Hugging Face's logo

ademczuk
/
modulewarden-auditor-qwen3.6-27b-lora

Text Generation
PEFT
Safetensors
English
lora
sft
trl
security
supply-chain
npm
code-audit
conversational
Model card Files
xet
 Community
modulewarden-auditor-qwen3.6-27b-lora / README.md
ademczuk's picture
ademczuk
ModuleWarden auditor LoRA v1 (Qwen3.6-27B, trained on Leonardo A100)
2a76a5b verified
preview code
|
raw
history blame
5.04 kB
metadata 
library_name: peft
base_model: huihui-ai/Huihui-Qwen3.6-27B-abliterated
pipeline_tag: text-generation
language:
  - en
license: other
license_name: qwen
license_link: https://huggingface.co/huihui-ai/Huihui-Qwen3.6-27B-abliterated
tags:
  - lora
  - peft
  - sft
  - trl
  - security
  - supply-chain
  - npm
  - code-audit

ModuleWarden Auditor - Qwen3.6-27B LoRA (v1)

A LoRA adapter that turns the abliterated Qwen3.6-27B into the narrator for ModuleWarden, an auditable npm supply-chain submission gate. It reads an audit dossier (a structured diff between two package versions) and writes an evidence-cited audit report: the verdict rationale, the capability deltas that drove it, and a developer-facing summary.

One line

This is the model that narrates ModuleWarden's decision. It does not make the decision. A deterministic gate decides allow / quarantine / block; this adapter explains the call in a fixed, auditable schema.

Intended use

  • Input: a modulewarden.audit_dossier.v1 (version_diff mode) - declared package purpose, semver delta, notable file changes with evidence refs, dependency changes, capability deltas.
  • Output: a modulewarden.audit_report.v1 - verdict, risk level, primary findings each tied to an evidence ref, benign explanations considered, developer-safe summary.
  • Built for AppSec review of internal code submissions (a pull request that adds a dependency, or an engineer vendoring an open-source package). The company still holds the code at submission time, so it cannot be yanked the way a public-registry artifact can.

Honest results (read before quoting a number)

Trained on 103 audit dossiers, evaluated on 37 held out that it never saw:

  • val loss 0.2135
  • val token accuracy 0.9435
  • train loss fell from ~4.9 to ~0.16 over 3 epochs

What that means: narration fidelity. On unseen dossiers the adapter reliably reproduces the audit report in the right schema and voice.

What it does not mean: detection accuracy. The 0.94 is teacher-forced next-token agreement over a small, verdict-skewed set (mostly quarantine verdicts plus schema boilerplate). The verdict authority stays the deterministic gate; this model writes the explanation. Verdict-match and block-recall (does it call the right allow / quarantine / block) are a separate evaluation and are not reported here. Do not read 0.94 as "94% malware detection."

Why an abliterated base: a stock instruct model refuses to read and describe malicious npm code ("I can't help with that"), and the auditor has to. The base is pre-abliterated with the Arditi refusal-direction method; the prompts are security-analysis framing, not jailbreaks.

How to load (PEFT) 

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer
from peft import PeftModel

base = "huihui-ai/Huihui-Qwen3.6-27B-abliterated"
adapter = "ademczuk/modulewarden-auditor-qwen3.6-27b-lora"

tok = AutoTokenizer.from_pretrained(base, trust_remote_code=True)
model = AutoModelForCausalLM.from_pretrained(
    base, dtype=torch.bfloat16, device_map="auto", trust_remote_code=True,
)
model = PeftModel.from_pretrained(model, adapter)

Serving

  • vLLM: serves the adapter directly, no conversion. --enable-lora --lora-modules mw=ademczuk/modulewarden-auditor-qwen3.6-27b-lora.
  • llama.cpp / llama-server: convert with convert_lora_to_gguf.py --base <base>, then llama-server -m base.gguf --lora mw-adapter.gguf. Needs a current llama.cpp build that carries the qwen3next operators. Qwen3.6 is a Gated DeltaNet plus Gated Attention hybrid, so older binaries reject the GGUF. The reliable path for a demo is to merge the adapter first, then convert the merged model.

Training

  • Base: huihui-ai/Huihui-Qwen3.6-27B-abliterated (a qwen3_5 vision-language model, loaded text-only via language_model_only to skip the vision tower).
  • Method: LoRA r16, alpha 32, dropout 0.05 on q/k/v/o/gate/up/down_proj. 79.7M trainable params (0.30%).
  • Data: 152 ModuleWarden audit dossiers (103 train / 37 val), built from real GHSA cve_diff cases.
  • Hardware: 4x A100-SXM-64GB on CINECA Leonardo, bf16, device_map=auto, about 43 minutes wall.
  • Stack: transformers 5.9.0, trl 1.5.1, peft 0.19.1, torch 2.6.0+cu124.

Limitations

  • Small corpus (152), cve_diff only, no allow examples yet, so verdicts skew quarantine and block.
  • Narrator only. It can describe a risk the gate did not flag, and it cannot override a verdict.
  • Detection-quality numbers (verdict-match, block-recall) are not in this card. They come from a separate evaluation.
  • License inherits the Qwen3.6 base via the huihui base model. See the base model card.

Project

ModuleWarden is an auditable npm supply-chain gate built for the Zero-One Hack Vienna 2026 Sybilion Forecast lane. A forecast ranks dependencies by growth trajectory so reviewers vet the climbing ones first, a deterministic gate detects the known-bad, and this adapter narrates the verdict and the MITRE ATT&CK kill chain into a git-committed Control Evidence Memo.