Upload folder using huggingface_hub

.gitattributes

@@ -33,3 +33,5 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+adapters/tokenizer.json filter=lfs diff=lfs merge=lfs -text
+bugtraceai-core-pro.gguf filter=lfs diff=lfs merge=lfs -text

README.md

@@ -0,0 +1,110 @@
+---
+language:
+  - en
+license: apache-2.0
+base_model: unsloth/Mistral-Nemo-Instruct-2407-bnb-4bit
+tags:
+  - cybersecurity
+  - application-security
+  - pentesting
+  - bug-bounty
+  - security-reporting
+  - gguf
+---
+
+# BugTraceAI-CORE-Pro (12B)
+
+A higher-capacity security engineering model from BugTraceAI, tuned for deeper analysis, professional reporting, exploit-chain review, and long-context investigation across agentic web pentesting workflows.
+
+## Model Overview
+
+| Field | Value |
+| --- | --- |
+| Organization | BugTraceAI |
+| Framework | BugTraceAI agentic web pentesting framework |
+| Variant | BugTraceAI-CORE-Pro |
+| Parameter Scale | 12B |
+| Architecture | Mistral Nemo |
+| Intended Domain | Application security and authorized security research |
+| Primary Delivery Format | GGUF |
+
+## Intended Use
+
+- End-to-end analysis of web application findings in authorized environments.
+- Drafting professional vulnerability reports and remediation guidance.
+- Reasoning over larger technical contexts such as logs, source code, and findings bundles.
+
+## Out-of-Scope Use
+
+- Autonomous offensive operation against unauthorized targets.
+- Replacing human validation for severity, exploitability, or business impact.
+- Guaranteeing exploit reliability across target-specific environments.
+
+## Training Data Summary
+
+This model was tuned for security engineering workflows using a curated mix of public, security-focused material. The training mix is described at a high level below:
+
+- Public vulnerability writeups and disclosed security reports used to improve structure, reasoning, and reporting quality.
+- Security methodology material used to improve triage, reproduction planning, and remediation-oriented analysis.
+- Domain examples covering common web application security patterns, defensive controls, and scanner-style findings.
+
+The card intentionally describes the data at a summary level. It should not be read as a guarantee of exact coverage for any individual product, CVE, target stack, or technique.
+
+## Prompting Guidance
+
+Recommended prompting style:
+
+- State the environment and authorization context clearly.
+- Provide concrete evidence: request, response, stack details, logs, code snippets, or scan output.
+- Ask for one task at a time: triage, reproduction planning, impact analysis, remediation, or reporting.
+
+Example tasks that fit this model:
+
+- Summarize why this finding is likely valid and what evidence is missing.
+- Rewrite this scanner output into a concise engineering ticket.
+- Draft remediation steps for this authorization bug or input validation issue.
+
+### Ollama Example
+
+```dockerfile
+FROM hf.co/BugTraceAI/BugTraceAI-CORE-Pro
+
+SYSTEM """
+You are BugTraceAI-CORE-Pro, a security engineering assistant for authorized testing,
+triage, and remediation support. Prefer precise technical analysis, state assumptions,
+and separate confirmed evidence from hypotheses.
+"""
+
+PARAMETER temperature 0.1
+PARAMETER top_p 0.9
+```
+
+Create the local model with:
+
+```bash
+ollama create bugtrace-pro -f Modelfile
+```
+
+## Strengths
+
+- Better long-context reasoning and report quality than the Fast variant.
+- More suitable for multi-step analysis and vulnerability writeups.
+- Stronger at connecting findings, evidence, and remediation paths.
+
+## Limitations
+
+- Higher latency and resource requirements than the Fast model.
+- Still requires human review for high-risk decisions and disclosure quality.
+- Performance depends on prompt quality and the evidence provided.
+
+## Evaluation Status
+
+This release is currently documented with qualitative positioning rather than a public benchmark suite. If you rely on the model for production workflows, validate it against your own prompt set, evidence format, and report quality bar.
+
+## Safety and Responsible Use
+
+This model is intended for authorized security work, defensive research, education, and engineering support. Users are responsible for ensuring legal authorization, validating outputs, and applying human review before acting on model-generated analysis.
+
+## License
+
+Apache-2.0.

adapters/README.md

@@ -0,0 +1,71 @@
+---
+language:
+  - en
+  - es
+license: apache-2.0
+base_model: unsloth/Qwen2.5-Coder-7B-Instruct-bnb-4bit
+tags:
+  - bug-bounty
+  - security
+  - pentesting
+  - exploit-generation
+  - waf-bypass
+  - cybersecurity
+  - hacking
+model-index:
+  - name: BugTraceAI-CORE-v1
+    results: []
+---
+
+# 🛡️ BugTraceAI-CORE v1.0
+
+BugTraceAI-CORE is a specialized Large Language Model (LLM) fine-tuned for high-performance, private, and local cybersecurity operations. Developed specifically for bug hunters, pentesters, and security researchers, it bridges the gap between general-purpose coding assistants and offensive security experts.
+
+## 🚀 Key Features
+
+- **Offensive Security Expertise:** Fine-tuned on real-world exploit chains, WAF bypasses, and security methodologies.
+- **Local-First Architecture:** Designed to run on consumer-grade GPUs (RTX 3060+) with a high-availability fallback for dual-Xeon CPU environments.
+- **2025/2026 Ready:** Trained on recent vulnerability write-ups and disclosed reports to ensure relevance against modern 2025/2026 defense systems.
+- **Zero-Downtime MLOps:** Integrated with a secondary CPU fallback using `llama.cpp` for 24/7 availability during re-training cycles.
+
+## 🧠 Training & Methodology
+
+The model was built using the **Unsloth** library for optimized QLoRA training on a single RTX 3060 (12GB VRAM).
+
+### Datasets (The Hacker's Brain)
+
+- **WAF Evasion & Injection:** Trained on `darkknight25/WAF_DETECTION_DATASET` for generating payloads that bypass modern Web Application Firewalls.
+- **Security Methodology:** Trained on `AYI-NEDJIMI/bug-bounty-pentest-en` to master the logical structure of pentesting logs and methodology.
+- **Real-World Experience:** Augmented with **HackerOne Disclosed Reports** (scraped from Hacktivity) and curated **GitHub Writeups (2025-2026)** to learn successful exploit chains.
+- **Architectural Foundation:** Follows the implementation principles of _Sebastian Raschka's "LLMs from scratch"_.
+
+### Technical Specs
+
+- **Base Model:** Qwen2.5-Coder-7B-Instruct
+- **Fine-Tuning:** QLoRA (Rank 64, Alpha 64)
+- **Context Window:** 4096 Tokens
+- **Precision:** bfloat16 (Optimized for NVIDIA Ampere architecture)
+
+## 🛠️ Usage (BugTraceAI-CLI Integration)
+
+BugTraceAI-CORE is designed to work as a plug-and-play replacement for external APIs.
+
+```bash
+# Example environment configuration
+export OPENROUTER_BASE_URL="http://your-local-core:8000/v1"
+export OPENROUTER_API_KEY="sk-bugtrace-local-core"
+```
+
+### System Architecture
+
+- **Port 8000: Gateway (FastAPI)** - Intelligent router that directs traffic.
+- **Port 8001: GPU Node (vLLM)** - High-speed primary inference.
+- **Port 8002: CPU Node (Llama.cpp)** - Reliable fallback for the Dual Xeon.
+
+## ⚠️ Disclaimer
+
+BugTraceAI-CORE is intended for **legal ethical hacking and educational purposes only**. The creators are not responsible for any misuse of this tool. Always ensure you have explicit permission before testing any system.
+
+---
+
+_Created as part of the BugTraceAI Ecosystem. Building a more secure web, one report at a time._

adapters/adapter_config.json

@@ -0,0 +1,50 @@
+{
+  "alora_invocation_tokens": null,
+  "alpha_pattern": {},
+  "arrow_config": null,
+  "auto_mapping": {
+    "base_model_class": "MistralForCausalLM",
+    "parent_library": "transformers.models.mistral.modeling_mistral",
+    "unsloth_fixed": true
+  },
+  "base_model_name_or_path": "unsloth/Mistral-Nemo-Instruct-2407-bnb-4bit",
+  "bias": "none",
+  "corda_config": null,
+  "ensure_weight_tying": false,
+  "eva_config": null,
+  "exclude_modules": null,
+  "fan_in_fan_out": false,
+  "inference_mode": true,
+  "init_lora_weights": true,
+  "layer_replication": null,
+  "layers_pattern": null,
+  "layers_to_transform": null,
+  "loftq_config": {},
+  "lora_alpha": 32,
+  "lora_bias": false,
+  "lora_dropout": 0,
+  "megatron_config": null,
+  "megatron_core": "megatron.core",
+  "modules_to_save": null,
+  "peft_type": "LORA",
+  "peft_version": "0.18.1",
+  "qalora_group_size": 16,
+  "r": 16,
+  "rank_pattern": {},
+  "revision": null,
+  "target_modules": [
+    "q_proj",
+    "o_proj",
+    "down_proj",
+    "up_proj",
+    "v_proj",
+    "gate_proj",
+    "k_proj"
+  ],
+  "target_parameters": null,
+  "task_type": "CAUSAL_LM",
+  "trainable_token_indices": null,
+  "use_dora": false,
+  "use_qalora": false,
+  "use_rslora": false
+}

adapters/adapter_model.safetensors

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:15c6eb93bd4415d5f977b54390ef2116bc1aab47da118e11f7f10c421efc2e18
+size 228140600

adapters/chat_template.jinja

@@ -0,0 +1,87 @@
+{%- if messages[0]["role"] == "system" %}
+    {%- set system_message = messages[0]["content"] %}
+    {%- set loop_messages = messages[1:] %}
+{%- else %}
+    {%- set loop_messages = messages %}
+{%- endif %}
+{%- if not tools is defined %}
+    {%- set tools = none %}
+{%- endif %}
+{%- set user_messages = loop_messages | selectattr("role", "equalto", "user") | list %}
+
+{#- This block checks for alternating user/assistant messages, skipping tool calling messages #}
+{%- set ns = namespace() %}
+{%- set ns.index = 0 %}
+{%- for message in loop_messages %}
+    {%- if not (message.role == "tool" or message.role == "tool_results" or (message.tool_calls is defined and message.tool_calls is not none)) %}
+        {%- if (message["role"] == "user") != (ns.index % 2 == 0) %}
+            {{- raise_exception("After the optional system message, conversation roles must alternate user/assistant/user/assistant/...") }}
+        {%- endif %}
+        {%- set ns.index = ns.index + 1 %}
+    {%- endif %}
+{%- endfor %}
+
+{{- bos_token }}
+{%- for message in loop_messages %}
+    {%- if message["role"] == "user" %}
+        {%- if tools is not none and (message == user_messages[-1]) %}
+            {{- "[AVAILABLE_TOOLS][" }}
+            {%- for tool in tools %}
+                {%- set tool = tool.function %}
+                {{- '{"type": "function", "function": {' }}
+                {%- for key, val in tool.items() if key != "return" %}
+                    {%- if val is string %}
+                        {{- '"' + key + '": "' + val + '"' }}
+                    {%- else %}
+                        {{- '"' + key + '": ' + val|tojson }}
+                    {%- endif %}
+                    {%- if not loop.last %}
+                        {{- ", " }}
+                    {%- endif %}
+                {%- endfor %}
+                {{- "}}" }}
+                {%- if not loop.last %}
+                    {{- ", " }}
+                {%- else %}
+                    {{- "]" }}
+                {%- endif %}
+            {%- endfor %}
+            {{- "[/AVAILABLE_TOOLS]" }}
+            {%- endif %}
+        {%- if loop.last and system_message is defined %}
+            {{- "[INST]" + system_message + "\n\n" + message["content"] + "[/INST]" }}
+        {%- else %}
+            {{- "[INST]" + message["content"] + "[/INST]" }}
+        {%- endif %}
+    {%- elif (message.tool_calls is defined and message.tool_calls is not none) %}
+        {{- "[TOOL_CALLS][" }}
+        {%- for tool_call in message.tool_calls %}
+            {%- set out = tool_call.function|tojson %}
+            {{- out[:-1] }}
+            {%- if not tool_call.id is defined or tool_call.id|length != 9 %}
+                {{- raise_exception("Tool call IDs should be alphanumeric strings with length 9!") }}
+            {%- endif %}
+            {{- ', "id": "' + tool_call.id + '"}' }}
+            {%- if not loop.last %}
+                {{- ", " }}
+            {%- else %}
+                {{- "]" + eos_token }}
+            {%- endif %}
+        {%- endfor %}
+    {%- elif message["role"] == "assistant" %}
+        {{- message["content"] + eos_token}}
+    {%- elif message["role"] == "tool_results" or message["role"] == "tool" %}
+        {%- if message.content is defined and message.content.content is defined %}
+            {%- set content = message.content.content %}
+        {%- else %}
+            {%- set content = message.content %}
+        {%- endif %}
+        {{- '[TOOL_RESULTS]{"content": ' + content|string + ", " }}
+        {%- if not message.tool_call_id is defined or message.tool_call_id|length != 9 %}
+            {{- raise_exception("Tool call IDs should be alphanumeric strings with length 9!") }}
+        {%- endif %}
+        {{- '"call_id": "' + message.tool_call_id + '"}[/TOOL_RESULTS]' }}
+    {%- else %}
+        {{- raise_exception("Only user and assistant roles are supported, with the exception of an initial optional system message!") }}
+    {%- endif %}
+{%- endfor %}

adapters/special_tokens_map.json

@@ -0,0 +1,30 @@
+{
+  "bos_token": {
+    "content": "<s>",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "eos_token": {
+    "content": "</s>",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "pad_token": {
+    "content": "<pad>",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "unk_token": {
+    "content": "<unk>",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  }
+}

adapters/tokenizer.json

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b0240ce510f08e6c2041724e9043e33be9d251d1e4a4d94eb68cd47b954b61d2
+size 17078292

bugtraceai-core-pro.gguf

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1856d5a261e0a4f61f888341537f34deeb0bfdc576b8f1fc7eb0552c07e29d28
+size 7477207520