Hugging Face's logo

odoom
/
nixpkgs-security-lora

PEFT
Safetensors
nixpkgs
security
lora
nix
patch-generation
deprecated
Model card Files
xet
Community
odoom commited on
Commit
cd0d9d4
·
verified ·
1 Parent(s): 23f6f1c

Upload README.md with huggingface_hub

Browse files
Files changed (1) hide show
  1. README.md +76 -42
README.md CHANGED
@@ -1,62 +1,96 @@
1
  ---
2
- base_model: mistralai/Mistral-7B-Instruct-v0.2
3
  library_name: peft
4
- model_name: lora-output
 
5
  tags:
6
- - base_model:adapter:mistralai/Mistral-7B-Instruct-v0.2
7
- - lora
8
- - sft
9
- - transformers
10
- - trl
11
- licence: license
12
- pipeline_tag: text-generation
13
  ---
14
 
15
- # Model Card for lora-output
16
 
17
- This model is a fine-tuned version of [mistralai/Mistral-7B-Instruct-v0.2](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.2).
18
- It has been trained using [TRL](https://github.com/huggingface/trl).
19
 
20
- ## Quick start
21
 
22
- ```python
23
- from transformers import pipeline
 
 
 
24
 
25
- question = "If you had a time machine, but could only go to the past or the future once and never return, which would you choose and why?"
26
- generator = pipeline("text-generation", model="None", device="cuda")
27
- output = generator([{"role": "user", "content": question}], max_new_tokens=128, return_full_text=False)[0]
28
- print(output["generated_text"])
29
- ```
 
 
 
 
 
 
 
 
 
 
 
 
 
30
 
31
- ## Training procedure
32
 
33
-
34
 
 
35
 
 
 
 
 
 
36
 
37
- This model was trained with SFT.
38
 
39
- ### Framework versions
 
40
 
41
- - PEFT 0.18.1
42
- - TRL: 0.29.0
43
- - Transformers: 5.2.0
44
- - Pytorch: 2.10.0
45
- - Datasets: 4.6.1
46
- - Tokenizers: 0.22.2
47
 
48
- ## Citations
49
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
50
 
 
51
 
52
- Cite TRL as:
53
-
54
- ```bibtex
55
- @software{vonwerra2020trl,
56
- title = {{TRL: Transformers Reinforcement Learning}},
57
- author = {von Werra, Leandro and Belkada, Younes and Tunstall, Lewis and Beeching, Edward and Thrush, Tristan and Lambert, Nathan and Huang, Shengyi and Rasul, Kashif and Gallouédec, Quentin},
58
- license = {Apache-2.0},
59
- url = {https://github.com/huggingface/trl},
60
- year = {2020}
61
- }
62
- ```
 
1
  ---
 
2
  library_name: peft
3
+ base_model: mistralai/Mistral-7B-Instruct-v0.2
4
+ license: apache-2.0
5
  tags:
6
+ - nixpkgs
7
+ - security
8
+ - lora
9
+ - nix
10
+ - patch-generation
11
+ datasets:
12
+ - odoom/nixpkgs-security-patches
13
  ---
14
 
15
+ # nixpkgs-security-lora
16
 
17
+ LoRA adapter for generating nixpkgs security patches. Fine-tuned on [odoom/nixpkgs-security-patches](https://huggingface.co/datasets/odoom/nixpkgs-security-patches) — 586 complex security fixes from the NixOS/nixpkgs repository.
 
18
 
19
+ ## Model Details
20
 
21
+ - **Base model**: [Mistral 7B Instruct v0.2](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.2)
22
+ - **Method**: QLoRA (4-bit NF4 quantization + LoRA rank 32)
23
+ - **Target**: Cloudflare Workers AI `@cf/mistral/mistral-7b-instruct-v0.2-lora`
24
+ - **Adapter size**: 160 MB
25
+ - **Version**: v2 — retrained on filtered complex-only patches
26
 
27
+ ## Training
28
+
29
+ - **LoRA rank**: 32, alpha: 64, dropout: 0.05
30
+ - **Target modules**: q_proj, k_proj, v_proj, o_proj, gate_proj, up_proj, down_proj
31
+ - **Epochs**: 3 (110 steps)
32
+ - **Effective batch size**: 16 (batch 1 × gradient accumulation 16)
33
+ - **Learning rate**: 2e-4, cosine schedule
34
+ - **Max sequence length**: 4,096 tokens
35
+ - **Hardware**: NVIDIA L4 GPU (HuggingFace Jobs)
36
+
37
+ ### Training Metrics
38
+
39
+ | Metric | Start | End |
40
+ |--------|-------|-----|
41
+ | Loss | 1.166 | 0.867 |
42
+ | Token accuracy | 74.6% | 80.5% |
43
+ | Eval loss | — | 0.924 |
44
+ | Eval accuracy | — | 78.4% |
45
 
46
+ Training time: ~61 minutes.
47
 
48
+ ## Training Data
49
 
50
+ 586 training examples and 66 eval examples derived from merged security PRs in [NixOS/nixpkgs](https://github.com/NixOS/nixpkgs). Each example pairs a CVE description with the actual nix patch diff that fixed it.
51
 
52
+ Quality filters applied:
53
+ - Only merged PRs with security-related titles (CVE, vulnerability, security fix)
54
+ - **Removed version bumps and hash-only updates** — these are deterministic and don't need AI (763 examples filtered out)
55
+ - Kept only complex fixes: fetchpatch backports, patch additions, config changes, etc.
56
+ - Removed trivially small diffs (< 3 changed lines)
57
 
58
+ ## Changelog
59
 
60
+ - **v2** (2026-03-03): Retrained on filtered dataset — removed 763 version bump / hash-only examples. Higher accuracy (80.5% vs 75.6%) with cleaner, more focused training signal.
61
+ - **v1** (2026-03-02): Initial training on 1,273 unfiltered examples.
62
 
63
+ ## Intended Use
 
 
 
 
 
64
 
65
+ This adapter is designed for the [Vulnpatch](https://github.com/Vulnpatch) automated security patch agent. Given a CVE description and affected package info, it generates candidate nix package patches.
66
 
67
+ ## Usage with Cloudflare Workers AI
68
+
69
+ ```javascript
70
+ const response = await env.AI.run(
71
+ "@cf/mistral/mistral-7b-instruct-v0.2-lora",
72
+ {
73
+ messages: [
74
+ { role: "user", content: "Fix CVE-2024-1234 in package foo..." }
75
+ ],
76
+ lora: "nixpkgs-security-lora"
77
+ }
78
+ );
79
+ ```
80
+
81
+ ## Usage with Transformers + PEFT
82
+
83
+ ```python
84
+ from transformers import AutoModelForCausalLM, AutoTokenizer
85
+ from peft import PeftModel
86
+
87
+ model = AutoModelForCausalLM.from_pretrained("mistralai/Mistral-7B-Instruct-v0.2")
88
+ model = PeftModel.from_pretrained(model, "odoom/nixpkgs-security-lora")
89
+ tokenizer = AutoTokenizer.from_pretrained("mistralai/Mistral-7B-Instruct-v0.2")
90
+ ```
91
 
92
+ ## Limitations
93
 
94
+ - Specialized for nixpkgs package expressions — not a general code model
95
+ - Training data is Nix-specific; won't generalize to other package managers
96
+ - May produce patches that need manual review for correctness