Skip to content

License compliance scanner for GGUF models #23

New issue
New issue
Closed
#188
Closed
License compliance scanner for GGUF models#23
#188
Labels
area/complianceCompliance and regulatory features (HIPAA, SOC2, etc.)area/model-registryModel registry and catalog featuresenhancementNew feature or requestkind/featureNew feature or requestpriority/highHigh prioritysize/mediumMedium effort (1-3 days)
@Defilan

Description

@Defilan
Defilan
opened on Nov 21, 2025

Overview

Automatic license detection and compliance verification for GGUF models to prevent legal issues in enterprise deployments.

Context

Many LLMs have restrictive licenses (Llama-2 commercial terms, research-only, etc.). Organizations need to:

  • Detect license automatically when importing models
  • Block deployment of non-compliant licenses
  • Track license usage for audits
  • Alert on license violations

User Story

As a legal/compliance officer, I need automatic license detection so that developers cannot accidentally deploy models with incompatible licenses.

Proposed Solution

1. License Detection

  • Parse model cards from HuggingFace
  • Detect common licenses: Apache 2.0, MIT, Llama-2, Llama-3, Mistral, Gemma, etc.
  • Store license in Model CRD status

2. License Policy CRD

```yaml
apiVersion: inference.llmkube.dev/v1alpha1
kind: LicensePolicy
metadata:
name: production-policy
namespace: production
spec:
allowedLicenses:
- apache-2.0
- mit
- llama-2-commercial
blockedLicenses:
- research-only
- cc-by-nc # Non-commercial
requireApproval:
- llama-2 # Requires manual approval
enforcement: block # or: warn, audit
```

3. Enforcement Points

  • Block Model creation if license is not allowed
  • Warn on InferenceService deployment
  • Generate compliance reports
  • Audit log all license checks

4. License Database

Maintain database of known licenses:
```yaml
licenses:
apache-2.0:
name: "Apache License 2.0"
commercial: true
attribution: required
llama-2:
name: "Llama 2 Community License"
commercial: conditional # <700M users
restrictions: "See llama.meta.com"
```

Acceptance Criteria

  • Automatic license detection from model metadata
  • LicensePolicy CRD implemented with enforcement
  • Support for 10+ common LLM licenses
  • Block/warn/audit enforcement modes
  • License compliance reports
  • Integration with model registry
  • CLI command: `llmkube license check `
  • Documentation with license guide
  • E2E test with various license types

Related Issues

  • Complements model registry
  • Part of compliance strategy

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/complianceCompliance and regulatory features (HIPAA, SOC2, etc.)area/model-registryModel registry and catalog featuresenhancementNew feature or requestkind/featureNew feature or requestpriority/highHigh prioritysize/mediumMedium effort (1-3 days)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions