OpenMed v1.9.0¶
OpenMed 1.9.0 is the cross-platform ONNX inference, clinical extraction, multilingual privacy, and release-evidence release.
Release date: 2026-07-14.
Reviewed range: v1.8.1..v1.9.0 release target. The inventory covers 35 release-scope pull requests: 34 merged after the v1.8.1 release branch was cut, plus the v1.9.0 release pull request. Pull requests #1545 and #1546 are already part of the v1.8.1 release topology and are not counted again here.
Highlights¶
- Use the same exported token-classification repository from Python, browsers, Node.js, and Android through concise, runtime-native APIs.
- Install the new public
openmednpm package with ESM/CommonJS exports and WebGPU/WebAssembly inference support. - Consume Android OpenMedKit from the immutable
v1.9.0Git tag through JitPack, with DJL Hugging Face tokenization and preserved character offsets. - Work with 17 model-backed PII language codes after full Korean and Romanian language-pack additions.
- Evaluate clinical extraction with relation metrics, strict/relaxed scoring, release gates, dataframe output, and multilingual benchmarks.
- Ship with stronger privacy evidence: critical-finding recall, leakage-under-extraction, surrogate quality, fuzzing, a redactor threat model, and a burned-in-PHI DICOM benchmark.
Cross-platform ONNX and distribution¶
The v1.9 model contract packages tokenizer assets, ONNX graphs, optional external data, and runtime metadata once so applications do not need to rebuild tokenization or tensor plumbing for each platform.
- Python:
OnnxModel.from_pretrained(...)supports local and Hugging Face repositories, automatic INT8 preference, tokenizer offsets, BIO/BILOU aggregation, and external-data graphs. - Browser and Node.js:
loadOnnxModel(...)is published in theopenmednpm package with ESM/CommonJS exports and ONNX Runtime Web support for WASM and WebGPU. - Android:
OpenMedKit.fromDirectory(...)loads validated sidecar artifacts, uses DJL Hugging Face tokenization, preserves source character spans, and exposes the same entity contract through Kotlin. - Publishing: resumable Android/ORT batch conversion, model-card format metadata, safer artifact reuse, optional ORT conversion, and large ONNX external-data handling make catalog rollout repeatable.
- MLX: direct
OpenMed/...-mlxrepository IDs resolve as pre-converted artifacts, with runnable token-classification and GLiNER zero-shot examples.
Standard token-classification repositories are compatible with the shared contract. GLiNER zero-shot span models and privacy-filter mixture-of-experts models remain excluded because they use different graph contracts.
Clinical extraction and service clients¶
- Added relation metrics and a synthetic gold loader (#1211).
- Added strict and relaxed relation-extraction scoring plus an RE release gate (#1212).
- Added dataframe output for clinical extraction results (#1224).
- Added an immunization zero-shot domain with FHIR-aligned display labels and policy metadata (#1159).
- Added a Go REST client, Postman collection, and copy-paste REST API recipes (#1379, #1385, #1387).
- Added a Jupyter/IPython rich display widget for de-identification results and bounded ten-stage pipeline latency on long clinical notes (#1382, #1383).
Multilingual privacy¶
The model-backed PII language allow-list now contains 17 codes: ar, de, en, es, fr, he, hi, id, it, ja, ko, nl, pt, ro, te, th, and tr.
- Korean adds native date, phone, resident-registration-number, postcode, and address patterns, checksum-aware surrogates, fixtures, and model/service wiring (#1544).
- Romanian adds CNP validation, locale-aware patterns, surrogates, fixtures, and model/service wiring (#1389).
- Canadian SIN/provincial health-card and Australian Medicare/TFN validators extend identifier coverage (#1340, #1342).
- CJK honorific handling and RTL-aware rendering improve output fidelity across writing systems (#1346, #1384).
- Offline translation augmentation, multilingual section detection, and surrogate quality gates strengthen lower-resource workflows (#1221, #1226, #1225).
Evaluation, safety, and developer quality¶
- Critical-finding recall and leakage-under-extraction gates make privacy failures release-blocking (#1213, #1214).
- Multilingual benchmark aggregation, false-negative exploration, throughput-versus-accuracy reports, and inference memory profiling make quality/performance tradeoffs inspectable (#1223, #1343, #1347, #1349).
- Property-based de-identification fuzzing, a redactor threat model and leakage-bypass catalog, and a synthetic burned-in-PHI DICOM benchmark extend the adversarial evidence surface (#1350, #1352, #1388).
- Artifact-backed model-card datasheets and Hugging Face model-pull helpers make model evidence and retrieval easier to automate (#1228, #1339).
- Public-API docstring coverage, PEP 561 packaging, and scoped type-hint coverage keep the expanded API surface reviewable (#1341, #1348).
Documentation and brand¶
The release adds persona quickstarts, hardened offline-loading guidance, a troubleshooting and common-errors guide, Postman examples, and REST recipes (#1386, #1380, #1385, #1387). OpenMed's repository, documentation, and website also use a consolidated on-device clinical-AI message (#1415).
Security and release engineering¶
- Fixable vulnerability waivers were replaced with dependency and base-image upgrades. The vulnerability gate now rejects a waiver when a fixed version is available.
- Python, npm, Swift, Android, Helm, OpenAPI, container, and demo versions align on
1.9.0. - Python wheels and sdists, npm artifacts, Android AARs, Swift package builds, container images, documentation, and supply-chain metadata retain their platform-specific validation gates.
- Local-first privacy defaults remain unchanged: no mandatory network calls after model download, no telemetry by default, and no raw PHI in logs, caches, temp files, or audit artifacts.
Migration notes¶
- Python: install
openmed==1.9.0and add only the optional extras required by your runtime. - Browser/Node.js: install
openmed@1.9.0. - Swift: use
.package(url: "https://github.com/maziyarpanahi/openmed.git", from: "1.9.0"). - Android: add JitPack and use
com.github.maziyarpanahi:openmed:v1.9.0. The movingmaster-SNAPSHOTcoordinate is not release-stable. - The v1.8.1 attention-selection fix remains included. Explicit
eager,sdpa, andflash_attention_2choices keep their existing behavior. - Applications adopting the shared ONNX contract should retain the repository's tokenizer and sidecar files with the graph. Android publication fails closed when required runtime artifacts are incomplete.
Pull-request inventory¶
- Cross-platform runtime and distribution: #1550, #1339.
- Clinical extraction, service clients, notebooks, and documentation: #1159, #1211, #1212, #1224, #1379, #1380, #1382, #1383, #1385, #1386, #1387.
- Multilingual privacy and locale handling: #1544, #1389, #1340, #1342, #1346, #1384, #1221, #1225, #1226.
- Evaluation, safety, and developer quality: #1213, #1214, #1223, #1228, #1341, #1343, #1347, #1348, #1349, #1350, #1352, #1388.
- Brand and product messaging: #1415.
Validation¶
The release pull request validates the full Python suite, release-sensitive tests, Ruff formatting and lint, scoped typing, package builds, npm tests and artifact checks, Android unit/AAR builds, Swift package tests, strict MkDocs, Helm lint/template, OpenAPI consistency, vulnerability policy, and repository release-version surfaces. Final run results are recorded on the release pull request and in the maintainer announcement artifact.
Full Changelog: https://github.com/maziyarpanahi/openmed/compare/v1.8.1...v1.9.0