Instructions to use vitorallo/securereview-7b-mlx-4bit with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use vitorallo/securereview-7b-mlx-4bit with MLX:

# Make sure mlx-lm is installed
# pip install --upgrade mlx-lm

# Generate text with mlx-lm
from mlx_lm import load, generate

model, tokenizer = load("vitorallo/securereview-7b-mlx-4bit")

prompt = "Write a story about Einstein"
messages = [{"role": "user", "content": prompt}]
prompt = tokenizer.apply_chat_template(
    messages, add_generation_prompt=True
)

text = generate(model, tokenizer, prompt=prompt, verbose=True)

Notebooks
Google Colab
Kaggle
Local Apps Settings
LM Studio

How to use vitorallo/securereview-7b-mlx-4bit with Pi:

Start the MLX server

# Install MLX LM:
uv tool install mlx-lm
# Start a local OpenAI-compatible server:
mlx_lm.server --model "vitorallo/securereview-7b-mlx-4bit"

Configure the model in Pi

# Install Pi:
npm install -g @mariozechner/pi-coding-agent
# Add to ~/.pi/agent/models.json:
{
  "providers": {
    "mlx-lm": {
      "baseUrl": "http://localhost:8080/v1",
      "api": "openai-completions",
      "apiKey": "none",
      "models": [
        {
          "id": "vitorallo/securereview-7b-mlx-4bit"
        }
      ]
    }
  }
}

Run Pi

# Start Pi in your project directory:
pi

Hermes Agent new

How to use vitorallo/securereview-7b-mlx-4bit with Hermes Agent:

Start the MLX server

# Install MLX LM:
uv tool install mlx-lm
# Start a local OpenAI-compatible server:
mlx_lm.server --model "vitorallo/securereview-7b-mlx-4bit"

Configure Hermes

# Install Hermes:
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
hermes setup
# Point Hermes at the local server:
hermes config set model.provider custom
hermes config set model.base_url http://127.0.0.1:8080/v1
hermes config set model.default vitorallo/securereview-7b-mlx-4bit

Run Hermes

hermes

MLX LM

How to use vitorallo/securereview-7b-mlx-4bit with MLX LM:

Generate or start a chat session

# Install MLX LM
uv tool install mlx-lm
# Interactive chat REPL
mlx_lm.chat --model "vitorallo/securereview-7b-mlx-4bit"

Run an OpenAI-compatible server

# Install MLX LM
uv tool install mlx-lm
# Start the server
mlx_lm.server --model "vitorallo/securereview-7b-mlx-4bit"
# Calling the OpenAI-compatible server with curl
curl -X POST "http://localhost:8000/v1/chat/completions" \
   -H "Content-Type: application/json" \
   --data '{
     "model": "vitorallo/securereview-7b-mlx-4bit",
     "messages": [
       {"role": "user", "content": "Hello"}
     ]
   }'

securereview-7b-mlx-4bit / README.md

vitorallo

Upload folder using huggingface_hub

4927f6f verified 2 months ago

preview code

Raw

History Blame Contribute Delete

2.59 kB

metadata

base_model: mlx-community/Qwen2.5-Coder-7B-Instruct-4bit
language:
  - en
library_name: mlx
license: apache-2.0
license_link: https://huggingface.co/Qwen/Qwen2.5-Coder-7B-Instruct/blob/main/LICENSE
pipeline_tag: text-generation
tags:
  - code
  - security
  - code-review
  - vulnerability-detection
  - qwen
  - qwen-coder
  - mlx
  - lora
  - qlora
datasets:
  - vitorallo/securereview-dataset

securereview-7b-mlx-4bit

A 4-bit MLX fine-tune of Qwen2.5-Coder-7B-Instruct for function-level security code review. Input: a code function. Output: structured JSON findings with severity, category, CWE, line number, and description. Runs on Apple Silicon, ~8 GB memory.

Trained on 13,484 examples across 9 languages from CVEFixes, synthetic generation, real vulnerable applications, and community rule sets. All training data is permissively licensed.

Benchmarks

Tested against 33 vulnerable functions from 8 deliberately vulnerable applications (DVNA, NodeGoat, pygoat, crAPI, DSVW, WebGoat, RailsGoat, Juice Shop):

Metric	Base Qwen	securereview-7b
Vulnapp recall	--	94% (31/33)
FPR (clean code)	70%	<3%
F1 (test split)	14%	44%

Detection by category:

Category	Recall
SQL Injection	100%
Command Injection	100%
SSRF	100%
Path Traversal	100%
Broken Access Control	100%
IDOR	86%
Insecure Deserialization	100%
Broken Authentication	100%

Quick start

from mlx_lm import load, generate

model, tok = load("vitorallo/securereview-7b-mlx-4bit")
if hasattr(tok, "eos_token_ids") and 151645 not in tok.eos_token_ids:
    tok.eos_token_ids.add(151645)

The model expects a structured prompt with Function, File, Role, Auth, Code fields and a JSON format reminder. See docs/m3_inference_contract.md for the full prompt specification.

Training

Base: Qwen2.5-Coder-7B-Instruct-4bit
Method: QLoRA, rank 8, 8 layers, 1 epoch, lr 1e-4
Data: 13,484 records, 9 languages, multi-rule prompts (2-8 rules per function)
Hardware: Apple Silicon, ~1 hour

Citation

@misc{securereview-7b-2026,
  author = {Vito Rallo},
  title  = {securereview-7b: a 7B fine-tune for structured security code review},
  year   = {2026},
  url    = {https://huggingface.co/vitorallo/securereview-7b-mlx-4bit}
}

vitorallo
/

securereview-7b-mlx-4bit

securereview-7b-mlx-4bit

Benchmarks

Quick start

Training

Links

Citation