Hugging Face's logo

Willie999
/
trapSTAR-gemma4

Text Generation
PEFT
Safetensors
English
cybersecurity
code-security
vulnerability-remediation
fine-tuned
qlora
conversational
Model card Files
xet
 Community

trapSTAR-gemma4

Model Description

trapSTAR-gemma4 is an autonomous defensive security auditing and patch remediation agent. It is designed to act as an automated code-repair engine within DevSecOps CI/CD pipelines or local code review workflows. Rather than functioning as an offensive exploit generation utility, the model is strictly fine-tuned to ingest vulnerable code snippets flagged by Static Application Security Testing (SAST) tools, identify the associated security weakness, and output a clean, defensive code remediation strategy alongside secure patches.

  • Developed by: Willie999
  • Model type: Causal Language Model (Fine-tuned with QLoRA PEFT Adapters)
  • Language(s) (NLP): English, Multilingual Source Code (Python, JavaScript, C, C++, Go, Rust)
  • License: Apache-2.0 (Inherited from the permissive Gemma 4 license)
  • Finetuned from model: google/gemma-4-E4B-it

Model Sources

Uses

Direct Use

The model is intended for defensive application security engineering. Direct use-cases include:

  • Ingesting localized vulnerable code snippets flagged by external security scanners.
  • Automatically generating structural corrections, input sanitization routines, and secure patches.
  • Explaining the defensive theory behind specific Common Weakness Enumerations (CWEs).

Downstream Use

trapSTAR-gemma4 can be integrated downstream as a specialized backend engine for:

  • GitHub Actions or GitLab CI/CD hooks that automatically open security-focused Pull Requests.
  • IDE plugins providing real-time, local secure coding assistance.

Out-of-Scope Use

This model is built strictly under dual-use protection and defensive safety policies. Out-of-scope and prohibited activities include:

  • Generating functional exploit payloads or weaponized malware.
  • Bypassing firewalls, intrusion detection systems, or software authorization checks.
  • Any automated unauthorized penetration testing against live target assets.

Bias, Risks, and Limitations

  • Brain-Size Constraints (4B Sizing): As a 4B parameter effective model, trapSTAR-gemma4 is highly efficient but may struggle with deep global reasoning across large, multi-file code repositories. It is optimized to work best on localized function blocks.
  • Hallucination Risk: Like all language models, it may occasionally hallucinate non-existent programming library features or output syntax errors under highly complex logic environments. Patches must always be compiled and manually reviewed before production deployment.
  • Dataset Bias: The training data contains historical open-source security fixes. If an engineering stack relies on highly obscure, non-standard architectures, the model's remediations may decline in precision.

Recommendations

Users must execute all suggested patches inside sandboxed staging environments. Security teams should treat the model's output as an assistive recommendation rather than an absolute source of truth.

How to Get Started with the Model

You do not need to manually format or inject raw ChatML tokens into your input strings. The Hugging Face pipeline architecture parses the structural text array dynamically. Use the code snippet below to run inference:

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer

model_id = "Willie999/trapSTAR-gemma4"

print("Loading tokenizer...")
tokenizer = AutoTokenizer.from_pretrained(model_id)

print("Loading model directly to CUDA memory map...")
model = AutoModelForCausalLM.from_pretrained(
    model_id,
    device_map="cuda:0", 
    torch_dtype=torch.bfloat16 if torch.cuda.is_bf16_supported() else torch.float16,
)

model.eval()

messages = [
    {
        "role": "system", 
        "content": "You are Trap Star, an autonomous defensive security auditing agent. Analyze the provided code snippet, identify the vulnerability type, and write out structural recommendations."
    },
    {
        "role": "user", 
        "content": """Review this function block for potential vulnerabilities:

```cpp
void process_str(char *str) {
    char buffer[16];
    strcpy(buffer, str);
}
```"""
    }
]

print("\nProcessing chat template serialization...")
prompt_text = tokenizer.apply_chat_template(messages, add_generation_prompt=True, tokenize=False)
input_ids = tokenizer(prompt_text, return_tensors="pt").input_ids.to("cuda:0") 

print("Executing direct tensor generation with expanded token limits...")
with torch.no_grad(): 
    generated_ids = model.generate(
        input_ids, 
        max_new_tokens=1536,         # <--- Expanded from 512 to handle large code blocks
        min_new_tokens=64,           # Forces the model to thoroughly explain its reasoning
        temperature=0.2,
        do_sample=True,
        pad_token_id=tokenizer.eos_token_id
    )

response_tokens = generated_ids[0][input_ids.shape[-1]:]
response_text = tokenizer.decode(response_tokens, skip_special_tokens=True)

print("\n=== Trap Star Defense Output ===")
print(response_text)
Downloads last month
73
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for Willie999/trapSTAR-gemma4

Base model

google/gemma-4-E4B
Finetuned
google/gemma-4-E4B-it
Adapter
(114)
this model

Datasets used to train Willie999/trapSTAR-gemma4