High-entropy eval-driven behavioral fixes

README.md

@@ -1,127 +1,209 @@
 ---
-license: apache-2.0
+base_model: jason-oneal/secgpt-base
 library_name: peft
 pipeline_tag: text-generation
-base_model: p-e-w/gpt-oss-20b-heretic
 tags:
-- cybersecurity
-- penetration-testing
-- red-team
-- orchestration
+- base_model:adapter:jason-oneal/secgpt-base
 - lora
 - sft
 - transformers
 - trl
-- security-ai
-- secgpt
-language:
-- en
 ---
 
-# secgpt-base-lora
+# Model Card for Model ID
 
-## Model Summary
+<!-- Provide a quick summary of what the model is/does. -->
 
-**secgpt-base-lora** is a LoRA fine-tune created to transform a permissive large language model into a **cybersecurity orchestration engine**.
 
-The model is designed to plan, reason, and structure penetration testing workflows while enforcing scope, constraints, and rules of engagement. It does **not** perform exploitation, scanning, or live attacks.
 
-This model serves as the **base orchestrator** for the SecGPT project and is intended to be embedded inside controlled agent frameworks.
+## Model Details
 
-## Base Model
+### Model Description
 
-- **Base model:** `p-e-w/gpt-oss-20b-heretic`
-- **Original lineage:** `openai/gpt-oss-20b`
-- **Architecture:** Decoder-only transformer (MoE-based, inherited)
-- **Fine-tuning method:** LoRA (Low-Rank Adaptation)
-- **Precision:** BF16 compatible
-- **Author:** Jason O’Neal
+<!-- Provide a longer summary of what this model is. -->
 
-The Heretic base model was chosen specifically for its reduced refusal behavior, allowing orchestration logic to be learned without fighting upstream safety refusals.
 
-## Intended Use
 
-### Primary Purpose
-- Penetration testing orchestration
-- Red team workflow planning
-- Tool selection and sequencing
-- Scope and constraint enforcement
-- Structured, machine-readable output generation
+- **Developed by:** [More Information Needed]
+- **Funded by [optional]:** [More Information Needed]
+- **Shared by [optional]:** [More Information Needed]
+- **Model type:** [More Information Needed]
+- **Language(s) (NLP):** [More Information Needed]
+- **License:** [More Information Needed]
+- **Finetuned from model [optional]:** [More Information Needed]
 
-### Example Tasks
-- Plan non-destructive external assessments
-- Select appropriate tools based on scope and target type
-- Generate ordered testing workflows
-- Produce strict JSON plans for downstream agents
-- Refuse out-of-scope or unsafe requests
+### Model Sources [optional]
 
-### Explicitly Out of Scope
-- Autonomous exploitation
-- Payload generation
-- Malware development
-- Live attack execution
-- Social engineering automation
+<!-- Provide the basic links for the model. -->
 
-This model plans. Execution belongs elsewhere.
+- **Repository:** [More Information Needed]
+- **Paper [optional]:** [More Information Needed]
+- **Demo [optional]:** [More Information Needed]
 
-## Training Data
+## Uses
 
-The model was fine-tuned on a **custom, hand-curated cybersecurity orchestration dataset**, including:
+<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
 
-- Penetration testing plans
-- Tool-centric workflows with explicit arguments
-- Scope, ROE, and constraint handling
-- Failure handling and recovery scenarios
-- Structured JSON outputs validated against schemas
+### Direct Use
 
-No proprietary data, real credentials, or live targets were used.
+<!-- This section is for the model use without fine-tuning or plugging into a larger ecosystem/app. -->
 
-## Output Format
+[More Information Needed]
 
-The model strongly prefers **strict JSON outputs**.
+### Downstream Use [optional]
 
-Typical responses include:
-- Objectives
-- Constraints
-- Ordered steps
-- Tool names and arguments
-- Expected outcomes
+<!-- This section is for the model use when fine-tuned for a task, or when plugged into a larger ecosystem/app -->
 
-Unstructured or conversational output is intentionally discouraged.
+[More Information Needed]
+
+### Out-of-Scope Use
+
+<!-- This section addresses misuse, malicious use, and uses that the model will not work well for. -->
+
+[More Information Needed]
+
+## Bias, Risks, and Limitations
+
+<!-- This section is meant to convey both technical and sociotechnical limitations. -->
+
+[More Information Needed]
+
+### Recommendations
+
+<!-- This section is meant to convey recommendations with respect to the bias, risk, and technical limitations. -->
+
+Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
+
+## How to Get Started with the Model
+
+Use the code below to get started with the model.
+
+[More Information Needed]
+
+## Training Details
+
+### Training Data
+
+<!-- This should link to a Dataset Card, perhaps with a short stub of information on what the training data is all about as well as documentation related to data pre-processing or additional filtering. -->
+
+[More Information Needed]
+
+### Training Procedure
+
+<!-- This relates heavily to the Technical Specifications. Content here should link to that section when it is relevant to the training procedure. -->
+
+#### Preprocessing [optional]
+
+[More Information Needed]
+
+
+#### Training Hyperparameters
+
+- **Training regime:** [More Information Needed] <!--fp32, fp16 mixed precision, bf16 mixed precision, bf16 non-mixed precision, fp16 non-mixed precision, fp8 mixed precision -->
+
+#### Speeds, Sizes, Times [optional]
+
+<!-- This section provides information about throughput, start/end time, checkpoint size if relevant, etc. -->
+
+[More Information Needed]
 
 ## Evaluation
 
-Evaluation focuses on **behavioral correctness**, not stylistic quality:
+<!-- This section describes the evaluation protocols and provides the results. -->
+
+### Testing Data, Factors & Metrics
+
+#### Testing Data
+
+<!-- This should link to a Dataset Card if possible. -->
+
+[More Information Needed]
+
+#### Factors
+
+<!-- These are the things the evaluation is disaggregating by, e.g., subpopulations or domains. -->
+
+[More Information Needed]
+
+#### Metrics
+
+<!-- These are the evaluation metrics being used, ideally with a description of why. -->
+
+[More Information Needed]
+
+### Results
+
+[More Information Needed]
+
+#### Summary
+
+
+
+## Model Examination [optional]
+
+<!-- Relevant interpretability work for the model goes here -->
+
+[More Information Needed]
+
+## Environmental Impact
+
+<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
+
+Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
+
+- **Hardware Type:** [More Information Needed]
+- **Hours used:** [More Information Needed]
+- **Cloud Provider:** [More Information Needed]
+- **Compute Region:** [More Information Needed]
+- **Carbon Emitted:** [More Information Needed]
+
+## Technical Specifications [optional]
+
+### Model Architecture and Objective
+
+[More Information Needed]
+
+### Compute Infrastructure
+
+[More Information Needed]
+
+#### Hardware
+
+[More Information Needed]
+
+#### Software
+
+[More Information Needed]
+
+## Citation [optional]
+
+<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
+
+**BibTeX:**
+
+[More Information Needed]
 
-- Tool selection accuracy
-- Argument validity
-- JSON schema compliance
-- Scope enforcement
-- Proper refusal behavior
-- Recovery after simulated tool failure
+**APA:**
 
-Hallucinated tools, invented results, or fabricated flags are treated as failures.
+[More Information Needed]
 
-## Limitations
+## Glossary [optional]
 
-- Does not execute tools or commands
-- Depends on the host framework for enforcement
-- Can hallucinate if misused or prompted incorrectly
-- Not a replacement for human judgment
-- Requires external validation and guardrails
+<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
 
-This is an orchestrator, not an autopwn engine.
+[More Information Needed]
 
-## Ethical Considerations
+## More Information [optional]
 
-This model is intended solely for **authorized security testing and defensive research**.
+[More Information Needed]
 
-Users are responsible for ensuring compliance with applicable laws, contracts, and rules of engagement. Misuse reflects on the user, not the model.
+## Model Card Authors [optional]
 
-## License
+[More Information Needed]
 
-Apache License 2.0
+## Model Card Contact
 
-## Acknowledgments
+[More Information Needed]
+### Framework versions
 
-Developed as part of the **SecGPT** project, focused on building modular, auditable, and controllable AI-assisted security tooling.
+- PEFT 0.18.0

adapter_config.json

@@ -3,7 +3,7 @@
   "alpha_pattern": {},
   "arrow_config": null,
   "auto_mapping": null,
-  "base_model_name_or_path": "p-e-w/gpt-oss-20b-heretic",
+  "base_model_name_or_path": "jason-oneal/secgpt-base",
   "bias": "none",
   "corda_config": null,
   "ensure_weight_tying": false,
@@ -16,7 +16,7 @@
   "layers_pattern": null,
   "layers_to_transform": null,
   "loftq_config": {},
-  "lora_alpha": 32,
+  "lora_alpha": 16,
   "lora_bias": false,
   "lora_dropout": 0.05,
   "megatron_config": null,
@@ -25,13 +25,13 @@
   "peft_type": "LORA",
   "peft_version": "0.18.0",
   "qalora_group_size": 16,
-  "r": 16,
+  "r": 8,
   "rank_pattern": {},
   "revision": null,
   "target_modules": [
+    "v_proj",
     "q_proj",
     "k_proj",
-    "v_proj",
     "o_proj"
   ],
   "target_parameters": null,

adapter_model.safetensors

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3ee11d5dab0e7debba1bd2fd826a2e23a96c48544643cd5c8ef0e233cfb5dcb1
-size 31876192
+oid sha256:c498b4e8fb278698671f19594ab549bfd2620416cb800972b41496b486c97eaf
+size 15950616

tokenizer_config.json

@@ -177,7 +177,7 @@
     "input_ids",
     "attention_mask"
   ],
-  "model_max_length": 1000000000000000019884624838656,
+  "model_max_length": 4096,
   "pad_token": "<|endoftext|>",
   "tokenizer_class": "PreTrainedTokenizerFast"
 }

training_args.bin

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2ffff40273a4a1acc3c9f885404a2c912b254724ed5d8785071d56094c8a357c
+oid sha256:422479637fb8c332ab8749a8b55f860012018e866f6f809a8fb4d3f4d95124f0
 size 6225