_python_catalog_has_net_send(self) -> None:
         names = {p.qualified_name for p in net_sends}
         assert "socket.socket.send" in names
 
+    def test_python_catalog_has_huggingface_hub_net_send(self) -> None:
+        # WI-jihuj: 2026-04-23 self-audit found that hypergumbo's embeddings
+        # extra demonstrably hits HuggingFace Hub (the dogfood run printed
+        # "unauthenticated requests to the HF Hub"), but io-boundaries
+        # reported zero net_send chains for it because huggingface_hub /
+        # sentence_transformers were missing from the catalog.
+        catalog = load_catalog("python")
+        net_sends = {p.qualified_name for p in catalog.primitives
+                     if p.boundary == "net_send"}
+        assert "huggingface_hub.snapshot_download" in net_sends
+        assert "huggingface_hub.hf_hub_download" in net_sends
+        assert "sentence_transformers.SentenceTransformer" in net_sends
+
     def test_python_catalog_has_subprocess(self) -> None:
         catalog = load_catalog("python")
         subprocs = [p for p in catalog.primitives if p.boundary == "subprocess"]