sync from abhijitramesh/webgpu-bench@35f91a3bac

README.md

@@ -9,8 +9,7 @@ pinned: false
 short_description: One-click browser benchmark for GGUF models on WebGPU + WASM
 hf_oauth: true
 hf_oauth_scopes:
-  - read-repos
-  - write-repos
+  - write-discussions
 ---
 
 # WebGPU Benchmark — One Click

js/run/config.js

@@ -14,7 +14,12 @@ export const CONSISTENCY_PROMPT = 'Explain quantum computing in simple terms.';
 export const HF_DATASET_REPO = 'abhijitramesh/webgpu-bench-leaderboard';
 
 // Scopes must match the ones declared in spaces/README.md frontmatter.
-export const HF_OAUTH_SCOPES = ['read-repos', 'write-repos'];
+// `write-discussions` is the minimum needed to open a community PR against
+// the leaderboard dataset on behalf of the signed-in user. `openid` and
+// `profile` are auto-included for Space OAuth, so we don't need to ask for
+// `read-repos`/`write-repos` (which would grant write to ALL the user's
+// repos — far more than needed for a single PR).
+export const HF_OAUTH_SCOPES = ['write-discussions'];
 
 export function isHubConfigured() {
   // Space-OAuth works whenever the dataset is set. The OAuth client ID is

js/run/controller.js

@@ -2015,9 +2015,9 @@ function wireHubHandlers() {
             avatarUrl: state.hfSession.avatarUrl || null,
           } : null,
         });
-        const link = res.commitUrl
-          || `https://huggingface.co/datasets/${HF_DATASET_REPO}/blob/main/${res.path}`;
-        logLine(`Submitted ${eligible.length} variant(s): ${link}`);
+        const link = res.pullRequestUrl
+          || `https://huggingface.co/datasets/${HF_DATASET_REPO}/discussions`;
+        logLine(`Opened PR with ${eligible.length} variant(s): ${link}`);
         // Restore the real label before flashing so the post-flash revert
         // doesn't snap back to "Submitting…".
         submitBtn.textContent = original;

js/run/hub.js

@@ -11,9 +11,11 @@
 //      token in localStorage. The Run controller restores any previously
 //      saved benchmark results from localStorage so they survive the
 //      OAuth round-trip.
-//   3. Clicking [Submit] calls `submitResultsToDataset()` which commits a
-//      JSON file (one per machine-slug / browser / session) as a PR to the
-//      leaderboard dataset.
+//   3. Clicking [Submit] calls `submitResultsToDataset()` which opens a
+//      community Pull Request adding a JSON file (one per machine-slug /
+//      browser / session) against the leaderboard dataset. We open a PR
+//      (not a direct commit) so any signed-in user can submit — they only
+//      need the `write-discussions` scope, not write access to the dataset.
 
 import {
   oauthLoginUrl,
@@ -135,7 +137,7 @@ export async function fetchWhoAmI(token) {
  * @param {{name: string, hubId?: string, avatarUrl?: string}} [opts.submittedBy]
  *   — captured from the OAuth session and stamped onto each record so the
  *   dashboard can attribute submissions back to a HF user.
- * @returns {Promise<{ path: string, commit?: string, prUrl?: string }>}
+ * @returns {Promise<{ path: string, commit?: string, pullRequestUrl?: string }>}
  */
 export async function submitResultsToDataset(results, {
   token,
@@ -163,16 +165,20 @@ export async function submitResultsToDataset(results, {
   const body = JSON.stringify(stamped, null, 2);
   const blob = new Blob([body], { type: 'application/json' });
 
+  // isPullRequest: true so any signed-in user can submit — the upload becomes
+  // a community PR against the dataset rather than a direct commit (which
+  // would 403 for everyone except the dataset owner).
   const res = await uploadFile({
     repo: { type: 'dataset', name: datasetRepo },
     credentials: { accessToken: token },
     file: { path, content: blob },
     commitTitle: `bench: ${machineSlug} / ${browser} / ${results.length} variants`,
+    isPullRequest: true,
   });
 
   return {
     path,
     commit: res?.commit?.oid || null,
-    commitUrl: `https://huggingface.co/datasets/${datasetRepo}/blob/main/${path}`,
+    pullRequestUrl: res?.pullRequestUrl || null,
   };
 }