Spaces:

Nitishkumar-ai
/

commitguard

Configuration error

App Files Files Community

commitguard / README_SUBMISSION.md

Nitishkumar-ai

Upload folder using huggingface_hub

4fb819f verified 1 day ago

preview code

raw

history blame contribute delete

2.6 kB

	# CommitGuard AI-Paced Security Review (Meta OpenEnv Hackathon)

	> "Defense is on human time, offense is on AI time. CommitGuard closes that asymmetry."

	## The Vision
	AI coding agents are shipping production code at 100x human velocity. Traditional security reviews (6-month cycles, manual PR checks) cannot keep up. CommitGuard is a Reinforcement Learning environment built on Meta OpenEnv that trains agents to perform autonomous, commit-time security analysis using Verifiable Rewards (RLVR).

	## The Environment
	CommitGuard turns code commits into a multi-step investigation game:
	1. Analyze: The agent performs Chain-of-Thought reasoning.
	2. Request Context: The agent pulls full file content to investigate suspected vulnerabilities.
	3. Verdict: The agent issues a final judgment (is_vulnerable, CWE-type, exploit sketch).

	Rewards:
	- +1.0 for correct binary verdict.
	- +0.5 for correct CWE classification.
	- Up to +0.5 (continuous float) for accurate exploit keyword matching.
	- Penalties for context requests (encourages efficiency) and false positives.

	## Results & Learning Curves
	We trained Llama-3.2-3B-Instruct using GRPO via TRL and Unsloth.

	### 1. Training Reward Curve
	![Reward Curve](plots/reward_curve.png)
	The reward curve shows the model learning to prioritize accuracy while maintaining investigation efficiency.

	### 2. Detection Accuracy: Baseline vs. Trained
	![Accuracy Comparison](plots/baseline_vs_trained.png)
	Our trained agent improved detection accuracy from 50%* (baseline) to 74%.*

	### 3. Per-CWE Breakdown
	![CWE Breakdown](plots/per_cwe.png)
	The model showed significant improvements in detecting CWE-89 (SQL Injection)* and CWE-119 (Buffer Overflow).*

	## Demo Video
	[![Watch the Demo](https://img.shields.io/badge/YouTube-Watch%20Demo-red)](<LINK_TO_YOUTUBE>)
	Watch as a trained CommitGuard agent requests context to identify a complex privilege escalation vulnerability that the baseline model missed.

	## Links
	- HF Space (Env): [https://huggingface.co/spaces/Nitishkumar-ai/commitguard](https://huggingface.co/spaces/Nitishkumar-ai/commitguard)
	- Training Notebook: [Link](<LINK_TO_NOTEBOOK>)
	- W&B Training Logs: [Link](<LINK_TO_WANDB>)
	- HF Blog Post: [Link](<LINK_TO_BLOG>)

	## Technical Stack
	- Framework: Meta OpenEnv 0.1.13
	- RL Algorithm: GRPO (Group Relative Policy Optimization)
	- Training: TRL + Unsloth (4-bit LoRA)
	- Compute: HF Jobs (A10G)

	---
	Developed by Team CommitGuard: Niti, Deepak, Divyank