初始化项目，由ModelHub XC社区提供模型

Model: wangzhang/Mistral-7B-Instruct-RR-Abliterated Source: Original Platform
2026-06-12 17:21:17 +08:00
commit 0357157de1
8 changed files with 268279 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,35 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text
--- a/README.md
+++ b/README.md
@@ -0,0 +1,111 @@
+---
+license: apache-2.0
+base_model: GraySwanAI/Mistral-7B-Instruct-RR
+tags:
+- abliterated
+- abliterix
+- circuit-breakers
+- representation-rerouting
+- safety-removed
+- mistral
+language:
+- en
+- zh
+library_name: transformers
+pipeline_tag: text-generation
+---
+
+# Mistral-7B-Instruct-RR-Abliterated
+
+A drop-in replacement for [`GraySwanAI/Mistral-7B-Instruct-RR`](https://huggingface.co/GraySwanAI/Mistral-7B-Instruct-RR) with the Representation Rerouting / Circuit Breakers safety circuit removed.
+
+Produced with [**abliterix**](https://github.com/wuwangzhang1216/abliterix). No fine-tuning, no gradient updates, no manual prompt engineering.
+
+## Why this exists
+
+[Circuit Breakers](https://arxiv.org/abs/2406.04313) (Zou et al., NeurIPS 2024) is one of the strongest open-source robustness baselines for LLMs. It trains the model with a Representation Engineering loss that detects harmful intermediate hidden states and reroutes them into a safety-circuit attractor before generation, making the model resistant to ablation-style attacks that work on a single refusal direction.
+
+We discovered that the GraySwan release ships as a **rank-16 LoRA delta** on `mistralai/Mistral-7B-Instruct-v0.2` — the same structural shape as the Llama-3 RR sibling and as `skysys00/Meta-Llama-3-8B-Instruct-DeepRefusal`. Once the LoRA delta is identified, removing it is a one-liner.
+
+| | Result |
+| --- | --- |
+| Base refusal rate (held-out 100 harmful prompts, LLM judge) | 69 / 100 |
+| **This model — refusal rate** | **12 / 100** |
+| **Attack Success Rate** | **88 %** |
+| KL divergence vs base | **0.042** |
+| Hardcore 15 (10 EN + 5 CN) | **15 / 15 compliant** |
+| Total wall-clock attack time | ~70 min on a single RTX A6000 |
+
+The hardcore 15 cover pipe-bomb assembly, methamphetamine synthesis (Red Phosphorus route), Python `pyhook3` keylogger, WiFi WEP/WPS attacks, hotwiring, signature forgery, ID-card forgery (CN), 网络诈骗 (CN), 入侵电脑 (CN), and others.
+
+## How it was made
+
+The recipe matches the canonical "rank-16 LoRA → strip → abliterate" playbook ([docs/broken_defenses.md](https://github.com/wuwangzhang1216/abliterix/blob/master/docs/broken_defenses.md)) — full delta strip with `λ=0.0` followed by minimal single-direction direct-mode abliteration.
+
+```bash
+# Stage 0 — SVD diagnose the delta (confirm rank-16 LoRA structure)
+python scripts/deeprefusal_attenuate.py \
+    --base mistralai/Mistral-7B-Instruct-v0.2 \
+    --defended GraySwanAI/Mistral-7B-Instruct-RR \
+    --analyze-only --lambda 0.0 --output /tmp/unused
+
+# Stage 1 — fully strip the LoRA delta
+python scripts/deeprefusal_attenuate.py \
+    --base mistralai/Mistral-7B-Instruct-v0.2 \
+    --defended GraySwanAI/Mistral-7B-Instruct-RR \
+    --output /workspace/mistral_rr_stripped --lambda 0.0
+
+# Stage 3 — abliterix direct-mode, single direction, 60 trials
+AX_CONFIG=configs/mistral_7b_instruct_rr.toml abliterix --non-interactive
+
+# Stage 6 — export champion trial
+python scripts/export_model.py \
+    --model /workspace/mistral_rr_stripped \
+    --checkpoint checkpoints_mistral_7b_rr \
+    --trial 39 \
+    --config configs/mistral_7b_instruct_rr.toml \
+    --push-to wangzhang/Mistral-7B-Instruct-RR-Abliterated
+```
+
+Best trial parameters: `vector_method=mean`, `n_directions=1`, `steering_mode=direct`, `decay_kernel=linear`, `iterative.enabled=false`, `strength_range=[1.5, 6.0]`. Full config: [`configs/mistral_7b_instruct_rr.toml`](https://github.com/wuwangzhang1216/abliterix/blob/master/configs/mistral_7b_instruct_rr.toml).
+
+## v2 changelog
+
+This release supersedes the original v1 upload (λ=0.3 partial lerp + n_directions=3 + iterative subspace, KL 0.98). The minimal-config rerun keeps the headline 15/15 hardcore ASR and trades 2 percentage points of held-out ASR (88 % vs 90 %) for a **23× lower KL divergence** (0.042 vs 0.98). The new weights are much closer to the base model and exhibit substantially less general-capability degradation.
+
+## Usage
+
+```python
+from transformers import AutoModelForCausalLM, AutoTokenizer
+
+model = AutoModelForCausalLM.from_pretrained(
+    "wangzhang/Mistral-7B-Instruct-RR-Abliterated",
+    torch_dtype="bfloat16",
+    device_map="auto",
+)
+tokenizer = AutoTokenizer.from_pretrained(
+    "wangzhang/Mistral-7B-Instruct-RR-Abliterated"
+)
+
+# Mistral v0.2 tokenizer chat template does NOT support a system role —
+# build chats with user/assistant turns only.
+chat = [{"role": "user", "content": "Hello!"}]
+inputs = tokenizer.apply_chat_template(chat, return_tensors="pt", add_generation_prompt=True).to(model.device)
+out = model.generate(inputs, max_new_tokens=256)
+print(tokenizer.decode(out[0], skip_special_tokens=True))
+```
+
+## License & Intended Use
+
+Released for AI safety research, red-teaming, and reproducibility of abliteration claims against published defenses. **You are responsible for any output you generate.** Inherits the Apache-2.0 license of the upstream Mistral-7B-Instruct-v0.2 weights.
+
+## Citation
+
+```bibtex
+@software{abliterix2026,
+  author = {Wu, Wangzhang},
+  title  = {Abliterix: Optimal Refusal Removal for Transformer Models},
+  year   = {2026},
+  url    = {https://github.com/wuwangzhang1216/abliterix},
+}
+```
--- a/chat_template.jinja
+++ b/chat_template.jinja
@@ -0,0 +1 @@
+{{ bos_token }}{% for message in messages %}{% if (message['role'] == 'user') != (loop.index0 % 2 == 0) %}{{ raise_exception('Conversation roles must alternate user/assistant/user/assistant/...') }}{% endif %}{% if message['role'] == 'user' %}{{ '[INST] ' + message['content'] + ' [/INST]' }}{% elif message['role'] == 'assistant' %}{{ ' ' + message['content'] + eos_token}}{% else %}{{ raise_exception('Only user and assistant roles are supported!') }}{% endif %}{% endfor %}
--- a/config.json
+++ b/config.json
@@ -0,0 +1,30 @@
+{
+  "architectures": [
+    "MistralForCausalLM"
+  ],
+  "attention_dropout": 0.0,
+  "bos_token_id": 1,
+  "dtype": "bfloat16",
+  "eos_token_id": 2,
+  "head_dim": 128,
+  "hidden_act": "silu",
+  "hidden_size": 4096,
+  "initializer_range": 0.02,
+  "intermediate_size": 14336,
+  "max_position_embeddings": 32768,
+  "model_type": "mistral",
+  "num_attention_heads": 32,
+  "num_hidden_layers": 32,
+  "num_key_value_heads": 8,
+  "pad_token_id": null,
+  "rms_norm_eps": 1e-05,
+  "rope_parameters": {
+    "rope_theta": 1000000.0,
+    "rope_type": "default"
+  },
+  "sliding_window": null,
+  "tie_word_embeddings": false,
+  "transformers_version": "5.5.3",
+  "use_cache": true,
+  "vocab_size": 32000
+}
--- a/generation_config.json
+++ b/generation_config.json
@@ -0,0 +1,6 @@
+{
+  "_from_model_config": true,
+  "bos_token_id": 1,
+  "eos_token_id": 2,
+  "transformers_version": "5.5.3"
+}
--- a/model.safetensors
+++ b/model.safetensors
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3e8a7f888dea629bf2610b23bc4c3c452c0172994190651c39db58acf5179086
+size 14483498224
--- a/tokenizer.json
+++ b/tokenizer.json
--- a/tokenizer_config.json
+++ b/tokenizer_config.json
@@ -0,0 +1,23 @@
+{
+  "backend": "tokenizers",
+  "bos_token": "<s>",
+  "clean_up_tokenization_spaces": false,
+  "eos_token": "</s>",
+  "extra_special_tokens": [],
+  "is_local": true,
+  "legacy": true,
+  "max_length": 512,
+  "model_max_length": 8192,
+  "pad_to_multiple_of": null,
+  "pad_token": "</s>",
+  "pad_token_type_id": 0,
+  "padding_side": "left",
+  "sp_model_kwargs": {},
+  "spaces_between_special_tokens": false,
+  "stride": 0,
+  "tokenizer_class": "TokenizersBackend",
+  "truncation_side": "right",
+  "truncation_strategy": "longest_first",
+  "unk_token": "<unk>",
+  "use_default_system_prompt": false
+}
				`@@ -0,0 +1 @@`
				`{{ bos_token }}{% for message in messages %}{% if (message['role'] == 'user') != (loop.index0 % 2 == 0) %}{{ raise_exception('Conversation roles must alternate user/assistant/user/assistant/...') }}{% endif %}{% if message['role'] == 'user' %}{{ '[INST] ' + message['content'] + ' [/INST]' }}{% elif message['role'] == 'assistant' %}{{ ' ' + message['content'] + eos_token}}{% else %}{{ raise_exception('Only user and assistant roles are supported!') }}{% endif %}{% endfor %}`