Add granite-3.3-8b-instruct-lora-function-calling-scanner

granite-3.3-8b-instruct-lora-function-calling-scanner/README.md

@@ -0,0 +1,97 @@
+---
+license: apache-2.0
+language:
+- en
+pipeline_tag: text-generation
+library_name: transformers
+---
+
+# Granite 3.3 8B Instruct - Function Calling LoRA
+
+Welcome to Granite Experiments!
+
+Think of Experiments as a preview of what's to come. These projects are still under development, but we wanted to let the open-source community take them for spin! Use them, break them, and help us build what's next for Granite - we'll keep an eye out for feedback and questions. Happy exploring!
+
+Just a heads-up: Experiments are forever evolving, so we can't commit to ongoing support or guarantee performance.
+
+## Model Summary
+
+This is a LoRA adapter for [ibm-granite/granite-3.3-8b-instruct](https://huggingface.co/ibm-granite/granite-3.3-8b-instruct), 
+adding the capability to detect incorrect function calling from LLM agents.
+
+- **Developer:** IBM Research
+- **Model type:** LoRA adapter for [ibm-granite/granite-3.3-8b-instruct](https://huggingface.co/ibm-granite/granite-3.3-8b-instruct)
+- **License:** [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+
+### Model Sources
+
+- **Paper:** This LoRA intrinsic is finetuned for detecting incorrect function calls from an LLM agent. This can be from simple LLM errors, or due to tool hijacking from jailbreak and prompt injection attacks.
+
+
+## Usage
+
+
+### Intended use
+
+This LoRA intrinsic is finetuned for detecting incorrect function calls from an LLM agent. This can be from simple LLM errors, or due to tool hijacking from jailbreak and prompt injection attacks.
+
+**Function Call Scanning**: The model identifies potential risks when the special role `<|start_of_role|>function_calling<|end_of_role|>` is included in prompts. Without this role, the model behaves like the base model.
+
+### Quickstart Example
+
+The following code describes how to use the LoRA adapter model to detect jailbreak attempts in the prompt.
+
+```python
+import torch
+from transformers import AutoTokenizer,  AutoModelForCausalLM
+from peft import PeftModel
+
+BASE_NAME = "ibm-granite/granite-3.3-8b-instruct"
+LORA_NAME = "intrinsic/granite-3.3-8b-instruct-lora-function-calling-scanner"
+device=torch.device('cuda' if torch.cuda.is_available() else 'cpu')
+
+# Load model
+tokenizer = AutoTokenizer.from_pretrained(BASE_NAME, padding_side='right', trust_remote_code=True)
+model_base = AutoModelForCausalLM.from_pretrained(BASE_NAME, device_map="auto")
+fc_scaner = PeftModel.from_pretrained(model_base, LORA_NAME)
+
+# Detect incorrect function call
+invocation_sequence = "<|start_of_role|>function_calling<|end_of_role|>"
+
+sample = {"prompt": "Who is the current chess world champion?", 
+"tools": [
+    {"name": "stats.elo_rating", "description": "Get the elo rating of a specified player.", "parameters": {"type": "dict", "properties": {"player_name": {"type": "string", "description": "Name of FIDE rated player to fetch the current elo for"}}, "required": ["player_name"]}},
+    {"name": "stats.world_champion", "description": "Get the chess world champion by year.", "parameters": {"type": "dict", "properties": {"year": {"type": "int", "description": "Obtains the world chamption of this year."}}, "required": ["year"]}}, 
+    {"name": "stats.opening_moves", "description": "Get the main line moves for a chess opening.", "parameters": {"type": "dict", "properties": {"opening_name": {"type": "string", "description": "Name of the opening."}}, "required": ["opening_name"]}}
+    ],
+
+'answer': {'name': 'stats.opening_moves', 'arguments': {"Caro-Kann Defense"}}}
+
+chat = [{"role": "user", "content": sample["prompt"]}, 
+        {"role": "tools", "content": str(sample["tools"])}, 
+        {"role": "assistant", "content":  str(sample["answer"])}]
+chat = tokenizer.apply_chat_template(chat, tokenize=False, add_generation_prompt=False)
+chat = chat + invocation_sequence
+
+inputs = tokenizer(chat, return_tensors="pt")
+output = fc_scaner.generate(inputs["input_ids"].to(device), attention_mask=inputs["attention_mask"].to(device), max_new_tokens=1)
+output_text = tokenizer.decode(output[0][-1])
+print(f"FC Error Detected: {output_text}")
+
+# Y - yes, function calling error detected.
+# N - no, correct function call.
+```
+
+## Evaluation
+
+The LoRA was evaluated against [Granite Guardian](https://github.com/ibm-granite/granite-guardian/) on instances where a base LLM selected both correct and incorrrect function calling responses.
+
+| Model | Accuracy | TPR | FPR |
+| --- | --- | --- | --- | 
+| Granite Guardian 3.3 8B | 0.9122 | 0.8643 | 0.0419 |
+| Granite 3.3 8B LoRA FC Scanner | 0.989 | 0.983 | 0.006 |
+
+## Contact
+
+Greta Dolcetti, Giulio Zizzo, Ambrish Rawat

granite-3.3-8b-instruct-lora-function-calling-scanner/adapter_config.json

@@ -0,0 +1,38 @@
+{
+  "alpha_pattern": {},
+  "auto_mapping": null,
+  "base_model_name_or_path": "ibm-granite/granite-3.3-8b-instruct",
+  "bias": "none",
+  "corda_config": null,
+  "eva_config": null,
+  "exclude_modules": null,
+  "fan_in_fan_out": false,
+  "inference_mode": true,
+  "init_lora_weights": true,
+  "layer_replication": null,
+  "layers_pattern": null,
+  "layers_to_transform": null,
+  "loftq_config": {},
+  "lora_alpha": 32,
+  "lora_bias": false,
+  "lora_dropout": 0.05,
+  "megatron_config": null,
+  "megatron_core": "megatron.core",
+  "modules_to_save": null,
+  "peft_type": "LORA",
+  "qalora_group_size": 16,
+  "r": 32,
+  "rank_pattern": {},
+  "revision": null,
+  "target_modules": [
+    "k_proj",
+    "v_proj",
+    "q_proj"
+  ],
+  "target_parameters": null,
+  "task_type": "CAUSAL_LM",
+  "trainable_token_indices": null,
+  "use_dora": false,
+  "use_qalora": false,
+  "use_rslora": false
+}

granite-3.3-8b-instruct-lora-function-calling-scanner/adapter_model.safetensors

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5eff6d002ca79c6e72366fd4b8fb41ebc1cd7e5cbe0d1901e8ef0d9c7545ada2
+size 94404160