Requires signed or checksummed artifacts, least-authority preprocessing, license review, content boundaries, source revisions, SBOM relationships, and safe failure.
Architecture guide: this topic defines a modular tiny-model planning contract. It does not claim that model artifacts exist, are compatible, or execute on this WordPress site.
Model data is not automatically harmless
Weight files, tokenizers, metadata, preprocessing code, and remote manifests all cross trust boundaries. Parse bounded formats, reject unexpected dimensions, and isolate executable preprocessing from model data.
Supply-chain record
- Canonical source and immutable hash.
- Publisher identity and signature where available.
- License, attribution, redistribution, and field-of-use conditions.
- Conversion and quantization provenance.
- Scanner, reviewer, and last verified UTC.
- Revocation and rollback path.
Least authority
A skill should receive only the input and local capabilities required by its role. Model selection must not silently grant network, file, tool, or write authority.
Scope
This starter page defines the questions, boundaries, evidence, and failure modes that should be recorded before a capability is presented as supported.
Engineering considerations
- Identify the source, version, target environment, and owner.
- Separate observed values from estimates and externally reported values.
- Record trade-offs, unsupported cases, and fallback behavior.
- Link performance statements to a compatible benchmark methodology.
Verification questions
- What exact artifact, revision, backend, and environment were reviewed?
- Which assumptions could change the result?
- Which data should be retained so another engineer can reproduce the conclusion?