Add new SentenceTransformer model

.gitattributes

@@ -33,3 +33,4 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+tokenizer.json filter=lfs diff=lfs merge=lfs -text

1_Pooling/config.json

@@ -0,0 +1,10 @@
+{
+    "word_embedding_dimension": 1024,
+    "pooling_mode_cls_token": false,
+    "pooling_mode_mean_tokens": false,
+    "pooling_mode_max_tokens": false,
+    "pooling_mode_mean_sqrt_len_tokens": false,
+    "pooling_mode_weightedmean_tokens": false,
+    "pooling_mode_lasttoken": true,
+    "include_prompt": true
+}

README.md

@@ -0,0 +1,666 @@
+---
+tags:
+- sentence-transformers
+- sentence-similarity
+- feature-extraction
+- dense
+- generated_from_trainer
+- dataset_size:49346
+- loss:MultipleNegativesRankingLoss
+base_model: Qwen/Qwen3-Embedding-0.6B
+widget:
+- source_sentence: 'How can I prevent forwarding a manipulated email?
+
+
+    How can I prevent someone from modifying the contents of an email they received
+    and then forwarding it to others?  Some employees cheat managers by changing the
+    content of emails and forwarding the modified email to them.  I need  a policy  that  prevents
+    this backdoor.'
+  sentences:
+  - 'They''re identical
+
+    They both implement the same algorithm, so it''s not like one can be faster than
+    the other. Use whichever tool is available on whichever platform you use.
+
+    In Windows one uses certUtil as
+
+    certUtil -hashfile <PATH_TO_FILE> <HASH_ALGORITHM>
+
+    and, available hash algorithms are MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512. These
+    are different hash algorithms with different output sizes and they provide different
+    security/insecurity levels. One should not use MD2, MD4, MD5, or SHA-1 as long
+    as they really know what they are doing.
+
+    Be aware of encoding, even some of the online hashings are not directly compatible,
+    as we can see in  StackOverflow some questions are about the interoperability
+    of the sites and libraries.
+
+    And never use online hashing for your secret/private files.'
+  - 'Direct Network Flood Detection across IaaS, Linux, Windows, and macOS
+
+    Windows
+
+    High-volume packet generation by local processes (e.g., PowerShell, cmd, curl.exe)
+    or network service processes resulting in excessive outbound traffic over short
+    time window, correlated with abnormal resource usage or degraded host responsiveness.'
+  - 'Email is unsafe -- deal with it.
+
+    Email can be made safe for an adequately defined value of "safe", through the
+    use of signatures (S/MIME or OpenPGP). This is not as easy as it seems (I mean,
+    it does not look easy, but in reality it is worse). The cornerstone of the system
+    is that unsigned emails should be rejected automatically; human users should never
+    see them at all, because if they read them, they will always believe them a little,
+    regardless of how much you may have explained to them how insecure and unsafe
+    plain emails are. Therefore, switching to signed emails is like a big jump into
+    the unknown. In practice, it is essentially a way to break emails (or to induce
+    users to switch to gmail...).
+
+    What you can do is to educate and then to educate again:
+
+
+    The smooth education: explain to your users how untrustworthy email is as a medium.
+    Show how easy it is to forge an email (e.g. with this answer). Try to prevent
+    the "wizardry effect" which makes most human beings lose common sense as soon
+    as a computer is involved (as Clarke was putting it, computers are beyond the
+    "magical horizon" of most people -- solution is to make them understand how a
+    computer works). As a bonus, this makes the users more resilient to phishing.
+
+
+    The less smooth education: let all the might of the Law fall on wannabe fraudsters.
+    Have it known that the slightest phony game with email is a shooting offense;
+    the guilty will be fired, jailed, shot and flogged (not necessarily in that order).
+    The idea is to make faking emails not worth it. This works well: this is how the
+    non-computer world deals with handwritten signatures, and it has done so for several
+    centuries.'
+- source_sentence: "Man in the middle with certificate signed by known CA and DNS\
+    \ spoofing can work?\n\nAssuming that I have a certificate for my local webserver\
+    \ signed by a well known CA like Verisign (so it will be trusted by browsers),\
+    \ and I'm able to DNS poisoning in Man-in-the-Middle to redirect a user who wants\
+    \ to go to google.com on my local webserver who has the same hostname google.com,\
+    \ what will be the consequences? \nIs there a risk? If so, how to prevent it?\n\
+    I don't know why SSL pinning is only used for mobile app. If the attack above\
+    \ works, so SSL pinning can be a prevention. But it's not used on computer..."
+  sentences:
+  - 'Modern browsers do the smart thing: they ask the operating system. The OS interacts
+    with hardware all day long; that''s its main purpose. So it is in the right place
+    to gather randomness and mix it with a properly secure cryptographic random number
+    generator. On Windows systems, this is made available to application though the
+    CryptGenRandom() function. Linux has the special file /dev/urandom for that. Some
+    programming languages offer their own API for that (which internally feeds on
+    the OS), e.g. java.security.SecureRandom for Java.
+
+    The hardware sources that the OS may employ primarily includes the cycle-accurate
+    time at which hardware events occur (e.g. the precise nanosecond at which you
+    press a key, or a network packet is received). The OS can thus get "enough" true
+    randomness to power a RNG, which will then yield good alea by the megabyte ("good"
+    = "indistinguishable from true randomness, up to an overwhelming work factor"
+    = "good for crypto").'
+  - "In order for that to succeed the server's hostname would have to match the certificate\
+    \ name. That means you would have to either get a CA to issue a cert as google.com\
+    \ (not likely to happen) or you would have to get a root cert from a CA you control\
+    \ and install that on the user's computer as a trusted CA certificate. \nEven\
+    \ then, many big web sites use public key pinning which forces the browser to\
+    \ only accept a specific cert until a pre-stated expiration date. Both Chromium\
+    \ and Firefox do support pinning."
+  - "How is the VPN tunnel established? My computer and the end VPN server\n  need\
+    \ to exchange some info to establish a tunnel? (some kind of\n  handshake or do\
+    \ I miss something?)\n\nYou need a client application on your laptop for the VPN\
+    \ that your corporation uses.  The client application will perform the handshake\
+    \ for you in order to establish a secure connection to your corporation's network.\n\
+    \nHow VPN packet finds a way to the destination machine if the entire\n  ip-datagram\
+    \ is encrypted? I understand that the packet is is\n  encapsulated within another\
+    \ packet, but the source and destination IP\n  must be the same or?\n\nYour client\
+    \ application will likely install some type of virtual network adapter.  This\
+    \ adapter will translate incoming and outgoing packets based on some type of session\
+    \ ID and/or traffic characteristics (for example, port numbers).\n\nIf someone\
+    \ between 2 routers sniffs the packets, they can see that the\n  packet goes from\
+    \ restaurantRouter to routerCorp? right? Or they cannot\n  see the full path?\n\
+    \nYes they will be able to see the IP of routerCorp.\n\nIf someone between MyComp\
+    \ and restaurantRouter sniffs the packets,\n  what they can see? Can they see\
+    \ source and destination ip?\n\nYes they will see the source and destination IPs,\
+    \ but the data is encrypted.\n\nDoes the restaurantRouter or the ISP knows the\
+    \ content of the packets\n  or are they already encrypted when they reach the\
+    \ restaurantRouter ?\n\nThey are encrypted on your computer before being sent\
+    \ out to restaurantRouter.\n\nDo the packets travel same path or this has nothing\
+    \ to do with the\n  tunneling?\n\nTechnically there's no guarantee that the same\
+    \ hop path will be taken. \nTunneling simply means that you've encapsulated one\
+    \ protocol with another protocol.  In this case, you've encapsulated your data\
+    \ using a secure protocol (VPN client), and you're using IP/TCP to transmit this\
+    \ secure data."
+- source_sentence: "HTML iframe security exploit\n\nCan somebody explain if there's\
+    \ something malicious in this HTML, The width and height of the iframe ares set\
+    \ to 1 and it's out of the view with top: -100px; statement. I believe it takes\
+    \ some some sort of permission from Google account authentication without the\
+    \ consent of the user?\n<iframe name=\"oauth2relay255885454\" idstrong text=\"\
+    oauth2relay255885454\" \n        src=\"https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fjankestauorg.blogspot.com#rpctoken=831371525&amp;forcesecure=1\"\
+    \ \n        tabindex=\"-1\" style=\"width: 1px; height: 1px; position: absolute;\
+    \ top: -100px;\">\n\n       <!DOCTYPE html>\n         <html>\n            <head><title></title>\n\
+    \            <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\"\
+    >\n            <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"><meta\
+    \ name=\"viewport\" content=\"width=device-width, initial-scale=1, minimum-scale=1,\
+    \ maximum-scale=1, user-scalable=0\">\n            <script type=\"text/javascript\"\
+    \ src=\"https://apis.google.com/js/api.js\" gapi_processed=\"true\"></script>\n\
+    \            <script type=\"text/javascript\" src=\"https://oauth.googleusercontent.com/gadgets/js/core:rpc:shindig.random:shindig.sha1.js?c=2\"\
+    ></script>\n            <script src=\"https://ssl.gstatic.com/accounts/o/3584451713-postmessagerelay.js\"\
+    ></script>\n           </head><body></body>\n        </html>\n</iframe>"
+  sentences:
+  - 'The attack as you described it is not possible. This is the impossible part:
+    "that password you''ve provided me, that''ll do just fine". In the Wi-Fi protocol,
+    the client doesn''t send the password to the AP. Instead, both the client and
+    AP derive an encryption key from it, and they mutually authenticate by making
+    sure they can understand each other''s messages.'
+  - 'These are separate rules, they are checked each time a new connection arrives.
+    In your case you have two rules:
+
+
+    allowing all incoming connections on port 22 with both TCP and UDP protocols
+
+    same but it only applies to connections on the TCP protocol, which is not needed
+    in your case, because you have a rule with high priority (1 > 2) that allows traffic
+    on both protocols.
+
+
+    If you want to secure your SSH server, you can do it by allowing only specific
+    IP addresses to access port 22, use port knocking or similar methods.'
+  - 'It''s from including a Google+ button. You''re sort of right though - it''s Google
+    seeing if you have a Google+ account in order to let you share the page on Google+,
+    or potentially show a different button if you''ve already shared it.
+
+    However, only Google gets to see the data.
+
+    The entire frame is generated by Google, including the positioning. It is placed
+    off-screen in order to avoid messing up layout of the page.'
+- source_sentence: 'Are 6 digit number verifications secure?
+
+
+    I''ve noticed that many services and/or platforms now send 6 digit codes to verify
+    user actions. Typically sent to an email. With these being 6 digits long & assuming
+    that you get at least 3 tries to enter there''s a 1 in 333,333 chance that a malicious
+    user could correctly guess the digits.
+
+    Seems low to me. Is this enough security?'
+  sentences:
+  - 'Verification digits secure against a compromised account being used to perform
+    certain actions.
+
+    So, if a malicious person was able to compromise the account, they would also
+    need to compromise the channel used to transmit the verification code.
+
+    Or guess the code.
+
+    Guessing the code is so unlikely that it provides sufficient verification. If
+    there are attempts to guess, then other analysis starts to kick in to determine
+    if the account is suspicious. So, it''s not just that the code might be accepted,
+    but all the metadata around the code entry can be used to prove that someone guessed
+    the code.
+
+    So, yes, until this method is shown to be insecure, it is secure enough. Even
+    a 4-digit code could be deemed "secure enough", depending on the complimentary
+    controls.'
+  - 'C0017
+
+    C0017 was an APT41 campaign conducted between May 2021 and February 2022 that
+    successfully compromised at least six U.S. state government networks through the
+    exploitation of vulnerable Internet facing web applications. During C0017, APT41
+    was quick to adapt and use publicly-disclosed as well as zero-day vulnerabilities
+    for initial access, and in at least two cases re-compromised victims following
+    remediation efforts. The goals of C0017 are unknown, however APT41 was observed
+    exfiltrating Personal Identifiable Information (PII).[1]
+
+    During C0017, APT41 downloaded malicious payloads onto compromised systems.[107]'
+  - 'If the site with the instructions is compromised the attacker can replace all
+    instructions. This means that he can specify a different key to use for verification
+    or omit the verification information completely, that he can specify a different
+    URL for download etc.  That such a compromise can happen shows the hack of the
+    Linux Mint site in 2016 which was changed to point to compromised download at
+    this time.
+
+    A site compromise can actually quickly be detected if a site is monitored for
+    changes, which is hopefully the case for important sites. But an attacker does
+    not even need to compromise the original site. Instead the attacker could buy
+    ads for search engines which direct you to "alternative" download sites if you
+    are looking for the downloads. These download sites are in full control of the
+    attacker so he can publish anything there. Such alternative sites are also not
+    detected when monitoring the original site. This type of social attack is very
+    common with downloads of openoffice or similar where a simple download openoffice
+    might lead to a result page which is full of advertisements pointing to download
+    sites. These then usually provide "enhanced" installs which add additional software
+    but could also provide a compromised version.
+
+    There is not a lot one can do about this. The underlying question to all of this
+    is whom you can trust. Even if your new computer comes pre-installed with Windows
+    you have to still trust the vendor that the version you have is the original one
+    and that no harmful software was installed additionally. History shows that this
+    is not always the case and that even seemingly trustable vendors add harmful software.'
+- source_sentence: 'Scheduled Task
+
+    Adversaries may abuse the Windows Task Scheduler to perform task scheduling for
+    initial or recurring execution of malicious code. There are multiple ways to access
+    the Task Scheduler in Windows. The schtasks utility can be run directly on the
+    command line, or the Task Scheduler can be opened through the GUI within the Administrator
+    Tools section of the Control Panel.[1] In some cases, adversaries have used a
+    .NET wrapper for the Windows Task Scheduler, and alternatively, adversaries have
+    used the Windows netapi32 library and Windows Management Instrumentation (WMI)
+    to create a scheduled task. Adversaries may also utilize the Powershell Cmdlet
+    Invoke-CimMethod, which leverages WMI class PS_ScheduledTask to create a scheduled
+    task via an XML path.[2] An adversary may use Windows Task Scheduler to execute
+    programs at system startup or on a scheduled basis for persistence. The Windows
+    Task Scheduler can also be abused to conduct remote Execution as part of Lateral
+    Movement and/or to run a process under the context of a specified account (such
+    as SYSTEM). Similar to System Binary Proxy Execution, adversaries have also abused
+    the Windows Task Scheduler to potentially mask one-time execution under signed/trusted
+    system processes.[3] Adversaries may also create "hidden" scheduled tasks (i.e.
+    Hide Artifacts) that may not be visible to defender tools and manual queries used
+    to enumerate tasks. Specifically, an adversary may hide a task from schtasks /query
+    and the Task Scheduler by deleting the associated Security Descriptor (SD) registry
+    value (where deletion of this value must be completed using SYSTEM permissions).[4][5]
+    Adversaries may also employ alternate methods to hide tasks, such as altering
+    the metadata (e.g., Index value) within associated registry keys.[6]'
+  sentences:
+  - 'RFC 4880, the standard for the format of PGP messages, says:
+
+
+    The high 16 bits (first two octets) of the hash are included in the
+
+
+    Signature packet to provide a quick test to reject some invalid
+
+    signatures.
+
+
+    However, you are thinking it wrong. Signatures are not encryption, and signatures
+    are not encrypted. In fact, given the value of the public key (which is public)
+    and the signature itself, one can recompute the complete hash value of the message
+    which is signed (at least for RSA, which is technically known as a signature algorithm
+    with recovery). The first 16 bits are just a helper so that software can avoid
+    many modular exponentiations when it is looking for the "correct" public key among
+    a set of candidates; they save a few milliseconds worth of computation, that''s
+    all.
+
+
+    A generic note is that signatures can leak information on that which is signed;
+    so if you sign and encrypt a confidential message, then you should, conceptually,
+    either sign the encrypted message, or encrypt the signature along with the message
+    contents as well. OpenPGP uses the latter method.
+
+    When a message is just signed, not encrypted, then it makes no sense to hide the
+    message hash, since the message itself, by definition, is transmitted as cleartext.'
+  - 'BlackByte
+
+    BlackByte is a ransomware threat actor operating since at least 2021. BlackByte
+    is associated with several versions of ransomware also labeled BlackByte Ransomware.
+    BlackByte ransomware operations initially used a common encryption key allowing
+    for the development of a universal decryptor, but subsequent versions such as
+    BlackByte 2.0 Ransomware use more robust encryption mechanisms. BlackByte is notable
+    for operations targeting critical infrastructure entities among other targets
+    across North America.[1][2][3][4][5]
+
+    BlackByte created scheduled tasks for payload execution.[38][39]'
+  - 'APT32
+
+    APT32 is a suspected Vietnam-based threat group that has been active since at
+    least 2014. The group has targeted multiple private sector industries as well
+    as foreign governments, dissidents, and journalists with a strong focus on Southeast
+    Asian countries like Vietnam, the Philippines, Laos, and Cambodia. They have extensively
+    used strategic web compromises to compromise victims.[1][2][3]
+
+    APT32 used the net view command to show all shares available, including the administrative
+    shares such as C$ and ADMIN$.[5]'
+pipeline_tag: sentence-similarity
+library_name: sentence-transformers
+---
+
+# SentenceTransformer based on Qwen/Qwen3-Embedding-0.6B
+
+This is a [sentence-transformers](https://www.SBERT.net) model finetuned from [Qwen/Qwen3-Embedding-0.6B](https://huggingface.co/Qwen/Qwen3-Embedding-0.6B) on the json dataset. It maps sentences & paragraphs to a 1024-dimensional dense vector space and can be used for semantic textual similarity, semantic search, paraphrase mining, text classification, clustering, and more.
+
+## Model Details
+
+### Model Description
+- **Model Type:** Sentence Transformer
+- **Base model:** [Qwen/Qwen3-Embedding-0.6B](https://huggingface.co/Qwen/Qwen3-Embedding-0.6B) <!-- at revision c54f2e6e80b2d7b7de06f51cec4959f6b3e03418 -->
+- **Maximum Sequence Length:** 2048 tokens
+- **Output Dimensionality:** 1024 dimensions
+- **Similarity Function:** Cosine Similarity
+- **Training Dataset:**
+    - json
+<!-- - **Language:** Unknown -->
+<!-- - **License:** Unknown -->
+
+### Model Sources
+
+- **Documentation:** [Sentence Transformers Documentation](https://sbert.net)
+- **Repository:** [Sentence Transformers on GitHub](https://github.com/huggingface/sentence-transformers)
+- **Hugging Face:** [Sentence Transformers on Hugging Face](https://huggingface.co/models?library=sentence-transformers)
+
+### Full Model Architecture
+
+```
+SentenceTransformer(
+  (0): Transformer({'max_seq_length': 2048, 'do_lower_case': False, 'architecture': 'Qwen3Model'})
+  (1): Pooling({'word_embedding_dimension': 1024, 'pooling_mode_cls_token': False, 'pooling_mode_mean_tokens': False, 'pooling_mode_max_tokens': False, 'pooling_mode_mean_sqrt_len_tokens': False, 'pooling_mode_weightedmean_tokens': False, 'pooling_mode_lasttoken': True, 'include_prompt': True})
+  (2): Normalize()
+)
+```
+
+## Usage
+
+### Direct Usage (Sentence Transformers)
+
+First install the Sentence Transformers library:
+
+```bash
+pip install -U sentence-transformers
+```
+
+Then you can load this model and run inference.
+```python
+from sentence_transformers import SentenceTransformer
+
+# Download from the 🤗 Hub
+model = SentenceTransformer("ThienLe/Qwen3-SecEmbed")
+# Run inference
+queries = [
+    "Scheduled Task\nAdversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code. There are multiple ways to access the Task Scheduler in Windows. The schtasks utility can be run directly on the command line, or the Task Scheduler can be opened through the GUI within the Administrator Tools section of the Control Panel.[1] In some cases, adversaries have used a .NET wrapper for the Windows Task Scheduler, and alternatively, adversaries have used the Windows netapi32 library and Windows Management Instrumentation (WMI) to create a scheduled task. Adversaries may also utilize the Powershell Cmdlet Invoke-CimMethod, which leverages WMI class PS_ScheduledTask to create a scheduled task via an XML path.[2] An adversary may use Windows Task Scheduler to execute programs at system startup or on a scheduled basis for persistence. The Windows Task Scheduler can also be abused to conduct remote Execution as part of Lateral Movement and/or to run a process under the context of a specified account (such as SYSTEM). Similar to System Binary Proxy Execution, adversaries have also abused the Windows Task Scheduler to potentially mask one-time execution under signed/trusted system processes.[3] Adversaries may also create \"hidden\" scheduled tasks (i.e. Hide Artifacts) that may not be visible to defender tools and manual queries used to enumerate tasks. Specifically, an adversary may hide a task from schtasks /query and the Task Scheduler by deleting the associated Security Descriptor (SD) registry value (where deletion of this value must be completed using SYSTEM permissions).[4][5] Adversaries may also employ alternate methods to hide tasks, such as altering the metadata (e.g., Index value) within associated registry keys.[6]",
+]
+documents = [
+    'BlackByte\nBlackByte is a ransomware threat actor operating since at least 2021. BlackByte is associated with several versions of ransomware also labeled BlackByte Ransomware. BlackByte ransomware operations initially used a common encryption key allowing for the development of a universal decryptor, but subsequent versions such as BlackByte 2.0 Ransomware use more robust encryption mechanisms. BlackByte is notable for operations targeting critical infrastructure entities among other targets across North America.[1][2][3][4][5]\nBlackByte created scheduled tasks for payload execution.[38][39]',
+    'APT32\nAPT32 is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, the Philippines, Laos, and Cambodia. They have extensively used strategic web compromises to compromise victims.[1][2][3]\nAPT32 used the net view command to show all shares available, including the administrative shares such as C$ and ADMIN$.[5]',
+    'RFC 4880, the standard for the format of PGP messages, says:\n\nThe high 16 bits (first two octets) of the hash are included in the\n\nSignature packet to provide a quick test to reject some invalid\nsignatures.\n\nHowever, you are thinking it wrong. Signatures are not encryption, and signatures are not encrypted. In fact, given the value of the public key (which is public) and the signature itself, one can recompute the complete hash value of the message which is signed (at least for RSA, which is technically known as a signature algorithm with recovery). The first 16 bits are just a helper so that software can avoid many modular exponentiations when it is looking for the "correct" public key among a set of candidates; they save a few milliseconds worth of computation, that\'s all.\n\nA generic note is that signatures can leak information on that which is signed; so if you sign and encrypt a confidential message, then you should, conceptually, either sign the encrypted message, or encrypt the signature along with the message contents as well. OpenPGP uses the latter method.\nWhen a message is just signed, not encrypted, then it makes no sense to hide the message hash, since the message itself, by definition, is transmitted as cleartext.',
+]
+query_embeddings = model.encode_query(queries)
+document_embeddings = model.encode_document(documents)
+print(query_embeddings.shape, document_embeddings.shape)
+# [1, 1024] [3, 1024]
+
+# Get the similarity scores for the embeddings
+similarities = model.similarity(query_embeddings, document_embeddings)
+print(similarities)
+# tensor([[ 0.8511,  0.1452, -0.0968]])
+```
+
+<!--
+### Direct Usage (Transformers)
+
+<details><summary>Click to see the direct usage in Transformers</summary>
+
+</details>
+-->
+
+<!--
+### Downstream Usage (Sentence Transformers)
+
+You can finetune this model on your own dataset.
+
+<details><summary>Click to expand</summary>
+
+</details>
+-->
+
+<!--
+### Out-of-Scope Use
+
+*List how the model may foreseeably be misused and address what users ought not to do with the model.*
+-->
+
+<!--
+## Bias, Risks and Limitations
+
+*What are the known or foreseeable issues stemming from this model? You could also flag here known failure cases or weaknesses of the model.*
+-->
+
+<!--
+### Recommendations
+
+*What are recommendations with respect to the foreseeable issues? For example, filtering explicit content.*
+-->
+
+## Training Details
+
+### Training Dataset
+
+#### json
+
+* Dataset: json
+* Size: 49,346 training samples
+* Columns: <code>sentence1</code> and <code>sentence2</code>
+* Approximate statistics based on the first 1000 samples:
+  |         | sentence1                                                                             | sentence2                                                                             |
+  |:--------|:--------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------|
+  | type    | string                                                                                | string                                                                                |
+  | details | <ul><li>min: 27 tokens</li><li>mean: 220.82 tokens</li><li>max: 2048 tokens</li></ul> | <ul><li>min: 13 tokens</li><li>mean: 220.84 tokens</li><li>max: 1945 tokens</li></ul> |
+* Samples:
+  | sentence1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | sentence2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+  |:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+  | <code>Is it possible to send data from an open-source program but make it impossible for a user with source code to do the same?<br><br>If I want to store a global scoreboard for a game running locally on the user's computer and I want to make sure that all the requests coming to the server are really generated by the game and not spoofed by the users, is there anything that can be done to prevent cheating? The program is open-source, so no obfuscation can be used.<br>The problem I have with coming up with a solution is that whatever I choose to implement in code must necessarily include all the components necessary for creating a spoofed program that can send any data user wants, especially any encryption keys and hashing algorithms used.</code>                                                                                                                                                                                                                                                                        | <code>In a word, no. The best option is to move all the actual game logic to the server, and have the client be a thin client that just displays state and sends input. That wouldn't prevent various types of cheating (such as game automation tools) but it's the only way to comprehensively avoid the user sending fraudulent game results. It's a popular approach in multi-player, too, as it avoids telling the user anything they don't need to know. However, it's considerably more expensive in server hardware.<br>The next option is to make it possible to validate high scores. One option would be to record, for every game, the RNG seed value followed by every input that the user provides combined with a timestamp of some sort (for turn-based games this is just an action count; for real-time games it would probably be a game engine frame/tick count). Transmitting all of that back to the server would be a lot, but - combined with the game version and level or whatever - allow the server to effectively re...</code> |
+  | <code>Encrypted/Encoded File<br>Adversaries may encrypt or encode files to obfuscate strings, bytes, and other specific patterns to impede detection. Encrypting and/or encoding file content aims to conceal malicious artifacts within a file used in an intrusion. Many other techniques, such as Software Packing, Steganography, and Embedded Payloads, share this same broad objective. Encrypting and/or encoding files could lead to a lapse in detection of static signatures, only for this malicious content to be revealed (i.e., Deobfuscate/Decode Files or Information) at the time of execution/use. This type of file obfuscation can be applied to many file artifacts present on victim hosts, such as malware log/configuration and payload files.[1] Files can be encrypted with a hardcoded or user-supplied key, as well as otherwise obfuscated using standard encoding schemes such as Base64. The entire content of a file may be obfuscated, or just specific functions or values (such as C2 addresses). Encryption a...</code> | <code>Dark Caracal<br>Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. [1]<br>Dark Caracal has obfuscated strings in Bandook by base64 encoding, and then encrypting them.[58]</code>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
+  | <code>OS Credential Dumping<br>Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Credentials can be obtained from OS caches, memory, or structures.[1] Credentials can then be used to perform Lateral Movement and access restricted information. Several of the tools mentioned in associated sub-techniques may be used by both adversaries and professional security testers. Additional custom tools likely exist as well.</code>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | <code>Ember Bear<br>Ember Bear is a Russian state-sponsored cyber espionage group that has been active since at least 2020, linked to Russia's General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).[1] Ember Bear has primarily focused operations against Ukrainian government and telecommunication entities, but has also operated against critical infrastructure entities in Europe and the Americas.[2] Ember Bear conducted the WhisperGate destructive wiper attacks against Ukraine in early 2022.[3][4][1] There is some confusion as to whether Ember Bear overlaps with another Russian-linked entity referred to as Saint Bear. At present available evidence strongly suggests these are distinct activities with different behavioral profiles.[2][5]<br>Ember Bear gathers credential material from target systems, such as SSH keys, to facilitate access to victim environments.[12]</code>                                                                                                   |
+* Loss: [<code>MultipleNegativesRankingLoss</code>](https://sbert.net/docs/package_reference/sentence_transformer/losses.html#multiplenegativesrankingloss) with these parameters:
+  ```json
+  {
+      "scale": 20.0,
+      "similarity_fct": "cos_sim",
+      "gather_across_devices": false
+  }
+  ```
+
+### Evaluation Dataset
+
+#### json
+
+* Dataset: json
+* Size: 12,337 evaluation samples
+* Columns: <code>sentence1</code> and <code>sentence2</code>
+* Approximate statistics based on the first 1000 samples:
+  |         | sentence1                                                                             | sentence2                                                                             |
+  |:--------|:--------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------|
+  | type    | string                                                                                | string                                                                                |
+  | details | <ul><li>min: 13 tokens</li><li>mean: 222.63 tokens</li><li>max: 2048 tokens</li></ul> | <ul><li>min: 13 tokens</li><li>mean: 226.13 tokens</li><li>max: 2048 tokens</li></ul> |
+* Samples:
+  | sentence1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | sentence2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+  |:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+  | <code>Security Account Manager<br>Adversaries may attempt to extract credential material from the Security Account Manager (SAM) database either through in-memory techniques or through the Windows Registry where the SAM database is stored. The SAM is a database file that contains local accounts for the host, typically those found with the net user command. Enumerating the SAM database requires SYSTEM level access. A number of tools can be used to retrieve the SAM file through in-memory techniques: Alternatively, the SAM can be extracted from the Registry with Reg: Creddump7 can then be used to process the SAM database locally to retrieve hashes.[1] Notes:</code>                                                                                                                                                                                                                                                                                                                                                              | <code>APT29<br>APT29 is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).[1][2] They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. APT29 reportedly compromised the Democratic National Committee starting in the summer of 2015.[3][4][5][6] In April 2021, the US and UK governments attributed the SolarWinds Compromise to the SVR; public statements included citations to APT29, Cozy Bear, and The Dukes.[7][8] Industry reporting also referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm.[9][10][11][12][13][14]<br>APT29 has used the reg save command to save registry hives.[4]</code> |
+  | <code>Why don't we use MAC address instead of IP address?<br><br>I can use the system function in PHP to get the MAC address of site visitors (probably most of you know). Why do we use IP addresss to check whether someone is stealing a cookie or not?<br>Does the system function have more overhead, or is it still insecure when we don't send any parameter to the function?<br>I know there are some situations in which users change their MAC address, but it happens less than IP address.<br>Could you shed some light on it?</code>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | <code>The reason for that is very simple: You won't get the MAC address of your website visitor over the Internet, because they are lost when the packets are routed. You can only get the MAC addresses from your subnet (through, for example, ARP).</code>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
+  | <code>Native API<br>Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.[1][2] These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations. Adversaries may abuse these OS API functions as a means of executing behaviors. Similar to Command and Scripting Interpreter, the native API and its hierarchy of interfaces provide mechanisms to interact with and utilize various components of a victimized system. Native API functions (such as NtCreateProcess) may be directed invoked via system calls / syscalls, but these features are also often exposed to user-mode applications via interfaces and libraries.[3][4][5] For example, functions such as the Windows API CreateProcess() o...</code> | <code>Kapeka<br>Kapeka is a backdoor written in C++ used against victims in Eastern Europe since at least mid-2022. Kapeka has technical overlaps with Exaramel for Windows and Prestige malware variants, both of which are linked to Sandworm Team. Kapeka may have been used in advance of Prestige deployment in late 2022.[1][2]<br>Kapeka utilizes WinAPI calls to gather victim system information.[124]</code>                                                                                                                                                                                                                                                                                                                                                                                    |
+* Loss: [<code>MultipleNegativesRankingLoss</code>](https://sbert.net/docs/package_reference/sentence_transformer/losses.html#multiplenegativesrankingloss) with these parameters:
+  ```json
+  {
+      "scale": 20.0,
+      "similarity_fct": "cos_sim",
+      "gather_across_devices": false
+  }
+  ```
+
+### Training Hyperparameters
+#### Non-Default Hyperparameters
+
+- `per_device_train_batch_size`: 16
+- `num_train_epochs`: 1
+- `warmup_steps`: 300
+- `optim`: adamw_8bit
+- `gradient_accumulation_steps`: 2
+- `bf16`: True
+- `gradient_checkpointing`: True
+- `eval_strategy`: steps
+- `per_device_eval_batch_size`: 16
+- `dataloader_num_workers`: 4
+- `dataloader_pin_memory`: False
+
+#### All Hyperparameters
+<details><summary>Click to expand</summary>
+
+- `per_device_train_batch_size`: 16
+- `num_train_epochs`: 1
+- `max_steps`: -1
+- `learning_rate`: 5e-05
+- `lr_scheduler_type`: linear
+- `lr_scheduler_kwargs`: None
+- `warmup_steps`: 300
+- `optim`: adamw_8bit
+- `optim_args`: None
+- `weight_decay`: 0.0
+- `adam_beta1`: 0.9
+- `adam_beta2`: 0.999
+- `adam_epsilon`: 1e-08
+- `optim_target_modules`: None
+- `gradient_accumulation_steps`: 2
+- `average_tokens_across_devices`: True
+- `max_grad_norm`: 1.0
+- `label_smoothing_factor`: 0.0
+- `bf16`: True
+- `fp16`: False
+- `bf16_full_eval`: False
+- `fp16_full_eval`: False
+- `tf32`: None
+- `gradient_checkpointing`: True
+- `gradient_checkpointing_kwargs`: None
+- `torch_compile`: False
+- `torch_compile_backend`: None
+- `torch_compile_mode`: None
+- `use_liger_kernel`: False
+- `liger_kernel_config`: None
+- `use_cache`: False
+- `neftune_noise_alpha`: None
+- `torch_empty_cache_steps`: None
+- `auto_find_batch_size`: False
+- `log_on_each_node`: True
+- `logging_nan_inf_filter`: True
+- `include_num_input_tokens_seen`: no
+- `log_level`: passive
+- `log_level_replica`: warning
+- `disable_tqdm`: False
+- `project`: huggingface
+- `trackio_space_id`: trackio
+- `eval_strategy`: steps
+- `per_device_eval_batch_size`: 16
+- `prediction_loss_only`: True
+- `eval_on_start`: False
+- `eval_do_concat_batches`: True
+- `eval_use_gather_object`: False
+- `eval_accumulation_steps`: None
+- `include_for_metrics`: []
+- `batch_eval_metrics`: False
+- `save_only_model`: False
+- `save_on_each_node`: False
+- `enable_jit_checkpoint`: False
+- `push_to_hub`: False
+- `hub_private_repo`: None
+- `hub_model_id`: None
+- `hub_strategy`: every_save
+- `hub_always_push`: False
+- `hub_revision`: None
+- `load_best_model_at_end`: False
+- `ignore_data_skip`: False
+- `restore_callback_states_from_checkpoint`: False
+- `full_determinism`: False
+- `seed`: 42
+- `data_seed`: None
+- `use_cpu`: False
+- `accelerator_config`: {'split_batches': False, 'dispatch_batches': None, 'even_batches': True, 'use_seedable_sampler': True, 'non_blocking': False, 'gradient_accumulation_kwargs': None}
+- `parallelism_config`: None
+- `dataloader_drop_last`: False
+- `dataloader_num_workers`: 4
+- `dataloader_pin_memory`: False
+- `dataloader_persistent_workers`: False
+- `dataloader_prefetch_factor`: None
+- `remove_unused_columns`: True
+- `label_names`: None
+- `train_sampling_strategy`: random
+- `length_column_name`: length
+- `ddp_find_unused_parameters`: None
+- `ddp_bucket_cap_mb`: None
+- `ddp_broadcast_buffers`: False
+- `ddp_backend`: None
+- `ddp_timeout`: 1800
+- `fsdp`: []
+- `fsdp_config`: {'min_num_params': 0, 'xla': False, 'xla_fsdp_v2': False, 'xla_fsdp_grad_ckpt': False}
+- `deepspeed`: None
+- `debug`: []
+- `skip_memory_metrics`: True
+- `do_predict`: False
+- `resume_from_checkpoint`: None
+- `warmup_ratio`: None
+- `local_rank`: -1
+- `prompts`: None
+- `batch_sampler`: batch_sampler
+- `multi_dataset_batch_sampler`: proportional
+- `router_mapping`: {}
+- `learning_rate_mapping`: {}
+
+</details>
+
+### Training Logs
+| Epoch  | Step | Training Loss | Validation Loss |
+|:------:|:----:|:-------------:|:---------------:|
+| 0.0648 | 100  | 0.2915        | -               |
+| 0.1297 | 200  | 0.0912        | 0.0981          |
+| 0.1945 | 300  | 0.1002        | -               |
+| 0.2593 | 400  | 0.1025        | 0.0940          |
+| 0.3241 | 500  | 0.0851        | -               |
+| 0.3890 | 600  | 0.0707        | 0.0785          |
+| 0.4538 | 700  | 0.0498        | -               |
+| 0.5186 | 800  | 0.0683        | 0.0609          |
+| 0.5835 | 900  | 0.0536        | -               |
+| 0.6483 | 1000 | 0.0484        | 0.0562          |
+| 0.7131 | 1100 | 0.0406        | -               |
+| 0.7780 | 1200 | 0.0468        | 0.0503          |
+| 0.8428 | 1300 | 0.0392        | -               |
+| 0.9076 | 1400 | 0.0386        | 0.0486          |
+| 0.9724 | 1500 | 0.0406        | -               |
+
+
+### Framework Versions
+- Python: 3.12.12
+- Sentence Transformers: 5.2.3
+- Transformers: 5.2.0
+- PyTorch: 2.10.0+cu128
+- Accelerate: 1.12.0
+- Datasets: 4.5.0
+- Tokenizers: 0.22.2
+
+## Citation
+
+### BibTeX
+
+#### Sentence Transformers
+```bibtex
+@inproceedings{reimers-2019-sentence-bert,
+    title = "Sentence-BERT: Sentence Embeddings using Siamese BERT-Networks",
+    author = "Reimers, Nils and Gurevych, Iryna",
+    booktitle = "Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing",
+    month = "11",
+    year = "2019",
+    publisher = "Association for Computational Linguistics",
+    url = "https://arxiv.org/abs/1908.10084",
+}
+```
+
+#### MultipleNegativesRankingLoss
+```bibtex
+@misc{henderson2017efficient,
+    title={Efficient Natural Language Response Suggestion for Smart Reply},
+    author={Matthew Henderson and Rami Al-Rfou and Brian Strope and Yun-hsuan Sung and Laszlo Lukacs and Ruiqi Guo and Sanjiv Kumar and Balint Miklos and Ray Kurzweil},
+    year={2017},
+    eprint={1705.00652},
+    archivePrefix={arXiv},
+    primaryClass={cs.CL}
+}
+```
+
+<!--
+## Glossary
+
+*Clearly define terms in order to be accessible across audiences.*
+-->
+
+<!--
+## Model Card Authors
+
+*Lists the people who create the model card, providing recognition and accountability for the detailed work that goes into its construction.*
+-->
+
+<!--
+## Model Card Contact
+
+*Provides a way for people who have updates to the Model Card, suggestions, or questions, to contact the Model Card authors.*
+-->

chat_template.jinja

@@ -0,0 +1,85 @@
+{%- if tools %}
+    {{- '<|im_start|>system\n' }}
+    {%- if messages[0].role == 'system' %}
+        {{- messages[0].content + '\n\n' }}
+    {%- endif %}
+    {{- "# Tools\n\nYou may call one or more functions to assist with the user query.\n\nYou are provided with function signatures within <tools></tools> XML tags:\n<tools>" }}
+    {%- for tool in tools %}
+        {{- "\n" }}
+        {{- tool | tojson }}
+    {%- endfor %}
+    {{- "\n</tools>\n\nFor each function call, return a json object with function name and arguments within <tool_call></tool_call> XML tags:\n<tool_call>\n{\"name\": <function-name>, \"arguments\": <args-json-object>}\n</tool_call><|im_end|>\n" }}
+{%- else %}
+    {%- if messages[0].role == 'system' %}
+        {{- '<|im_start|>system\n' + messages[0].content + '<|im_end|>\n' }}
+    {%- endif %}
+{%- endif %}
+{%- set ns = namespace(multi_step_tool=true, last_query_index=messages|length - 1) %}
+{%- for message in messages[::-1] %}
+    {%- set index = (messages|length - 1) - loop.index0 %}
+    {%- if ns.multi_step_tool and message.role == "user" and not(message.content.startswith('<tool_response>') and message.content.endswith('</tool_response>')) %}
+        {%- set ns.multi_step_tool = false %}
+        {%- set ns.last_query_index = index %}
+    {%- endif %}
+{%- endfor %}
+{%- for message in messages %}
+    {%- if (message.role == "user") or (message.role == "system" and not loop.first) %}
+        {{- '<|im_start|>' + message.role + '\n' + message.content + '<|im_end|>' + '\n' }}
+    {%- elif message.role == "assistant" %}
+        {%- set content = message.content %}
+        {%- set reasoning_content = '' %}
+        {%- if message.reasoning_content is defined and message.reasoning_content is not none %}
+            {%- set reasoning_content = message.reasoning_content %}
+        {%- else %}
+            {%- if '</think>' in message.content %}
+                {%- set content = message.content.split('</think>')[-1].lstrip('\n') %}
+                {%- set reasoning_content = message.content.split('</think>')[0].rstrip('\n').split('<think>')[-1].lstrip('\n') %}
+            {%- endif %}
+        {%- endif %}
+        {%- if loop.index0 > ns.last_query_index %}
+            {%- if loop.last or (not loop.last and reasoning_content) %}
+                {{- '<|im_start|>' + message.role + '\n<think>\n' + reasoning_content.strip('\n') + '\n</think>\n\n' + content.lstrip('\n') }}
+            {%- else %}
+                {{- '<|im_start|>' + message.role + '\n' + content }}
+            {%- endif %}
+        {%- else %}
+            {{- '<|im_start|>' + message.role + '\n' + content }}
+        {%- endif %}
+        {%- if message.tool_calls %}
+            {%- for tool_call in message.tool_calls %}
+                {%- if (loop.first and content) or (not loop.first) %}
+                    {{- '\n' }}
+                {%- endif %}
+                {%- if tool_call.function %}
+                    {%- set tool_call = tool_call.function %}
+                {%- endif %}
+                {{- '<tool_call>\n{"name": "' }}
+                {{- tool_call.name }}
+                {{- '", "arguments": ' }}
+                {%- if tool_call.arguments is string %}
+                    {{- tool_call.arguments }}
+                {%- else %}
+                    {{- tool_call.arguments | tojson }}
+                {%- endif %}
+                {{- '}\n</tool_call>' }}
+            {%- endfor %}
+        {%- endif %}
+        {{- '<|im_end|>\n' }}
+    {%- elif message.role == "tool" %}
+        {%- if loop.first or (messages[loop.index0 - 1].role != "tool") %}
+            {{- '<|im_start|>user' }}
+        {%- endif %}
+        {{- '\n<tool_response>\n' }}
+        {{- message.content }}
+        {{- '\n</tool_response>' }}
+        {%- if loop.last or (messages[loop.index0 + 1].role != "tool") %}
+            {{- '<|im_end|>\n' }}
+        {%- endif %}
+    {%- endif %}
+{%- endfor %}
+{%- if add_generation_prompt %}
+    {{- '<|im_start|>assistant\n' }}
+    {%- if enable_thinking is defined and enable_thinking is false %}
+        {{- '<think>\n\n</think>\n\n' }}
+    {%- endif %}
+{%- endif %}

config.json

@@ -0,0 +1,63 @@
+{
+  "architectures": [
+    "Qwen3Model"
+  ],
+  "attention_bias": false,
+  "attention_dropout": 0.0,
+  "bos_token_id": 151643,
+  "dtype": "bfloat16",
+  "eos_token_id": 151643,
+  "head_dim": 128,
+  "hidden_act": "silu",
+  "hidden_size": 1024,
+  "initializer_range": 0.02,
+  "intermediate_size": 3072,
+  "layer_types": [
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention",
+    "full_attention"
+  ],
+  "max_position_embeddings": 32768,
+  "max_window_layers": 28,
+  "model_type": "qwen3",
+  "num_attention_heads": 16,
+  "num_hidden_layers": 28,
+  "num_key_value_heads": 8,
+  "pad_token_id": null,
+  "rms_norm_eps": 1e-06,
+  "rope_parameters": {
+    "rope_theta": 1000000,
+    "rope_type": "default"
+  },
+  "sliding_window": null,
+  "tie_word_embeddings": true,
+  "transformers_version": "5.2.0",
+  "use_cache": true,
+  "use_sliding_window": false,
+  "vocab_size": 151669
+}

config_sentence_transformers.json

@@ -0,0 +1,14 @@
+{
+  "prompts": {
+    "query": "Instruct: Given a web search query, retrieve relevant passages that answer the query\nQuery:",
+    "document": ""
+  },
+  "default_prompt_name": null,
+  "similarity_fn_name": "cosine",
+  "model_type": "SentenceTransformer",
+  "__version__": {
+    "sentence_transformers": "5.2.3",
+    "transformers": "5.2.0",
+    "pytorch": "2.10.0+cu128"
+  }
+}

model.safetensors

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba039cd5972d14e9cfabc2b5cfb3de4c1476dfb232289aaee91d7f1e398dd2b7
+size 1191586416

modules.json

@@ -0,0 +1,20 @@
+[
+  {
+    "idx": 0,
+    "name": "0",
+    "path": "",
+    "type": "sentence_transformers.models.Transformer"
+  },
+  {
+    "idx": 1,
+    "name": "1",
+    "path": "1_Pooling",
+    "type": "sentence_transformers.models.Pooling"
+  },
+  {
+    "idx": 2,
+    "name": "2",
+    "path": "2_Normalize",
+    "type": "sentence_transformers.models.Normalize"
+  }
+]

sentence_bert_config.json

@@ -0,0 +1,4 @@
+{
+    "max_seq_length": 2048,
+    "do_lower_case": false
+}

tokenizer.json

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87cc7e2f16f83b01ce44f4646e00d7fd25b316623df77145c9ea4416c05d322b
+size 11423968

tokenizer_config.json

@@ -0,0 +1,14 @@
+{
+  "add_prefix_space": false,
+  "backend": "tokenizers",
+  "bos_token": null,
+  "clean_up_tokenization_spaces": false,
+  "eos_token": "<|im_end|>",
+  "errors": "replace",
+  "is_local": false,
+  "model_max_length": 131072,
+  "pad_token": "<|endoftext|>",
+  "split_special_tokens": false,
+  "tokenizer_class": "Qwen2Tokenizer",
+  "unk_token": null
+}