--- license: apache-2.0 base_model: Qwen/Qwen2.5-3B-Instruct tags: - opnsense - firewall - network-security - function-calling - onnx - onnxruntime-genai - cpu-inference - qwen2.5 pipeline_tag: text-generation library_name: onnxruntime-genai --- # OPNsense Agent — Qwen2.5-3B ONNX int4 (CPU) Modèle **Qwen2.5-3B-Instruct** fine-tuné (LoRA) sur le domaine **Firewall OPNsense**, mergé et quantifié en **ONNX int4** pour inférence CPU sans GPU. Fait partie du projet [cyber-agent-engine](https://github.com/patlegu/cyber-agent-engine) — architecture multi-agents cybersécurité avec protocole CAP v1. ## Performances | Métrique | Valeur | |---|---| | Score validation | **102/102 (100%)** | | Fonctions couvertes | 102 | | Format | ONNX int4 (onnxruntime-genai) | | Base model | Qwen/Qwen2.5-3B-Instruct | | Latence CPU (8 vCPU) | ~8–12s/requête | ## Usage ```python import onnxruntime_genai as og import json model = og.Model("patlegu/opnsense-qwen25-onnx-int4") tokenizer = og.Tokenizer(model) tokenizer_stream = tokenizer.create_stream() cap = { "directive": "block_ip", "entities": {"IP_ADDRESS": ["203.0.113.42"], "INTERFACE": ["wan"]}, "context": {"source": "coordinator", "confidence": 0.97} } prompt = ( "<|im_start|>system\n" "Tu es un agent OPNSENSE. Tu reçois des directives structurées du coordinateur " "sous forme de paquets JSON (format CAP v1) et tu génères des appels d'API précis " "sous forme de tool_calls. Tu ne réponds jamais en langage naturel.\n" "<|im_end|>\n" "<|im_start|>user\n" + json.dumps(cap) + "\n<|im_end|>\n" "<|im_start|>assistant\n" ) import numpy as np input_ids = np.array(tokenizer.encode(prompt), dtype=np.int32) params = og.GeneratorParams(model) params.set_search_options(max_length=len(input_ids) + 256, temperature=0.1, do_sample=False) generator = og.Generator(model, params) generator.append_tokens(input_ids) output_tokens = [] while not generator.is_done(): generator.generate_next_token() token = generator.get_next_tokens()[0] output_tokens.append(token) print(tokenizer.decode(output_tokens)) # → [{"type": "function", "function": {"name": "...", "arguments": "..."}}] ``` ## Installation ```bash pip install onnxruntime-genai numpy ``` ## Format d'entrée (CAP v1) Agent OPNsense capable de traduire des directives structurées (protocole CAP v1) en appels API OPNsense précis. Couvre 102 fonctions : règles firewall, aliases, NAT, IDS Suricata, Traffic Shaping, ACME/TLS, IPsec, OpenVPN, diagnostics. L'agent reçoit un paquet JSON structuré : ```json { "directive": "block_ip", "entities": {"IP_ADDRESS": ["203.0.113.42"], "INTERFACE": ["wan"]}, "context": {"source": "coordinator", "confidence": 0.97} } ``` Et produit un `tool_call` JSON : ```json [{"type": "function", "function": {"name": "directive_name", "arguments": "{}"}}] ``` ## Projet - Repo principal : [cyber-agent-engine](https://github.com/patlegu/cyber-agent-engine) - Architecture : coordinateur Qwen2.5-3B + agents SLM LoRA + protocole CAP v1 - Autres agents : [OPNsense](patlegu/opnsense-qwen25-onnx-int4) · [WireGuard](patlegu/wireguard-qwen25-onnx-int4) · [CrowdSec](patlegu/crowdsec-qwen25-onnx-int4)