Instructions to use Willie999/trapSTAR-gemma4 with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- PEFT
How to use Willie999/trapSTAR-gemma4 with PEFT:
from peft import PeftModel from transformers import AutoModelForCausalLM base_model = AutoModelForCausalLM.from_pretrained("google/gemma-4-E4B-it") model = PeftModel.from_pretrained(base_model, "Willie999/trapSTAR-gemma4") - Notebooks
- Google Colab
- Kaggle
trapSTAR
Model Description
trapSTAR is an autonomous defensive security auditing and patch remediation agent. It is designed to act as an automated code-repair engine within DevSecOps CI/CD pipelines or local code review workflows. Rather than functioning as an offensive exploit generation utility, the model is strictly fine-tuned to ingest vulnerable code snippets flagged by Static Application Security Testing (SAST) tools, identify the associated security weakness, and output a clean, defensive code remediation strategy alongside secure patches.
- Developed by: William Opoku Antwi Willie999
- Model type: Causal Language Model (Fine-tuned with QLoRA PEFT Adapters)
- Language(s) (NLP): English, Multilingual Source Code (Python, JavaScript, C, C++, Go, Rust)
- License: Apache-2.0 (Inherited from the permissive Gemma 4 license)
- Finetuned from model: google/gemma-4-E4B-it
Model Sources
- Repository: https://huggingface.co/Willie999/trapSTAR-gemma4
Uses
Direct Use
The model is intended for defensive application security engineering. Direct use-cases include:
- Ingesting localized vulnerable code snippets flagged by external security scanners.
- Automatically generating structural corrections, input sanitization routines, and secure patches.
- Explaining the defensive theory behind specific Common Weakness Enumerations (CWEs).
Downstream Use
trapSTAR can be integrated downstream as a specialized backend engine for:
- GitHub Actions or GitLab CI/CD hooks that automatically open security-focused Pull Requests.
- IDE plugins providing real-time, local secure coding assistance.
Out-of-Scope Use
This model is built strictly under dual-use protection and defensive safety policies. Out-of-scope and prohibited activities include:
- Generating functional exploit payloads or weaponized malware.
- Bypassing firewalls, intrusion detection systems, or software authorization checks.
- Any automated unauthorized penetration testing against live target assets.
Bias, Risks, and Limitations
- Brain-Size Constraints (4B Sizing): As a 4B parameter effective model, trapSTAR is highly efficient but may struggle with deep global reasoning across large, multi-file code repositories. It is optimized to work best on localized function blocks.
- Hallucination Risk: Like all language models, it may occasionally hallucinate non-existent programming library features or output syntax errors under highly complex logic environments. Patches must always be compiled and manually reviewed before production deployment.
- Dataset Bias: The training data contains historical open-source security fixes. If an engineering stack relies on highly obscure, non-standard architectures, the model's remediations may decline in precision.
Recommendations
Users must execute all suggested patches inside sandboxed staging environments. Security teams should treat the model's output as an assistive recommendation rather than an absolute source of truth.
How to Get Started with the Model
You do not need to manually format or inject raw ChatML tokens into your input strings. The Hugging Face pipeline architecture parses the structural text array dynamically. Use the code snippet below to run inference:
import torch
import peft
from transformers import AutoModelForCausalLM, AutoTokenizer, BitsAndBytesConfig
model_id = "Willie999/trapSTAR-gemma4"
print("Loading tokenizer...")
tokenizer = AutoTokenizer.from_pretrained(model_id)
print("Configuring 4-bit VRAM compression matrix...")
quantization_config = BitsAndBytesConfig(
load_in_4bit=True,
bnb_4bit_compute_dtype=torch.bfloat16 if torch.cuda.is_bf16_supported() else torch.float16,
bnb_4bit_quant_type="nf4",
bnb_4bit_use_double_quant=True
)
print("Loading model directly to CUDA memory map with 4-bit optimization...")
model = AutoModelForCausalLM.from_pretrained(
model_id,
device_map="cuda:0",
quantization_config=quantization_config
)
# Set model to evaluation mode
model.eval()
# Structure the prompt using the standard Chat template format
messages = [
{
"role": "system",
"content": "You are TrapStar, an autonomous defensive security auditing agent. Analyze the provided code snippet, identify the vulnerability type, and write out structural recommendations."
},
{
"role": "user",
"content": """Review this function block for potential vulnerabilities:
```cpp
void process_str(char *str) {
char buffer[16];
strcpy(buffer, str);
}
```"""
}
]
print("\nProcessing chat template serialization...")
prompt_text = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
input_ids = tokenizer(prompt_text, return_tensors="pt").input_ids.to("cuda:0")
print("Executing direct tensor generation with expanded token limits...")
with torch.no_grad():
generated_ids = model.generate(
input_ids,
max_new_tokens=1536,
min_new_tokens=64,
temperature=0.2,
do_sample=True,
pad_token_id=tokenizer.eos_token_id
)
# Slice away the prompt tokens so you only decode trapSTAR's specific response
response_tokens = generated_ids[0][input_ids.shape[-1]:]
response_text = tokenizer.decode(response_tokens, skip_special_tokens=True)
print("\n=== Trap Star Defense Output ===")
print(response_text)
- Downloads last month
- 163
