fix(generator): correct PURL encoding for model IDs

[arunsanna]

Summary

• Fix no-op .replace('/', '/') calls that were intended to URL-encode forward slashes in model IDs
• Replace with .replace('/', '%2F') to properly encode per the PURL specification

Problem

The code had 6 instances of .replace('/', '/') which does nothing (replaces / with /). This resulted in invalid PURLs like:

pkg:huggingface/meta-llama/Llama-3.1-8B@1.0

Solution

Changed to .replace('/', '%2F') to produce valid PURLs:

pkg:huggingface/meta-llama%2FLlama-3.1-8B@1.0

Test plan

• Built Docker image with fix
• Tested with meta-llama/Llama-3.1-8B model
• Verified bom-ref and purl fields contain %2F encoding
• Confirmed no remaining instances of the bug pattern

Fixes #13

[Copilot]

Pull request overview

This PR fixes a critical bug where .replace('/', '/') no-op calls prevented proper URL encoding of forward slashes in model IDs, resulting in invalid Package URLs (PURLs) that don't comply with the PURL specification.

Changes:

• Corrected 6 instances of .replace('/', '/') to .replace('/', '%2F') to properly URL-encode forward slashes in model IDs
• Ensures PURL identifiers like pkg:huggingface/meta-llama/Llama-3.1-8B@1.0 are correctly encoded as pkg:huggingface/meta-llama%2FLlama-3.1-8B@1.0
• Makes PURL generation consistent with existing correctly-encoded instances already in the codebase

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[arunsanna]

Test Results ✅

Tested with 3 different HuggingFace models to verify the fix:

Test 1: meta-llama/Llama-3.1-8B

AIBOM generated successfully
Completeness score: 85/100

PURL fields from JSON:
  bom-ref: pkg:huggingface/meta-llama%2FLlama-3.1-8B@1.0
  purl: pkg:huggingface/meta-llama%2FLlama-3.1-8B@1.0
  dependencies.ref: pkg:generic/meta-llama%2FLlama-3.1-8B@1.0
  dependencies.dependsOn: pkg:huggingface/meta-llama%2FLlama-3.1-8B@1.0

Test 2: openai/whisper-large-v3

AIBOM generated successfully
Completeness score: 85/100

PURL fields from JSON:
  bom-ref: pkg:huggingface/openai%2Fwhisper-large-v3@1.0
  purl: pkg:huggingface/openai%2Fwhisper-large-v3@1.0
  dependencies.ref: pkg:generic/openai%2Fwhisper-large-v3@1.0
  dependencies.dependsOn: pkg:huggingface/openai%2Fwhisper-large-v3@1.0

Test 3: google/gemma-2-9b

AIBOM generated successfully
Completeness score: 85/100

PURL fields from JSON:
  bom-ref: pkg:huggingface/google%2Fgemma-2-9b@1.0
  purl: pkg:huggingface/google%2Fgemma-2-9b@1.0
  dependencies.ref: pkg:generic/google%2Fgemma-2-9b@1.0
  dependencies.dependsOn: pkg:huggingface/google%2Fgemma-2-9b@1.0

Summary

• ✅ All 4 PURL-related fields now contain proper %2F encoding
• ✅ Tested across LLM, Audio, and multi-modal model types
• ✅ No regressions in completeness scoring

[arunsanna]

✅ Testing Completed - VERIFIED

Test Space: https://megamind1-aibom-pr18-purl-fix.hf.space

Test Results

Test	Result
PURL encoding for meta-llama/Llama-3.1-8B	✅ Pass
Generated %2F encoding	✅ Confirmed
App functionality	✅ Working

Comparison

Version	PURL Output
❌ Baseline (unfixed)	pkg:huggingface/meta-llama/Llama-3.1-8B@1.0
✅ This PR (fixed)	pkg:huggingface/meta-llama%2FLlama-3.1-8B@1.0

Ready for merge. ✓

[arunsanna]

Status Update: Superseded by v0.2

This PURL encoding fix has been incorporated into the v0.2 branch architecture.

Evidence: src/models/service.py line 288 now uses .replace('/', '%2F') correctly.

This PR can be closed as the fix is already in v0.2. See PR #36 for the consolidated v0.2 reapplication.