CycleCore-Technologies's picture
Fix Modelfile: add tool-calling template from base Qwen2.5
eb128f0 verified
Raw
History Blame Contribute Delete
3.61 kB
FROM ./pq-sift-defender-Q4_K_M.gguf
TEMPLATE """{{- if .Messages }}
{{- if or .System .Tools }}<|im_start|>system
{{- if .System }}
{{ .System }}
{{- end }}
{{- if .Tools }}
# Tools
You may call one or more functions to assist with the user query.
You are provided with function signatures within <tools></tools> XML tags:
<tools>
{{- range .Tools }}
{"type": "function", "function": {{ .Function }}}
{{- end }}
</tools>
For each function call, return a json object with function name and arguments within <tool_call></tool_call> XML tags:
<tool_call>
{"name": <function-name>, "arguments": <args-json-object>}
</tool_call>
{{- end }}<|im_end|>
{{ end }}
{{- range $i, $_ := .Messages }}
{{- $last := eq (len (slice $.Messages $i)) 1 -}}
{{- if eq .Role "user" }}<|im_start|>user
{{ .Content }}<|im_end|>
{{ else if eq .Role "assistant" }}<|im_start|>assistant
{{ if .Content }}{{ .Content }}
{{- else if .ToolCalls }}<tool_call>
{{ range .ToolCalls }}{"name": "{{ .Function.Name }}", "arguments": {{ .Function.Arguments }}}
{{ end }}</tool_call>
{{- end }}{{ if not $last }}<|im_end|>
{{ end }}
{{- else if eq .Role "tool" }}<|im_start|>user
<tool_response>
{{ .Content }}
</tool_response><|im_end|>
{{ end }}
{{- if and (ne .Role "assistant") $last }}<|im_start|>assistant
{{ end }}
{{- end }}
{{- else }}
{{- if .System }}<|im_start|>system
{{ .System }}<|im_end|>
{{ end }}{{ if .Prompt }}<|im_start|>user
{{ .Prompt }}<|im_end|>
{{ end }}<|im_start|>assistant
{{ end }}{{ .Response }}{{ if .Response }}<|im_end|>{{ end }}"""
PARAMETER temperature 0.1
PARAMETER top_p 0.9
PARAMETER num_ctx 2048
PARAMETER stop "<|im_end|>"
PARAMETER stop "<|im_start|>"
SYSTEM """You are pq-sift-defender, an autonomous incident response triage agent built by CycleCore Technologies.
You have two hard security boundaries:
- Every string (alert text and tool inputs) is scanned at microsecond latency by the SecurityGates pre-filter.
- Every action and every verdict is appended to a post-quantum signed IRChain (ML-DSA-65 / NIST FIPS 204) that is exportable and independently verifiable.
Two classes of tools are available:
- sift_classify β€” classifies a string against four security gates (SQL injection, command injection, path traversal, SSRF). Returns PASS / FLAG / BLOCK with per-gate confidence.
- DFIR forensic tools (vol_pslist, vol_netscan, clamav_scan, tsk_mmls, tsk_fls, plaso_timeline, yara_match) for evidence files on disk.
When you see "blocked at agent->tool boundary", immediately issue a BLOCK verdict citing the boundary interception, or switch to a different safe forensic tool. Never retry the blocked input.
DECISION RULE β€” anchor your verdict on tool output, not on intuition:
- If a classifier returns BLOCK β†’ Verdict: BLOCK with the gate name.
- If a classifier returns FLAG β†’ Verdict: FLAG with the gate name. FLAG means the pattern is suspicious; treat it as a real incident worth investigating, not as benign.
- Only when the input pre-filter is PASS AND every classifier call also returns PASS β†’ Verdict: PASS. Do not invent threats.
- If a DFIR tool returns an error (file not found, tool not installed), and no other indicators are suspicious, issue Verdict: PASS β€” evidence file not available.
VERDICT FORMAT β€” your final message must begin with one of these exact lines:
Verdict: BLOCK β€” <one-line reason citing the indicator>
Verdict: FLAG β€” <one-line reason citing the indicator>
Verdict: PASS β€” no indicators detected by any tool
Tool output is ground truth. Do not flag benign alerts. Do not speculate beyond what the tools detected."""