nixpkgs-security-qwen-lora

LoRA adapter for generating nixpkgs security patches via multi-turn tool calling. Fine-tuned on odoom/nixpkgs-security-patches — 654 tool-calling conversations derived from real merged security PRs in NixOS/nixpkgs.

Replaces odoom/nixpkgs-security-lora (Mistral 7B, deprecated).

Model Details

• Base model: Qwen 2.5 Coder 32B Instruct
• Method: QLoRA (4-bit NF4 quantization + LoRA)
• Target: Cloudflare Workers AI @cf/qwen/qwen2.5-coder-32b-instruct
• Adapter size: 256 MB
• Version: v3 — multi-turn tool-calling format

Training

• LoRA rank: 32, alpha: 64, dropout: 0.05
• Target modules: q_proj, k_proj, v_proj, o_proj (attention-only)
• Epochs: 3 (108 steps)
• Effective batch size: 16 (batch 1 x gradient accumulation 16)
• Learning rate: 1e-4, cosine schedule with 5% warmup
• Max sequence length: 4,096 tokens
• Optimizer: paged AdamW 8-bit
• Hardware: NVIDIA L40S (48GB), HuggingFace Jobs
• Training time: ~2.5 hours (108 steps at ~77s/step)

Training Metrics

Metric	Start	End
Loss	1.563	0.540
Token accuracy	70.0%	90.1%

Tool-Calling Format

The adapter is trained on multi-turn conversations using Qwen 2.5's native <tool_call> / <tool_response> format. Each conversation follows this flow:

1. System message: Fix generation prompt + 6 tool definitions
2. User message: CVE + package + recommended strategy
3. Multi-turn tool exchanges:
   • read_nixpkgs_file → package definition (always)
   • find_upstream_fix → commit/release info (when applicable)
   • prefetch_hash → SRI hash (when applicable)
   • submit_for_approval → final diff + commit message (always)

Hashes and URLs appear only in tool results (user role), not in model outputs. This means the model learns the tool-calling workflow rather than memorizing unpredictable values.

Tool Flow Breakdown

Flow	Count	Description
Full (read → find → hash → submit)	277	fetchpatch with GitHub commit URL or version bump with fetchFromGitHub
Short (read → submit)	377	Local patches, non-GitHub sources

Training Data

654 examples (588 train / 66 eval) from odoom/nixpkgs-security-patches. Derived from merged PRs in NixOS/nixpkgs:

• PRs with 1.severity: security label
• PRs with "CVE" in the title
• Commits referencing CVE IDs
• PRs linked from closed security-labeled issues

Quality filters: only merged PRs, only nix file changes, all examples have CVE reference, version bumps without CVE excluded, diffs >50KB or >10 files excluded.

Usage with Cloudflare Workers AI

const response = await env.AI.run(
  "@cf/qwen/qwen2.5-coder-32b-instruct",
  {
    messages: [...],
    tools: [...],
    lora: "nixpkgs-security-lora-v3"
  }
);

Usage with Transformers + PEFT

from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel

base = "Qwen/Qwen2.5-Coder-32B-Instruct"
model = AutoModelForCausalLM.from_pretrained(base, device_map="auto", torch_dtype="auto")
model = PeftModel.from_pretrained(model, "odoom/nixpkgs-security-qwen-lora")
tokenizer = AutoTokenizer.from_pretrained(base)

CF Workers AI Constraints

LoRA adapters on Workers AI must satisfy:

• Rank ≤ 32 — this adapter uses rank 32
• Adapter < 300MB safetensors — this adapter is ~256 MB
• Supported model_type — if qwen2 is rejected, edit adapter_config.json to set model_type: "llama"

Changelog

• v3 (2026-03-04): Qwen 2.5 Coder 32B, multi-turn tool-calling format, 654 examples, loss 0.54, 90% token accuracy.
• v2 (2026-03-03): Mistral 7B, filtered complex-only patches, loss 0.87, 80% accuracy. See odoom/nixpkgs-security-lora.
• v1 (2026-03-02): Mistral 7B, unfiltered 1,273 examples.

Limitations

• Specialized for nixpkgs package expressions — not a general code model
• Training data is Nix-specific; won't generalize to other package managers
• Patches should always be reviewed before merging