Which Exact Artifact Is Serving Traffic, and How Was It Built?

Most teams discover their model version control is broken on the worst possible day: a production model starts returning bad predictions, a customer complains, and nobody can answer the simplest question — which exact artifact is serving traffic, and how was it built? The Git commit is there. The model file is somewhere. But the link between code, data, hyperparameters, and the binary that's live has dissolved.

Model version control fails differently than code version control. Code is text; you can diff it, read it, and reason about it. A model is a large binary blob produced by a stochastic process over a moving dataset. The mistakes below are the ones we see repeatedly, and each one has a concrete corrective practice. None of them require exotic tooling — they require discipline about what you record and when.

Mistake 1: Versioning the Model but Not the Data

The most expensive mistake is treating the trained artifact as the thing to version while ignoring the dataset that produced it. You save model_v3.pkl, commit it, and move on. Six weeks later you cannot reproduce it because the training table has been overwritten, rows have been appended, and a labeling pass corrected 2,000 examples.

The corrective practice is to pin a data snapshot to every model version. That means a content hash of the exact training set, or a reference to an immutable dataset version (DVC, LakeFS, or a date-partitioned table you never mutate). If you cannot point at the rows that trained a model, you do not have version control — you have a backup.

Mistake 2: Mutable "latest" Tags in Production

Pointing your serving layer at model:latest feels convenient until a bad training run silently promotes itself. Now production changed and there is no event, no approval, and no record of the transition. When predictions degrade, your timeline is useless because the pointer moved without leaving a trace.

Pin production to an immutable version ID, never a floating tag. Promotion should be an explicit, logged action — a registry stage transition or a config change in source control. The same discipline shows up in A Step-by-Step Approach to Ai Model Version Control, where promotion is a deliberate gate rather than a side effect of training.

Mistake 3: Forgetting the Environment

A model is not just weights. It is weights plus the exact framework version, CUDA build, tokenizer, preprocessing code, and dependency tree that ran it. Teams version the .pt file and lose the fact that it was trained on PyTorch 2.1 with a specific transformers release. Load it a year later under new libraries and the numbers shift — sometimes subtly enough that you don't notice until it matters.

What to capture

• A locked dependency manifest (requirements.lock, poetry.lock, or a container digest)
• The hardware and driver versions if you use GPU-specific kernels
• The preprocessing and feature code commit, not just the model file

Mistake 4: No Link Between Experiments and Releases

Data scientists run hundreds of experiments in a tracking tool, then someone exports the winning weights and hands them to engineering. The released model now lives outside the experiment system. When you later ask "what learning rate produced our production model," the answer is buried in a notebook nobody can find.

Make the registry the bridge. Every released version should carry a back-reference to the experiment run that created it — run ID, metrics, parameters. The Best Practices That Actually Work guide treats this lineage link as non-negotiable, and for good reason: without it, debugging a production model means re-running history from memory.

Mistake 5: Treating Rollback as a Theoretical Capability

Everyone claims they can roll back. Few have tried it under pressure. The previous model version exists, but it expects an old feature schema, or its serving container was garbage-collected, or the rollback requires a manual redeploy that takes 40 minutes while the bad model keeps shipping errors.

Rollback has to be a one-command, tested operation. The corrective practice is to keep at least the last two production versions fully deployable — artifact, environment, and serving config intact — and to actually rehearse the rollback in staging. If you have never executed a rollback end to end, assume it does not work.

Mistake 6: Versioning Models in Plain Git

Git stores text deltas. A 2 GB model checkpoint committed directly bloats the repository, makes clones glacial, and corrupts the mental model that Git can diff your weights (it cannot). Teams that push large binaries into Git eventually hit a repository so heavy that branching becomes painful.

Keep large artifacts in object storage or a model registry and store only a pointer plus metadata in Git. Git-LFS is the minimum; a purpose-built registry is better. The point is separation: source control tracks the recipe, the artifact store tracks the binary, and a version ID ties them together. The survey of tooling covers which systems handle this split cleanly.

Mistake 7: No Audit Trail for Who Promoted What

In regulated or client-facing work, "the model made this decision" is not an answer. You need to show which version was live on a given date, who approved it, and what it was trained on. Teams that skip the audit trail can pass internal QA but fail the first real compliance review or post-incident investigation.

Record promotions as immutable events: version, approver, timestamp, and the evaluation that justified the change. This is cheap to add early and nearly impossible to reconstruct after the fact.

How These Mistakes Compound

The reason these seven are dangerous is that they rarely appear alone — they reinforce each other. A team that versions only the model file (Mistake 1) almost always also points production at a mutable tag (Mistake 2), because once you've stopped thinking carefully about what a version is, every downstream discipline slackens. The forgotten environment (Mistake 3) hides until a dependency upgrade, at which point the missing data lineage (Mistake 1) prevents you from isolating whether the model, the data, or the libraries changed.

The compounding is what turns a minor gap into a multi-day incident. Consider the realistic failure chain: a nightly retrain (good intention) writes to a mutable latest tag (Mistake 2), trained on a silently mutated dataset (Mistake 1), under upgraded libraries (Mistake 3), with no experiment link (Mistake 4). When predictions degrade, you cannot diff the data, cannot pin the environment, cannot find the run, and your rollback turns out to be untested (Mistake 5). Each individual shortcut felt reasonable; together they leave you blind.

Where to break the chain

• Fix Mistake 1 first — pinning data snapshots unblocks diagnosis for every other failure
• Then Mistake 2 — pinning production references stops silent transitions
• The rest become tractable once you can reproduce and identify what's live

The practical lesson is that you don't have to fix all seven at once. Fixing the first two — data lineage and immutable production references — collapses most of the compounding, because they restore your ability to ask and answer the diagnostic questions the other mistakes obscure.

Frequently Asked Questions

Isn't versioning the model file enough for small teams?

No, even for small teams the file alone is insufficient, because the file does not encode the data, environment, or code that produced it. The minimum viable record is the artifact plus a data hash plus a dependency lock. That trio is cheap and saves you the day you need to reproduce a result.

How many old model versions should I keep?

Keep every released version's metadata forever, since it is small. Keep the actual binaries for at least the last several production versions plus any version tied to a live customer commitment or regulatory record. Archive older binaries to cold storage rather than deleting them outright.

Can I use the same Git workflow I use for code?

Use Git for the recipe — code, configs, and pointers — but not for the binaries themselves. Large model files belong in object storage or a registry. Trying to force checkpoints into ordinary Git is the sixth mistake on this list.

What's the single highest-leverage fix?

Pinning a data snapshot to every model version. It closes the largest reproducibility gap and unblocks debugging, rollback verification, and audit. If you fix only one thing this quarter, fix data lineage.

Key Takeaways

• A model version is the artifact plus its data snapshot, environment, and producing code — not just the weights file.
• Never point production at a mutable latest tag; promote to immutable version IDs through a logged, explicit action.
• Keep experiments linked to releases so you can trace any production model back to the run that made it.
• Treat rollback as a rehearsed, one-command operation, not a theoretical capability.
• Store large artifacts in object storage or a registry, and keep an immutable audit trail of every promotion.