promptfoo · mldangelo-oai · May 23, 2026 · May 22, 2026 · May 22, 2026 · May 22, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - avoid repeatedly scanning sharded model families during directory scans
 - keep shard sibling discovery within the requested scan root
 - preserve per-shard metadata when aggregating sharded model families
+- prevent picklescan call-graph alias cycles from hanging scans
 - stop flagging a false-positive ONNX Python operator when tensor weight bytes coincidentally spell `PyOp`
 - distinguish ASCII-serialized Torch7 artifacts from plain PyTorch source text
 

diff --git a/packages/modelaudit-picklescan/CHANGELOG.md b/packages/modelaudit-picklescan/CHANGELOG.md
@@ -51,6 +51,7 @@ and this package adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Bug Fixes
 
+- prevent call-graph alias cycles from hanging scans
 - detect nested brace-format lookups that reach tracked `defaultdict` factories
 - avoid `str.format` false positives when a `ChainMap` shadows a `defaultdict`
 - block `statistics.quantiles` call-iterator consumption in call-graph analysis

diff --git a/packages/modelaudit-picklescan/src/modelaudit_picklescan/api.py b/packages/modelaudit-picklescan/src/modelaudit_picklescan/api.py
@@ -14,6 +14,7 @@
     CallGraphFinding,
     StartupHookWriteFinding,
     UnanalyzedCallGraphReference,
+    _CallGraphAnalysisLimitError,
     find_dangerous_call_graphs,
     find_startup_hook_write_call_graphs,
     find_unanalyzed_callable_call_graph_references,
@@ -1012,6 +1013,9 @@ def _with_call_graph_findings(report: PickleReport) -> PickleReport:
     with shared_source_sensitive_caches():
         try:
             call_graph_findings = find_dangerous_call_graphs(import_references, callable_invocations)
+        except _CallGraphAnalysisLimitError as error:
+            call_graph_findings = error.partial_findings
+            enrichment_errors.append(("python_call_graph", error))
         except Exception as error:
             call_graph_findings = ()
             enrichment_errors.append(("python_call_graph", error))
@@ -1020,6 +1024,9 @@ def _with_call_graph_findings(report: PickleReport) -> PickleReport:
                 import_references,
                 callable_invocations,
             )
+        except _CallGraphAnalysisLimitError as error:
+            startup_hook_write_findings = error.partial_startup_hook_write_findings
+            enrichment_errors.append(("python_call_graph_startup_hook_write", error))
         except Exception as error:
             startup_hook_write_findings = ()
             enrichment_errors.append(("python_call_graph_startup_hook_write", error))