Dockerfile: point cadgenbench install at huggingface/cadgenbench

Switch source from MichaelRabinovich/LeForge to huggingface/cadgenbench
now that the latter has the full history (181 commits, see
space-setup/migration.md Phase C). The pinned commit (d7e0468) exists
on both remotes so this is URL-only; cadgenbench version bumps are a
separate concern handled by ARG CADGENBENCH_SHA.

The GH_PAT secret on the Space is being rotated in lockstep from a
fine-grained PAT scoped to LeForge to a classic PAT with 'repo' scope.
Classic is broader than ideal (gives the PAT read on any private repo
the issuing user can see, not just huggingface/cadgenbench) but it's
the only self-serve option: the huggingface GH org has fine-grained
PATs disabled, and the cadgenbench space-setup user isn't an admin on
the org repo so can't add a per-repo deploy key either. Tracked as
follow-up debt to swap for a deploy key once admin permissions land
(asked Leandro).

Co-authored-by: Cursor <cursoragent@cursor.com>

Dockerfile

@@ -8,11 +8,19 @@
 #         --secret id=GH_PAT,src=/tmp/gh_pat \
 #         -t cadgenbench-space-test .
 #
-# The GH_PAT mount is a fine-grained GitHub PAT, read-only on
-# MichaelRabinovich/LeForge, used only by the `pip install cadgenbench`
-# step below. It never lands in an image layer, env var, or disk file
-# in the final image. The same value lives on the Space as a Settings
-# Secret (mirrors /tmp/gh_pat locally).
+# The GH_PAT mount is a classic GitHub PAT with `repo` scope (because the
+# `huggingface` GH org has fine-grained PATs disabled, and the cadgenbench
+# space-setup user isn't an admin on huggingface/cadgenbench so can't add
+# a per-repo deploy key either). Broader scope than ideal: this PAT could
+# in principle read any private repo the issuing user has access to, not
+# just huggingface/cadgenbench. Tracked as a follow-up to swap for a
+# read-only deploy key once admin permissions land. See `space-setup/
+# migration.md` Phase C GitHub move section.
+#
+# The mount itself is safe: the value is visible only inside the single
+# `pip install cadgenbench` RUN below, never lands in an image layer,
+# env var, or disk file in the final image. The same value lives on the
+# Space as a Settings Secret (mirrors /tmp/gh_pat locally).
 
 FROM python:3.12-slim-bookworm
 
@@ -47,14 +55,14 @@ RUN pip install --no-cache-dir -r /tmp/requirements.txt \
 RUN pip install --no-cache-dir playwright \
     && playwright install --with-deps chromium
 
-# cadgenbench from the private GitHub repo, pinned to a commit. The PAT
+# cadgenbench from the Internal GitHub repo, pinned to a commit. The PAT
 # mount is visible only inside this single RUN: not embedded in any layer,
 # not exposed as env, not written to disk after the layer commits. Bumping
 # CADGENBENCH_SHA is the one-line path to picking up a new cadgenbench.
 ARG CADGENBENCH_SHA=d7e0468
 RUN --mount=type=secret,id=GH_PAT,mode=0400,required=true \
     pip install --no-cache-dir \
-        "cadgenbench @ git+https://$(cat /run/secrets/GH_PAT)@github.com/MichaelRabinovich/LeForge.git@${CADGENBENCH_SHA}"
+        "cadgenbench @ git+https://$(cat /run/secrets/GH_PAT)@github.com/huggingface/cadgenbench.git@${CADGENBENCH_SHA}"
 
 # Drop privileges. HF Spaces conventionally run as uid 1000 with
 # WORKDIR /home/user/app.