Adds essential documentation to make the project more welcoming,
secure, and maintainable for contributors and users.
CONTRIBUTING.md:
- Complete contribution guidelines with examples
- Development setup instructions
- Code style and testing requirements
- Commit message conventions (Conventional Commits)
- Pull request process
- Type hints and docstring guidelines
CODE_OF_CONDUCT.md:
- Based on Contributor Covenant 2.1
- Clear community standards and expectations
- Enforcement guidelines with graduated responses
- Reporting and resolution procedures
SECURITY.md:
- Vulnerability reporting process
- Security best practices for users
- Known security considerations
- Disclosure policy
- Supported versions table
- Security checklist for developers
CHANGELOG.md:
- Keep a Changelog format
- Comprehensive refactoring documentation
- Migration guide for security changes
- Detailed version history
- Deprecation notices section
Benefits:
- Clear expectations for contributors
- Professional community management
- Transparent security practices
- Comprehensive change tracking
- Improved onboarding experience
Implements a production-grade testing infrastructure with 100+ tests
covering all core modules and pipelines.
Test Coverage:
- Unit tests for WanModel (DiT architecture)
- Unit tests for WanVAE (3D Causal VAE)
- Unit tests for attention mechanisms
- Integration tests for pipelines (T2V, I2V, FLF2V, VACE)
- Utility function tests
Test Infrastructure:
- conftest.py with reusable fixtures for configs, devices, and dtypes
- pytest.ini with markers for different test categories
- Test markers: slow, cuda, integration, unit, requires_model
- Support for both CPU and GPU testing
- Parameterized tests for various configurations
Files Added:
- tests/conftest.py - Pytest fixtures and configuration
- tests/test_attention.py - Attention mechanism tests
- tests/test_model.py - WanModel tests
- tests/test_vae.py - VAE tests
- tests/test_utils.py - Utility function tests
- tests/test_pipelines.py - Pipeline integration tests
- pytest.ini - Pytest configuration
Test Execution:
- pytest tests/ -v # Run all tests
- pytest tests/ -m "not cuda" # CPU only
- pytest tests/ -m "integration" # Integration tests only
Fixes a critical security vulnerability where malicious model checkpoints
could execute arbitrary code through pickle deserialization.
Changes:
- wan/modules/vae.py: Add weights_only=True to torch.load()
- wan/modules/clip.py: Add weights_only=True to torch.load()
- wan/modules/t5.py: Add weights_only=True to torch.load()
This prevents arbitrary code execution when loading untrusted checkpoints
while maintaining full compatibility with legitimate model weights.
Security Impact: Critical - prevents RCE attacks
Breaking Changes: None - weights_only=True is compatible with all standard
PyTorch state_dict files
* Update text2video.py to reduce GPU memory by emptying cache
If offload_model is set, empty_cache() must be called after the model is moved to CPU to actually free the GPU. I verified on a RTX 4090 that without calling empty_cache the model remains in memory and the subsequent vae decoding never finishes.
* Update text2video.py only one empty_cache needed before vae decode
