fix(keras): derive safe layer inventory from exports

[typpo]

This fixes the false positives introduced by the custom Keras layer heuristic.

Instead of maintaining a hand-edited built-in layer allowlist, the scanner now reads from a generated inventory of public keras.layers.* exports. The inventory is regenerated with scripts/generate_keras_layer_inventory.py, which parses the installed Keras source tree without making Keras a runtime dependency of the scanner.

The follow-up also keeps regression coverage on real public layers that were misclassified (RandomShear and RandomColorJitter) in both the H5 and .keras scanners.

Summary by CodeRabbit

• Refactor

  • Refactored Keras layer validation system to use auto-generated inventory for improved accuracy and maintainability.

• Tests

  • Updated test cases to ensure accurate detection of built-in Keras preprocessing layers.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0559ef17-ef99-4779-9202-ba73bd479548

📥 Commits

Reviewing files that changed from the base of the PR and between d9fe283 and f69ba13.

📒 Files selected for processing (5)

• modelaudit/config/generated_keras_layers.py
• modelaudit/detectors/suspicious_symbols.py
• scripts/generate_keras_layer_inventory.py
• tests/scanners/test_keras_h5_scanner.py
• tests/scanners/test_keras_zip_scanner.py

---

Walkthrough

A new generated inventory system is introduced to centralize known-safe Keras layer class names. A generation script auto-discovers and extracts layer names from the installed Keras source using AST parsing, producing a static Python module with a frozenset. The detector module now imports and uses this generated inventory instead of maintaining an inline definition.

Changes

Cohort / File(s)	Summary
Generated Inventory modelaudit/config/generated_keras_layers.py	New file containing a frozenset constant GENERATED_KNOWN_SAFE_KERAS_LAYER_CLASSES with Keras layer class names for static lookup.
Detector Integration modelaudit/detectors/suspicious_symbols.py	Imports and aliases the generated inventory, replacing the previous inline KNOWN_SAFE_KERAS_LAYER_CLASSES definition with a reference to the generated source.
Generation Script scripts/generate_keras_layer_inventory.py	New script that discovers Keras source, parses AST to extract public layer classes decorated with keras_export, and renders the generated inventory module.
Test Updates tests/scanners/test_keras_*.py	Updated test layer configurations, replacing deprecated layer names (RandomWidth, RandomHeight) with current ones (RandomShear, RandomColorJitter).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A script hops through Keras with AST in hand,
Gathering layer names across the code-land,
No more scattered lists in files dispersed,
One generated truth, for better or worse! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(keras): derive safe layer inventory from exports' accurately and concisely summarizes the main change: moving from a hard-coded allowlist to a generated inventory derived from Keras exports.
Docstring Coverage	✅ Passed	Docstring coverage is 83.33% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/fix-keras-h5-regressions

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}