--- library_name: peft base_model: huihui-ai/Huihui-Qwen3.6-27B-abliterated pipeline_tag: text-generation language: - en license: other license_name: qwen license_link: https://huggingface.co/huihui-ai/Huihui-Qwen3.6-27B-abliterated tags: - lora - peft - sft - trl - security - supply-chain - npm - code-audit --- # ModuleWarden Auditor - Qwen3.6-27B LoRA (v1) A LoRA adapter that turns the abliterated Qwen3.6-27B into the **narrator** for ModuleWarden, an auditable npm supply-chain submission gate. It reads an audit dossier (a structured diff between two package versions) and writes an evidence-cited audit report: the verdict rationale, the capability deltas that drove it, and a developer-facing summary. ## One line This is the model that **narrates** ModuleWarden's decision. It does not make the decision. A deterministic gate decides allow / quarantine / block; this adapter explains the call in a fixed, auditable schema. ## Intended use - Input: a `modulewarden.audit_dossier.v1` (version_diff mode) - declared package purpose, semver delta, notable file changes with evidence refs, dependency changes, capability deltas. - Output: a `modulewarden.audit_report.v1` - verdict, risk level, primary findings each tied to an evidence ref, benign explanations considered, developer-safe summary. - Built for AppSec review of internal code submissions (a pull request that adds a dependency, or an engineer vendoring an open-source package). The company still holds the code at submission time, so it cannot be yanked the way a public-registry artifact can. ## Honest results (read before quoting a number) Trained on 103 audit dossiers, evaluated on 37 held out that it never saw: - val loss 0.2135 - val token accuracy 0.9435 - train loss fell from ~4.9 to ~0.16 over 3 epochs What that means: **narration fidelity**. On unseen dossiers the adapter reliably reproduces the audit report in the right schema and voice. What it does **not** mean: detection accuracy. The 0.94 is teacher-forced next-token agreement over a small, verdict-skewed set (mostly quarantine verdicts plus schema boilerplate). The verdict authority stays the deterministic gate; this model writes the explanation. Verdict-match and block-recall (does it call the right allow / quarantine / block) are a separate evaluation and are not reported here. Do not read 0.94 as "94% malware detection." Why an abliterated base: a stock instruct model refuses to read and describe malicious npm code ("I can't help with that"), and the auditor has to. The base is pre-abliterated with the Arditi refusal-direction method; the prompts are security-analysis framing, not jailbreaks. ## How to load (PEFT) ```python import torch from transformers import AutoModelForCausalLM, AutoTokenizer from peft import PeftModel base = "huihui-ai/Huihui-Qwen3.6-27B-abliterated" adapter = "ademczuk/modulewarden-auditor-qwen3.6-27b-lora" tok = AutoTokenizer.from_pretrained(base, trust_remote_code=True) model = AutoModelForCausalLM.from_pretrained( base, dtype=torch.bfloat16, device_map="auto", trust_remote_code=True, ) model = PeftModel.from_pretrained(model, adapter) ``` ## Serving - **vLLM**: serves the adapter directly, no conversion. `--enable-lora --lora-modules mw=ademczuk/modulewarden-auditor-qwen3.6-27b-lora`. - **llama.cpp / llama-server**: convert with `convert_lora_to_gguf.py --base `, then `llama-server -m base.gguf --lora mw-adapter.gguf`. Needs a current llama.cpp build that carries the qwen3next operators. Qwen3.6 is a Gated DeltaNet plus Gated Attention hybrid, so older binaries reject the GGUF. The reliable path for a demo is to merge the adapter first, then convert the merged model. ## Training - Base: `huihui-ai/Huihui-Qwen3.6-27B-abliterated` (a qwen3_5 vision-language model, loaded text-only via `language_model_only` to skip the vision tower). - Method: LoRA r16, alpha 32, dropout 0.05 on `q/k/v/o/gate/up/down_proj`. 79.7M trainable params (0.30%). - Data: 152 ModuleWarden audit dossiers (103 train / 37 val), built from real GHSA cve_diff cases. - Hardware: 4x A100-SXM-64GB on CINECA Leonardo, bf16, `device_map=auto`, about 43 minutes wall. - Stack: transformers 5.9.0, trl 1.5.1, peft 0.19.1, torch 2.6.0+cu124. ## Limitations - Small corpus (152), cve_diff only, no allow examples yet, so verdicts skew quarantine and block. - Narrator only. It can describe a risk the gate did not flag, and it cannot override a verdict. - Detection-quality numbers (verdict-match, block-recall) are not in this card. They come from a separate evaluation. - License inherits the Qwen3.6 base via the huihui base model. See the base model card. ## Project ModuleWarden is an auditable npm supply-chain gate built for the Zero-One Hack Vienna 2026 Sybilion Forecast lane. A forecast ranks dependencies by growth trajectory so reviewers vet the climbing ones first, a deterministic gate detects the known-bad, and this adapter narrates the verdict and the MITRE ATT&CK kill chain into a git-committed Control Evidence Memo.