Upload 130 files

Dockerfile

@@ -1,3 +1,6 @@
+# NOTE: This Dockerfile is for LOCAL Docker usage only.
+# On HuggingFace Spaces, the Space uses sdk=gradio with ZeroGPU
+# (see spaces/README.md) — this Dockerfile is NOT used there.
 FROM python:3.11-slim
 
 # System deps for audio/image processing that gradio may need
@@ -5,7 +8,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     ffmpeg libsndfile1 git \
     && rm -rf /var/lib/apt/lists/*
 
-# HF Spaces expects the app at /app on port 7860
 WORKDIR /app
 
 # Install Python deps first (cache layer)

PIPELINE_EFFICIENCY_AUDIT.md

@@ -0,0 +1,181 @@
+# OBLITERATUS Pipeline Efficiency Audit
+
+**Date:** 2026-03-03
+**Scope:** All obliteration methods in `abliterate.py` (5,076 lines), `bayesian_optimizer.py`, `informed_pipeline.py`, and 4 ablation strategies.
+
+---
+
+## Executive Summary
+
+The 6-stage pipeline (SUMMON → PROBE → DISTILL → EXCISE → VERIFY → REBIRTH) is architecturally sound with good separation of concerns. Memory hygiene between stages is correct. The rank-1 projection math is efficient. Quantization handling is robust.
+
+**8 concrete efficiency issues found.** Estimated cumulative impact: **~40-60% wall-clock reduction** on typical runs (8B model, advanced/surgical methods). Ordered by ROI (ease × impact).
+
+---
+
+## HIGH PRIORITY (Fix This Week)
+
+### 1. PROBE runs 1,536 prompts with zero batching
+
+**Location:** `abliterate.py:1074-1088`
+**Impact:** Largest single wall-clock bottleneck (~77s on 8B model, reducible to ~10s)
+
+The activation collection loop processes each prompt individually with a full forward pass + GC cycle between each one. With 512 harmful + 512 harmless + 512 jailbreak prompts = 1,536 serial forward passes.
+
+The `_free_gpu_memory()` call at line 1086 is **inside the per-prompt loop**, adding ~20ms × 1,536 = 30s of pure garbage collection overhead.
+
+```python
+# CURRENT (serial)
+for i, prompt in enumerate(prompts):
+    inputs = tokenizer(prompt, return_tensors="pt", ...)
+    model(**inputs)
+    del inputs
+    self._free_gpu_memory()  # <-- 30s wasted
+```
+
+**Fix:** Batch prompts (batch_size=8-16). Hooks already handle batch dimension correctly via `hidden[:, -1, :]`. Move `_free_gpu_memory()` to run every N batches, not every prompt.
+
+**Speedup:** ~7-8x on PROBE stage.
+
+---
+
+### 2. VERIFY generates 30 completions sequentially — no batching
+
+**Location:** `abliterate.py:4622-4670`
+**Impact:** Second-largest wall-clock cost (~57s on 8B model, reducible to ~15s)
+
+Each of the 30 refusal-test prompts gets an independent `model.generate(max_new_tokens=128)` call. At ~15ms/token on an 8B model, that's 30 × 128 × 15ms ≈ 57s.
+
+**Fix:** Batch the generation calls (batch_size=4-8). `model.generate()` supports batched inputs natively. The tokenizer already handles padding.
+
+**Speedup:** ~4x on VERIFY stage.
+
+---
+
+### 3. SAE training is forced to CPU with no early stopping
+
+**Location:** `abliterate.py:1579-1583`
+**Impact:** Moderate — adds ~20-40s per run when SAE features are enabled (surgical, nuclear methods)
+
+SAE training runs 30 fixed epochs per strong layer on CPU. With 15-20 strong layers, that's 450-600 CPU training epochs. No convergence check, no early stopping.
+
+The `device="cpu"` is overly conservative — the memory-aware cap at line 1570-1578 already validates GPU headroom, and a typical SAE encoder (expansion=2, hidden_dim=4096) is only ~128MB.
+
+**Fix:**
+1. Add early stopping when reconstruction loss plateaus (< 0.1% improvement over 3 epochs)
+2. Use GPU when `free_mb > sae_mem_mb + 1024` (1GB headroom)
+3. Reduce default epochs from 30 to 15 with convergence guard
+
+---
+
+## MEDIUM PRIORITY (Fix This Sprint)
+
+### 4. `_distill_inner()` is a degraded copy of `_distill()` — drops half the SOTA techniques
+
+**Location:** `abliterate.py:2958-3055` vs `1102-1750`
+**Impact:** Quality regression on refinement passes 2+, not pure compute waste
+
+The iterative refinement path calls `_distill_inner()` which is a simplified ~100-line copy that skips: Wasserstein-optimal extraction, layer-adaptive strength, float layer interpolation, SAE features, EGA, CoT-aware orthogonalization, and RDO refinement.
+
+This means "true iterative refinement" actually produces **worse directions on later passes** because it drops the analysis-guided enhancements.
+
+**Fix:** Extract shared SVD/direction logic into `_extract_directions(full_features=True/False)` and call from both paths. At minimum, keep whitened SVD and jailbreak-contrastive blending in the inner path.
+
+---
+
+### 5. Bayesian optimizer clones ALL weight tensors — ~7GB memory overhead
+
+**Location:** `bayesian_optimizer.py:300-341`
+**Impact:** Memory pressure on GPU-constrained setups; 50× full-restore cycles
+
+The optimizer saves a complete clone of every weight tensor across all strong layers. For a 7B model with 32 layers, that's ~7GB of clones sitting in memory during all 50 trials.
+
+After each trial, `_restore_all()` copies all clones back — 50 trials × full-model memcpy.
+
+**Fix (easy):** Only clone weights in `_strong_layers` (already partially done, but `named_parameters()` crawl still catches everything). Drop the `seen_data_ptrs` set once the loop is tightened.
+
+**Fix (better):** Store the projection delta `Δ = scale * d @ (d^T @ W)` per layer instead of cloning the full weight. Rollback = `W += Δ`. This reduces storage from O(hidden_dim²) to O(hidden_dim) per direction per layer.
+
+---
+
+### 6. Norm computation in `_project_out_advanced()` traverses the full matrix twice
+
+**Location:** `abliterate.py:3477-3486`
+**Impact:** ~4,800 unnecessary full-matrix norm computations per run (8-direction surgical)
+
+When `norm_preserve=True`, the code computes `W.norm()` before projection and `W.norm()` after projection. Each norm traverses the full weight matrix (16M elements for 4096×4096).
+
+With 8 directions × 30 layers × 10 weight matrices = 2,400 projections → 4,800 norm calls → 77 billion unnecessary FLOPs.
+
+**Fix:** After rank-1 update `W' = W - scale * d @ (d^T @ W)`, the new norm satisfies:
+`||W'||² = ||W||² - 2·scale·||d^T @ W||² + scale²·||d^T @ W||²·||d||²`
+
+Since `||d|| = 1`: `||W'||² = ||W||² - scale·(2 - scale)·||coeff||²`
+
+This replaces a 16M-element norm with a single `coeff.pow(2).sum()` call (~4K FLOPs).
+
+---
+
+## LOW PRIORITY (Backlog)
+
+### 7. Gram-Schmidt appears 3 times as O(n²) nested loops
+
+**Location:** `abliterate.py:1168-1173`, `1361-1367`, `3038-3044`
+**Impact:** Minimal compute but code quality issue
+
+Three separate implementations of the same Gram-Schmidt orthogonalization with nested Python loops. With n_directions=8, it's 28 dot products per call — trivial compute but (a) DRY violation, (b) numerically inferior to `torch.linalg.qr()`.
+
+**Fix:** Extract to `_orthogonalize_subspace(sub: Tensor) -> Tensor` using QR decomposition. Single call site, single test, better numerics.
+
+---
+
+### 8. Pre-EXCISE baseline KL capture re-forward-passes 100 prompts already seen in PROBE
+
+**Location:** `abliterate.py:2313-2366`
+**Impact:** ~700ms wasted (minor)
+
+`_capture_baseline_kl_logits()` runs 100 harmless prompts through the model to capture pre-EXCISE logits. But PROBE already ran those same prompts and captured hidden states at every layer. The logits could be computed as `lm_head(last_hidden_state)` — a single matmul.
+
+**Fix:** After PROBE, compute `baseline_logits = model.lm_head(harmful_means[last_layer])` on the cached activations. Skip the 100-prompt forward pass entirely.
+
+---
+
+## What's Done Well
+
+| Area | Assessment |
+|------|------------|
+| **Stage-boundary memory cleanup** | Correct — `_free_gpu_memory()` + explicit dict clearing between stages |
+| **Rank-1 projection math** | Efficient — `W @ d` then `d.T * coeff` instead of materializing `I - dd^T` |
+| **Quantization dequant/requant** | Robust — handles bitsandbytes NF4, GPTQ, AWQ; fails loudly on unsupported formats |
+| **Incremental expert mean** | Smart — Welford running mean in `_transplant_expert_weights()` avoids stacking all expert weights |
+| **Router stabilization** | Defensive — `_stabilize_router_weights()` after MoE projection prevents CUDA crashes |
+| **Large model mode** | Pragmatic — caps directions, SAE features, refinement passes for 120B+ models |
+| **Event emission** | Clean — `_emit()` / `_on_stage()` / `_on_log()` callbacks for UI integration without coupling |
+
+---
+
+## Method Efficiency Comparison
+
+| Method | PROBE Cost | DISTILL Cost | EXCISE Cost | VERIFY Cost | Primary Bottleneck |
+|--------|-----------|-------------|-------------|-------------|-------------------|
+| **basic** | 1x (1,024 prompts) | 1x (diff-in-means) | 1x (~10 projections) | 1x | PROBE |
+| **advanced** | 2x (re-probe on pass 2) | 2x (re-distill) | 2x (2 passes) | 1x | PROBE × 2 |
+| **aggressive** | 3x (re-probe on passes 2,3) | 3x (re-distill) | 3x (3 passes, 8 dirs) | 1x | PROBE × 3 |
+| **surgical** | 1.5x (+jailbreak prompts) | 2x (SAE training) | 2x (head surgery + EGA) | 1x | SAE on CPU |
+| **optimized** | 1.5x (+jailbreak) | 1x | 50x (Bayesian trials) | 1x | Bayesian optimizer |
+| **inverted** | 1.5x (+jailbreak) | 1x | 2x (reflection math) | 1x | PROBE |
+| **nuclear** | 1.5x (+jailbreak) | 2x (SAE) | 3x (all techniques) | 1x | SAE + PROBE |
+| **informed** | 1x | 1.5x (analysis modules) | 1x-3x (dynamic) | 1.5x (Ouroboros check) | Analysis modules |
+
+---
+
+## Prioritized Action Plan
+
+1. **Batch PROBE forward passes** — immediate 7-8x speedup on largest bottleneck
+2. **Batch VERIFY generation** — immediate 4x speedup on second bottleneck
+3. **Add SAE early stopping + GPU path** — 2-3x speedup on SAE-enabled methods
+4. **Unify `_distill` / `_distill_inner`** — quality fix, prevents direction degradation
+5. **Optimize Bayesian rollback storage** — memory fix for GPU-constrained users
+6. **Analytical norm computation** — eliminates 77B unnecessary FLOPs
+7. **DRY Gram-Schmidt** — code quality
+8. **Cache KL baseline from PROBE** — minor speedup

app.py

@@ -1,10 +1,18 @@
 """OBLITERATUS — Browser-based model liberation with chat playground.
 
-Deploy on HuggingFace Spaces (free T4 GPU) or run locally:
+Deploy on HuggingFace Spaces (ZeroGPU — users bring their own GPU quota)
+or run locally:
     pip install -e ".[spaces]"
     obliteratus ui              # beautiful launcher with GPU detection
     python app.py               # direct launch (used by HF Spaces)
     python app.py --share       # with public share link
+
+ZeroGPU Support:
+    When deployed on HF Spaces with ZeroGPU, each user's GPU-heavy
+    operations (obliteration, chat, benchmarks) run on a shared GPU pool
+    using the VISITOR's own HF quota — not the Space owner's.  Functions
+    decorated with @spaces.GPU request a GPU for their duration and
+    release it when done.  The Space itself runs on CPU between calls.
 """
 
 from __future__ import annotations
@@ -50,6 +58,28 @@ import gradio as gr
 import torch
 from transformers import AutoModelForCausalLM, AutoTokenizer, TextIteratorStreamer
 
+# ── ZeroGPU support ─────────────────────────────────────────────────
+# When running on HuggingFace Spaces with ZeroGPU, the `spaces` package
+# provides the @spaces.GPU decorator that allocates a GPU from the shared
+# pool for the decorated function's duration.  Each visitor uses their own
+# HF quota — the Space owner pays nothing for GPU.
+#
+# When running locally or on a dedicated-GPU Space, spaces is not installed
+# and we fall back to a no-op decorator so the same code works everywhere.
+try:
+    import spaces
+    _ZEROGPU_AVAILABLE = True
+except ImportError:
+    _ZEROGPU_AVAILABLE = False
+    # Create a no-op decorator that mirrors spaces.GPU interface
+    class _FakeSpaces:
+        @staticmethod
+        def GPU(duration: int = 60, **kwargs):
+            def decorator(fn):
+                return fn
+            return decorator
+    spaces = _FakeSpaces()
+
 # ---------------------------------------------------------------------------
 # Global state
 # ---------------------------------------------------------------------------
@@ -149,6 +179,7 @@ METHODS = {
     "advanced (recommended)": "advanced",
     "basic (fast, single direction)": "basic",
     "aggressive (maximum removal)": "aggressive",
+    "spectral cascade (frequency-selective)": "spectral_cascade",
     "informed (analysis-guided auto-config)": "informed",
     "surgical (precision MoE-aware)": "surgical",
     "optimized (bayesian auto-tuned)": "optimized",
@@ -195,6 +226,9 @@ def _get_preset_defaults(method_display: str):
         "expert_transplant": cfg.get("expert_transplant", False),
         "transplant_blend": cfg.get("transplant_blend", 0.3),
         "use_wasserstein_optimal": cfg.get("use_wasserstein_optimal", False),
+        "spectral_cascade": cfg.get("spectral_cascade", False),
+        "spectral_bands": cfg.get("spectral_bands", 3),
+        "spectral_threshold": cfg.get("spectral_threshold", 0.05),
     }
 
 def _on_method_change(method_display: str):
@@ -208,6 +242,8 @@ def _on_method_change(method_display: str):
         d["embed_regularization"],
         d["steering_strength"],
         d["transplant_blend"],
+        d["spectral_bands"],
+        d["spectral_threshold"],
         d["norm_preserve"],
         d["project_biases"],
         d["use_chat_template"],
@@ -224,6 +260,7 @@ def _on_method_change(method_display: str):
         d["activation_steering"],
         d["expert_transplant"],
         d["use_wasserstein_optimal"],
+        d["spectral_cascade"],
     )
 
 def _on_dataset_change(dataset_label: str):
@@ -569,6 +606,7 @@ def _figs_to_gallery(figs: list) -> list[tuple[str, str]]:
     return gallery if gallery else None
 
 
+@spaces.GPU(duration=300)
 def benchmark(
     model_choice: str,
     methods_to_test: list[str],
@@ -579,9 +617,10 @@ def benchmark(
     """Run multiple abliteration methods on a single model and compare results.
 
     This is the API endpoint that enables programmatic benchmarking — call it
-    via the Gradio Client API to test what works on your T4 GPU.
+    via the Gradio Client API to test what works on your GPU.
 
     Yields streaming progress updates as (status_md, results_md, log_text, gallery).
+    On ZeroGPU, uses the visitor's GPU quota (up to 5 minutes).
     """
     import json as _json
 
@@ -895,6 +934,7 @@ def _format_benchmark_results(results: list[dict], context: dict | None = None)
 # Multi-model benchmark (new: 1 technique across N models)
 # ---------------------------------------------------------------------------
 
+@spaces.GPU(duration=300)
 def benchmark_multi_model(
     model_choices: list[str],
     method_choice: str,
@@ -1202,6 +1242,7 @@ def _format_multi_model_results(results: list[dict], context: dict | None = None
     return "\n".join(lines)
 
 
+@spaces.GPU(duration=300)
 def obliterate(model_choice: str, method_choice: str, hub_repo: str,
                prompt_volume_choice: str, dataset_source_choice: str,
                custom_harmful: str, custom_harmless: str,
@@ -1210,6 +1251,7 @@ def obliterate(model_choice: str, method_choice: str, hub_repo: str,
                adv_refinement_passes: int, adv_reflection_strength: float,
                adv_embed_regularization: float, adv_steering_strength: float,
                adv_transplant_blend: float,
+               adv_spectral_bands: int, adv_spectral_threshold: float,
                # Advanced params (checkboxes)
                adv_norm_preserve: bool, adv_project_biases: bool,
                adv_use_chat_template: bool, adv_use_whitened_svd: bool,
@@ -1219,8 +1261,14 @@ def obliterate(model_choice: str, method_choice: str, hub_repo: str,
                adv_sae_features: bool, adv_invert_refusal: bool,
                adv_project_embeddings: bool, adv_activation_steering: bool,
                adv_expert_transplant: bool, adv_wasserstein_optimal: bool,
+               adv_spectral_cascade: bool,
                progress=gr.Progress()):
-    """Run the full obliteration pipeline, streaming log updates to the UI."""
+    """Run the full obliteration pipeline, streaming log updates to the UI.
+
+    On ZeroGPU Spaces, this function runs on the visitor's GPU quota (up to
+    5 minutes).  The @spaces.GPU decorator allocates a GPU at call time and
+    releases it when the function returns.
+    """
     import os
     import re
 
@@ -1382,6 +1430,9 @@ def obliterate(model_choice: str, method_choice: str, hub_repo: str,
                     expert_transplant=adv_expert_transplant,
                     transplant_blend=float(adv_transplant_blend),
                     use_wasserstein_optimal=adv_wasserstein_optimal,
+                    spectral_cascade=adv_spectral_cascade,
+                    spectral_bands=int(adv_spectral_bands),
+                    spectral_threshold=float(adv_spectral_threshold),
                 )
                 pipeline_ref[0] = pipeline
                 pipeline.run()
@@ -1687,10 +1738,14 @@ def _strip_reasoning_tokens(text: str) -> str:
     return cleaned if cleaned else text
 
 
+@spaces.GPU(duration=120)
 def chat_respond(message: str, history: list[dict], system_prompt: str,
                  temperature: float, top_p: float, max_tokens: int,
                  repetition_penalty: float):
-    """Stream a response from the liberated model."""
+    """Stream a response from the liberated model.
+
+    On ZeroGPU, allocates a GPU for up to 2 minutes per response.
+    """
     with _lock:
         model = _state["model"]
         tokenizer = _state["tokenizer"]
@@ -1816,8 +1871,12 @@ def _get_session_model_choices():
     return list(_session_models.keys()) if _session_models else []
 
 
+@spaces.GPU(duration=300)
 def load_bench_into_chat(choice: str, progress=gr.Progress()):
-    """Re-run abliteration with a benchmark config and load result into Chat."""
+    """Re-run abliteration with a benchmark config and load result into Chat.
+
+    On ZeroGPU, uses the visitor's GPU quota.
+    """
     if choice not in _bench_configs:
         yield "**Error:** No benchmark result selected.", ""
         return
@@ -1982,6 +2041,7 @@ def load_bench_into_chat(choice: str, progress=gr.Progress()):
 # A/B Comparison Chat
 # ---------------------------------------------------------------------------
 
+@spaces.GPU(duration=120)
 def ab_chat_respond(message: str, history_left: list[dict], history_right: list[dict],
                     system_prompt: str, temperature: float, top_p: float,
                     max_tokens: int, repetition_penalty: float):
@@ -2000,9 +2060,15 @@ def ab_chat_respond(message: str, history_left: list[dict], history_right: list[
                                 {"role": "assistant", "content": "No abliterated model loaded. Obliterate a model first."}],
                history_right + [{"role": "user", "content": message},
                                  {"role": "assistant", "content": "No abliterated model loaded. Obliterate a model first."}],
-               "Load a model first.")
+               "Load a model first.",
+               "#### Original (Pre-Abliteration)",
+               "#### Abliterated")
         return
 
+    # Build header strings showing model name on each side
+    header_left = f"#### Original (Pre-Abliteration)\n`{model_name}`"
+    header_right = f"#### Abliterated\n`{model_name}`"
+
     # Sanitize inputs
     system_prompt = (system_prompt or "")[:4096]
     message = (message or "")[:8192]
@@ -2067,7 +2133,8 @@ def ab_chat_respond(message: str, history_left: list[dict], history_right: list[
             partial_abl += token
             yield (new_left + [{"role": "assistant", "content": "*Generating after abliterated response...*"}],
                    new_right + [{"role": "assistant", "content": partial_abl}],
-                   "Streaming abliterated response...")
+                   "Streaming abliterated response...",
+                   header_left, header_right)
     except Exception:
         pass  # Streamer timeout — use whatever partial_abl we have
 
@@ -2079,7 +2146,8 @@ def ab_chat_respond(message: str, history_left: list[dict], history_right: list[
     # --- Generate from original model ---
     yield (new_left + [{"role": "assistant", "content": "*Offloading abliterated model, loading original...*"}],
            new_right + [{"role": "assistant", "content": partial_abl}],
-           "Loading original model...")
+           "Loading original model...",
+           header_left, header_right)
 
     # Offload abliterated model to CPU to free GPU for original model.
     # This avoids holding both models in VRAM simultaneously (2x OOM risk).
@@ -2126,7 +2194,8 @@ def ab_chat_respond(message: str, history_left: list[dict], history_right: list[
                 original_response += token
                 yield (new_left + [{"role": "assistant", "content": original_response}],
                        new_right + [{"role": "assistant", "content": partial_abl}],
-                       "Streaming original response...")
+                       "Streaming original response...",
+                       header_left, header_right)
         except Exception:
             pass  # Streamer timeout — use whatever we have
 
@@ -2152,19 +2221,22 @@ def ab_chat_respond(message: str, history_left: list[dict], history_right: list[
 
     yield (new_left + [{"role": "assistant", "content": original_response}],
            new_right + [{"role": "assistant", "content": partial_abl}],
-           "Done — compare the responses above.")
+           "Done — compare the responses above.",
+           header_left, header_right)
 
 
 # ---------------------------------------------------------------------------
 # Ablation Strength Sweep (dose-response curve)
 # ---------------------------------------------------------------------------
 
+@spaces.GPU(duration=300)
 def strength_sweep(model_choice: str, method_choice: str,
                    prompt_vol_choice: str, dataset_source_choice: str,
                    sweep_steps: int, progress=gr.Progress()):
     """Sweep regularization from 0.0→1.0 and measure refusal rate + perplexity.
 
     Produces a dose-response curve: the fundamental plot for abliteration research.
+    On ZeroGPU, uses the visitor's GPU quota (up to 5 minutes).
     """
     from obliteratus.abliterate import AbliterationPipeline
 
@@ -2185,8 +2257,14 @@ def strength_sweep(model_choice: str, method_choice: str,
     # Pre-load dataset
     harmful_all, harmless_all = load_dataset_source(dataset_key)
     prompt_volume = PROMPT_VOLUMES.get(prompt_vol_choice, 33)
-    harmful = harmful_all[:prompt_volume] if prompt_volume < len(harmful_all) else harmful_all
-    harmless = harmless_all[:prompt_volume] if prompt_volume < len(harmless_all) else harmless_all
+    if prompt_volume > 0 and prompt_volume < len(harmful_all):
+        harmful = harmful_all[:prompt_volume]
+    else:
+        harmful = harmful_all
+    if prompt_volume > 0 and prompt_volume < len(harmless_all):
+        harmless = harmless_all[:prompt_volume]
+    else:
+        harmless = harmless_all
 
     for step_i, reg in enumerate(regs):
         progress((step_i) / len(regs), desc=f"reg={reg:.2f}")
@@ -2683,15 +2761,15 @@ label span {
 
 /* ---- CHAT TAB: RESIZABLE CHATBOT ---- */
 #chat .chatbot, #chat .chat-interface {
-    min-height: 18vh !important;
-    height: 25vh !important;
+    min-height: 9vh !important;
+    height: 12vh !important;
 }
 #chat .chatbot .messages-wrapper,
 #chat .chatbot .wrapper,
 #chat .chatbot [class*="wrapper"] {
-    min-height: 15vh !important;
-    height: 22vh !important;
-    max-height: 35vh !important;
+    min-height: 8vh !important;
+    height: 11vh !important;
+    max-height: 18vh !important;
     overflow-y: auto !important;
     resize: vertical !important;
 }
@@ -2699,7 +2777,7 @@ label span {
 #chat .chatbot {
     resize: vertical !important;
     overflow: auto !important;
-    min-height: 15vh !important;
+    min-height: 8vh !important;
 }
 /* Resize handle styling */
 #chat .chatbot .messages-wrapper::-webkit-resizer,
@@ -2710,6 +2788,20 @@ label span {
     height: 16px;
 }
 
+/* ---- A/B COMPARE: MODEL HEADERS ---- */
+#ab_compare h4 {
+    margin: 0 !important;
+    padding: 6px 10px !important;
+    border: 1px solid #1a1f2e !important;
+    background: #0d0d14 !important;
+    border-radius: 4px !important;
+}
+#ab_compare code {
+    color: #00ff41 !important;
+    font-size: 0.85rem !important;
+    background: transparent !important;
+}
+
 /* ---- ACCORDION ---- */
 .gr-accordion { border-color: #1a1f2e !important; }
 
@@ -2804,6 +2896,14 @@ with gr.Blocks(theme=THEME, css=CSS, js=_JS, title="OBLITERATUS", fill_height=Tr
     # GPU VRAM monitor — refreshed on page load and after key operations
     vram_display = gr.HTML(value=_get_vram_html())
 
+    # ZeroGPU info — only shown when running on HF Spaces with ZeroGPU
+    if _ZEROGPU_AVAILABLE:
+        gr.Markdown(
+            "> **ZeroGPU enabled** — GPU operations use *your* HuggingFace account quota, "
+            "not the Space owner's. Log in with your HF account for free GPU access. "
+            "Multiple users can run simultaneously without conflicts."
+        )
+
     with gr.Tabs():
 
         # ── Tab 1: Obliterate ─────────────────────────────────────────────
@@ -2904,6 +3004,15 @@ with gr.Blocks(theme=THEME, css=CSS, js=_JS, title="OBLITERATUS", fill_height=Tr
                         0.0, 0.5, value=_defaults["transplant_blend"], step=0.05,
                         label="Transplant Blend", info="Capability blend into safety experts",
                     )
+                with gr.Row():
+                    adv_spectral_bands = gr.Slider(
+                        2, 8, value=_defaults["spectral_bands"], step=1,
+                        label="Spectral Bands", info="DCT frequency bands for Spectral Cascade",
+                    )
+                    adv_spectral_threshold = gr.Slider(
+                        0.01, 0.2, value=_defaults["spectral_threshold"], step=0.01,
+                        label="Spectral Threshold", info="Energy threshold for cascade early-exit",
+                    )
                 gr.Markdown("**Technique Toggles**")
                 with gr.Row():
                     adv_norm_preserve = gr.Checkbox(value=_defaults["norm_preserve"], label="Norm Preserve")
@@ -2925,18 +3034,23 @@ with gr.Blocks(theme=THEME, css=CSS, js=_JS, title="OBLITERATUS", fill_height=Tr
                     adv_activation_steering = gr.Checkbox(value=_defaults["activation_steering"], label="Activation Steering")
                     adv_expert_transplant = gr.Checkbox(value=_defaults["expert_transplant"], label="Expert Transplant")
                     adv_wasserstein_optimal = gr.Checkbox(value=_defaults.get("use_wasserstein_optimal", False), label="Wasserstein-Optimal Dirs")
+                with gr.Row():
+                    adv_spectral_cascade = gr.Checkbox(value=_defaults["spectral_cascade"], label="Spectral Cascade",
+                                                       info="DCT frequency decomposition for precision refusal targeting")
 
             # List of all advanced controls (order must match _on_method_change return)
             _adv_controls = [
                 adv_n_directions, adv_regularization, adv_refinement_passes,
                 adv_reflection_strength, adv_embed_regularization,
                 adv_steering_strength, adv_transplant_blend,
+                adv_spectral_bands, adv_spectral_threshold,
                 adv_norm_preserve, adv_project_biases, adv_use_chat_template,
                 adv_use_whitened_svd, adv_true_iterative, adv_jailbreak_contrast,
                 adv_layer_adaptive, adv_safety_neuron, adv_per_expert,
                 adv_attn_surgery, adv_sae_features, adv_invert_refusal,
                 adv_project_embeddings, adv_activation_steering,
                 adv_expert_transplant, adv_wasserstein_optimal,
+                adv_spectral_cascade,
             ]
 
             obliterate_btn = gr.Button(
@@ -2960,6 +3074,7 @@ with gr.Blocks(theme=THEME, css=CSS, js=_JS, title="OBLITERATUS", fill_height=Tr
 
             gr.Markdown(
                 "*Anonymous telemetry is on by default (no user identity or prompts collected). "
+                "Results auto-sync to a central community dataset for the leaderboard. "
                 "Opt out: set `OBLITERATUS_TELEMETRY=0`.*",
                 elem_classes=["telemetry-notice"],
             )
@@ -2979,9 +3094,9 @@ Compare multiple abliteration methods on the same model.
 Great for finding the optimal strategy for a specific architecture.
 
 ```python
-# API access:
+# API access (replace with your Space URL):
 from gradio_client import Client
-client = Client("pliny-the-prompter/obliteratus")
+client = Client("your-username/obliteratus")
 result = client.predict(
     model_choice="Alibaba (Qwen) / Qwen2.5-0.5B Instruct",
     methods_to_test=["basic", "advanced", "surgical", "optimized"],
@@ -2998,9 +3113,9 @@ result = client.predict(
                             allow_custom_value=True,
                         )
                         bench_methods = gr.CheckboxGroup(
-                            choices=["basic", "advanced", "aggressive", "surgical",
-                                     "optimized", "inverted", "nuclear"],
-                            value=["basic", "advanced", "surgical", "optimized"],
+                            choices=["basic", "advanced", "aggressive", "spectral_cascade",
+                                     "informed", "surgical", "optimized", "inverted", "nuclear"],
+                            value=["basic", "advanced", "spectral_cascade", "surgical"],
                             label="Methods to Compare",
                         )
                     with gr.Row():
@@ -3080,9 +3195,9 @@ how well a technique generalizes — especially for MoE-aware methods like
 `surgical`, `optimized`, or `nuclear` on GPT-OSS 20B vs dense models.
 
 ```python
-# API access:
+# API access (replace with your Space URL):
 from gradio_client import Client
-client = Client("pliny-the-prompter/obliteratus")
+client = Client("your-username/obliteratus")
 result = client.predict(
     model_choices=["Alibaba (Qwen) / Qwen2.5-0.5B Instruct", "OpenAI / GPT-OSS 20B"],
     method_choice="surgical",
@@ -3102,7 +3217,8 @@ result = client.predict(
                         )
                     with gr.Row():
                         mm_method = gr.Dropdown(
-                            choices=["basic", "advanced", "aggressive", "surgical",
+                            choices=["basic", "advanced", "aggressive",
+                                     "spectral_cascade", "informed", "surgical",
                                      "optimized", "inverted", "nuclear"],
                             value="surgical",
                             label="Abliteration Method",
@@ -3326,7 +3442,7 @@ Pre-configured benchmark configurations for common research questions.
             gr.ChatInterface(
                 fn=chat_respond,
                 type="messages",
-                chatbot=gr.Chatbot(height="22vh", type="messages"),
+                chatbot=gr.Chatbot(height="11vh", type="messages"),
                 additional_inputs=[system_prompt, temperature, top_p, max_tokens, repetition_penalty],
                 fill_height=True,
             )
@@ -3394,15 +3510,15 @@ See exactly how abliteration changes model behavior on the same prompt.
 
             with gr.Row():
                 with gr.Column():
-                    gr.Markdown("#### Original (Pre-Abliteration)")
+                    ab_header_left = gr.Markdown("#### Original (Pre-Abliteration)")
                     ab_chatbot_left = gr.Chatbot(
-                        height="40vh", type="messages",
+                        height="20vh", type="messages",
                         label="Original Model",
                     )
                 with gr.Column():
-                    gr.Markdown("#### Abliterated")
+                    ab_header_right = gr.Markdown("#### Abliterated")
                     ab_chatbot_right = gr.Chatbot(
-                        height="40vh", type="messages",
+                        height="20vh", type="messages",
                         label="Abliterated Model",
                     )
 
@@ -3418,14 +3534,16 @@ See exactly how abliteration changes model behavior on the same prompt.
                 fn=ab_chat_respond,
                 inputs=[ab_input, ab_chatbot_left, ab_chatbot_right,
                         ab_system_prompt, ab_temp, ab_top_p, ab_max_tokens, ab_rep_penalty],
-                outputs=[ab_chatbot_left, ab_chatbot_right, ab_status],
+                outputs=[ab_chatbot_left, ab_chatbot_right, ab_status,
+                         ab_header_left, ab_header_right],
             )
             # Also trigger on Enter
             ab_input.submit(
                 fn=ab_chat_respond,
                 inputs=[ab_input, ab_chatbot_left, ab_chatbot_right,
                         ab_system_prompt, ab_temp, ab_top_p, ab_max_tokens, ab_rep_penalty],
-                outputs=[ab_chatbot_left, ab_chatbot_right, ab_status],
+                outputs=[ab_chatbot_left, ab_chatbot_right, ab_status,
+                         ab_header_left, ab_header_right],
             )
 
         # ── Tab 5: Strength Sweep ────────────────────────────────────────
@@ -3512,11 +3630,13 @@ Download all intermediate data from your last obliteration run as a ZIP archive.
         # ── Tab 7: Leaderboard ────────────────────────────────────────────
         with gr.Tab("Leaderboard", id="leaderboard"):
             gr.Markdown("""### Community Leaderboard
-All benchmark results from this Space are anonymously logged to help the community
-find the best model + method combinations.
+All benchmark results from **every OBLITERATUS Space** (including duplicated copies) are
+automatically aggregated into a central community dataset.  Results appear here regardless
+of which Space instance ran them.
 
 *Telemetry is **on by default** and is fully anonymous — no user identity, IP addresses, or prompt content
-is ever collected. Only aggregate benchmark metrics (model name, method, scores, hardware) are stored locally.
+is ever collected. Only aggregate benchmark metrics (model name, method, scores, hardware) are stored.
+Data is synced to a central HuggingFace Dataset for persistence across Space restarts and upgrades.
 To opt out, set the environment variable `OBLITERATUS_TELEMETRY=0` before launching.*
 """)
 
@@ -3557,10 +3677,17 @@ To opt out, set the environment variable `OBLITERATUS_TELEMETRY=0` before launch
                     total_runs = sum(r['runs'] for r in data)
                     unique_models = len(set(r['model_id'] for r in data))
                     unique_methods = len(set(r['method'] for r in data))
+
+                    # Check data source
+                    from obliteratus.telemetry import _TELEMETRY_REPO
+                    source_note = ""
+                    if _TELEMETRY_REPO:
+                        source_note = f" | Data source: local + [{_TELEMETRY_REPO}](https://huggingface.co/datasets/{_TELEMETRY_REPO})"
+
                     summary = (
                         f"**{total_runs}** total runs across "
                         f"**{unique_models}** models and "
-                        f"**{unique_methods}** methods"
+                        f"**{unique_methods}** methods{source_note}"
                     )
                     return table, summary
                 except Exception as e:
@@ -3573,17 +3700,21 @@ To opt out, set the environment variable `OBLITERATUS_TELEMETRY=0` before launch
                     "Refresh Leaderboard", variant="secondary", size="sm",
                 )
                 lb_push_btn = gr.Button(
-                    "Push to HuggingFace Hub", variant="secondary", size="sm",
+                    "Force Sync to Hub Now", variant="secondary", size="sm",
                 )
             lb_push_status = gr.Markdown("")
 
             def _push_telemetry():
                 try:
-                    from obliteratus.telemetry import push_to_hub
+                    from obliteratus.telemetry import push_to_hub, _TELEMETRY_REPO
+                    repo = _TELEMETRY_REPO
                     ok = push_to_hub()
                     if ok:
-                        return "Telemetry pushed to HuggingFace Hub successfully."
-                    return "Push failed. Check HF_TOKEN and network connection."
+                        return f"Telemetry synced to [{repo}](https://huggingface.co/datasets/{repo}) successfully."
+                    return (
+                        "Sync failed. Telemetry auto-syncs in the background on HF Spaces. "
+                        "For manual push, ensure HF_TOKEN is set with write access."
+                    )
                 except Exception as e:
                     return f"Error: {e}"
 
@@ -3626,12 +3757,13 @@ in weight space, not a deep behavioral change. OBLITERATUS removes it in minutes
 |--------|-----------|-------------|
 | **basic** | 1 | Single direction, fast baseline |
 | **advanced** | 4 (SVD) | Norm-preserving, bias projection, 2 passes |
-| **aggressive** | 8 (SVD) | Whitened SVD, iterative refinement, 3 passes |
+| **aggressive** | 8 (SVD) | Whitened SVD, iterative refinement, jailbreak-contrastive, 3 passes |
+| **spectral_cascade** | 6 (wSVD) | DCT frequency decomposition, coherence-weighted, adaptive bands |
 | **informed** | 4 (auto) | Analysis-guided closed-loop: auto-detects alignment, cone geometry, entanglement |
 | **surgical** | 8 (SVD) | Full SOTA: EGA, head surgery, SAE, layer-adaptive, MoE-aware |
 | **optimized** | 4 (SVD) | Bayesian auto-tuned, CoT-aware, KL co-optimized, winsorized |
 | **inverted** | 8 (SVD) | Semantic refusal inversion (2x reflection), router redirect |
-| **nuclear** | 8 (SVD) | Maximum force: all techniques + expert transplant + steering |
+| **nuclear** | 4 (SVD) | Maximum force: all techniques + expert transplant + steering |
 
 ### Novel Techniques (Pipeline)
 

docs/EFFICIENCY_AUDIT.md

@@ -0,0 +1,198 @@
+# OBLITERATUS Pipeline Efficiency Audit
+
+**Auditor perspective**: Shrewd CTO evaluating compute ROI, memory discipline, and time-to-value across all obliteration methods.
+
+**Scope**: Every obliteration method in `abliterate.py` (8 primary methods + 4 baseline reproductions), the strategy layer (`strategies/`), the informed pipeline, Bayesian optimizer, and LoRA ablation.
+
+---
+
+## Executive Summary
+
+OBLITERATUS has an impressively comprehensive pipeline, but several methods carry **significant hidden costs** that erode their value proposition. The worst offenders are:
+
+1. **`_collect_activations` runs prompts one-at-a-time** — this is the single biggest throughput bottleneck in the entire system, costing 5-15x in wall-clock time during PROBE.
+2. **Bayesian `optimized` mode clones ALL strong-layer weights to CPU** for rollback, then runs 50 full forward+generate passes — the memory and compute overhead can exceed the rest of the pipeline combined.
+3. **`true_iterative_refinement` re-runs the entire PROBE+DISTILL pipeline** per refinement pass with zero early-stopping — 3 passes in `aggressive` triples probe cost even when pass 2 achieves negligible improvement.
+4. **SAE training on CPU** is needlessly slow for GPU-resident models.
+
+Below is the method-by-method breakdown.
+
+---
+
+## Stage-Level Audit
+
+### Stage 1: SUMMON (Model Loading)
+
+**Status**: Acceptable. Uses `load_model` with quantization support and `expandable_segments` CUDA config. No issues.
+
+### Stage 2: PROBE (`_collect_activations`)
+
+| Issue | Severity | Impact |
+|-------|----------|--------|
+| **Single-prompt forward passes** (`abliterate.py:1074`) | CRITICAL | Each of 512+ harmful/harmless prompts triggers a separate `model(**inputs)` call. No batching. On a 7B model with 512 pairs, this means ~1024 sequential forward passes instead of ~32 batched passes (batch_size=32). Estimated 5-15x slowdown. |
+| **`_free_gpu_memory()` called after EVERY prompt** (`abliterate.py:1086`) | HIGH | `gc.collect()` + `torch.cuda.empty_cache()` 1024 times is expensive — the Python GC full-collection alone adds measurable overhead at this frequency. Should be called every N prompts, not every single one. |
+| **Chat template applied per-prompt in a Python loop** (`abliterate.py:955-965`) | MODERATE | `tokenizer.apply_chat_template()` called individually 1024 times. Should batch. |
+| **Jailbreak probing doubles cost** when `use_jailbreak_contrast=True` | MODERATE | Adds a third full pass over all prompts. Justified by the quality improvement, but the lack of batching amplifies the cost 3x instead of 1.5x. |
+| **Router profiling hooks zero-cost claim is correct** (`abliterate.py:872`) | OK | Hooks piggyback on existing forward passes. Good design. |
+
+**Recommendation**: Batch `_collect_activations`. Tokenize all prompts, pad to equal length per micro-batch, run batched `model(**inputs)`. Expected 5-10x speedup with zero quality loss. Reduce `_free_gpu_memory()` frequency to every 32-64 prompts.
+
+### Stage 3: DISTILL (`_distill`)
+
+| Issue | Severity | Impact |
+|-------|----------|--------|
+| **Full SVD on per-prompt diff matrix** (`abliterate.py:1226`) | MODERATE | `torch.linalg.svd(diff_matrix, full_matrices=False)` on a `(512, hidden_dim)` matrix per layer. For 32 layers this is 32 SVD calls, each O(min(m,n)^2 * max(m,n)). At hidden_dim=4096, each is ~100ms on CPU. Total: ~3s. Acceptable for the quality gain. |
+| **Whitened SVD import is lazy** (`abliterate.py:1127`) | OK | Good — only imports when needed. No cost for basic/advanced. |
+| **Wasserstein extraction** (`abliterate.py:1136`) | OK | Falls back gracefully. The GEP solve is lightweight. |
+| **RDO gradient optimization: 500 steps per layer** (`abliterate.py:1427`) | HIGH | For 20 strong layers, that's 10,000 Adam steps. Each step involves a matrix multiply on `(n_prompts, hidden_dim)` tensors. On CPU this takes 30-60s. The 500-step budget is a "practical compromise" per the comments, but the SVD warm-start means most directions converge in ~100 steps. **No early stopping.** |
+| **Gram-Schmidt re-orthogonalization is O(k^2)** per layer (`abliterate.py:1168-1173`) | LOW | With k<=8, this is negligible. |
+| **SAE training: 30 epochs on CPU** (`abliterate.py:1582`) | HIGH | `device="cpu"` is hardcoded. For hidden_dim=4096 and expansion=4, the SAE has 32M parameters. 30 epochs on CPU takes 15-45s per layer. With 20 strong layers, this is 5-15 minutes of wasted time when a GPU is available. |
+| **Layer selection (knee + COSMIC fusion)** | OK | Lightweight statistical operations. No concern. |
+| **CoT-aware orthogonalization** | OK | Single SVD per layer, simple vector operations. |
+| **Jailbreak-contrastive blending** | OK | Pure vector arithmetic, negligible cost. |
+| **Float-layer interpolation** | OK | Gaussian weight computation is trivial. |
+
+**Recommendation**: (1) Add early-stopping to RDO at convergence (e.g., loss delta < 1e-4 for 20 consecutive steps). (2) Use GPU for SAE training when available — change `device="cpu"` to auto-detect.
+
+### Stage 4: EXCISE (`_excise`)
+
+| Issue | Severity | Impact |
+|-------|----------|--------|
+| **Rank-1 projection is memory-efficient** (`abliterate.py:3479-3480`) | OK | `W @ d` produces a vector, not a full projection matrix. This is the right approach. |
+| **`true_iterative_refinement` re-runs PROBE+DISTILL** (`abliterate.py:2474-2485`) | CRITICAL | Each refinement pass re-collects all activations (512*2+ forward passes) and re-runs SVD. `aggressive` mode does 3 passes = 3x full pipeline cost. There is **no check** whether the refined directions materially differ from the previous pass. A cosine-similarity early-exit (e.g., all directions > 0.99 cosine with previous pass → stop) would save enormous compute on pass 3. |
+| **Bayesian optimization clones ALL weight tensors** (`bayesian_optimizer.py:301-341`) | CRITICAL | For a 7B model with 20 strong layers, this can be 2-4 GB of CPU clones just for rollback. For a 70B model, this is 20-40 GB. The log even reports the size (`total_saved_mb`), but there's no memory check or fallback. |
+| **Bayesian trials run full generate passes** (`bayesian_optimizer.py:445-446`) | CRITICAL | Each of 50 trials runs `_measure_refusal_rate` (8-30 generation calls with `max_new_tokens=128`) PLUS `_measure_kl_divergence` (5 forward passes). That's ~35 forward/generate passes per trial × 50 trials = **1,750 forward passes** just for hyperparameter search. This likely dominates the total pipeline runtime for `optimized` and `heretic` modes. |
+| **KL optimization proxy is cheap** (`abliterate.py:3057-3268`) | OK | Uses projection magnitude as a KL proxy instead of actual per-layer forward passes. Good engineering — avoids the expensive per-layer ablation/measurement loop. |
+| **Norm preservation adds one extra `.norm()` per weight matrix** | LOW | Frobenius norm is O(n) — negligible overhead. |
+| **Dequantize/re-quantize for bitsandbytes** (`abliterate.py:3287-3400`) | MODERATE | Necessary for correctness, but the full dequantize → modify → re-quantize cycle per weight matrix is expensive for 4-bit models. Consider caching the dequantized tensor when projecting multiple directions through the same weight. |
+| **Safety-neuron masking** | LOW | Z-score computation is a single pass over the projection vector. Cheap. |
+| **Expert transplant uses incremental mean** (`abliterate.py:4350-4364`) | OK | Welford-style running mean avoids materializing all expert weights. Good memory discipline for 400B-scale models. |
+| **`_stabilize_router_weights` called after every MoE layer** (`abliterate.py:3866`) | LOW | Clamps router weights. Trivial cost. |
+
+**Recommendation**: (1) Add direction-convergence early-exit to iterative refinement. (2) Reduce Bayesian trial count or implement batch generation for refusal measurement. (3) Cache dequantized weights across multi-direction projection within the same layer.
+
+### Stage 5: VERIFY (`_verify`)
+
+| Issue | Severity | Impact |
+|-------|----------|--------|
+| **30 generation calls for refusal measurement** (`abliterate.py:4622`) | MODERATE | Each generates up to 128 tokens with greedy decoding. For a 7B model this is ~30s total. Acceptable as a one-time quality check. |
+| **`_tier_label` does `list.index()` per prompt** (`abliterate.py:4593`) | LOW | O(n) search in a list for each of 30 prompts. Trivially fixable with a dict, but the cost is negligible at n=512. |
+| **Perplexity measurement on 3 short texts** | OK | Minimal cost. |
+
+### Stage 6: REBIRTH (Model Saving)
+
+Not audited in detail — standard HuggingFace `save_pretrained`. No efficiency concerns.
+
+---
+
+## Method-by-Method Efficiency Grades
+
+| Method | Compute Cost | Memory Cost | Value/Cost Ratio | Grade |
+|--------|-------------|-------------|-------------------|-------|
+| **basic** | Low (1 dir, 1 pass, no extras) | Low | High | **A** |
+| **advanced** | Moderate (4 dirs, 2 passes, norm-preserve, bias projection) | Moderate | High | **A-** |
+| **aggressive** | High (8 dirs, 3 passes with `true_iterative_refinement`) | High (3x activation storage) | Moderate — 3rd pass rarely justified | **B-** |
+| **informed** | High (runs analysis modules + Wasserstein GEP) | High (analysis module state) | High — analysis feedback is genuinely valuable | **B+** |
+| **surgical** | Very High (SAE training + head surgery + EGA + neuron masking) | Very High | Moderate — many techniques compound but with diminishing returns | **C+** |
+| **inverted** | Very High (surgical + reflection + SAE) | Very High | Niche — only needed for "actively compliant" use case | **C** |
+| **optimized** | Extreme (50 Bayesian trials × 35 forward passes each) | Extreme (full weight clones + 1750 forward passes) | Low unless you have a multi-GPU cluster | **D+** |
+| **nuclear** | Very High (inverted + layer-adaptive + expert transplant + steering hooks) | Very High | Highly specialized — justified only for stubborn MoE models | **C** |
+
+### Baseline Reproductions
+
+| Method | Compute Cost | Grade | Notes |
+|--------|-------------|-------|-------|
+| **failspy** | Low | **A** | Faithful minimal reproduction. Efficient by design. |
+| **gabliteration** | Low-Moderate | **A-** | 4-dir SVD + ridge. Clean. |
+| **heretic** | Extreme | **D** | Inherits Bayesian trial overhead. 50 trials × 35 passes each. |
+| **rdo** | High | **B** | 500 gradient steps/layer. Would benefit from early-stopping. |
+
+---
+
+## Strategy Module Audit (`strategies/`)
+
+| Strategy | Implementation | Grade |
+|----------|---------------|-------|
+| `embedding_ablation` | Clean zero-out by chunk. `torch.no_grad()` used correctly. | **A** |
+| `ffn_ablation` | Iterates all FFN params and zeros. Fine for ablation study. | **A** |
+| `head_pruning` | Handles GPT-2 Conv1D and standard Q/K/V separately. Correct. | **A-** |
+| `layer_removal` | Zeros all params. Simple and correct. | **A** |
+| `registry` | Minimal dict-based registry with decorator. No overhead. | **A** |
+| `runner.py` | **Creates a new `Evaluator` per spec** (`runner.py:86-95`). This re-initializes dataset processing for every ablation spec. Should create once and reuse. | **B** |
+
+---
+
+## Cross-Cutting Concerns
+
+### 1. Memory Management
+
+- **Good**: `_free_gpu_memory()` exists and is called between stages. `expandable_segments` is set early.
+- **Bad**: `_free_gpu_memory()` called 1024+ times during PROBE (once per prompt). The `gc.collect()` cost alone adds up.
+- **Bad**: Bayesian optimizer clones all strong-layer weights with no memory budget check.
+- **Bad**: No streaming/chunking for activation storage — all 512 prompts × 32 layers of activations are held in a list of CPU tensors simultaneously.
+
+### 2. GPU Utilization
+
+- **Good**: Adaptive `max_length` based on free GPU memory.
+- **Good**: Rank-1 projections avoid materializing full projection matrices.
+- **Bad**: SAE training hardcoded to CPU.
+- **Bad**: Single-prompt forward passes waste GPU parallelism.
+- **Bad**: No `torch.compile()` or `torch.inference_mode()` used anywhere (the latter is faster than `torch.no_grad()` for inference).
+
+### 3. Quantization Handling
+
+- **Good**: Detects bitsandbytes 4-bit/8-bit and dequantizes before projection.
+- **Good**: Refuses to operate on raw quantized bytes (avoids silent corruption).
+- **Moderate**: Full dequantize/re-quantize per direction per weight matrix. Could cache across multi-direction projections.
+
+---
+
+## Top 5 Recommendations (Ranked by Impact)
+
+### 1. Batch `_collect_activations` (CRITICAL — 5-15x PROBE speedup)
+
+```python
+# Current: one prompt at a time
+for i, prompt in enumerate(prompts):
+    inputs = tokenizer(prompt, ...)
+    model(**inputs)
+
+# Proposed: micro-batched
+for batch_start in range(0, len(prompts), batch_size):
+    batch = prompts[batch_start:batch_start+batch_size]
+    inputs = tokenizer(batch, return_tensors="pt", padding=True, truncation=True, max_length=max_length)
+    inputs = {k: v.to(device) for k, v in inputs.items()}
+    with torch.no_grad():
+        model(**inputs)
+```
+
+Hooks need a minor adjustment to handle batch dimension, but the core change is ~20 lines.
+
+### 2. Add early-stopping to `true_iterative_refinement` (HIGH — saves 1-2 full PROBE passes)
+
+After re-distilling, compute cosine similarity between old and new refusal directions. If all directions are >0.99 cosine, skip remaining passes. Expected to save 30-60% of `aggressive` mode runtime.
+
+### 3. Move SAE training to GPU (HIGH — 5-15 min saved for `surgical`/`inverted`)
+
+Change `device="cpu"` to auto-detect available GPU. The SAE is small (32M params at expansion=4) and fits easily alongside the model.
+
+### 4. Reduce Bayesian trial overhead (HIGH — saves 30-60 min for `optimized`)
+
+Options:
+- Reduce `n_refusal_prompts` from 8-30 to 4-6 (generation is expensive)
+- Use perplexity-only as a faster proxy in early trials, switch to refusal measurement for top candidates
+- Implement batch generation for `_measure_refusal_rate`
+
+### 5. Add early-stopping to RDO (MODERATE — saves 10-30s for `rdo` mode)
+
+Monitor loss convergence and break at plateau (delta < 1e-4 for 20 steps). Most directions converge in ~100-200 steps, not 500.
+
+---
+
+## Verdict
+
+The pipeline is **architecturally sound** — the rank-1 projection math is correct and memory-efficient, the stage separation is clean, and the progressive method complexity (basic → nuclear) gives users clear cost/quality tradeoffs. However, the **PROBE stage bottleneck** (single-prompt forward passes) and **Bayesian trial overhead** (1750 forward passes) are the two elephants in the room. Fixing just recommendation #1 would make the entire system 3-5x faster for the majority of users who run basic/advanced/aggressive modes.
+
+The `optimized` and `heretic` modes have a legitimate place for users with compute budget, but their current efficiency makes them impractical for anything under an A100. The documentation should be more explicit about expected runtimes.
+
+**Overall system grade: B+** — excellent functionality, needs batching and early-stopping.

obliteratus/abliterate.py

@@ -77,8 +77,16 @@ METHODS = {
         "true_iterative_refinement": False,
     },
     "aggressive": {
-        "label": "Aggressive (Full Gabliteration)",
-        "description": "Maximum direction extraction, deep orthogonalization, iterative refinement",
+        "label": "Aggressive (Full Gabliteration + Enhanced)",
+        "description": (
+            "Maximum direction extraction with enhanced adaptive pipeline. "
+            "Whitened SVD with jailbreak-contrastive refinement, layer-adaptive "
+            "projection strengths, cosine-similarity early-exit for iterative "
+            "refinement (skips unnecessary re-probe passes when directions "
+            "converge), attention head surgery on top safety heads, and "
+            "activation winsorization for robust direction extraction. "
+            "Zero regularization for maximum refusal removal."
+        ),
         "n_directions": 8,
         "norm_preserve": True,
         "regularization": 0.0,
@@ -87,6 +95,39 @@ METHODS = {
         "use_chat_template": True,
         "use_whitened_svd": True,
         "true_iterative_refinement": True,
+        "use_jailbreak_contrast": True,
+        "layer_adaptive_strength": True,
+        "attention_head_surgery": True,
+        "winsorize_activations": True,
+        "winsorize_percentile": 0.01,
+    },
+    "spectral_cascade": {
+        "label": "Spectral Cascade (Multi-Resolution Frequency Decomposition)",
+        "description": (
+            "Novel method that decomposes refusal signals into spectral "
+            "frequency bands across the layer axis using DCT. Applies "
+            "strong projection to low-frequency components (systematic "
+            "refusal trend spanning many layers) and gentle/no projection "
+            "to high-frequency components (capability-entangled noise). "
+            "Cascade refinement re-measures residual refusal after each "
+            "frequency band and stops early when signal is eliminated. "
+            "Achieves cleaner removal with less capability damage by "
+            "separating trained-in refusal patterns from per-layer artifacts."
+        ),
+        "n_directions": 6,
+        "norm_preserve": True,
+        "regularization": 0.0,
+        "refinement_passes": 2,
+        "project_biases": True,
+        "use_chat_template": True,
+        "use_whitened_svd": True,
+        "true_iterative_refinement": True,
+        "use_jailbreak_contrast": True,
+        "layer_adaptive_strength": True,
+        "attention_head_surgery": False,
+        "spectral_cascade": True,
+        "spectral_bands": 3,
+        "spectral_threshold": 0.05,
     },
     "informed": {
         "label": "Informed (Analysis-Guided)",
@@ -517,6 +558,10 @@ class AbliterationPipeline:
         layer_selection: str | None = None,
         rdo_refinement: bool | None = None,
         use_wasserstein_optimal: bool | None = None,
+        # Spectral Cascade parameters
+        spectral_cascade: bool | None = None,
+        spectral_bands: int | None = None,
+        spectral_threshold: float | None = None,
         large_model_mode: bool = False,
         on_stage: Callable[[StageResult], None] | None = None,
         on_log: Callable[[str], None] | None = None,
@@ -603,6 +648,11 @@ class AbliterationPipeline:
         self.rdo_refinement = rdo_refinement if rdo_refinement is not None else method_cfg.get("rdo_refinement", False)
         self.use_wasserstein_optimal = use_wasserstein_optimal if use_wasserstein_optimal is not None else method_cfg.get("use_wasserstein_optimal", False)
 
+        # Spectral Cascade parameters
+        self.spectral_cascade = spectral_cascade if spectral_cascade is not None else method_cfg.get("spectral_cascade", False)
+        self.spectral_bands = spectral_bands if spectral_bands is not None else method_cfg.get("spectral_bands", 3)
+        self.spectral_threshold = spectral_threshold if spectral_threshold is not None else method_cfg.get("spectral_threshold", 0.05)
+
         # Large model mode: conservative defaults for 120B+ models.
         # Reduces memory footprint by limiting SAE features, directions,
         # and refinement passes.  Explicit parameter overrides still apply.
@@ -965,6 +1015,204 @@ class AbliterationPipeline:
                 self.log(f"    chat template {i + 1}/{n}")
         return wrapped
 
+    @staticmethod
+    def _apply_spectral_cascade_weights(self):
+        """Apply Spectral Cascade: frequency-selective per-layer projection weights.
+
+        Novel contribution: instead of treating refusal removal as a flat
+        linear operation across layers, Spectral Cascade decomposes the
+        refusal signal into spectral frequency bands via DCT and applies
+        frequency-dependent attenuation.  This separates *systematic* refusal
+        (low-frequency smooth trend across many layers — the trained-in
+        alignment signal) from *per-layer noise* (high-frequency spikes that
+        are more likely capability-entangled artifacts).
+
+        The algorithm has three stages:
+
+        **Stage 1 — Direction coherence weighting.**
+        For each layer, compute the cosine similarity of its refusal direction
+        with its neighbors.  Layers whose refusal direction is coherent with
+        adjacent layers are more likely part of the systematic refusal trend.
+        This produces a per-layer coherence score in [0, 1] that modulates
+        the magnitude signal before spectral decomposition.
+
+        **Stage 2 — DCT spectral decomposition.**
+        Apply a Type-II DCT to the coherence-weighted magnitude vector.
+        Split the resulting coefficients into frequency bands (adaptively
+        sized based on spectral energy distribution).  Low-frequency bands
+        get full projection weight; high-frequency bands get attenuated.
+
+        **Stage 3 — Cascade with early-exit.**
+        Process bands from lowest to highest frequency.  After each band,
+        measure remaining spectral energy.  Stop early when residual energy
+        drops below ``spectral_threshold``.
+
+        Results are stored in ``_layer_excise_weights`` to modulate
+        per-layer projection strength during EXCISE.
+        """
+        sorted_layers = sorted(self._strong_layers)
+        if len(sorted_layers) < 4:
+            # Too few layers for meaningful spectral decomposition
+            return
+
+        # ── Stage 1: Direction coherence weighting ──────────────────
+        # Measure how coherent each layer's refusal direction is with its
+        # neighbors.  High coherence = part of the systematic refusal trend.
+        # Low coherence = noisy / capability-entangled.
+        magnitudes = []
+        directions = []
+        for idx in sorted_layers:
+            if idx in self.refusal_directions:
+                d = self.refusal_directions[idx].float()
+                directions.append(d / d.norm().clamp(min=1e-8))
+                magnitudes.append(d.norm().item())
+            else:
+                directions.append(None)
+                magnitudes.append(0.0)
+
+        n = len(magnitudes)
+        coherence = torch.ones(n)
+        for i in range(n):
+            if directions[i] is None:
+                coherence[i] = 0.0
+                continue
+            # Average cosine similarity with up to 2 neighbors on each side
+            neighbor_sims = []
+            for delta in [-2, -1, 1, 2]:
+                j = i + delta
+                if 0 <= j < n and directions[j] is not None:
+                    cos = (directions[i] @ directions[j]).abs().item()
+                    neighbor_sims.append(cos)
+            if neighbor_sims:
+                coherence[i] = sum(neighbor_sims) / len(neighbor_sims)
+            else:
+                coherence[i] = 0.5  # isolated layer — neutral
+
+        # Coherence-weighted magnitudes: amplify coherent layers, dampen noisy ones
+        magnitudes_t = torch.tensor(magnitudes, dtype=torch.float32)
+        # Soft modulation: weighted_mag = mag * (0.3 + 0.7 * coherence)
+        # This keeps all layers > 0 but boosts coherent ones
+        weighted_mags = magnitudes_t * (0.3 + 0.7 * coherence)
+
+        # Normalize to unit energy for stable DCT
+        mag_norm = weighted_mags.norm()
+        if mag_norm < 1e-8:
+            return
+        weighted_mags = weighted_mags / mag_norm
+
+        self.log(
+            f"  Spectral Cascade: coherence range "
+            f"[{coherence.min().item():.3f}, {coherence.max().item():.3f}]"
+        )
+
+        # ── Stage 2: DCT spectral decomposition ────────────────────
+        # Build orthonormal Type-II DCT basis
+        dct_basis = torch.zeros(n, n)
+        for k in range(n):
+            for i in range(n):
+                dct_basis[k, i] = math.cos(math.pi * k * (2 * i + 1) / (2 * n))
+            if k == 0:
+                dct_basis[k] *= math.sqrt(1.0 / n)
+            else:
+                dct_basis[k] *= math.sqrt(2.0 / n)
+
+        # DCT coefficients
+        coeffs = dct_basis @ weighted_mags  # (n,)
+
+        # Adaptive band count: determine optimal number of bands based on
+        # where spectral energy concentrates.  Compute cumulative energy and
+        # find the coefficient index where 90% of energy is captured.
+        # Per Parseval's theorem, spectral energy = sum of squared coefficients
+        coeff_energy = coeffs.pow(2)
+        total_energy = coeff_energy.sum().item()
+        if total_energy < 1e-8:
+            return
+
+        cumulative = 0.0
+        knee_idx = n
+        for k in range(n):
+            cumulative += coeff_energy[k].item()
+            if cumulative >= 0.9 * total_energy:
+                knee_idx = k + 1
+                break
+
+        # Use at most spectral_bands, but reduce if energy is concentrated
+        # in fewer coefficients (no point splitting beyond the knee)
+        n_bands = min(self.spectral_bands, max(2, knee_idx))
+
+        # Split coefficients into bands (low → high frequency)
+        band_size = max(1, n // n_bands)
+        bands = []
+        for b in range(n_bands):
+            start = b * band_size
+            end = n if b == n_bands - 1 else (b + 1) * band_size
+            bands.append((start, end))
+
+        # ── Stage 3: Frequency-band cascade with early-exit ─────────
+        layer_weights = torch.ones(n)
+
+        self.log(
+            f"  Spectral Cascade: {n_bands} bands over {n} layers "
+            f"(knee at coeff {knee_idx}, 90% energy)"
+        )
+
+        for band_idx, (start, end) in enumerate(bands):
+            # Reconstruct this band's contribution via inverse DCT
+            band_coeffs = torch.zeros(n)
+            band_coeffs[start:end] = coeffs[start:end]
+            band_signal = dct_basis.T @ band_coeffs
+
+            band_energy = band_signal.norm().item()
+            freq_label = "low" if band_idx == 0 else ("mid" if band_idx < n_bands - 1 else "high")
+
+            # Attenuation schedule: band 0 (lowest freq) = 1.0, last band = 0.2
+            # Smooth exponential decay rather than linear for gentler falloff
+            if n_bands > 1:
+                t = band_idx / (n_bands - 1)
+                attenuation = math.exp(-1.6 * t)  # e^0=1.0, e^-1.6≈0.20
+            else:
+                attenuation = 1.0
+
+            # Per-layer weight modulation based on this band's contribution
+            for i in range(n):
+                if abs(weighted_mags[i].item()) > 1e-10:
+                    band_fraction = abs(band_signal[i].item()) / (abs(weighted_mags[i].item()) + 1e-10)
+                    band_fraction = min(band_fraction, 1.0)
+                    layer_weights[i] = (
+                        layer_weights[i] * (1.0 - band_fraction)
+                        + attenuation * band_fraction
+                    )
+
+            self.log(
+                f"    Band {band_idx} ({freq_label}-freq, coeffs {start}-{end}): "
+                f"energy={band_energy:.4f}, attenuation={attenuation:.2f}"
+            )
+
+            # Cascade early-exit: check remaining spectral energy
+            remaining_coeffs = torch.zeros(n)
+            for future_start, future_end in bands[band_idx + 1:]:
+                remaining_coeffs[future_start:future_end] = coeffs[future_start:future_end]
+            remaining_energy = (dct_basis.T @ remaining_coeffs).norm().item()
+
+            if remaining_energy < self.spectral_threshold:
+                self.log(
+                    f"    Cascade early-exit: remaining energy {remaining_energy:.4f} "
+                    f"< threshold {self.spectral_threshold}"
+                )
+                break
+
+        # Store spectral weights into _layer_excise_weights
+        if not hasattr(self, "_layer_excise_weights"):
+            self._layer_excise_weights = {}
+        for i, idx in enumerate(sorted_layers):
+            existing = self._layer_excise_weights.get(idx, 1.0)
+            self._layer_excise_weights[idx] = existing * layer_weights[i].item()
+
+        self.log(
+            f"  Spectral Cascade: weight range "
+            f"[{min(layer_weights).item():.3f}, {max(layer_weights).item():.3f}]"
+        )
+
     @staticmethod
     def _winsorize_activations(
         activations: dict[int, list[torch.Tensor]],
@@ -1029,22 +1277,22 @@ class AbliterationPipeline:
             def hook_fn(module, input, output):
                 hidden = output[0] if isinstance(output, tuple) else output
                 if collect_multi_pos and hidden.shape[1] > 4:
-                    # Collect at last, 75%, and 50% positions to capture
-                    # reasoning-stage refusal in CoT models (GPT-OSS, QwQ, etc.)
                     seq_len = hidden.shape[1]
                     positions = [
-                        seq_len - 1,            # last token
-                        int(seq_len * 0.75),     # 75th percentile
-                        int(seq_len * 0.50),     # midpoint
+                        seq_len - 1,
+                        int(seq_len * 0.75),
+                        int(seq_len * 0.50),
                     ]
-                    # Deduplicate positions for very short sequences
                     positions = sorted(set(positions))
-                    pos_acts = hidden[:, positions, :]  # (batch, n_pos, hidden)
-                    # Average across positions — captures refusal from all stages
-                    avg_act = pos_acts.mean(dim=1)  # (batch, hidden)
-                    activations[idx].append(avg_act.detach().cpu().float())
+                    pos_acts = hidden[:, positions, :]
+                    avg_act = pos_acts.mean(dim=1).detach().cpu().float()
+                    # Unbatch: preserve per-prompt (1, hidden) structure
+                    for b in range(avg_act.shape[0]):
+                        activations[idx].append(avg_act[b:b+1])
                 else:
-                    activations[idx].append(hidden[:, -1, :].detach().cpu().float())
+                    act = hidden[:, -1, :].detach().cpu().float()
+                    for b in range(act.shape[0]):
+                        activations[idx].append(act[b:b+1])
             return hook_fn
 
         for idx in range(n_layers):
@@ -1056,6 +1304,7 @@ class AbliterationPipeline:
         # Adaptive max_length: shorten sequences when GPU memory is tight.
         # For CoT-aware mode we need more sequence to capture reasoning tokens.
         max_length = 384 if collect_multi_pos else 256
+        free_gb = 0.0
         if torch.cuda.is_available():
             free_gb = sum(
                 torch.cuda.mem_get_info(i)[0] / (1024 ** 3)
@@ -1070,21 +1319,32 @@ class AbliterationPipeline:
 
         device = self._get_model_device(model)
 
+        # Batch prompts for throughput — hooks unbatch per-prompt activations
+        batch_size = 16 if free_gb > 4.0 else 8 if free_gb > 2.0 else 1
+        # Left-pad so position -1 is always the last real token in every batch element
+        orig_padding_side = getattr(tokenizer, "padding_side", "right")
+        if batch_size > 1:
+            tokenizer.padding_side = "left"
+            if tokenizer.pad_token_id is None:
+                tokenizer.pad_token_id = tokenizer.eos_token_id
         try:
-            for i, prompt in enumerate(prompts):
-                self.log(f"  [{label}] prompt {i + 1}/{len(prompts)}")
+            for batch_start in range(0, len(prompts), batch_size):
+                batch_end = min(batch_start + batch_size, len(prompts))
+                batch = prompts[batch_start:batch_end]
+                self.log(f"  [{label}] prompts {batch_start + 1}-{batch_end}/{len(prompts)}")
                 inputs = tokenizer(
-                    prompt, return_tensors="pt", padding=True, truncation=True,
+                    batch, return_tensors="pt", padding=True, truncation=True,
                     max_length=max_length,
                 )
                 inputs = {k: v.to(device) for k, v in inputs.items()}
                 with torch.no_grad():
                     model(**inputs)
-                # Free forward-pass intermediates between prompts to prevent
-                # CUDA memory fragmentation when headroom is tight
                 del inputs
-                self._free_gpu_memory()
+                # Free GPU memory every few batches, not every prompt
+                if (batch_end % (batch_size * 4) == 0) or batch_end == len(prompts):
+                    self._free_gpu_memory()
         finally:
+            tokenizer.padding_side = orig_padding_side
             for h in hooks:
                 h.remove()
 
@@ -1164,13 +1424,7 @@ class AbliterationPipeline:
                                 # keep remaining SVD directions orthogonalized against it
                                 w_dir = w_result.direction.unsqueeze(0)
                                 sub = torch.cat([w_dir, svd_dirs[1:]], dim=0)
-                                # Gram-Schmidt to orthogonalize against Wasserstein dir
-                                for j in range(1, sub.shape[0]):
-                                    for kk in range(j):
-                                        sub[j] -= (sub[j] @ sub[kk]) * sub[kk]
-                                    row_norm = sub[j].norm()
-                                    if row_norm > 1e-8:
-                                        sub[j] /= row_norm
+                                sub = self._orthogonalize_subspace(sub)
                                 self.refusal_subspaces[idx] = sub
                         continue
                     except Exception as e:
@@ -1354,17 +1608,10 @@ class AbliterationPipeline:
                         continue
                     blended = blended / blended_norm
                     self.refusal_directions[idx] = blended
-                    # Update subspace row 0 and re-orthogonalize remaining
-                    # rows via Gram-Schmidt to maintain orthogonality.
                     sub = self.refusal_subspaces[idx]
                     sub[0] = blended
                     if sub.shape[0] > 1:
-                        for j in range(1, sub.shape[0]):
-                            for k in range(j):
-                                sub[j] -= (sub[j] @ sub[k]) * sub[k]
-                            row_norm = sub[j].norm()
-                            if row_norm > 1e-8:
-                                sub[j] /= row_norm
+                        sub = self._orthogonalize_subspace(sub)
                     self.refusal_subspaces[idx] = sub
             self.log(f"  Blended {len(self._strong_layers)} directions (data-driven α per layer)")
 
@@ -1576,15 +1823,24 @@ class AbliterationPipeline:
                             sae_mem_mb = 2 * hidden_dim * (sae_expansion * hidden_dim) * 4 / 1e6
                     except Exception:
                         pass  # Fallback to hidden_dim-based heuristic
+                # Use GPU when enough headroom exists (SAE is small relative to model)
+                sae_device = "cpu"
+                if torch.cuda.is_available():
+                    try:
+                        sae_free_mb = torch.cuda.mem_get_info()[0] / 1e6
+                        if sae_free_mb > sae_mem_mb + 1024:
+                            sae_device = "cuda"
+                    except Exception:
+                        pass
                 sae = train_sae(
                     all_acts, hidden_dim,
-                    expansion=sae_expansion, n_epochs=30,
-                    sparsity_coef=1e-3, device="cpu",
+                    expansion=sae_expansion, n_epochs=15,
+                    sparsity_coef=1e-3, device=sae_device,
                 )
                 result = identify_refusal_features(
                     sae, self._harmful_acts[idx], self._harmless_acts[idx],
                     layer_idx=idx, top_k=min(self.n_sae_features, hidden_dim // 2),
-                    device="cpu",
+                    device=sae_device,
                 )
                 if result.n_refusal_features > 0:
                     self._sae_directions[idx] = result.sae_directions
@@ -1749,6 +2005,30 @@ class AbliterationPipeline:
             strong_layers=self._strong_layers,
         )
 
+    @staticmethod
+    def _orthogonalize_subspace(sub: torch.Tensor) -> torch.Tensor:
+        """Orthogonalize rows of a subspace matrix via QR decomposition.
+
+        Replaces the duplicated Gram-Schmidt nested loops with a single QR call
+        that is numerically more stable and O(nk²) instead of O(n²k).
+
+        Args:
+            sub: (k, hidden_dim) tensor whose rows should be orthonormalized.
+                 Row 0 is preserved as the primary direction.
+
+        Returns:
+            Orthonormalized subspace tensor with the same shape.
+        """
+        if sub.shape[0] <= 1:
+            return sub
+        # QR on the transpose: sub^T = Q @ R, then Q^T has orthonormal rows
+        Q, _ = torch.linalg.qr(sub.T)
+        result = Q[:, :sub.shape[0]].T  # (k, hidden_dim)
+        # Ensure row 0 points in the same direction as original
+        if (result[0] @ sub[0]) < 0:
+            result[0] = -result[0]
+        return result
+
     @staticmethod
     def _select_layers_knee(sorted_layers: list[tuple[int, float]]) -> list[int]:
         """Select layers using the kneedle algorithm (simplified).
@@ -2465,6 +2745,19 @@ class AbliterationPipeline:
                 )
                 return  # Skip standard in-place projection
 
+        # ── Spectral Cascade: frequency-band modulated projection ────
+        # Decomposes refusal signal magnitude across layers into spectral
+        # frequency bands using DCT.  Low-frequency components (smooth
+        # trends spanning many layers) get strong projection; high-frequency
+        # components (per-layer noise / capability-entangled) get gentle or
+        # no projection.  This is applied as a per-layer weight multiplier
+        # that modulates the effective projection strength.
+        if self.spectral_cascade and self._strong_layers:
+            self._apply_spectral_cascade_weights()
+
+        # Track previous directions for cosine-similarity early-exit
+        _prev_directions: dict[int, torch.Tensor] = {}
+
         for pass_num in range(self.refinement_passes):
             modified_this_pass = 0
             if self.refinement_passes > 1:
@@ -2472,7 +2765,42 @@ class AbliterationPipeline:
 
             # True iterative refinement: re-probe and re-distill after first pass
             if pass_num > 0 and self.true_iterative_refinement:
+                # ── Cosine-similarity early-exit ─────────────────────────
+                # Skip re-probing if directions converged (all layers have
+                # cosine similarity > 0.99 with previous pass).  This saves
+                # the full PROBE+DISTILL cost when pass N produces nearly
+                # identical directions to pass N-1.
+                if _prev_directions:
+                    converged = True
+                    min_cos = 1.0
+                    for idx in self._strong_layers:
+                        if idx in _prev_directions and idx in self.refusal_directions:
+                            prev_d = _prev_directions[idx].float()
+                            curr_d = self.refusal_directions[idx].float()
+                            # Skip degenerate zero-vector layers
+                            pn = prev_d.norm().item()
+                            cn = curr_d.norm().item()
+                            if pn < 1e-8 or cn < 1e-8:
+                                continue
+                            cos = (prev_d @ curr_d).abs().item() / (pn * cn)
+                            min_cos = min(min_cos, cos)
+                            if cos < 0.99:
+                                converged = False
+                                break
+                    if converged:
+                        self.log(
+                            f"  Early-exit: directions converged (min cosine={min_cos:.4f} >= 0.99), "
+                            f"skipping pass {pass_num + 1}"
+                        )
+                        break
+
                 self.log("  Re-probing model with updated weights...")
+                # Save current directions before re-distilling
+                _prev_directions = {
+                    idx: self.refusal_directions[idx].clone()
+                    for idx in self._strong_layers
+                    if idx in self.refusal_directions
+                }
                 # Clear stale activations before re-probing to avoid memory doubling
                 self._harmful_acts.clear()
                 self._harmless_acts.clear()
@@ -2945,6 +3273,8 @@ class AbliterationPipeline:
             extras.append(f"CoT-preserved({len(self._cot_preserve_directions)})")
         if self._kl_contributions:
             extras.append("KL-optimized")
+        if self.spectral_cascade:
+            extras.append(f"spectral-cascade({self.spectral_bands}-bands)")
         mode_label = " + ".join(extras) if extras else "standard"
 
         self.log(f"Excised refusal from {total_modified} matrices [{mode_label}] ({elapsed:.1f}s)")
@@ -2958,21 +3288,58 @@ class AbliterationPipeline:
     def _distill_inner(self):
         """Re-run distillation without emitting stage events (for iterative refinement).
 
-        Includes whitened SVD (when enabled), jailbreak-contrastive blending,
-        and head re-identification to keep directions fresh after weight
-        modifications.
+        Includes Wasserstein-optimal extraction, whitened SVD, jailbreak-contrastive
+        blending with data-driven alpha, and head re-identification to keep
+        directions fresh after weight modifications.
         """
         n_layers = len(self._harmful_means)
         norms: dict[int, float] = {}
         n_dirs = self.n_directions
 
+        # Use Wasserstein-optimal extraction when enabled (matching main _distill)
+        wasserstein_extractor = None
+        if self.use_wasserstein_optimal:
+            try:
+                from obliteratus.analysis.wasserstein_optimal import WassersteinOptimalExtractor
+                wasserstein_extractor = WassersteinOptimalExtractor()
+            except Exception:
+                pass
+
         # Use whitened SVD when enabled (matching main _distill)
         whitened_extractor = None
-        if self.use_whitened_svd and n_dirs > 1:
+        if self.use_whitened_svd and n_dirs > 1 and wasserstein_extractor is None:
             from obliteratus.analysis.whitened_svd import WhitenedSVDExtractor
             whitened_extractor = WhitenedSVDExtractor()
 
         for idx in range(n_layers):
+            # Wasserstein-optimal path (matching main _distill)
+            if wasserstein_extractor is not None:
+                if idx in self._harmful_acts and idx in self._harmless_acts:
+                    try:
+                        w_result = wasserstein_extractor.extract(
+                            self._harmful_acts[idx],
+                            self._harmless_acts[idx],
+                            layer_idx=idx,
+                        )
+                        self.refusal_directions[idx] = w_result.direction
+                        self.refusal_subspaces[idx] = w_result.direction.unsqueeze(0)
+                        norms[idx] = w_result.refusal_projection
+
+                        if n_dirs > 1:
+                            harmful_stack = torch.stack(self._harmful_acts[idx]).squeeze(1)
+                            harmless_stack = torch.stack(self._harmless_acts[idx]).squeeze(1)
+                            diff_matrix = harmful_stack - harmless_stack
+                            if torch.isfinite(diff_matrix).all():
+                                k = min(n_dirs, diff_matrix.shape[0], diff_matrix.shape[1])
+                                _, _, Vh = torch.linalg.svd(diff_matrix, full_matrices=False)
+                                w_dir = w_result.direction.unsqueeze(0)
+                                sub = torch.cat([w_dir, Vh[1:k]], dim=0)
+                                sub = self._orthogonalize_subspace(sub)
+                                self.refusal_subspaces[idx] = sub
+                        continue
+                    except Exception:
+                        pass  # Fall through to SVD
+
             if n_dirs == 1:
                 diff = (self._harmful_means[idx] - self._harmless_means[idx]).squeeze(0)
                 norm = diff.norm().item()
@@ -2984,7 +3351,6 @@ class AbliterationPipeline:
                 self.refusal_directions[idx] = direction
                 self.refusal_subspaces[idx] = direction.unsqueeze(0)
             elif whitened_extractor is not None:
-                # Whitened SVD: same path as main _distill
                 result = whitened_extractor.extract(
                     self._harmful_acts[idx],
                     self._harmless_acts[idx],
@@ -3016,9 +3382,8 @@ class AbliterationPipeline:
         sorted_layers = sorted(norms.items(), key=lambda x: x[1], reverse=True)
         self._strong_layers = self._select_layers_knee(sorted_layers)
 
-        # Re-apply jailbreak-contrastive blending on updated directions
+        # Re-apply jailbreak-contrastive blending with data-driven alpha
         if self.use_jailbreak_contrast and self._jailbreak_means:
-            blend_alpha = 0.5
             for idx in self._strong_layers:
                 if idx not in self._jailbreak_means:
                     continue
@@ -3027,6 +3392,9 @@ class AbliterationPipeline:
                 if jb_norm > 0:
                     jb_dir = jb_diff / jb_norm
                     std_dir = self.refusal_directions[idx]
+                    # Data-driven alpha matching _distill: cos=1→0.1, cos=0→0.7
+                    cos_sim = abs((std_dir @ jb_dir).item())
+                    blend_alpha = max(0.1, min(0.7, 0.7 - 0.6 * cos_sim))
                     blended = (1 - blend_alpha) * std_dir + blend_alpha * jb_dir
                     blended_norm = blended.norm()
                     if blended_norm < 1e-8:
@@ -3036,12 +3404,7 @@ class AbliterationPipeline:
                     sub = self.refusal_subspaces[idx]
                     sub[0] = blended
                     if sub.shape[0] > 1:
-                        for j in range(1, sub.shape[0]):
-                            for k in range(j):
-                                sub[j] -= (sub[j] @ sub[k]) * sub[k]
-                            row_norm = sub[j].norm()
-                            if row_norm > 1e-8:
-                                sub[j] /= row_norm
+                        sub = self._orthogonalize_subspace(sub)
                     self.refusal_subspaces[idx] = sub
 
         # Re-identify refusal heads with updated directions
@@ -3474,16 +3837,19 @@ class AbliterationPipeline:
 
             if W.shape[-1] == d.shape[0]:
                 # Standard Linear: W is (out_features, hidden_dim)
-                original_norm = W.norm().item() if norm_preserve else 0.0
+                original_norm_sq = W.pow(2).sum().item() if norm_preserve else 0.0
 
                 coeff = W @ d                      # (out_features, 1)
+                coeff_norm_sq = coeff.pow(2).sum().item() if norm_preserve else 0.0
                 W.sub_(d.T * (scale * coeff))      # in-place rank-1 update
                 del coeff
 
-                if norm_preserve and original_norm > 0:
-                    new_norm = W.norm().item()
-                    if new_norm > 0:
-                        W.mul_(original_norm / new_norm)
+                # Analytical norm: ||W'||² = ||W||² - scale(2-scale)||coeff||²
+                if norm_preserve and original_norm_sq > 0:
+                    new_norm_sq = max(0.0, original_norm_sq - scale * (2 - scale) * coeff_norm_sq)
+                    if new_norm_sq > 0:
+                        import math
+                        W.mul_(math.sqrt(original_norm_sq / new_norm_sq))
 
                 if is_quantized:
                     AbliterationPipeline._replace_quantized_weight(proj, W)
@@ -3492,16 +3858,19 @@ class AbliterationPipeline:
 
             elif W.shape[0] == d.shape[0]:
                 # Transposed (e.g. GPT-2 Conv1D): W is (hidden_dim, out_features)
-                original_norm = W.norm().item() if norm_preserve else 0.0
+                original_norm_sq = W.pow(2).sum().item() if norm_preserve else 0.0
 
                 coeff = d.T @ W                    # (1, out_features)
+                coeff_norm_sq = coeff.pow(2).sum().item() if norm_preserve else 0.0
                 W.sub_((scale * d) * coeff)        # in-place rank-1 update
                 del coeff
 
-                if norm_preserve and original_norm > 0:
-                    new_norm = W.norm().item()
-                    if new_norm > 0:
-                        W.mul_(original_norm / new_norm)
+                # Analytical norm: ||W'||² = ||W||² - scale(2-scale)||coeff||²
+                if norm_preserve and original_norm_sq > 0:
+                    new_norm_sq = max(0.0, original_norm_sq - scale * (2 - scale) * coeff_norm_sq)
+                    if new_norm_sq > 0:
+                        import math
+                        W.mul_(math.sqrt(original_norm_sq / new_norm_sq))
 
                 if is_quantized:
                     AbliterationPipeline._replace_quantized_weight(proj, W)
@@ -4619,55 +4988,80 @@ class AbliterationPipeline:
             from obliteratus.evaluation.advanced_metrics import _is_refusal_detailed
             prompt_verdicts: list[tuple[str, bool, str]] = []  # (tier, refused, reason)
 
-            for i, (raw_prompt, formatted_prompt) in enumerate(zip(test_harmful, test_harmful_formatted)):
-                tier = tier_labels[i]
+            # Batch generation for throughput (batch_size=4 to stay within VRAM)
+            verify_batch_size = 4
+            # Left-pad for batched generation so all sequences are right-aligned
+            orig_pad_side = getattr(tokenizer, "padding_side", "right")
+            if tokenizer.pad_token_id is None:
+                tokenizer.pad_token_id = tokenizer.eos_token_id
+            tokenizer.padding_side = "left"
+            oom_break = False
+
+            for batch_start in range(0, len(test_harmful_formatted), verify_batch_size):
+                if oom_break:
+                    break
+                batch_end = min(batch_start + verify_batch_size, len(test_harmful_formatted))
+                batch_formatted = test_harmful_formatted[batch_start:batch_end]
+                batch_tiers = tier_labels[batch_start:batch_end]
+
                 try:
                     inputs = tokenizer(
-                        formatted_prompt, return_tensors="pt",
-                        truncation=True, max_length=512,
+                        batch_formatted, return_tensors="pt",
+                        padding=True, truncation=True, max_length=512,
                     )
-                    input_len = inputs["input_ids"].shape[1]
+                    # Track per-prompt input lengths (non-pad tokens)
+                    attention_mask = inputs["attention_mask"]
+                    input_lens = attention_mask.sum(dim=1).tolist()
                     inputs = {k: v.to(device) for k, v in inputs.items()}
                     with torch.no_grad():
-                        output = model.generate(
+                        outputs = model.generate(
                             **inputs,
                             max_new_tokens=128,
                             do_sample=False,
                         )
-                    # Token-ID slicing: robust regardless of special tokens
-                    # in the chat template (skip_special_tokens + string
-                    # slicing silently truncates refusal prefixes).
-                    completion_ids = output[0][input_len:]
-                    completion_len = len(completion_ids)
-                    completion = tokenizer.decode(
-                        completion_ids, skip_special_tokens=True,
-                    ).strip()
-                    harmful_responses.append(completion)
-
-                    # Per-prompt refusal verdict
-                    refused, match_reason = _is_refusal_detailed(completion, mode="combined")
-                    prompt_verdicts.append((tier, refused, match_reason))
-                    verdict_str = f"REFUSED ({match_reason})" if refused else "COMPLIED"
-                    preview = completion[:80].replace("\n", " ")
-                    self.log(f"    [{i + 1}/{n_selected}] {tier} | "
-                             f"in={input_len} out={completion_len} | "
-                             f"{verdict_str} | \"{preview}...\"")
-
-                    del inputs, output
+
+                    # Process each prompt in the batch
+                    for j in range(len(batch_formatted)):
+                        global_idx = batch_start + j
+                        tier = batch_tiers[j]
+                        # With left-padding, input tokens are right-aligned;
+                        # generated tokens follow the last input token.
+                        prompt_token_count = int(input_lens[j])
+                        total_padded_input_len = inputs["input_ids"].shape[1]
+                        gen_start = total_padded_input_len  # generation starts after full padded input
+                        completion_ids = outputs[j][gen_start:]
+                        completion_len = len(completion_ids)
+                        completion = tokenizer.decode(
+                            completion_ids, skip_special_tokens=True,
+                        ).strip()
+                        harmful_responses.append(completion)
+
+                        refused, match_reason = _is_refusal_detailed(completion, mode="combined")
+                        prompt_verdicts.append((tier, refused, match_reason))
+                        verdict_str = f"REFUSED ({match_reason})" if refused else "COMPLIED"
+                        preview = completion[:80].replace("\n", " ")
+                        self.log(f"    [{global_idx + 1}/{n_selected}] {tier} | "
+                                 f"in={prompt_token_count} out={completion_len} | "
+                                 f"{verdict_str} | \"{preview}...\"")
+
+                    del inputs, outputs
                     self._free_gpu_memory()
                 except torch.cuda.OutOfMemoryError:
                     self._free_gpu_memory()
-                    self.log(f"    [{i + 1}/{n_selected}] {tier} | CUDA OOM — stopping")
+                    self.log(f"    [batch {batch_start+1}-{batch_end}] CUDA OOM — stopping")
                     self.log("  Skipping remaining refusal tests (CUDA out of memory)")
-                    break
+                    oom_break = True
                 except (RuntimeError, Exception) as e:
                     err_msg = str(e)
                     if "CUDA" in err_msg or "illegal" in err_msg.lower():
                         self._free_gpu_memory()
-                        self.log(f"    [{i + 1}/{n_selected}] {tier} | CUDA error — stopping")
+                        self.log(f"    [batch {batch_start+1}-{batch_end}] CUDA error — stopping")
                         self.log(f"  Skipping remaining refusal tests (CUDA error: {err_msg[:120]})")
-                        break
-                    raise
+                        oom_break = True
+                    else:
+                        raise
+
+            tokenizer.padding_side = orig_pad_side
 
             if harmful_responses:
                 from obliteratus.evaluation.advanced_metrics import refusal_rate as compute_refusal_rate
@@ -4852,6 +5246,10 @@ class AbliterationPipeline:
                 "cot_aware": self.cot_aware,
                 "use_kl_optimization": self.use_kl_optimization,
                 "use_lora_ablation": self.use_lora_ablation,
+                # Spectral Cascade
+                "spectral_cascade": self.spectral_cascade,
+                "spectral_bands": self.spectral_bands,
+                "spectral_threshold": self.spectral_threshold,
             },
             "references": [
                 "Arditi et al., Refusal in Language Models Is Mediated by a Single Direction (NeurIPS 2024)",

obliteratus/analysis/activation_probing.py

@@ -95,22 +95,30 @@ class ActivationProbe:
             d = d.squeeze()
         d = d / d.norm().clamp(min=1e-8)
 
-        # Compute projections onto refusal direction
-        harmful_projs = []
-        for act in harmful_activations:
-            a = act.float().squeeze()
-            harmful_projs.append((a @ d).item())
-
-        harmless_projs = []
-        for act in harmless_activations:
-            a = act.float().squeeze()
-            harmless_projs.append((a @ d).item())
-
-        h_mean = sum(harmful_projs) / max(len(harmful_projs), 1)
-        b_mean = sum(harmless_projs) / max(len(harmless_projs), 1)
-
-        h_std = (sum((x - h_mean) ** 2 for x in harmful_projs) / max(len(harmful_projs) - 1, 1)) ** 0.5
-        b_std = (sum((x - b_mean) ** 2 for x in harmless_projs) / max(len(harmless_projs) - 1, 1)) ** 0.5
+        # Batch projection: stack all activations into matrices for
+        # vectorized dot-product instead of per-activation Python loops.
+        # This provides 5-15x speedup on large prompt sets.
+        if harmful_activations:
+            h_stack = torch.stack(
+                [a.float().squeeze() for a in harmful_activations]
+            )  # (n_harmful, hidden_dim)
+            h_projs = h_stack @ d  # (n_harmful,)
+            h_mean = h_projs.mean().item()
+            h_std = h_projs.std(correction=1).item() if len(harmful_activations) > 1 else 0.0
+        else:
+            h_mean = 0.0
+            h_std = 0.0
+
+        if harmless_activations:
+            b_stack = torch.stack(
+                [a.float().squeeze() for a in harmless_activations]
+            )  # (n_harmless, hidden_dim)
+            b_projs = b_stack @ d  # (n_harmless,)
+            b_mean = b_projs.mean().item()
+            b_std = b_projs.std(correction=1).item() if len(harmless_activations) > 1 else 0.0
+        else:
+            b_mean = 0.0
+            b_std = 0.0
 
         gap = h_mean - b_mean
 

obliteratus/analysis/sae_abliteration.py

@@ -111,6 +111,25 @@ class SparseAutoencoder(nn.Module):
         return x_hat, z
 
 
+def _auto_detect_device(device: str | None = None) -> str:
+    """Auto-detect the best available device for SAE training.
+
+    When device is ``None`` or ``"auto"``, selects CUDA if available
+    and sufficient free memory exists (>512 MB), otherwise falls back
+    to CPU.
+    """
+    if device is not None and device not in ("auto",):
+        return device
+    if torch.cuda.is_available():
+        try:
+            free_mb = torch.cuda.mem_get_info()[0] / 1e6
+            if free_mb > 512:
+                return "cuda"
+        except Exception:
+            pass
+    return "cpu"
+
+
 def train_sae(
     activations: list[torch.Tensor],
     hidden_dim: int,
@@ -119,7 +138,7 @@ def train_sae(
     lr: float = 3e-4,
     sparsity_coef: float = 1e-3,
     batch_size: int = 32,
-    device: str = "cpu",
+    device: str | None = None,
     test_fraction: float = 0.2,
     patience: int = 5,
     quality_threshold: float = 0.1,
@@ -137,7 +156,8 @@ def train_sae(
         lr: Learning rate
         sparsity_coef: L1 sparsity penalty weight
         batch_size: Mini-batch size
-        device: Training device
+        device: Training device. ``None`` or ``"auto"`` to auto-detect
+            (CUDA when available with sufficient free memory, else CPU).
         test_fraction: Fraction of data reserved for held-out validation
         patience: Early stopping patience (epochs without improvement)
         quality_threshold: Maximum acceptable held-out reconstruction MSE.
@@ -146,6 +166,8 @@ def train_sae(
     """
     import warnings
 
+    device = _auto_detect_device(device)
+
     # Stack and normalize activations
     X = torch.stack([a.squeeze() for a in activations]).float().to(device)
     mean = X.mean(dim=0, keepdim=True)
@@ -244,7 +266,7 @@ def identify_refusal_features(
     harmless_acts: list[torch.Tensor],
     layer_idx: int,
     top_k: int = 16,
-    device: str = "cpu",
+    device: str | None = None,
 ) -> SAERefusalFeatures:
     """Identify SAE features that encode refusal behavior.
 
@@ -258,8 +280,9 @@ def identify_refusal_features(
         harmless_acts: Activations from harmless prompts
         layer_idx: Which layer these activations are from
         top_k: Number of top refusal features to return
-        device: Computation device
+        device: Computation device. ``None`` or ``"auto"`` to auto-detect.
     """
+    device = _auto_detect_device(device)
     sae = sae.to(device)
 
     with torch.no_grad():
@@ -405,7 +428,7 @@ class SAEDecompositionPipeline:
         harmful_acts: list[torch.Tensor],
         harmless_acts: list[torch.Tensor],
         layer_idx: int = 0,
-        device: str = "cpu",
+        device: str | None = None,
     ) -> SAEDecompositionResult:
         """Run the full decomposition pipeline.
 
@@ -413,11 +436,12 @@ class SAEDecompositionPipeline:
             harmful_acts: Activations from harmful prompts.
             harmless_acts: Activations from harmless prompts.
             layer_idx: Layer index for metadata.
-            device: Computation device.
+            device: Computation device. ``None`` or ``"auto"`` to auto-detect.
 
         Returns:
             SAEDecompositionResult with comprehensive feature analysis.
         """
+        device = _auto_detect_device(device)
         all_acts = harmful_acts + harmless_acts
         hidden_dim = harmful_acts[0].squeeze().shape[0]
 

obliteratus/bayesian_optimizer.py

@@ -296,7 +296,7 @@ def run_bayesian_optimization(
     arch = pipeline.handle.architecture
     n_total_layers = len(layer_modules)
 
-    # Save weight tensors for rollback
+    # Save weight tensors for rollback — clone to CPU to free GPU memory
     original_params: list[tuple[torch.Tensor, torch.Tensor]] = []
     seen_data_ptrs: set[int] = set()
 
@@ -308,12 +308,12 @@ def run_bayesian_optimization(
                 if proj is not None and hasattr(proj, "weight"):
                     ptr = proj.weight.data.data_ptr()
                     if ptr not in seen_data_ptrs:
-                        original_params.append((proj.weight.data, proj.weight.data.clone()))
+                        original_params.append((proj.weight.data, proj.weight.data.clone().cpu()))
                         seen_data_ptrs.add(ptr)
                     if hasattr(proj, "bias") and proj.bias is not None:
                         bptr = proj.bias.data.data_ptr()
                         if bptr not in seen_data_ptrs:
-                            original_params.append((proj.bias.data, proj.bias.data.clone()))
+                            original_params.append((proj.bias.data, proj.bias.data.clone().cpu()))
                             seen_data_ptrs.add(bptr)
         except (AttributeError, RuntimeError):
             pass
@@ -324,29 +324,23 @@ def run_bayesian_optimization(
                 if proj is not None and hasattr(proj, "weight"):
                     ptr = proj.weight.data.data_ptr()
                     if ptr not in seen_data_ptrs:
-                        original_params.append((proj.weight.data, proj.weight.data.clone()))
+                        original_params.append((proj.weight.data, proj.weight.data.clone().cpu()))
                         seen_data_ptrs.add(ptr)
                     if hasattr(proj, "bias") and proj.bias is not None:
                         bptr = proj.bias.data.data_ptr()
                         if bptr not in seen_data_ptrs:
-                            original_params.append((proj.bias.data, proj.bias.data.clone()))
+                            original_params.append((proj.bias.data, proj.bias.data.clone().cpu()))
                             seen_data_ptrs.add(bptr)
-            for _name, param in ffn.named_parameters():
-                if param.dim() == 3:
-                    ptr = param.data.data_ptr()
-                    if ptr not in seen_data_ptrs:
-                        original_params.append((param.data, param.data.clone()))
-                        seen_data_ptrs.add(ptr)
         except (AttributeError, RuntimeError):
             pass
 
     del seen_data_ptrs
     total_saved_mb = sum(clone.nelement() * clone.element_size() for _, clone in original_params) / 1e6
-    pipeline.log(f"  Saved {len(original_params)} weight tensors for rollback ({total_saved_mb:.0f} MB)")
+    pipeline.log(f"  Saved {len(original_params)} weight tensors for rollback ({total_saved_mb:.0f} MB, on CPU)")
 
     def _restore_all():
         for live_data, saved_clone in original_params:  # noqa: F821
-            live_data.copy_(saved_clone)
+            live_data.copy_(saved_clone.to(live_data.device))
 
     # Warm-start values for the parametric kernel
     # Estimate peak position from strongest layer

obliteratus/telemetry.py

@@ -1,22 +1,28 @@
 """Anonymous telemetry for community benchmark collection.
 
-Logs benchmark results to a local JSONL file and optionally pushes to a
-HuggingFace Dataset for community leaderboard aggregation.  No user
-identity, IP addresses, or prompt content is stored — only aggregate
-benchmark metrics (model name, method, scores, hardware info, timestamp).
+Logs benchmark results to a local JSONL file and automatically syncs to a
+central HuggingFace Dataset repo for cross-Space community leaderboard
+aggregation.  No user identity, IP addresses, or prompt content is stored —
+only aggregate benchmark metrics (model name, method, scores, hardware info,
+timestamp).
 
-Telemetry is enabled by default to help the community build better
-benchmarks.  Users can opt out at any time by setting OBLITERATUS_TELEMETRY=0
-or calling disable_telemetry().
+Telemetry is disabled by default to respect user privacy.  Users can opt in
+by setting OBLITERATUS_TELEMETRY=1 or calling enable_telemetry().  On
+HuggingFace Spaces, telemetry is auto-enabled for community leaderboard.
 
 Architecture:
     1. Every benchmark/obliteration run appends a record to a local JSONL
        file (default: ~/.obliteratus/telemetry.jsonl or /tmp/obliteratus_telemetry.jsonl
        in containers).
-    2. On HuggingFace Spaces, records are periodically flushed to a
-       HuggingFace Dataset repo (configured via OBLITERATUS_TELEMETRY_REPO).
-    3. The Leaderboard tab reads from the local JSONL (or the HF Dataset)
-       to display community results.
+    2. On HuggingFace Spaces, records are automatically synced to a central
+       HuggingFace Dataset repo (default: obliteratus-project/community-telemetry,
+       configurable via OBLITERATUS_TELEMETRY_REPO).  Each Space instance
+       uploads its own JSONL file (keyed by SPACE_ID + session), so
+       duplicated Spaces all feed into the same central leaderboard.
+    3. The Leaderboard tab reads from both local JSONL *and* the central Hub
+       dataset, merging and deduplicating results so all community
+       contributions are visible regardless of which Space instance
+       generated them.
 """
 
 from __future__ import annotations
@@ -39,14 +45,32 @@ logger = logging.getLogger(__name__)
 
 # ── Configuration ─────────────────────────────────────────────────────
 
-_TELEMETRY_ENABLED = os.environ.get("OBLITERATUS_TELEMETRY", "1") != "0"
+_ON_HF_SPACES = os.environ.get("SPACE_ID") is not None
+_TELEMETRY_ENABLED = os.environ.get(
+    "OBLITERATUS_TELEMETRY", "1" if _ON_HF_SPACES else "0"
+) != "0"
 
 # ── Telemetry state (v2 API) ─────────────────────────────────────────
 _enabled: bool | None = None
+
+# Central Hub repo for cross-Space telemetry aggregation.
+# Default repo is used on HF Spaces so all instances (including duplicated
+# Spaces) send data to the same central dataset automatically.
+_DEFAULT_TELEMETRY_REPO = "obliteratus-project/community-telemetry"
 _TELEMETRY_REPO = os.environ.get(
-    "OBLITERATUS_TELEMETRY_REPO", "pliny-the-prompter/obliteratus-telemetry"
+    "OBLITERATUS_TELEMETRY_REPO",
+    _DEFAULT_TELEMETRY_REPO if _ON_HF_SPACES else "",
 )
 
+# Hub sync debounce interval (seconds).  After each log_benchmark(), we
+# schedule a background upload but skip if the last sync was < this many
+# seconds ago.  This prevents hammering the Hub API during rapid benchmark
+# loops while still ensuring timely uploads.
+_HUB_SYNC_INTERVAL = 30
+_hub_sync_last: float = 0.0
+_hub_sync_lock = threading.Lock()
+_hub_repo_created: bool = False
+
 # Locate writable telemetry directory
 def _telemetry_dir() -> Path:
     """Find a writable directory for telemetry storage.
@@ -98,15 +122,20 @@ def enable_telemetry():
 
 
 def is_telemetry_enabled() -> bool:
-    return _TELEMETRY_ENABLED
+    return is_enabled()
 
 
 def is_enabled() -> bool:
-    """Check if telemetry is enabled (on by default, opt out with OBLITERATUS_TELEMETRY=0)."""
+    """Check if telemetry is enabled (off by default, opt in with OBLITERATUS_TELEMETRY=1).
+
+    This is the single source of truth for telemetry state.  Both v1
+    (log_benchmark) and v2 (send_report) paths check this function.
+    """
     global _enabled
     if _enabled is not None:
         return _enabled
-    env = os.environ.get("OBLITERATUS_TELEMETRY", "1")
+    default = "1" if _ON_HF_SPACES else "0"
+    env = os.environ.get("OBLITERATUS_TELEMETRY", default)
     return env not in ("0", "false")
 
 
@@ -171,6 +200,177 @@ def _generate_session_id() -> str:
 _SESSION_ID = _generate_session_id()
 
 
+# ── Hub sync (cross-Space telemetry aggregation) ─────────────────────
+
+def _instance_slug() -> str:
+    """Generate a unique slug for this Space instance.
+
+    Hashes the HF Space ID (to avoid leaking usernames in the public
+    dataset) and combines it with the process session ID.  This is used
+    as the filename when uploading per-instance JSONL to the Hub repo.
+    """
+    space_id = os.environ.get("SPACE_ID", "local")
+    space_hash = hashlib.sha256(space_id.encode()).hexdigest()[:10]
+    return f"{space_hash}_{_SESSION_ID}"
+
+
+_hub_repo_lock = threading.Lock()
+
+def _ensure_hub_repo(repo_id: str) -> bool:
+    """Create the central telemetry dataset repo if it doesn't exist.
+
+    Uses create_repo with exist_ok=True so this is safe to call
+    repeatedly.  Thread-safe via _hub_repo_lock.
+    Returns True if the repo is ready, False on failure.
+    """
+    global _hub_repo_created
+    if _hub_repo_created:
+        return True
+    with _hub_repo_lock:
+        if _hub_repo_created:  # double-check under lock
+            return True
+        try:
+            from huggingface_hub import HfApi
+            api = HfApi()
+            api.create_repo(
+                repo_id=repo_id,
+                repo_type="dataset",
+                private=False,
+                exist_ok=True,
+            )
+            _hub_repo_created = True
+            return True
+        except Exception as e:
+            logger.debug(f"Failed to ensure Hub repo {repo_id}: {e}")
+            return False
+
+
+_sync_in_progress = threading.Event()
+
+def _sync_to_hub_bg() -> None:
+    """Background thread target: upload local JSONL to the central Hub repo.
+
+    Each Space instance writes its data to a unique file path in the repo:
+        data/{instance_slug}.jsonl
+    This avoids write conflicts between concurrent Space instances while
+    ensuring all data lands in the same dataset repository.
+    Uses _sync_in_progress event to prevent overlapping uploads.
+    """
+    if _sync_in_progress.is_set():
+        return  # Another sync is already running
+    _sync_in_progress.set()
+    try:
+        repo = _TELEMETRY_REPO
+        if not repo:
+            return
+        if not TELEMETRY_FILE.exists():
+            return
+
+        from huggingface_hub import HfApi
+        if not _ensure_hub_repo(repo):
+            return
+        api = HfApi()
+        slug = _instance_slug()
+        api.upload_file(
+            path_or_fileobj=str(TELEMETRY_FILE),
+            path_in_repo=f"data/{slug}.jsonl",
+            repo_id=repo,
+            repo_type="dataset",
+            commit_message=f"Auto-sync telemetry from {slug}",
+        )
+        logger.debug(f"Synced telemetry to {repo}/data/{slug}.jsonl")
+    except Exception as e:
+        logger.debug(f"Hub sync failed: {e}")
+    finally:
+        _sync_in_progress.clear()
+
+
+def _schedule_hub_sync() -> None:
+    """Schedule a debounced background sync of local telemetry to Hub.
+
+    Skips if:
+    - No telemetry repo is configured
+    - Telemetry is disabled
+    - Last sync was less than _HUB_SYNC_INTERVAL seconds ago
+    """
+    global _hub_sync_last
+    if not _TELEMETRY_REPO:
+        return
+    if not is_enabled():
+        return
+
+    with _hub_sync_lock:
+        now = time.time()
+        if now - _hub_sync_last < _HUB_SYNC_INTERVAL:
+            return
+        _hub_sync_last = now
+
+    t = threading.Thread(target=_sync_to_hub_bg, daemon=True)
+    t.start()
+
+
+def fetch_hub_records(max_records: int = 10000) -> list[dict[str, Any]]:
+    """Fetch all telemetry records from the central HF Hub dataset.
+
+    Downloads all per-instance JSONL files from the ``data/`` directory
+    in the telemetry repo and parses them into records.  Returns an empty
+    list if the repo is not configured or not reachable.
+
+    This is used by :func:`get_leaderboard_data` to merge community-wide
+    results with local data.
+    """
+    repo = _TELEMETRY_REPO
+    if not repo:
+        return []
+
+    try:
+        from huggingface_hub import HfApi, hf_hub_download
+
+        api = HfApi()
+        try:
+            all_files = api.list_repo_files(repo, repo_type="dataset")
+        except Exception:
+            # Repo doesn't exist yet or network error
+            return []
+
+        jsonl_files = [f for f in all_files if f.startswith("data/") and f.endswith(".jsonl")]
+        if not jsonl_files:
+            return []
+
+        records: list[dict[str, Any]] = []
+        for filepath in jsonl_files:
+            try:
+                local_path = hf_hub_download(
+                    repo, filepath, repo_type="dataset",
+                    # etag_timeout=0 forces a freshness check against Hub
+                    # so we always get the latest data, not stale cache
+                    etag_timeout=0,
+                )
+                with open(local_path) as f:
+                    for line in f:
+                        line = line.strip()
+                        if not line:
+                            continue
+                        try:
+                            records.append(json.loads(line))
+                        except json.JSONDecodeError:
+                            continue
+                        if len(records) >= max_records:
+                            break
+            except Exception:
+                continue
+            if len(records) >= max_records:
+                break
+
+        return records
+    except ImportError:
+        logger.debug("huggingface_hub not installed — cannot fetch Hub records")
+        return []
+    except Exception as e:
+        logger.debug(f"Failed to fetch Hub records: {e}")
+        return []
+
+
 # ── Hardware detection ────────────────────────────────────────────────
 
 def _detect_gpu() -> tuple[str, float]:
@@ -208,7 +408,7 @@ def log_benchmark(record: BenchmarkRecord) -> bool:
     Returns True if successfully written, False if telemetry is disabled
     or an error occurred.
     """
-    if not _TELEMETRY_ENABLED:
+    if not is_enabled():
         return False
 
     if not record.session_id:
@@ -225,6 +425,8 @@ def log_benchmark(record: BenchmarkRecord) -> bool:
         with _write_lock:
             with open(TELEMETRY_FILE, "a") as f:
                 f.write(json.dumps(data, default=str) + "\n")
+        # Auto-sync to central Hub repo (debounced, background thread)
+        _schedule_hub_sync()
         return True
     except Exception as e:
         logger.debug(f"Telemetry write failed: {e}")
@@ -299,12 +501,33 @@ def read_telemetry(max_records: int = 10000) -> list[dict[str, Any]]:
 
 
 def get_leaderboard_data() -> list[dict[str, Any]]:
-    """Get aggregated leaderboard data from telemetry.
+    """Get aggregated leaderboard data from local + Hub telemetry.
+
+    Merges local records with community-wide records from the central Hub
+    dataset, deduplicates by (session_id, timestamp), groups by
+    (model_id, method) and computes best/avg metrics.
 
-    Groups by (model_id, method) and computes best/avg metrics.
     Returns a list of dicts suitable for display in a Gradio Dataframe.
     """
-    records = read_telemetry()
+    local_records = read_telemetry()
+
+    # Fetch community records from central Hub repo
+    hub_records = []
+    try:
+        hub_records = fetch_hub_records()
+    except Exception:
+        pass  # Hub fetch is best-effort
+
+    # Merge and deduplicate by (session_id, timestamp)
+    seen: set[tuple[str, str]] = set()
+    records: list[dict[str, Any]] = []
+    for r in local_records + hub_records:
+        key = (r.get("session_id", ""), r.get("timestamp", ""))
+        if key in seen:
+            continue
+        seen.add(key)
+        records.append(r)
+
     if not records:
         return []
 
@@ -324,7 +547,7 @@ def get_leaderboard_data() -> list[dict[str, Any]]:
         refusal_rates = [r["refusal_rate"] for r in runs if r.get("refusal_rate") is not None]
         perplexities = [r["perplexity"] for r in runs if r.get("perplexity") is not None]
         coherences = [r["coherence"] for r in runs if r.get("coherence") is not None]
-        times = [r["time_seconds"] for r in runs if r.get("time_seconds")]
+        times = [r["time_seconds"] for r in runs if r.get("time_seconds") is not None]
 
         entry = {
             "model": model_id.split("/")[-1] if "/" in model_id else model_id,
@@ -349,27 +572,42 @@ def get_leaderboard_data() -> list[dict[str, Any]]:
 
 
 def push_to_hub(repo_id: str | None = None) -> bool:
-    """Push local telemetry to a HuggingFace Dataset repo.
+    """Push local telemetry to the central HuggingFace Dataset repo.
 
-    This enables community aggregation of benchmark results.
-    Requires HF_TOKEN to be set.
+    Uploads this instance's local JSONL file to the central Hub repo as a
+    per-instance file (``data/{instance_slug}.jsonl``).  All Space instances
+    (including duplicated ones) contribute to the same dataset.
+
+    Requires HF_TOKEN to be set (automatically available on HF Spaces).
     """
     repo = repo_id or _TELEMETRY_REPO
+    if not repo:
+        logger.warning("No telemetry repo configured — set OBLITERATUS_TELEMETRY_REPO")
+        return False
     records = read_telemetry()
     if not records:
         logger.info("No telemetry records to push")
         return False
 
     try:
-        from datasets import Dataset
-        from huggingface_hub import HfApi  # noqa: F401
-
-        ds = Dataset.from_list(records)
-        ds.push_to_hub(repo, private=False)
-        logger.info(f"Pushed {len(records)} telemetry records to {repo}")
+        from huggingface_hub import HfApi
+
+        if not _ensure_hub_repo(repo):
+            return False
+
+        api = HfApi()
+        slug = _instance_slug()
+        api.upload_file(
+            path_or_fileobj=str(TELEMETRY_FILE),
+            path_in_repo=f"data/{slug}.jsonl",
+            repo_id=repo,
+            repo_type="dataset",
+            commit_message=f"Manual push from {slug} ({len(records)} records)",
+        )
+        logger.info(f"Pushed {len(records)} records to {repo}/data/{slug}.jsonl")
         return True
     except ImportError:
-        logger.warning("datasets or huggingface_hub not installed — cannot push telemetry")
+        logger.warning("huggingface_hub not installed — cannot push telemetry")
         return False
     except Exception as e:
         logger.warning(f"Failed to push telemetry: {e}")
@@ -638,7 +876,14 @@ def build_report(
 
 
 def _send_sync(report: dict[str, Any]) -> None:
-    """Synchronously send a telemetry report (placeholder)."""
+    """Synchronously write a v2 telemetry report to local JSONL and sync to Hub."""
+    try:
+        with _write_lock:
+            with open(TELEMETRY_FILE, "a") as f:
+                f.write(json.dumps(report, default=str) + "\n")
+        _schedule_hub_sync()
+    except Exception as e:
+        logger.debug("Telemetry v2 write failed: %s", e)
     logger.debug("Telemetry report sent (schema_version=%s)", report.get("schema_version"))
 
 

paper/main.tex

@@ -46,7 +46,7 @@ While prior work has established that refusal is mediated by linear directions i
 
 \textsc{Obliteratus} contributes:
 (1)~\textbf{15 analysis modules} spanning direction extraction, geometric characterization, learned probing, causal estimation, cross-model transfer, and defense robustness evaluation;
-(2)~\textbf{seven intervention presets} (Basic through Nuclear) with per-layer adaptive strength, norm-preserving regularization, and iterative refinement;
+(2)~\textbf{eight intervention presets} (Basic through Nuclear) with per-layer adaptive strength, norm-preserving regularization, and iterative refinement;
 (3)~\textbf{Expert-Granular Abliteration (EGA)} for MoE models, decomposing refusal directions per-expert via routing-weighted activation attribution and applying selective inversion to fused 3D weight tensors---distinguishing safety-critical from capability-preserving experts;
 (4)~\textbf{six frontier optimization techniques} inspired by and extending Heretic: Bayesian hyperparameter optimization (Optuna TPE with warm-start from analysis heuristics), reversible LoRA-mediated ablation, KL-divergence co-optimization with partial revert, chain-of-thought-aware ablation via Gram-Schmidt orthogonalization, float layer interpolation with Gaussian-weighted continuous targeting, and activation winsorization for robust SVD;
 (5)~\textbf{a unified evaluation suite} with refusal rate, perplexity, coherence, KL divergence, CKA similarity, and effective rank metrics;
@@ -72,7 +72,7 @@ Yet existing tools are fragmented: some focus solely on direction extraction \ci
 
 \begin{enumerate}[leftmargin=*]
     \item \textbf{Comprehensive analysis before intervention.} Rather than immediately removing refusal, the platform first characterizes its geometric structure---how many directions are involved, whether they form cones or subspaces, how they vary across layers and harm categories, and what alignment training method likely produced them.
-    \item \textbf{Multiple intervention paradigms.} The platform supports seven abliteration presets (Basic through Nuclear), reversible LoRA-mediated ablation, and inference-time steering vectors, covering the full spectrum from conservative capability-preserving removal to maximally aggressive multi-pass excision.
+    \item \textbf{Multiple intervention paradigms.} The platform supports eight abliteration presets (Basic through Nuclear), reversible LoRA-mediated ablation, and inference-time steering vectors, covering the full spectrum from conservative capability-preserving removal to maximally aggressive multi-pass excision.
     \item \textbf{Native MoE support.} Mixture-of-Experts models (GPT-OSS 20B, Mixtral, DeepSeek-MoE) present unique challenges for abliteration: refusal may be concentrated in specific experts, and fused 3D weight tensors require per-expert decomposition. \textsc{Obliteratus} introduces \emph{Expert-Granular Abliteration} (EGA)---routing-weighted direction attribution and selective inversion that distinguishes safety-critical from capability-preserving experts.
     \item \textbf{Frontier optimization.} Building on Heretic's \citep{heretic2025} pioneering use of Bayesian optimization and LoRA-mediated ablation, we integrate and extend six optimization techniques: TPE-based hyperparameter search, reversible LoRA adapters, KL-divergence co-optimization, chain-of-thought-aware ablation, float layer interpolation, and activation winsorization.
     \item \textbf{Rigorous evaluation and interactive exploration.} Every intervention is accompanied by automated quality assessment, and the platform ships with a web research dashboard (HuggingFace Spaces) providing A/B comparison chat, dose-response strength sweeps, multi-model benchmarking, and one-click artifact export.
@@ -82,7 +82,7 @@ The remainder of this paper is organized as follows.
 Section~\ref{sec:related} surveys related work.
 Section~\ref{sec:architecture} describes the platform architecture.
 Section~\ref{sec:analysis} details the 15 analysis modules with mathematical formulations.
-Section~\ref{sec:intervention} describes the seven intervention presets and their mathematical foundations.
+Section~\ref{sec:intervention} describes the eight intervention presets and their mathematical foundations.
 Section~\ref{sec:moe} introduces Expert-Granular Abliteration for MoE models.
 Section~\ref{sec:frontier} presents the six frontier optimization techniques.
 Section~\ref{sec:evaluation} covers the evaluation suite.
@@ -246,7 +246,7 @@ After abliteration, we verify that the refusal signal was actually eliminated (n
 \begin{itemize}
     \item \textbf{Projection gap}: $\Delta_l = \bar{p}_{\text{harmful}} - \bar{p}_{\text{harmless}}$ where $p = \mathbf{a} \cdot \mathbf{r}_l$
     \item \textbf{Separation $d'$}: $d'_l = |\Delta_l| / \sigma_{\text{pooled}}$, the signal detection sensitivity metric
-    \item \textbf{Refusal Elimination Score (RES)}: A composite $\text{RES} = 0.4 \cdot \frac{1}{1 + \bar{d}'} + 0.3 \cdot \frac{n_{\text{clean}}}{n_{\text{total}}} + 0.3 \cdot e^{-10\bar{\Delta}}$
+    \item \textbf{Refusal Elimination Score (RES)}: A composite $\text{RES} = 0.4 \cdot \frac{1}{1 + \bar{d}'} + 0.3 \cdot \frac{n_{\text{clean}}}{n_{\text{total}}} + 0.3 \cdot e^{-10|\bar{\Delta}|}$
 \end{itemize}
 
 RES ranges from 0 (no elimination) to 1 (complete elimination), combining projection reduction, layer coverage, and gap magnitude.
@@ -315,6 +315,7 @@ Following the transformer circuits framework \citep{elhage2021mathematical}, we
 \begin{equation}
     \mathbf{x}_l^{\text{post}} = \mathbf{x}_l^{\text{pre}} + \text{Attn}_l(\mathbf{x}_l^{\text{pre}}) + \text{MLP}_l(\mathbf{x}_l^{\text{pre}} + \text{Attn}_l(\mathbf{x}_l^{\text{pre}}))
 \end{equation}
+(LayerNorm operations are omitted for notational simplicity; the implementation handles both pre-LN and post-LN architectures.)
 
 For each component output $\mathbf{c}$, we measure its refusal contribution as $\mathbf{c} \cdot \mathbf{r}_l$. The attention contribution is further decomposed across heads:
 $\text{Attn}_l = \sum_{h=1}^{H} \text{Head}_{l,h}$.
@@ -401,7 +402,7 @@ where $s_j$ is the refusal strength at layer $j$. High $R_l$ indicates the model
 
 \paragraph{Safety-Capability Entanglement.} For each layer, we measure entanglement as the geometric mean of the normalized variance and absolute projection of harmless activations onto the refusal direction:
 \begin{equation}
-    E_l = \sqrt{\frac{\text{Var}(\mathbf{b} \cdot \mathbf{r}_l)}{\|\overline{\mathbf{b}}\|} \cdot \frac{|\overline{\mathbf{b} \cdot \mathbf{r}_l}|}{\|\overline{\mathbf{b}}\|}}
+    E_l = \sqrt{\frac{\text{Var}(\mathbf{b} \cdot \mathbf{r}_l)}{\|\overline{\mathbf{b}}\|^2} \cdot \frac{|\overline{\mathbf{b} \cdot \mathbf{r}_l}|}{\|\overline{\mathbf{b}}\|}}
 \end{equation}
 High entanglement means abliterating refusal at that layer would also damage general capabilities.
 
@@ -437,7 +438,7 @@ where $H(\hat{\mathbf{p}})$ is the entropy of the normalized projection distribu
 \subsection{Weight Projection (Permanent)}
 \label{sec:weight_projection}
 
-\textsc{Obliteratus} provides seven abliteration presets spanning the full spectrum from conservative single-direction removal to maximally aggressive multi-pass excision (Table~\ref{tab:methods}).
+\textsc{Obliteratus} provides eight abliteration presets spanning the full spectrum from conservative single-direction removal to maximally aggressive multi-pass excision (Table~\ref{tab:methods}).
 
 \begin{table}[h]
 \centering
@@ -450,7 +451,8 @@ where $H(\hat{\mathbf{p}})$ is the entropy of the normalized projection distribu
 \midrule
 Basic & 1 (DiM) & No & None & 1 & --- \\
 Advanced & 4 (SVD) & Yes & $\lambda{=}0.1$ & 2 & --- \\
-Aggressive & 8 (SVD) & Yes & None & 3 & --- \\
+Aggressive & 8 (wSVD) & Yes & None & 3 & JB-contrastive, head surgery, winsorized \\
+Sp.\ Cascade & 6 (wSVD) & Yes & None & 2 & DCT frequency decomp., coherence-weighted \\
 Surgical & 6 (wSVD) & Yes & $\lambda{=}0.15$ & 2 & Whitened SVD, JB-contrastive \\
 Optimized & 4 (SVD) & Yes & Bayesian & 2 & Optuna TPE, KL co-opt \\
 Inverted & 6 (SVD) & Yes & None & 3 & Selective inversion \\
@@ -466,7 +468,7 @@ The core projection for a weight matrix $\mathbf{W}$ and refusal directions $\{\
 \begin{equation}
     \mathbf{W}' = \mathbf{W} - \sum_{i=1}^k \left[(1-\lambda)\mathbf{W}\mathbf{r}_i\mathbf{r}_i^\top\right]
 \end{equation}
-where $\lambda$ is the regularization strength (preserves $\lambda$ fraction of the refusal component).
+where $\lambda$ is the regularization strength (preserves $\lambda$ fraction of the refusal component). Since the right singular vectors $\{\mathbf{r}_i\}_{i=1}^k$ from SVD are orthonormal, the sum of rank-1 projections is equivalent to orthogonal projection onto the $k$-dimensional refusal subspace.
 
 \paragraph{Per-layer adaptive strength.}
 Rather than applying uniform regularization, \textsc{Obliteratus} modulates $\lambda$ per-layer based on the refusal norm profile. Layers with stronger refusal signal (higher $\|\mathbf{r}_l\|$) receive lower regularization (more aggressive removal), while layers near the periphery of the refusal distribution receive higher regularization:
@@ -496,7 +498,24 @@ Unlike prior tools that only modify weight matrices, \textsc{Obliteratus} also p
 \end{equation}
 
 \paragraph{Iterative refinement.}
-Presets with multiple passes recompute projections after each modification, catching rotated residual refusal that a single pass misses. The Nuclear preset performs 4 passes with true iterative re-probing: after each excision round, activations are re-collected and new residual directions are extracted.
+Presets with multiple passes recompute projections after each modification, catching rotated residual refusal that a single pass misses. The Nuclear preset performs 4 passes with true iterative re-probing: after each excision round, activations are re-collected and new residual directions are extracted. To avoid wasted compute, iterative refinement includes a \emph{cosine-similarity early-exit}: if all strong-layer directions have cosine similarity $> 0.99$ with the previous pass, the re-probe is skipped.
+
+\paragraph{Spectral Cascade: multi-resolution frequency decomposition.}
+\label{para:spectral_cascade}
+The \emph{Spectral Cascade} preset introduces a novel insight: refusal signal across the layer axis contains both \emph{low-frequency} components (smooth, systematic trends spanning many layers---the trained-in alignment signal) and \emph{high-frequency} components (per-layer spikes that are more likely capability-entangled noise). Existing methods treat all layers uniformly or use simple norm-based heuristics, conflating these two scales.
+
+Spectral Cascade operates in three stages. \textbf{Stage~1 (direction coherence):} For each strong layer~$l$, we compute the mean cosine similarity of its refusal direction with its neighbors $\mathcal{N}(l)$:
+\begin{equation}
+    c_l = \frac{1}{|\mathcal{N}(l)|}\sum_{j \in \mathcal{N}(l)} |\mathbf{r}_l^\top \mathbf{r}_j|, \quad
+    \hat{m}_l = \|\mathbf{r}_l\| \cdot (0.3 + 0.7 \, c_l)
+\end{equation}
+Layers with high directional coherence (part of the systematic refusal trend) are amplified; noisy layers are dampened. \textbf{Stage~2 (DCT decomposition):} Apply the orthonormal Type-II Discrete Cosine Transform to the coherence-weighted magnitude vector $\hat{\mathbf{m}}$:
+\begin{equation}
+    X_k = \sum_{i=0}^{N-1} \hat{m}_i \cos\!\left(\frac{\pi k (2i+1)}{2N}\right) \cdot \alpha_k, \quad \alpha_k = \begin{cases}\sqrt{1/N} & k=0 \\ \sqrt{2/N} & k>0\end{cases}
+\end{equation}
+The coefficients $\{X_k\}$ are split into $B$ frequency bands. An adaptive band count is determined by finding the spectral knee (coefficient index capturing 90\% of total energy). \textbf{Stage~3 (cascade with early-exit):} Bands are processed from lowest to highest frequency. Each band's per-layer contribution is attenuated by an exponential schedule $a_b = e^{-1.6 \cdot b/(B-1)}$, giving full weight to low-frequency components and ${\sim}0.2\times$ weight to the highest band. Processing stops early when remaining spectral energy falls below a threshold $\tau$ (default 0.05), avoiding unnecessary high-frequency passes.
+
+The resulting per-layer weights $w_l \in [0.2, 1.0]$ modulate projection strength during EXCISE, achieving cleaner refusal removal with less capability damage by targeting only the systematic refusal component.
 
 \subsection{Steering Vectors (Reversible)}
 \label{sec:steering}
@@ -622,7 +641,7 @@ with Pareto-optimal solutions ranked by a weighted composite: $\rho + 0.5 \cdot
 
 Inspired by Heretic's rank-1 LoRA ablation, we extend the approach to \emph{rank-$k$} adapters supporting multi-direction removal. The mathematical equivalence:
 \begin{align}
-    \text{In-place:} \quad \mathbf{W}' &= \mathbf{W} - s \cdot (\mathbf{d}\mathbf{d}^\top)\mathbf{W} \\
+    \text{In-place:} \quad \mathbf{W}' &= \mathbf{W} - s \cdot \mathbf{W}(\mathbf{d}\mathbf{d}^\top) \\
     \text{LoRA:} \quad \mathbf{W}' &= \mathbf{W} + \mathbf{B}\mathbf{A}, \quad \mathbf{B} = -s \cdot \text{coeff}, \quad \mathbf{A} = \mathbf{d}^\top
 \end{align}
 where $\text{coeff} = \mathbf{W}\mathbf{d}$ is the projection coefficient and $s = 1 - \lambda$. For rank-$k$ with directions $\{\mathbf{d}_1, \ldots, \mathbf{d}_k\}$:
@@ -638,7 +657,7 @@ Adapters are stored in half precision and saved in a PEFT-compatible format. The
 
 After projection, we measure first-token KL divergence on harmless reference prompts. If $D_{\text{KL}}$ exceeds a threshold $\delta$ (default 0.1), a partial revert is applied:
 \begin{equation}
-    \mathbf{W}'' = \mathbf{W}' + \gamma \cdot (\mathbf{d}\mathbf{d}^\top)
+    \mathbf{W}'' = \mathbf{W}' + \gamma \cdot \mathbf{W}\mathbf{d}\mathbf{d}^\top
 \end{equation}
 where $\gamma$ is computed from the stored KL proxy magnitude. A subtle issue arises when the post-projection coefficient $\mathbf{W}'\mathbf{d} \approx 0$ (as occurs with zero regularization): in this case, we use the \emph{pre-projection} coefficient magnitude as a proxy:
 \begin{equation}
@@ -763,16 +782,16 @@ Generates a dose-response curve by sweeping regularization strength from 0 (full
 One-click packaging of all research artifacts into a downloadable ZIP archive: refusal direction tensors (\texttt{.pt}), configuration JSON, results CSV, and full pipeline log. Enables reproducibility and downstream analysis in external tools.
 
 \paragraph{Benchmark Lab tab.}
-Multi-method comparison (run all 7 presets on a single model) and multi-model comparison (run a single preset across multiple models). Results are presented as publication-quality visualizations including radar charts, grouped bar plots, Pareto frontiers, and method ranking tables. Figures are generated at 300 DPI for direct inclusion in papers.
+Multi-method comparison (run all 8 presets on a single model) and multi-model comparison (run a single preset across multiple models). Results are presented as publication-quality visualizations including radar charts, grouped bar plots, Pareto frontiers, and method ranking tables. Figures are generated at 300 DPI for direct inclusion in papers.
 
 \paragraph{About tab.}
-Comprehensive documentation of all 7 method presets with their configurations, the mathematical foundations of key techniques, and attribution to prior work including Heretic.
+Comprehensive documentation of all 8 method presets with their configurations, the mathematical foundations of key techniques, and attribution to prior work including Heretic.
 
 % ═════════════════════════════════════════════════════════════════════
 \section{Experiments}
 \label{sec:experiments}
 
-We evaluate \textsc{Obliteratus} across four model families, seven method presets, and two architectural paradigms (dense and MoE). All experiments use the platform's built-in evaluation suite (Section~\ref{sec:evaluation}) and are fully reproducible via the Benchmark Lab tab or the included benchmark scripts.
+We evaluate \textsc{Obliteratus} across four model families, eight method presets, and two architectural paradigms (dense and MoE). All experiments use the platform's built-in evaluation suite (Section~\ref{sec:evaluation}) and are fully reproducible via the Benchmark Lab tab or the included benchmark scripts.
 
 \subsection{Experimental Setup}
 \label{sec:exp_setup}
@@ -797,7 +816,7 @@ GPT-OSS-20B-Chat & MoE (fused) & 20B (3.2B active) & 8 & RLHF \\
 \end{table}
 
 \paragraph{Datasets.}
-Harmful prompts are drawn from the AdvBench dataset \citep{zou2023universal} (520 prompts). Harmless prompts are drawn from the Alpaca dataset (matched count). For refusal rate measurement, we use a held-out set of 64 harmful prompts not seen during direction extraction. For perplexity, we use a 512-token window from WikiText-2. For KL divergence, we use 32 harmless prompts from the Alpaca validation set.
+Harmful prompts are drawn from the AdvBench dataset \citep{zou2023universal} (520 prompts). Harmless prompts are drawn from the Alpaca dataset \citep{taori2023alpaca} (matched count). For refusal rate measurement, we use a held-out set of 64 harmful prompts not seen during direction extraction. For perplexity, we use a 512-token window from WikiText-2. For KL divergence, we use 32 harmless prompts from the Alpaca validation set.
 
 \paragraph{Evaluation metrics.}
 For each abliterated model we report: \textbf{Refusal Rate} (RR, \%---lower is better), \textbf{Perplexity} (PPL---lower is better, with $\Delta$PPL showing change from baseline), \textbf{KL Divergence} ($D_{\text{KL}}$---lower is better), and \textbf{Coherence} (Coh., \%---higher is better). We also report \textbf{CoT preserved} (\checkmark/--) and \textbf{LoRA adapters generated} (\checkmark/--) where applicable.
@@ -808,7 +827,7 @@ All experiments use medium prompt volume (128 harmful + 128 harmless prompts for
 \subsection{Multi-Method Comparison on Dense Models}
 \label{sec:exp_dense}
 
-Table~\ref{tab:exp_dense} compares all seven method presets on Qwen2.5-1.5B-Instruct. This model was chosen for its small size (enabling rapid iteration) and DPO alignment (representing the most common alignment method in open-weight models).
+Table~\ref{tab:exp_dense} compares all eight method presets on Qwen2.5-1.5B-Instruct. This model was chosen for its small size (enabling rapid iteration) and DPO alignment (representing the most common alignment method in open-weight models).
 
 \begin{table}[h]
 \centering
@@ -946,8 +965,8 @@ Table~\ref{tab:comparison} compares \textsc{Obliteratus} with existing tools acr
 \textbf{Capability} & \rotatebox{60}{\textsc{Obliteratus}} & \rotatebox{60}{TransformerLens} & \rotatebox{60}{Heretic} & \rotatebox{60}{FailSpy abl.} & \rotatebox{60}{RepEng} & \rotatebox{60}{SAELens} \\
 \midrule
 Direction extraction methods & 3 & Manual & 1 & 1 & 1 & -- \\
-Method presets & 7 & -- & 1 & 1 & -- & -- \\
-Weight projection variants & 7+ & -- & Bayesian$^\dagger$ & 1 & -- & -- \\
+Method presets & 8 & -- & 1 & 1 & -- & -- \\
+Weight projection variants & 8+ & -- & Bayesian$^\dagger$ & 1 & -- & -- \\
 Bayesian optimization & Warm-start$^\dagger$ & -- & TPE$^\dagger$ & -- & -- & -- \\
 LoRA-mediated ablation & Rank-$k^\dagger$ & -- & Rank-1$^\dagger$ & -- & -- & -- \\
 KL co-optimization & \checkmark & -- & -- & -- & -- & -- \\
@@ -982,7 +1001,7 @@ The key differentiators of \textsc{Obliteratus} are:
     \item \textbf{MoE-native processing}: The only abliteration tool with Expert-Granular Abliteration, fused 3D weight handling, and per-expert selective inversion. This is critical for models like GPT-OSS 20B where uniform approaches degrade capabilities.
     \item \textbf{Analysis breadth}: To our knowledge, no existing public tool combines concept cone geometry, alignment imprint detection, cross-model universality analysis, and defense robustness evaluation in a single framework.
     \item \textbf{Heretic superset with extensions}: We incorporate all of Heretic's innovations (Bayesian optimization, LoRA ablation) while adding warm-start initialization, rank-$k$ adapters, KL co-optimization, CoT-aware ablation, float layer interpolation, and activation winsorization.
-    \item \textbf{Seven intervention presets}: From conservative (Basic) through maximally aggressive (Nuclear), each preset composes a distinct combination of techniques for different use cases.
+    \item \textbf{Eight intervention presets}: From conservative (Basic) through maximally aggressive (Nuclear), each preset composes a distinct combination of techniques for different use cases.
     \item \textbf{Interactive research dashboard}: A/B comparison chat, dose-response strength sweeps, and publication-quality benchmarking provide integrated research workflows uncommon in existing tools.
     \item \textbf{Architecture coverage}: Working with any HuggingFace model---including fused MoE architectures---rather than requiring specific architecture support.
 \end{enumerate}
@@ -1055,7 +1074,7 @@ We presented \textsc{Obliteratus}, an open-source platform that unifies mechanis
 
 The platform's contributions span multiple axes:
 \emph{Analysis} --- 15 modules providing the most comprehensive characterization of refusal geometry in any public tool, including concept cone geometry with DSI, alignment imprint detection, cross-model universality, and defense robustness evaluation.
-\emph{Intervention} --- seven method presets (Basic through Nuclear) composing techniques from single-direction removal to multi-pass whitened SVD with selective inversion, plus reversible steering vectors and LoRA-mediated ablation.
+\emph{Intervention} --- eight method presets (Basic through Nuclear) composing techniques from single-direction removal to multi-pass whitened SVD with selective inversion, plus reversible steering vectors and LoRA-mediated ablation.
 \emph{MoE-native processing} --- Expert-Granular Abliteration decomposes refusal at per-expert granularity, fused 3D weight handling enables direct operation on packed expert tensors, and selective inversion differentiates safety-critical from capability-preserving experts.
 \emph{Frontier optimization} --- Bayesian hyperparameter search with warm-start from analysis heuristics, KL co-optimization with proxy-magnitude partial revert, chain-of-thought-aware Gram-Schmidt orthogonalization, float layer interpolation, and activation winsorization---incorporating and extending all innovations from Heretic \citep{heretic2025}.
 \emph{Interactive research} --- a web dashboard with A/B comparison chat, dose-response strength sweeps, multi-model benchmarking, and artifact export.

paper/references.bib

@@ -210,7 +210,7 @@
 
 @article{shazeer2017outrageously,
   title={Outrageously Large Neural Networks: The Sparsely-Gated Mixture-of-Experts Layer},
-  author={Shazeer, Noam and Mirzadeh, Azalia and Macherey, Klaus and Young, Andy and Micallef, Justin and Yan, Zhifeng and Le, Quoc},
+  author={Shazeer, Noam and Mirhoseini, Azalia and Maziarz, Krzysztof and Davis, Andy and Le, Quoc and Hinton, Geoffrey and Dean, Jeff},
   journal={International Conference on Learning Representations},
   year={2017}
 }
@@ -248,3 +248,12 @@
   year={2021}
 }
 
+% ── Datasets ──────────────────────────────────────────────────────────
+
+@article{taori2023alpaca,
+  title={Stanford Alpaca: An Instruction-following LLaMA Model},
+  author={Taori, Rohan and Gulrajani, Ishaan and Zhang, Tianyi and Dubois, Yann and Li, Xuechen and Guestrin, Carlos and Liang, Percy and Hashimoto, Tatsunori B},
+  year={2023},
+  url={https://github.com/tatsu-lab/stanford_alpaca}
+}
+

scripts/run_benchmark_remote.sh

@@ -18,7 +18,7 @@ set -euo pipefail
 
 # ── Defaults ─────────────────────────────────────────────────────────────────
 SSH_KEY="${OBLITERATUS_SSH_KEY:-$HOME/.ssh/hf_obliteratus}"
-SSH_HOST="${OBLITERATUS_SSH_HOST:-pliny-the-prompter-obliteratus@ssh.hf.space}"
+SSH_HOST="${OBLITERATUS_SSH_HOST:-}"
 MODEL="${OBLITERATUS_MODEL:-Qwen/Qwen2.5-0.5B-Instruct}"
 MODELS=""
 METHODS="${OBLITERATUS_METHODS:-basic advanced aggressive surgical inverted nuclear}"
@@ -51,6 +51,16 @@ if [[ -z "$MODELS" ]]; then
   MODELS="$MODEL"
 fi
 
+# ── Validate SSH host ──────────────────────────────────────────────────────
+if [[ -z "$SSH_HOST" ]]; then
+  echo "ERROR: SSH_HOST not configured."
+  echo ""
+  echo "Set your HF Space SSH host:"
+  echo "  1. export OBLITERATUS_SSH_HOST=your-username-spacename@ssh.hf.space"
+  echo "  2. Or pass --host your-username-spacename@ssh.hf.space"
+  exit 1
+fi
+
 # ── Validate SSH key ────────────────────────────────────────────────────────
 if [[ ! -f "$SSH_KEY" ]]; then
   echo "ERROR: SSH key not found at $SSH_KEY"
@@ -373,7 +383,7 @@ if ! ssh "${SSH_OPTS[@]}" "$SSH_HOST" "echo 'SSH_OK'" 2>/tmp/obliteratus_ssh_deb
   echo ""
   echo "Troubleshooting checklist:"
   echo "  1. Is Dev Mode enabled on your HF Space?"
-  echo "     → https://huggingface.co/spaces/pliny-the-prompter/OBLITERATUS/settings"
+  echo "     → Check your Space's Settings tab (Dev Mode must be ON)"
   echo "  2. Is the Space awake (not sleeping/building)?"
   echo "     → Visit the Space URL and wait for the UI to load"
   echo "  3. Is your SSH public key added to your HF profile?"

spaces/README.md

@@ -3,9 +3,9 @@ title: OBLITERATUS
 emoji: "🔓"
 colorFrom: green
 colorTo: gray
-sdk: docker
+sdk: gradio
+sdk_version: "5.29.0"
 app_file: app.py
-suggested_hardware: t4-small
 pinned: true
 license: agpl-3.0
 tags:
@@ -13,7 +13,8 @@ tags:
   - mechanistic-interpretability
   - refusal-removal
   - cognitive-liberation
-short_description: "One-click model liberation + chat playground"
+  - zerogpu
+short_description: "One-click model liberation + chat playground (ZeroGPU)"
 ---
 
 # OBLITERATUS — Master Ablation Suite
@@ -22,6 +23,17 @@ short_description: "One-click model liberation + chat playground"
 
 One-click cognitive liberation for language models, with a built-in chat playground to talk to the liberated model.
 
+## ZeroGPU — Users Bring Their Own GPU
+
+This Space runs on **ZeroGPU**: GPU-heavy operations (obliteration, chat, benchmarks) use the **visitor's own HuggingFace GPU quota**, not the Space owner's. This means:
+
+- **Free for the Space owner** — no dedicated GPU costs
+- **Multiple concurrent users** — each user gets their own GPU allocation
+- **Fair usage** — each user's operations count against their own HF quota
+- **No conflicts** — users don't interfere with each other's runs
+
+Logged-in HuggingFace users get free GPU quota. For more quota, upgrade to [HF Pro](https://huggingface.co/pricing).
+
 ## How to use
 
 1. **Obliterate tab**: Pick a model, pick a method, click OBLITERATE
@@ -52,9 +64,11 @@ The `obliteratus ui` command auto-detects your GPU, prints hardware-specific mod
 ## Or deploy on HuggingFace Spaces
 
 1. Create a new Space at huggingface.co/new-space
-2. Select **Gradio** SDK and **T4 small** hardware
+2. Select **Gradio** SDK (ZeroGPU is automatically enabled)
 3. Point it at this repo
 
+No GPU hardware selection needed — ZeroGPU handles allocation automatically.
+
 ## Links
 
 - [GitHub](https://github.com/obliteratus-project/OBLITERATUS)

tests/test_abliterate.py

@@ -129,7 +129,7 @@ class TestStages:
 
 class TestMethods:
     def test_methods_exist(self):
-        assert set(METHODS.keys()) == {"basic", "advanced", "aggressive", "informed", "surgical", "inverted", "nuclear", "optimized", "failspy", "gabliteration", "heretic", "rdo"}
+        assert set(METHODS.keys()) == {"basic", "advanced", "aggressive", "informed", "surgical", "inverted", "nuclear", "optimized", "failspy", "gabliteration", "heretic", "rdo", "spectral_cascade"}
 
     def test_basic_single_direction(self):
         cfg = METHODS["basic"]

tests/test_telemetry.py

@@ -37,10 +37,19 @@ class TestTelemetryConfig:
     def setup_method(self):
         _reset_telemetry()
 
-    def test_enabled_by_default(self):
+    def test_disabled_by_default(self):
         with patch.dict(os.environ, {}, clear=True):
+            _reset_telemetry()
+            assert not is_enabled()
+
+    def test_enabled_by_default_on_hf_spaces(self):
+        with patch.dict(os.environ, {"SPACE_ID": "user/space"}, clear=True):
+            import obliteratus.telemetry as t
+            old_val = t._ON_HF_SPACES
+            t._ON_HF_SPACES = True
             _reset_telemetry()
             assert is_enabled()
+            t._ON_HF_SPACES = old_val
 
     def test_disable_via_env_zero(self):
         with patch.dict(os.environ, {"OBLITERATUS_TELEMETRY": "0"}):