Update README.md

README.md

@@ -1,58 +1,50 @@
 ---
-pipeline_tag: text-generation
+title: SENTINEL Autonomous Pentesting Agent
+emoji: 🛡️
+colorFrom: red
+colorTo: gray
+sdk: gradio
+sdk_version: 4.36.1
+app_file: app.py
+pinned: false
+python_version: 3.10.13
 license: apache-2.0
-language:
-  - en
+short_description: Fine-tuned Llama-3-8B that autonomously exploits web vulns
 tags:
+  - security
   - llama-3
-  - gguf
-  - quantization
-  - ollama
-  - cybersecurity
-  - web-pentesting
   - autonomous-agent
+  - web-pentesting
   - sql-injection
-  - penetration-testing
-base_model: meta-llama/Meta-Llama-3-8B-Instruct
+  - cybersecurity
 ---
 
-# SENTINEL — Llama-3-8B (Quantized GGUF)
-
-This directory contains the **fully merged and quantized** version of the SENTINEL autonomous web-exploitation agent. 
-
-this folder contains a standalone, compressed model ready for immediate local inference using tools like [Ollama](https://ollama.com/) or [llama.cpp](https://github.com/ggerganov/llama.cpp).
-
-## Quantization Details (`model-q5_k_m.gguf`)
-
-The base Llama-3-8B-Instruct model and the SENTINEL SFT+GRPO fine-tuned adapter have been merged into a single file and compressed using **GGUF Quantization**.
+# 🛡️ SENTINEL — Autonomous Web Pentesting Agent
 
-- **Format:** GGUF
-- **Quantization Method:** `Q5_K_M` (5-bit quantization with medium k-quants)
-- **Size:** ~5.7 GB
-- **Why Q5_K_M?** This specific quantization level strikes the ideal balance between performance and quality. It drastically reduces the memory footprint (allowing it to run comfortably on an RTX 3050 4GB or standard laptop RAM) while maintaining near-perfect accuracy compared to the uncompressed 16-bit model.
+**SENTINEL** is a fine-tuned **Llama-3-8B-Instruct** model trained via SFT+GRPO to autonomously reason about web application vulnerabilities and generate exploit payloads.
 
-## Included Files
+## What it does
 
-* **`model-q5_k_m.gguf`**: The standalone quantized model weights.
-* **`Modelfile`**: The configuration file for creating an Ollama endpoint. It is highly optimized for performance and low VRAM:
-  * Uses the Llama-3 `<|start_header_id|>` ChatML format.
-  * `num_ctx 2048`: Reduced context window from 4096 to save ~400MB of VRAM on lower-end GPUs.
-  * `temperature 0.0`: Forces the model to be completely deterministic, preventing hallucinated reasoning during pentesting.
-  * `num_predict 256`: Caps generation at 256 tokens since SENTINEL's expected JSON outputs are small (~150 tokens).
-* **`smoke_test.ps1`**: A PowerShell script to quickly verify that the model is generating valid JSON responses in the correct SENTINEL schema.
+Given a **goal** (e.g. `AUTHENTICATED`, `DATA_EXFILTRATED`) and an **HTML snippet** (the current page DOM), SENTINEL outputs a single structured JSON action — exactly like a human pentester would decide their next move.
 
-## How to Run with Ollama
+```json
+{
+  "Thought": "Login form with username/password fields on a .php endpoint — classic SQLi target.",
+  "Action": "SQL_INJECT",
+  "Action_Input": {
+    "target_url": "http://target/login.php",
+    "method": "POST",
+    "parameters": {"username": "admin'--", "password": "x"},
+    "rationale": "OR-tautology bypass on username field"
+  }
+}
+```
 
-You can instantly deploy this model locally using the included Modelfile.
+## Model Details
 
-1. Open a terminal in this directory.
-2. Build the model in Ollama:
-   ```bash
-   ollama create sentinel -f Modelfile
-   ```
-3. Run the model:
-   ```bash
-   ollama run sentinel
-   ```
+- **Base model:** `meta-llama/Meta-Llama-3-8B-Instruct`
+- **Fine-tuning:** SFT on curated web-exploit trajectories + GRPO reward shaping
+- **Quantization:** Q5_K_M GGUF (~5.7 GB), served via `llama-cpp-python`
+- **The GGUF weights** are hosted in a separate model repo and downloaded at runtime to bypass the Space 1 GB git limit.
 
-*(For use with the SENTINEL pentesting agent pipeline, simply ensure Ollama is serving the model in the background: `ollama serve`)*
+> ⚠️ **Authorized testing only.** SENTINEL is designed for use against intentionally vulnerable targets (DVWA, Juice Shop, HackTheBox, etc.). Do not use against systems you do not own.