Hugging Face's logo

odoom
/
nixpkgs-security-lora

PEFT
Safetensors
nixpkgs
security
lora
nix
patch-generation
deprecated
Model card Files
xet
Community
odoom commited on
Commit
d09437c
·
verified ·
1 Parent(s): 97e7dd6

Upload README.md with huggingface_hub

Browse files
Files changed (1) hide show
  1. README.md +58 -42
README.md CHANGED
@@ -1,62 +1,78 @@
1
  ---
2
- base_model: mistralai/Mistral-7B-Instruct-v0.2
3
  library_name: peft
4
- model_name: lora-output
 
5
  tags:
6
- - base_model:adapter:mistralai/Mistral-7B-Instruct-v0.2
7
- - lora
8
- - sft
9
- - transformers
10
- - trl
11
- licence: license
12
- pipeline_tag: text-generation
13
  ---
14
 
15
- # Model Card for lora-output
16
 
17
- This model is a fine-tuned version of [mistralai/Mistral-7B-Instruct-v0.2](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.2).
18
- It has been trained using [TRL](https://github.com/huggingface/trl).
19
 
20
- ## Quick start
21
 
22
- ```python
23
- from transformers import pipeline
 
 
24
 
25
- question = "If you had a time machine, but could only go to the past or the future once and never return, which would you choose and why?"
26
- generator = pipeline("text-generation", model="None", device="cuda")
27
- output = generator([{"role": "user", "content": question}], max_new_tokens=128, return_full_text=False)[0]
28
- print(output["generated_text"])
29
- ```
30
 
31
- ## Training procedure
 
 
 
 
 
 
32
 
33
-
34
 
 
35
 
 
 
 
 
36
 
37
- This model was trained with SFT.
38
 
39
- ### Framework versions
40
 
41
- - PEFT 0.18.1
42
- - TRL: 0.29.0
43
- - Transformers: 5.2.0
44
- - Pytorch: 2.10.0
45
- - Datasets: 4.6.1
46
- - Tokenizers: 0.22.2
47
 
48
- ## Citations
 
 
 
 
 
 
 
 
 
 
49
 
 
 
 
 
 
 
 
 
 
 
50
 
 
51
 
52
- Cite TRL as:
53
-
54
- ```bibtex
55
- @software{vonwerra2020trl,
56
- title = {{TRL: Transformers Reinforcement Learning}},
57
- author = {von Werra, Leandro and Belkada, Younes and Tunstall, Lewis and Beeching, Edward and Thrush, Tristan and Lambert, Nathan and Huang, Shengyi and Rasul, Kashif and Gallouédec, Quentin},
58
- license = {Apache-2.0},
59
- url = {https://github.com/huggingface/trl},
60
- year = {2020}
61
- }
62
- ```
 
1
  ---
 
2
  library_name: peft
3
+ base_model: mistralai/Mistral-7B-Instruct-v0.2
4
+ license: apache-2.0
5
  tags:
6
+ - nixpkgs
7
+ - security
8
+ - lora
9
+ - nix
10
+ - patch-generation
11
+ datasets:
12
+ - odoom/nixpkgs-security-patches
13
  ---
14
 
15
+ # nixpkgs-security-lora
16
 
17
+ LoRA adapter for generating nixpkgs security patches. Fine-tuned on [odoom/nixpkgs-security-patches](https://huggingface.co/datasets/odoom/nixpkgs-security-patches) — 1,273 real security fixes from the NixOS/nixpkgs repository.
 
18
 
19
+ ## Model Details
20
 
21
+ - **Base model**: [Mistral 7B Instruct v0.2](https://huggingface.co/mistralai/Mistral-7B-Instruct-v0.2)
22
+ - **Method**: QLoRA (4-bit NF4 quantization + LoRA rank 32)
23
+ - **Target**: Cloudflare Workers AI `@cf/mistral/mistral-7b-instruct-v0.2-lora`
24
+ - **Adapter size**: 161 MB
25
 
26
+ ## Training
 
 
 
 
27
 
28
+ - **LoRA rank**: 32, alpha: 64, dropout: 0.05
29
+ - **Target modules**: q_proj, k_proj, v_proj, o_proj, gate_proj, up_proj, down_proj
30
+ - **Epochs**: 3
31
+ - **Effective batch size**: 16 (batch 1 × gradient accumulation 16)
32
+ - **Learning rate**: 2e-4, cosine schedule
33
+ - **Max sequence length**: 4,096 tokens
34
+ - **Hardware**: NVIDIA L4 GPU (HuggingFace Jobs)
35
 
36
+ ## Training Data
37
 
38
+ 1,273 training examples and 142 eval examples derived from merged security PRs in [NixOS/nixpkgs](https://github.com/NixOS/nixpkgs). Each example pairs a CVE description with the actual nix patch diff that fixed it.
39
 
40
+ Quality filters applied:
41
+ - Only merged PRs with security-related titles (CVE, vulnerability, security fix)
42
+ - Removed examples using deprecated `sha256` hash format (modern nixpkgs uses SRI hashes)
43
+ - Removed trivially small diffs (< 3 changed lines)
44
 
45
+ ## Intended Use
46
 
47
+ This adapter is designed for the [Vulnpatch](https://github.com/Vulnpatch) automated security patch agent. Given a CVE description and affected package info, it generates candidate nix package patches.
48
 
49
+ ## Usage with Cloudflare Workers AI
 
 
 
 
 
50
 
51
+ ```javascript
52
+ const response = await env.AI.run(
53
+ "@cf/mistral/mistral-7b-instruct-v0.2-lora",
54
+ {
55
+ messages: [
56
+ { role: "user", content: "Fix CVE-2024-1234 in package foo..." }
57
+ ],
58
+ lora: "nixpkgs-security-lora"
59
+ }
60
+ );
61
+ ```
62
 
63
+ ## Usage with Transformers + PEFT
64
+
65
+ ```python
66
+ from transformers import AutoModelForCausalLM, AutoTokenizer
67
+ from peft import PeftModel
68
+
69
+ model = AutoModelForCausalLM.from_pretrained("mistralai/Mistral-7B-Instruct-v0.2")
70
+ model = PeftModel.from_pretrained(model, "odoom/nixpkgs-security-lora")
71
+ tokenizer = AutoTokenizer.from_pretrained("mistralai/Mistral-7B-Instruct-v0.2")
72
+ ```
73
 
74
+ ## Limitations
75
 
76
+ - Specialized for nixpkgs package expressions — not a general code model
77
+ - Training data is Nix-specific; won't generalize to other package managers
78
+ - May produce patches that need manual review for correctness