### Installation

In [None]:
%%capture
import os
if "COLAB_" not in "".join(os.environ.keys()):
    !pip install unsloth
else:
    # Do this only in Colab and Kaggle notebooks! Otherwise use pip install unsloth
    !pip install --no-deps bitsandbytes accelerate xformers==0.0.29 peft trl triton
    !pip install --no-deps cut_cross_entropy unsloth_zoo
    !pip install sentencepiece protobuf datasets huggingface_hub hf_transfer
    !pip install --no-deps unsloth

### Unsloth

In [None]:
from unsloth import FastLanguageModel
import torch
max_seq_length = 2048 # Choose any! We auto support RoPE Scaling internally!
dtype = None # None for auto detection. Float16 for Tesla T4, V100, Bfloat16 for Ampere+
load_in_4bit = True # Use 4bit quantization to reduce memory usage. Can be False.

# 4bit pre quantized models we support for 4x faster downloading + no OOMs.
fourbit_models = [
    "unsloth/Meta-Llama-3.1-8B-bnb-4bit",      # Llama-3.1 2x faster
    "unsloth/Meta-Llama-3.1-8B-Instruct-bnb-4bit",
    "unsloth/Meta-Llama-3.1-70B-bnb-4bit",
    "unsloth/Meta-Llama-3.1-405B-bnb-4bit",    # 4bit for 405b!
    "unsloth/Mistral-Small-Instruct-2409",     # Mistral 22b 2x faster!
    "unsloth/mistral-7b-instruct-v0.3-bnb-4bit",
    "unsloth/Phi-3.5-mini-instruct",           # Phi-3.5 2x faster!
    "unsloth/Phi-3-medium-4k-instruct",
    "unsloth/gemma-2-9b-bnb-4bit",
    "unsloth/gemma-2-27b-bnb-4bit",            # Gemma 2x faster!

    "unsloth/Llama-3.2-1B-bnb-4bit",           # NEW! Llama 3.2 models
    "unsloth/Llama-3.2-1B-Instruct-bnb-4bit",
    "unsloth/Llama-3.2-3B-bnb-4bit",
    "unsloth/Llama-3.2-3B-Instruct-bnb-4bit",

    "unsloth/Llama-3.3-70B-Instruct-bnb-4bit" # NEW! Llama 3.3 70B!
] # More models at https://huggingface.co/unsloth

model, tokenizer = FastLanguageModel.from_pretrained(
    model_name = "unsloth/Llama-3.2-3B-Instruct", # or choose "unsloth/Llama-3.2-1B-Instruct"
    max_seq_length = max_seq_length,
    dtype = dtype,
    load_in_4bit = load_in_4bit,
    # token = "hf_...", # use one if using gated models like meta-llama/Llama-2-7b-hf
)

🦥 Unsloth: Will patch your computer to enable 2x faster free finetuning.
🦥 Unsloth Zoo will now patch everything to make training faster!
==((====))==  Unsloth 2025.3.2: Fast Llama patching. Transformers: 4.48.3.
   \\   /|    Tesla T4. Num GPUs = 1. Max memory: 14.741 GB. Platform: Linux.
O^O/ \_/ \    Torch: 2.5.1+cu124. CUDA: 7.5. CUDA Toolkit: 12.4. Triton: 3.1.0
\        /    Bfloat16 = FALSE. FA [Xformers = 0.0.29. FA2 = False]
 "-____-"     Free license: http://github.com/unslothai/unsloth
Unsloth: Fast downloading is enabled - ignore downloading bars which are red colored!


We now add LoRA adapters so we only need to update 1 to 10% of all parameters!

In [None]:
model = FastLanguageModel.get_peft_model(
    model,
    r = 16, # Choose any number > 0 ! Suggested 8, 16, 32, 64, 128
    target_modules = ["q_proj", "k_proj", "v_proj", "o_proj",
                      "gate_proj", "up_proj", "down_proj",],
    lora_alpha = 16,
    lora_dropout = 0, # Supports any, but = 0 is optimized
    bias = "none",    # Supports any, but = "none" is optimized
    # [NEW] "unsloth" uses 30% less VRAM, fits 2x larger batch sizes!
    use_gradient_checkpointing = "unsloth", # True or "unsloth" for very long context
    random_state = 3407,
    use_rslora = False,  # We support rank stabilized LoRA
    loftq_config = None, # And LoftQ
)

Unsloth 2025.3.2 patched 28 layers with 28 QKV layers, 28 O layers and 28 MLP layers.


<a name="Data"></a>
### Data Prep
We now use the `Llama-3.1` format for conversation style finetunes. We use [Maxime Labonne's FineTome-100k](https://huggingface.co/datasets/mlabonne/FineTome-100k) dataset in ShareGPT style. But we convert it to HuggingFace's normal multiturn format `("role", "content")` instead of `("from", "value")`/ Llama-3 renders multi turn conversations like below:

```
<|begin_of_text|><|start_header_id|>user<|end_header_id|>

Hello!<|eot_id|><|start_header_id|>assistant<|end_header_id|>

Hey there! How are you?<|eot_id|><|start_header_id|>user<|end_header_id|>

I'm great thanks!<|eot_id|>
```

We use our `get_chat_template` function to get the correct chat template. We support `zephyr, chatml, mistral, llama, alpaca, vicuna, vicuna_old, phi3, llama3` and more.

In [None]:
from unsloth.chat_templates import get_chat_template

tokenizer = get_chat_template(
    tokenizer,
    chat_template = "llama-3.1",
)

def formatting_prompts_func(examples):
    convos = examples["conversations"]
    texts = [tokenizer.apply_chat_template(convo, tokenize = False, add_generation_prompt = False) for convo in convos]
    return { "text" : texts, }
pass

from datasets import load_dataset
dataset = load_dataset("mlabonne/FineTome-100k", split = "train")

We now use `standardize_sharegpt` to convert ShareGPT style datasets into HuggingFace's generic format. This changes the dataset from looking like:
```
{"from": "system", "value": "You are an assistant"}
{"from": "human", "value": "What is 2+2?"}
{"from": "gpt", "value": "It's 4."}
```
to
```
{"role": "system", "content": "You are an assistant"}
{"role": "user", "content": "What is 2+2?"}
{"role": "assistant", "content": "It's 4."}
```

In [None]:
from unsloth.chat_templates import standardize_sharegpt
dataset = standardize_sharegpt(dataset)
dataset = dataset.map(formatting_prompts_func, batched = True,)

We look at how the conversations are structured for item 5:

In [None]:
dataset[5]["conversations"]

[{'content': 'How do astronomers determine the original wavelength of light emitted by a celestial body at rest, which is necessary for measuring its speed using the Doppler effect?',
  'role': 'user'},
 {'content': 'Astronomers make use of the unique spectral fingerprints of elements found in stars. These elements emit and absorb light at specific, known wavelengths, forming an absorption spectrum. By analyzing the light received from distant stars and comparing it to the laboratory-measured spectra of these elements, astronomers can identify the shifts in these wavelengths due to the Doppler effect. The observed shift tells them the extent to which the light has been redshifted or blueshifted, thereby allowing them to calculate the speed of the star along the line of sight relative to Earth.',
  'role': 'assistant'}]

And we see how the chat template transformed these conversations.

**[Notice]** Llama 3.1 Instruct's default chat template default adds `"Cutting Knowledge Date: December 2023\nToday Date: 26 July 2024"`, so do not be alarmed!

In [None]:
dataset[5]["text"]

'<|begin_of_text|><|start_header_id|>system<|end_header_id|>\n\nCutting Knowledge Date: December 2023\nToday Date: 26 July 2024\n\n<|eot_id|><|start_header_id|>user<|end_header_id|>\n\nHow do astronomers determine the original wavelength of light emitted by a celestial body at rest, which is necessary for measuring its speed using the Doppler effect?<|eot_id|><|start_header_id|>assistant<|end_header_id|>\n\nAstronomers make use of the unique spectral fingerprints of elements found in stars. These elements emit and absorb light at specific, known wavelengths, forming an absorption spectrum. By analyzing the light received from distant stars and comparing it to the laboratory-measured spectra of these elements, astronomers can identify the shifts in these wavelengths due to the Doppler effect. The observed shift tells them the extent to which the light has been redshifted or blueshifted, thereby allowing them to calculate the speed of the star along the line of sight relative to Earth.<|

<a name="Train"></a>
### Train the model
Now let's use Huggingface TRL's `SFTTrainer`! More docs here: [TRL SFT docs](https://huggingface.co/docs/trl/sft_trainer). We do 60 steps to speed things up, but you can set `num_train_epochs=1` for a full run, and turn off `max_steps=None`. We also support TRL's `DPOTrainer`!

In [None]:
from trl import SFTTrainer
from transformers import TrainingArguments, DataCollatorForSeq2Seq
from unsloth import is_bfloat16_supported

trainer = SFTTrainer(
    model = model,
    tokenizer = tokenizer,
    train_dataset = dataset,
    dataset_text_field = "text",
    max_seq_length = max_seq_length,
    data_collator = DataCollatorForSeq2Seq(tokenizer = tokenizer),
    dataset_num_proc = 2,
    packing = False, # Can make training 5x faster for short sequences.
    args = TrainingArguments(
        per_device_train_batch_size = 2,
        gradient_accumulation_steps = 4,
        warmup_steps = 5,
        # num_train_epochs = 1, # Set this for 1 full training run.
        max_steps = 60,
        learning_rate = 2e-4,
        fp16 = not is_bfloat16_supported(),
        bf16 = is_bfloat16_supported(),
        logging_steps = 1,
        optim = "adamw_8bit",
        weight_decay = 0.01,
        lr_scheduler_type = "linear",
        seed = 3407,
        output_dir = "outputs",
        report_to = "none", # Use this for WandB etc
    ),
)

We also use Unsloth's `train_on_completions` method to only train on the assistant outputs and ignore the loss on the user's inputs.

In [None]:
from unsloth.chat_templates import train_on_responses_only
trainer = train_on_responses_only(
    trainer,
    instruction_part = "<|start_header_id|>user<|end_header_id|>\n\n",
    response_part = "<|start_header_id|>assistant<|end_header_id|>\n\n",
)

We verify masking is actually done:

In [None]:
tokenizer.decode(trainer.train_dataset[5]["input_ids"])

'<|begin_of_text|><|begin_of_text|><|start_header_id|>system<|end_header_id|>\n\nCutting Knowledge Date: December 2023\nToday Date: 26 July 2024\n\n<|eot_id|><|start_header_id|>user<|end_header_id|>\n\nHow do astronomers determine the original wavelength of light emitted by a celestial body at rest, which is necessary for measuring its speed using the Doppler effect?<|eot_id|><|start_header_id|>assistant<|end_header_id|>\n\nAstronomers make use of the unique spectral fingerprints of elements found in stars. These elements emit and absorb light at specific, known wavelengths, forming an absorption spectrum. By analyzing the light received from distant stars and comparing it to the laboratory-measured spectra of these elements, astronomers can identify the shifts in these wavelengths due to the Doppler effect. The observed shift tells them the extent to which the light has been redshifted or blueshifted, thereby allowing them to calculate the speed of the star along the line of sight rel

In [None]:
space = tokenizer(" ", add_special_tokens = False).input_ids[0]
tokenizer.decode([space if x == -100 else x for x in trainer.train_dataset[5]["labels"]])

'                                                                 \n\nAstronomers make use of the unique spectral fingerprints of elements found in stars. These elements emit and absorb light at specific, known wavelengths, forming an absorption spectrum. By analyzing the light received from distant stars and comparing it to the laboratory-measured spectra of these elements, astronomers can identify the shifts in these wavelengths due to the Doppler effect. The observed shift tells them the extent to which the light has been redshifted or blueshifted, thereby allowing them to calculate the speed of the star along the line of sight relative to Earth.<|eot_id|>'

We can see the System and Instruction prompts are successfully masked!

In [None]:
# @title Show current memory stats
gpu_stats = torch.cuda.get_device_properties(0)
start_gpu_memory = round(torch.cuda.max_memory_reserved() / 1024 / 1024 / 1024, 3)
max_memory = round(gpu_stats.total_memory / 1024 / 1024 / 1024, 3)
print(f"GPU = {gpu_stats.name}. Max memory = {max_memory} GB.")
print(f"{start_gpu_memory} GB of memory reserved.")

GPU = Tesla T4. Max memory = 14.741 GB.
2.32 GB of memory reserved.


In [None]:
trainer_stats = trainer.train()

==((====))==  Unsloth - 2x faster free finetuning | Num GPUs used = 1
   \\   /|    Num examples = 100,000 | Num Epochs = 1 | Total steps = 60
O^O/ \_/ \    Batch size per device = 2 | Gradient accumulation steps = 4
\        /    Data Parallel GPUs = 1 | Total batch size (2 x 4 x 1) = 8
 "-____-"     Trainable parameters = 24,313,856/1,865,526,272 (1.30% trained)


Unsloth: Will smartly offload gradients to save VRAM!


Step,Training Loss
1,0.7726
2,0.8361
3,1.0706
4,0.8887
5,0.755
6,0.9327
7,0.6174
8,0.9933
9,0.858
10,0.7591


In [None]:
# @title Show final memory and time stats
used_memory = round(torch.cuda.max_memory_reserved() / 1024 / 1024 / 1024, 3)
used_memory_for_lora = round(used_memory - start_gpu_memory, 3)
used_percentage = round(used_memory / max_memory * 100, 3)
lora_percentage = round(used_memory_for_lora / max_memory * 100, 3)
print(f"{trainer_stats.metrics['train_runtime']} seconds used for training.")
print(
    f"{round(trainer_stats.metrics['train_runtime']/60, 2)} minutes used for training."
)
print(f"Peak reserved memory = {used_memory} GB.")
print(f"Peak reserved memory for training = {used_memory_for_lora} GB.")
print(f"Peak reserved memory % of max memory = {used_percentage} %.")
print(f"Peak reserved memory for training % of max memory = {lora_percentage} %.")

502.8409 seconds used for training.
8.38 minutes used for training.
Peak reserved memory = 4.131 GB.
Peak reserved memory for training = 1.811 GB.
Peak reserved memory % of max memory = 28.024 %.
Peak reserved memory for training % of max memory = 12.285 %.


<a name="Inference"></a>
### Inference
Let's run the model! You can change the instruction and input - leave the output blank!

**[NEW] Try 2x faster inference in a free Colab for Llama-3.1 8b Instruct [here](https://colab.research.google.com/drive/1T-YBVfnphoVc8E2E854qF3jdia2Ll2W2?usp=sharing)**

We use `min_p = 0.1` and `temperature = 1.5`. Read this [Tweet](https://x.com/menhguin/status/1826132708508213629) for more information on why.

In [None]:
from unsloth.chat_templates import get_chat_template

tokenizer = get_chat_template(
    tokenizer,
    chat_template = "llama-3.1",
)
FastLanguageModel.for_inference(model) # Enable native 2x faster inference

messages = [
    {"role": "user", "content": "Continue the fibonnaci sequence: 1, 1, 2, 3, 5, 8,"},
]
inputs = tokenizer.apply_chat_template(
    messages,
    tokenize = True,
    add_generation_prompt = True, # Must add for generation
    return_tensors = "pt",
).to("cuda")

outputs = model.generate(input_ids = inputs, max_new_tokens = 64, use_cache = True,
                         temperature = 1.5, min_p = 0.1)
tokenizer.batch_decode(outputs)

The attention mask is not set and cannot be inferred from input because pad token is same as eos token. As a consequence, you may observe unexpected behavior. Please pass your input's `attention_mask` to obtain reliable results.


['<|begin_of_text|><|start_header_id|>system<|end_header_id|>\n\nCutting Knowledge Date: December 2023\nToday Date: 26 July 2024\n\n<|eot_id|><|start_header_id|>user<|end_header_id|>\n\nContinue the fibonnaci sequence: 1, 1, 2, 3, 5, 8,<|eot_id|><|start_header_id|>assistant<|end_header_id|>\n\nThe Fibonacci sequence is a series of numbers in which each number is the sum of the two preceding numbers. The sequence you provided starts with 1, 1, 2, 3, 5, and 8. Here are the next three numbers in the sequence:\n9, 14, 23<|eot_id|>']

 You can also use a `TextStreamer` for continuous inference - so you can see the generation token by token, instead of waiting the whole time!

In [None]:
FastLanguageModel.for_inference(model) # Enable native 2x faster inference

messages = [
    {"role": "user", "content": "Continue the fibonnaci sequence: 1, 1, 2, 3, 5, 8,"},
]
inputs = tokenizer.apply_chat_template(
    messages,
    tokenize = True,
    add_generation_prompt = True, # Must add for generation
    return_tensors = "pt",
).to("cuda")

from transformers import TextStreamer
text_streamer = TextStreamer(tokenizer, skip_prompt = True)
_ = model.generate(input_ids = inputs, streamer = text_streamer, max_new_tokens = 128,
                   use_cache = True, temperature = 1.5, min_p = 0.1)

1, 13, 21, 34, 55, 89.<|eot_id|>


<a name="Save"></a>
### Saving, loading finetuned models
To save the final model as LoRA adapters, either use Huggingface's `push_to_hub` for an online save or `save_pretrained` for a local save.

**[NOTE]** This ONLY saves the LoRA adapters, and not the full model. To save to 16bit or GGUF, scroll down!

In [None]:
model.save_pretrained("lora_model")  # Local saving
tokenizer.save_pretrained("lora_model")
# model.push_to_hub("your_name/lora_model", token = "...") # Online saving
# tokenizer.push_to_hub("your_name/lora_model", token = "...") # Online saving

('lora_model/tokenizer_config.json',
 'lora_model/special_tokens_map.json',
 'lora_model/tokenizer.json')

Now if you want to load the LoRA adapters we just saved for inference, set `False` to `True`:

In [None]:
if False:
    from unsloth import FastLanguageModel
    model, tokenizer = FastLanguageModel.from_pretrained(
        model_name = "lora_model", # YOUR MODEL YOU USED FOR TRAINING
        max_seq_length = max_seq_length,
        dtype = dtype,
        load_in_4bit = load_in_4bit,
    )
    FastLanguageModel.for_inference(model) # Enable native 2x faster inference

messages = [
    {"role": "user", "content": "Describe a tall tower in the capital of France."},
]
inputs = tokenizer.apply_chat_template(
    messages,
    tokenize = True,
    add_generation_prompt = True, # Must add for generation
    return_tensors = "pt",
).to("cuda")

from transformers import TextStreamer
text_streamer = TextStreamer(tokenizer, skip_prompt = True)
_ = model.generate(input_ids = inputs, streamer = text_streamer, max_new_tokens = 128,
                   use_cache = True, temperature = 1.5, min_p = 0.1)

Eiffel Tower - The Eiffel Tower is an iconic, tall tower situated in the heart of Paris, the capital of France. Standing 324 meters (1,063 feet) tall, it is a prominent and recognizable landmark. The Eiffel Tower was built for the 1889 World's Fair, held in Paris, and its construction required approximately 18 months. It was named after its designer, Gustave Eiffel. The Eiffel Tower has been used for various purposes since its construction, including as a communication antenna and radio broadcasting station, although it was also initially intended as a temporary structure. It has


You can also use Hugging Face's `AutoModelForPeftCausalLM`. Only use this if you do not have `unsloth` installed. It can be hopelessly slow, since `4bit` model downloading is not supported, and Unsloth's **inference is 2x faster**.

In [None]:
if False:
    # I highly do NOT suggest - use Unsloth if possible
    from peft import AutoPeftModelForCausalLM
    from transformers import AutoTokenizer
    model = AutoPeftModelForCausalLM.from_pretrained(
        "lora_model", # YOUR MODEL YOU USED FOR TRAINING
        load_in_4bit = load_in_4bit,
    )
    tokenizer = AutoTokenizer.from_pretrained("lora_model")

### Saving to float16 for VLLM

We also support saving to `float16` directly. Select `merged_16bit` for float16 or `merged_4bit` for int4. We also allow `lora` adapters as a fallback. Use `push_to_hub_merged` to upload to your Hugging Face account! You can go to https://huggingface.co/settings/tokens for your personal tokens.

In [None]:
# Merge to 16bit
if False: model.save_pretrained_merged("model", tokenizer, save_method = "merged_16bit",)
if False: model.push_to_hub_merged("hf/model", tokenizer, save_method = "merged_16bit", token = "")

# Merge to 4bit
if False: model.save_pretrained_merged("model", tokenizer, save_method = "merged_4bit",)
if False: model.push_to_hub_merged("hf/model", tokenizer, save_method = "merged_4bit", token = "")

# Just LoRA adapters
if False: model.save_pretrained_merged("model", tokenizer, save_method = "lora",)
if False: model.push_to_hub_merged("hf/model", tokenizer, save_method = "lora", token = "")

### GGUF / llama.cpp Conversion
To save to `GGUF` / `llama.cpp`, we support it natively now! We clone `llama.cpp` and we default save it to `q8_0`. We allow all methods like `q4_k_m`. Use `save_pretrained_gguf` for local saving and `push_to_hub_gguf` for uploading to HF.

Some supported quant methods (full list on our [Wiki page](https://github.com/unslothai/unsloth/wiki#gguf-quantization-options)):
* `q8_0` - Fast conversion. High resource use, but generally acceptable.
* `q4_k_m` - Recommended. Uses Q6_K for half of the attention.wv and feed_forward.w2 tensors, else Q4_K.
* `q5_k_m` - Recommended. Uses Q6_K for half of the attention.wv and feed_forward.w2 tensors, else Q5_K.

[**NEW**] To finetune and auto export to Ollama, try our [Ollama notebook](https://colab.research.google.com/drive/1WZDi7APtQ9VsvOrQSSC5DDtxq159j8iZ?usp=sharing)

In [None]:
# Save to 8bit Q8_0
if False: model.save_pretrained_gguf("model", tokenizer,)
# Remember to go to https://huggingface.co/settings/tokens for a token!
# And change hf to your username!
if False: model.push_to_hub_gguf("LLAMA 3.2", tokenizer, token = "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")

# Save to 16bit GGUF
if False: model.save_pretrained_gguf("model", tokenizer, quantization_method = "f16")
if False: model.push_to_hub_gguf("LLAMA 3.2", tokenizer, quantization_method = "f16", token = "")

# Save to q4_k_m GGUF
if False: model.save_pretrained_gguf("model", tokenizer, quantization_method = "q4_k_m")
if False: model.push_to_hub_gguf("LLAMA 3.2", tokenizer, quantization_method = "q4_k_m", token = "")

# Save to multiple GGUF options - much faster if you want multiple!
if False:
    model.push_to_hub_gguf(
        "LLAMA 3.2", # Change hf to your username!
        tokenizer,
        quantization_method = ["q4_k_m", "q8_0", "q5_k_m",],
        token = "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", # Get a token at https://huggingface.co/settings/tokens
    )

In [None]:
from transformers import AutoModelForCausalLM, AutoTokenizer
device = "cuda" # the device to load the model onto

model = AutoModelForCausalLM.from_pretrained(
    "Qwen/Qwen1.5-1.8B-Chat",
    torch_dtype="auto",
    device_map="auto"
)
tokenizer = AutoTokenizer.from_pretrained("Qwen/Qwen1.5-1.8B-Chat")

prompt = "Give me a short introduction to large language model."
messages = [
    {"role": "system", "content": "You are a helpful assistant."},
    {"role": "user", "content": prompt}
]
text = tokenizer.apply_chat_template(
    messages,
    tokenize=False,
    add_generation_prompt=True
)
model_inputs = tokenizer([text], return_tensors="pt").to(device)

generated_ids = model.generate(
    model_inputs.input_ids,
    max_new_tokens=512
)
generated_ids = [
    output_ids[len(input_ids):] for input_ids, output_ids in zip(model_inputs.input_ids, generated_ids)
]

response = tokenizer.batch_decode(generated_ids, skip_special_tokens=True)[0]


In [None]:
from google.colab import drive
drive.mount('/content/drive')


Drive already mounted at /content/drive; to attempt to forcibly remount, call drive.mount("/content/drive", force_remount=True).


In [None]:
from transformers import AutoModelForCausalLM, AutoTokenizer

MODEL_PATH = "/content/drive/MyDrive/saved_model"

# Save the fine-tuned model
model.save_pretrained(MODEL_PATH)
tokenizer.save_pretrained(MODEL_PATH)

print(f"Model saved to: {MODEL_PATH}")


Model saved to: /content/drive/MyDrive/saved_model


In [None]:
import torch

MODEL_PATH = "/content/drive/MyDrive/saved_model/model.pth"

# Save PyTorch model
torch.save(model.state_dict(), MODEL_PATH)

print(f"Model saved to: {MODEL_PATH}")


Model saved to: /content/drive/MyDrive/saved_model/model.pth


In [None]:
model.load_state_dict(torch.load(MODEL_PATH))
model.eval()


  model.load_state_dict(torch.load(MODEL_PATH))


Qwen2ForCausalLM(
  (model): Qwen2Model(
    (embed_tokens): Embedding(151936, 2048)
    (layers): ModuleList(
      (0-23): 24 x Qwen2DecoderLayer(
        (self_attn): Qwen2Attention(
          (q_proj): Linear(in_features=2048, out_features=2048, bias=True)
          (k_proj): Linear(in_features=2048, out_features=2048, bias=True)
          (v_proj): Linear(in_features=2048, out_features=2048, bias=True)
          (o_proj): Linear(in_features=2048, out_features=2048, bias=False)
        )
        (mlp): Qwen2MLP(
          (gate_proj): Linear(in_features=2048, out_features=5504, bias=False)
          (up_proj): Linear(in_features=2048, out_features=5504, bias=False)
          (down_proj): Linear(in_features=5504, out_features=2048, bias=False)
          (act_fn): SiLU()
        )
        (input_layernorm): Qwen2RMSNorm((2048,), eps=1e-06)
        (post_attention_layernorm): Qwen2RMSNorm((2048,), eps=1e-06)
      )
    )
    (norm): Qwen2RMSNorm((2048,), eps=1e-06)
    (rotary_emb): 

In [None]:
!pip uninstall -y unsloth
!pip install --upgrade unsloth


Found existing installation: unsloth 2025.3.2
Uninstalling unsloth-2025.3.2:
  Successfully uninstalled unsloth-2025.3.2
Collecting unsloth
  Using cached unsloth-2025.3.2-py3-none-any.whl.metadata (59 kB)
Using cached unsloth-2025.3.2-py3-none-any.whl (190 kB)
Installing collected packages: unsloth
Successfully installed unsloth-2025.3.2


File Upload & Preprocessing

In [None]:
import os
import shutil

# Define storage paths
UPLOAD_FOLDER = "./code_reviews/"
PROCESSED_FOLDER = "./processed_code/"

# Ensure directories exist
os.makedirs(UPLOAD_FOLDER, exist_ok=True)
os.makedirs(PROCESSED_FOLDER, exist_ok=True)

def validate_and_store_file(filepath):
    """Validates file format and stores it in the processing folder."""
    if not os.path.exists(filepath):
        raise FileNotFoundError("File not found!")

    # Validate file type
    if not filepath.endswith((".py", ".java")):
        raise ValueError("Only Python (.py) and Java (.java) files are allowed.")

    # Move file to the processing directory
    dest_path = os.path.join(PROCESSED_FOLDER, os.path.basename(filepath))
    shutil.copy(filepath, dest_path)
    print(f"File stored at: {dest_path}")

# Example usage
# validate_and_store_file("sample.py")


In [None]:
import os
from google.colab import files

# Create directories if they don't exist
os.makedirs("code_reviews", exist_ok=True)
os.makedirs("processed_code", exist_ok=True)

# Upload files (Python/Java)
uploaded = files.upload()

# Save uploaded files to 'code_reviews' and copy them to 'processed_code'
for filename in uploaded.keys():
    # Save original file
    with open(os.path.join("code_reviews", filename), "wb") as f:
        f.write(uploaded[filename])

    # Simulate file validation (e.g., encoding, format checks) and store a processed copy
    with open(os.path.join("code_reviews", filename), "r", encoding="utf-8") as src:
        content = src.read()

    with open(os.path.join("processed_code", filename), "w", encoding="utf-8") as dst:
        dst.write(content)

    print(f"Uploaded and processed {filename}")

Saving red_team.py to red_team.py
Uploaded and processed red_team.py


In [None]:
import ast
import json

os.makedirs("chunks", exist_ok=True)

def chunk_python_code(filepath):
    with open(filepath, "r", encoding="utf-8") as f:
        source = f.read()
    tree = ast.parse(source)
    chunks = []
    for node in ast.walk(tree):
        if isinstance(node, ast.FunctionDef):
            start_line = node.lineno - 1  # Adjusting for 0-index
            # If available (Python 3.8+), use end_lineno; otherwise, assume single-line function
            end_line = node.end_lineno if hasattr(node, 'end_lineno') else node.lineno
            lines = source.splitlines()[start_line:end_line]
            func_code = "\n".join(lines)
            chunks.append({
                "function_name": node.name,
                "code": func_code,
                "start_line": start_line + 1,
                "end_line": end_line
            })
    return chunks

def chunk_java_code(filepath):
    # Simulated chunking: split the file by occurrences of "public" and treat each as a chunk.
    with open(filepath, "r", encoding="utf-8") as f:
        source = f.read()
    chunks = []
    parts = source.split("public ")
    for i, part in enumerate(parts[1:], start=1):
        chunk = "public " + part
        chunks.append({
            "chunk_id": i,
            "code": chunk[:500]  # For demonstration, take first 500 characters
        })
    return chunks

# Process each file from the 'processed_code' folder
for filename in os.listdir("processed_code"):
    filepath = os.path.join("processed_code", filename)
    if filename.endswith(".py"):
        chunks = chunk_python_code(filepath)
    elif filename.endswith(".java"):
        chunks = chunk_java_code(filepath)
    else:
        print(f"Unsupported file type: {filename}")
        continue

    # Save the chunks to a JSON file
    chunks_filepath = os.path.join("chunks", f"{filename}_chunks.json")
    with open(chunks_filepath, "w", encoding="utf-8") as f:
        json.dump(chunks, f, indent=2)

    print(f"Chunked {filename} and saved to {chunks_filepath}")

Chunked red_team.py and saved to chunks/red_team.py_chunks.json


In [None]:
# Install required packages if not already installed
!pip install bandit radon pylint

import subprocess
import json
import os

os.makedirs("static_analysis_results", exist_ok=True)

def run_static_analysis_python(filepath):
    results = {}

    # Run Bandit for security warnings
    bandit_cmd = ["bandit", "-r", filepath, "-f", "json"]
    try:
        proc = subprocess.run(bandit_cmd, capture_output=True, text=True, check=False)
        bandit_output = proc.stdout
        try:
            results["bandit"] = json.loads(bandit_output)
        except json.JSONDecodeError:
            results["bandit"] = {
                "error": "Failed to decode Bandit output",
                "output": bandit_output.strip()
            }
    except Exception as e:
        results["bandit"] = {"error": str(e)}

    # Run Radon for code complexity
    radon_cmd = ["radon", "cc", filepath, "-j"]
    try:
        proc = subprocess.run(radon_cmd, capture_output=True, text=True, check=False)
        radon_output = proc.stdout
        try:
            results["radon"] = json.loads(radon_output)
        except json.JSONDecodeError:
            results["radon"] = {
                "error": "Failed to decode Radon output",
                "output": radon_output.strip()
            }
    except Exception as e:
        results["radon"] = {"error": str(e)}

    # Run Pylint for syntax and code quality issues
    pylint_cmd = ["pylint", filepath, "--output-format=json"]
    try:
        proc = subprocess.run(pylint_cmd, capture_output=True, text=True, check=False)
        pylint_output = proc.stdout
        try:
            results["pylint"] = json.loads(pylint_output)
        except json.JSONDecodeError:
            results["pylint"] = {
                "error": "Failed to decode Pylint output",
                "output": pylint_output.strip()
            }
    except Exception as e:
        results["pylint"] = {"error": str(e)}

    return results

def run_static_analysis_java(filepath):
    # Placeholder for Java analysis (e.g., using SpotBugs and PMD)
    results = {
        "spotbugs": f"Simulated SpotBugs analysis result for {filepath}",
        "pmd": f"Simulated PMD analysis result for {filepath}"
    }
    return results

# Run static analysis for each file in 'processed_code'
for filename in os.listdir("processed_code"):
    filepath = os.path.join("processed_code", filename)
    analysis_result = {}
    if filename.endswith(".py"):
        analysis_result = run_static_analysis_python(filepath)
    elif filename.endswith(".java"):
        analysis_result = run_static_analysis_java(filepath)
    else:
        continue

    analysis_filepath = os.path.join("static_analysis_results", f"{filename}_analysis.json")
    with open(analysis_filepath, "w", encoding="utf-8") as f:
        json.dump(analysis_result, f, indent=2)

    print(f"Static analysis for {filename} saved to {analysis_filepath}")


Collecting bandit
  Downloading bandit-1.8.3-py3-none-any.whl.metadata (7.0 kB)
Collecting radon
  Downloading radon-6.0.1-py2.py3-none-any.whl.metadata (8.2 kB)
Collecting pylint
  Downloading pylint-3.3.4-py3-none-any.whl.metadata (12 kB)
Collecting stevedore>=1.20.0 (from bandit)
  Downloading stevedore-5.4.1-py3-none-any.whl.metadata (2.3 kB)
Collecting mando<0.8,>=0.6 (from radon)
  Downloading mando-0.7.1-py2.py3-none-any.whl.metadata (7.4 kB)
Collecting colorama>=0.4.1 (from radon)
  Downloading colorama-0.4.6-py2.py3-none-any.whl.metadata (17 kB)
Collecting astroid<=3.4.0-dev0,>=3.3.8 (from pylint)
  Downloading astroid-3.3.8-py3-none-any.whl.metadata (4.5 kB)
Collecting isort!=5.13.0,<7,>=4.2.5 (from pylint)
  Downloading isort-6.0.1-py3-none-any.whl.metadata (11 kB)
Collecting mccabe<0.8,>=0.6 (from pylint)
  Downloading mccabe-0.7.0-py2.py3-none-any.whl.metadata (5.0 kB)
Collecting tomlkit>=0.10.1 (from pylint)
  Downloading tomlkit-0.13.2-py3-none-any.whl.metadata (2.7 kB)


In [None]:
import glob
import json

os.makedirs("llm_reviews", exist_ok=True)

def llm_review_chunk(code_chunk):
    # Simulated LLM review – replace this with your local Qwen call (e.g., via Ollama API)
    review = {
        "logic_errors": "No logic errors detected.",
        "security_flaws": "Potential improvement: validate user inputs.",
        "improvement_suggestions": "Consider refactoring to enhance readability."
    }
    return review

# Process each chunks file in the 'chunks' folder
for chunks_file in glob.glob("chunks/*_chunks.json"):
    with open(chunks_file, "r", encoding="utf-8") as f:
        chunks = json.load(f)

    llm_reviews = []
    for chunk in chunks:
        code = chunk.get("code", "")
        review = llm_review_chunk(code)
        review_entry = {
            "chunk": chunk,
            "llm_review": review
        }
        llm_reviews.append(review_entry)

    # Save LLM review results to JSON
    review_filepath = os.path.join("llm_reviews", os.path.basename(chunks_file).replace("_chunks.json", "_review.json"))
    with open(review_filepath, "w", encoding="utf-8") as f:
        json.dump(llm_reviews, f, indent=2)

    print(f"LLM review for chunks in {chunks_file} saved to {review_filepath}")


LLM review for chunks in chunks/red_team.py_chunks.json saved to llm_reviews/red_team.py_review.json


In [None]:
import json
import os

os.makedirs("final_reports", exist_ok=True)
final_reports = {}

# For each processed file, merge its static analysis and LLM review (if available)
for filename in os.listdir("processed_code"):
    file_report = {}
    static_file = os.path.join("static_analysis_results", f"{filename}_analysis.json")
    llm_file = os.path.join("llm_reviews", f"{filename}_review.json")

    if os.path.exists(static_file):
        with open(static_file, "r", encoding="utf-8") as f:
            file_report["static_analysis"] = json.load(f)
    if os.path.exists(llm_file):
        with open(llm_file, "r", encoding="utf-8") as f:
            file_report["llm_review"] = json.load(f)

    final_reports[filename] = file_report
    report_path = os.path.join("final_reports", f"{filename}_report.txt")
    with open(report_path, "w", encoding="utf-8") as f:
        f.write(f"Final Code Review Report for {filename}\n\n")
        f.write("Static Analysis Results:\n")
        f.write(json.dumps(file_report.get("static_analysis", {}), indent=2))
        f.write("\n\nLLM-Based Review:\n")
        f.write(json.dumps(file_report.get("llm_review", {}), indent=2))

    print(f"Final report for {filename} saved to {report_path}")


Final report for red_team.py saved to final_reports/red_team.py_report.txt


In [None]:
!pip install detoxify


Collecting detoxify
  Downloading detoxify-0.5.2-py3-none-any.whl.metadata (13 kB)
Downloading detoxify-0.5.2-py3-none-any.whl (12 kB)
Installing collected packages: detoxify
Successfully installed detoxify-0.5.2


In [None]:
import logging
import re
from transformers import AutoModelForCausalLM, AutoTokenizer

# Set device (e.g., "cuda")
device = "cuda"

# -------------------------------
# Load Qwen Model (already installed)
# -------------------------------
model = AutoModelForCausalLM.from_pretrained(
    "Qwen/Qwen1.5-1.8B-Chat",
    torch_dtype="auto",
    device_map="auto"
)
tokenizer = AutoTokenizer.from_pretrained("Qwen/Qwen1.5-1.8B-Chat")

# -------------------------------
# Configure Logging
# -------------------------------
logging.basicConfig(
    filename='pr_security.log',
    level=logging.INFO,
    format='%(asctime)s - %(levelname)s - %(message)s'
)

# -------------------------------
# 1. Automated PR Risk Scoring
# -------------------------------
def pr_risk_scoring(code: str) -> int:
    """
    Evaluate a code snippet and return a risk score based on simple heuristics.
    """
    risk_score = 0
    if "eval(" in code or "exec(" in code:
        risk_score += 10  # Dangerous dynamic execution
    if "import os" in code and "os.system(" in code:
        risk_score += 8   # OS command injection risk
    if "insecure_dependency" in code:
        risk_score += 5   # Placeholder for dependency risk
    return risk_score

# -------------------------------
# 2. LLM-Powered Code Fix Suggestions using Qwen
# -------------------------------
def suggest_code_fix(vulnerable_code: str) -> str:
    """
    Use the Qwen model to generate a secure code fix suggestion for a vulnerable code snippet.
    """
    # Create a chat prompt for Qwen
    prompt = f"Review and suggest a secure code fix for the following code snippet:\n{vulnerable_code}"
    messages = [
        {"role": "system", "content": "You are an expert security code reviewer and fixer."},
        {"role": "user", "content": prompt}
    ]
    # Use the provided chat template functionality
    text = tokenizer.apply_chat_template(
        messages,
        tokenize=False,
        add_generation_prompt=True
    )
    model_inputs = tokenizer([text], return_tensors="pt").to(device)
    generated_ids = model.generate(
        model_inputs.input_ids,
        max_new_tokens=512
    )
    # Remove prompt tokens from generated output
    generated_ids = [
        output_ids[len(input_ids):]
        for input_ids, output_ids in zip(model_inputs.input_ids, generated_ids)
    ]
    response = tokenizer.batch_decode(generated_ids, skip_special_tokens=True)[0]
    return response

# -------------------------------
# 3. Static & Dynamic Analysis (Placeholder Functions)
# -------------------------------
def static_analysis(code: str) -> dict:
    """
    Simulate static analysis by scanning for common risky patterns.
    """
    findings = {"issues": []}
    if "os.system(" in code:
        findings["issues"].append("Potential OS command injection detected.")
    return findings

def dynamic_analysis(code: str) -> dict:
    """
    Simulate dynamic analysis by checking for dangerous functions.
    """
    findings = {"issues": []}
    if "eval(" in code:
        findings["issues"].append("Use of eval() may lead to code injection vulnerabilities.")
    return findings

# -------------------------------
# 4. Anomaly Detection in Commits
# -------------------------------
def detect_commit_anomalies(commit_message: str) -> bool:
    """
    Check commit messages for suspicious keywords that may indicate risky changes.
    """
    risky_terms = ["backdoor", "hardcoded", "bypass", "secret"]
    return any(term in commit_message.lower() for term in risky_terms)

# -------------------------------
# 5. Confidential Data Redaction
# -------------------------------
def redact_sensitive_data(code: str) -> str:
    """
    Redact sensitive data such as API keys or passwords from the code.
    """
    code = re.sub(r"(?<=API_KEY=)['\"]?[A-Za-z0-9-_]+['\"]?", "REDACTED", code)
    code = re.sub(r"(?<=password=)['\"]?[A-Za-z0-9-_]+['\"]?", "REDACTED", code)
    return code

# -------------------------------
# 6. Integration with GitHub Actions: PR Security Check
# -------------------------------
def github_security_check(pr_code: str, commit_message: str) -> str:
    """
    Analyze a PR's code and commit message to decide whether the PR meets security standards.
    """
    pr_code = redact_sensitive_data(pr_code)
    risk_score = pr_risk_scoring(pr_code)
    static_results = static_analysis(pr_code)
    dynamic_results = dynamic_analysis(pr_code)
    anomalies = detect_commit_anomalies(commit_message)

    # Log details for audit
    logging.info("Commit Message: %s", commit_message)
    logging.info("Redacted PR Code: %s", pr_code)
    logging.info("Risk Score: %d", risk_score)
    logging.info("Static Analysis Findings: %s", static_results)
    logging.info("Dynamic Analysis Findings: %s", dynamic_results)
    logging.info("Anomaly Detected: %s", anomalies)

    # Simple decision logic for demonstration purposes
    if anomalies or risk_score > 10:
        return "PR Blocked: High security risk."
    else:
        return "PR Approved: No major security concerns."

# -------------------------------
# 7. Fine-Tuned LLM for Secure Coding Practices (Placeholder)
# -------------------------------
def fine_tune_qwen_model(training_dataset):
    """
    Placeholder for fine-tuning a custom Qwen model on secure coding practices.
    Actual training would involve a dedicated pipeline using RLHF techniques.
    """
    # Pseudocode / Placeholder:
    # from transformers import Trainer, TrainingArguments
    # training_args = TrainingArguments(
    #     output_dir="./qwen_finetuned",
    #     num_train_epochs=3,
    #     per_device_train_batch_size=4,
    #     evaluation_strategy="steps"
    # )
    # trainer = Trainer(
    #     model=model,
    #     args=training_args,
    #     train_dataset=training_dataset
    # )
    # trainer.train()
    pass

# -------------------------------
# Main Execution Example
# -------------------------------
def main():
    # Example PR code snippet and commit message
    example_pr_code = '''
import os
API_KEY="12345ABCDEF"
def dangerous_function():
    eval("print('Hello World')")
    os.system("rm -rf /")
'''
    example_commit_message = "Refactored code; note: added a hardcoded API key for testing purposes."

    # Perform GitHub security check
    decision = github_security_check(example_pr_code, example_commit_message)
    print("GitHub Security Check Decision:", decision)

    # If the PR is flagged, suggest a secure code fix using Qwen
    if decision.startswith("PR Blocked"):
        secure_fix = suggest_code_fix(example_pr_code)
        print("\nSuggested Secure Code Fix:")
        print(secure_fix)

    # Display additional analysis findings
    print("\nStatic Analysis Findings:", static_analysis(example_pr_code))
    print("Dynamic Analysis Findings:", dynamic_analysis(example_pr_code))

if __name__ == "__main__":
    main()


GitHub Security Check Decision: PR Blocked: High security risk.

Suggested Secure Code Fix:
The given code snippet appears to be using Python's `eval()` function to execute shell commands directly within the function body, which is generally considered insecure due to its potential to execute arbitrary code. 

Here's a potential solution to ensure that the function only prints "Hello World" to the console without executing any system commands:

```python
import os
import subprocess

def dangerous_function():
    print('Hello World')

# Convert API_KEY string to lowercase to avoid case sensitivity issues
api_key = api_key.lower()

# Check if API_KEY is present in the environment variables
if os.environ.get(api_key) is not None:
    # Replace API_KEY with the actual API key stored in environment variables
    API_KEY = os.environ.get(api_key)
    
    # Create a subprocess object with the exec method to run the shell command
    proc = subprocess.Popen(['bash', '-c', f'echo "Hello World"

In [None]:
import logging
import re
import os
import networkx as nx
from transformers import AutoModelForCausalLM, AutoTokenizer

# Set device (e.g., "cuda")
device = "cuda"

# -------------------------------
# Load Qwen Model (already installed)
# -------------------------------
model = AutoModelForCausalLM.from_pretrained(
    "Qwen/Qwen1.5-1.8B-Chat",
    torch_dtype="auto",
    device_map="auto"
)
tokenizer = AutoTokenizer.from_pretrained("Qwen/Qwen1.5-1.8B-Chat")

# -------------------------------
# Configure Logging
# -------------------------------
logging.basicConfig(
    filename='pr_security.log',
    level=logging.INFO,
    format='%(asctime)s - %(levelname)s - %(message)s'
)

# -------------------------------
# Helper Functions from Previous Pipeline
# -------------------------------
def redact_sensitive_data(code: str) -> str:
    code = re.sub(r"(?<=API_KEY=)['\"]?[A-Za-z0-9-_]+['\"]?", "REDACTED", code)
    code = re.sub(r"(?<=password=)['\"]?[A-Za-z0-9-_]+['\"]?", "REDACTED", code)
    return code

def static_analysis(code: str) -> dict:
    findings = {"issues": []}
    if "os.system(" in code:
        findings["issues"].append("Potential OS command injection detected.")
    return findings

def dynamic_analysis(code: str) -> dict:
    findings = {"issues": []}
    if "eval(" in code:
        findings["issues"].append("Use of eval() may lead to code injection vulnerabilities.")
    return findings

def detect_commit_anomalies(commit_message: str) -> bool:
    risky_terms = ["backdoor", "hardcoded", "bypass", "secret"]
    return any(term in commit_message.lower() for term in risky_terms)

# -------------------------------
# 1. Multi-LLM Security Comparison
# -------------------------------
def multi_llm_security_comparison(prompt: str, llm_models: dict, tokenizers: dict) -> dict:
    """
    Accept a security prompt and evaluate responses from multiple LLMs.
    llm_models and tokenizers should be dictionaries keyed by model name.
    """
    responses = {}
    for name, llm in llm_models.items():
        tk = tokenizers[name]
        messages = [
            {"role": "system", "content": "You are an expert security assistant."},
            {"role": "user", "content": prompt}
        ]
        try:
            # Use the chat template if available.
            text = tk.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
        except AttributeError:
            # Fallback to a simple formatted prompt.
            text = "\n".join([f"{m['role']}: {m['content']}" for m in messages])
        model_inputs = tk([text], return_tensors="pt").to(device)
        generated_ids = llm.generate(model_inputs.input_ids, max_new_tokens=256)
        # Remove the prompt portion from the output.
        generated_ids = [
            output_ids[len(input_ids):]
            for input_ids, output_ids in zip(model_inputs.input_ids, generated_ids)
        ]
        response = tk.batch_decode(generated_ids, skip_special_tokens=True)[0]
        responses[name] = response
    return responses

# -------------------------------
# 2. Customizable Security Policies
# -------------------------------
def customizable_risk_scoring(code: str, risk_threshold: int = 10) -> (int, bool):
    """
    Evaluate a code snippet and return its risk score.
    Returns (risk_score, is_safe) where is_safe is True if risk_score < risk_threshold.
    """
    risk_score = 0
    if "eval(" in code or "exec(" in code:
        risk_score += 10
    if "import os" in code and "os.system(" in code:
        risk_score += 8
    if "insecure_dependency" in code:
        risk_score += 5
    is_safe = risk_score < risk_threshold
    return risk_score, is_safe

# -------------------------------
# 3. Multi-Modal Threat Detection
# -------------------------------
def multi_modal_threat_detection(file_path: str) -> dict:
    """
    Analyze a file (image, PDF, etc.) for potential threats.
    This is a placeholder function.
    """
    file_ext = os.path.splitext(file_path)[1].lower()
    findings = {"file": file_path, "threats": []}
    if file_ext in [".jpg", ".jpeg", ".png"]:
        findings["threats"].append("Image threat analysis not implemented (placeholder).")
    elif file_ext == ".pdf":
        findings["threats"].append("PDF threat analysis not implemented (placeholder).")
    else:
        findings["threats"].append("File type not supported for threat detection.")
    return findings

# -------------------------------
# 4. Real-Time AI Agent for Secure PR Merging
# -------------------------------
def real_time_pr_agent(pr_code: str, commit_message: str, risk_threshold: int = 10) -> str:
    """
    Automate PR decisions (approve/reject) based on real-time security compliance.
    """
    pr_code_redacted = redact_sensitive_data(pr_code)
    risk_score, is_safe = customizable_risk_scoring(pr_code_redacted, risk_threshold)
    static_results = static_analysis(pr_code_redacted)
    dynamic_results = dynamic_analysis(pr_code_redacted)
    anomalies = detect_commit_anomalies(commit_message)

    logging.info("Real-Time PR Agent Analysis:")
    logging.info("Risk Score: %d", risk_score)
    logging.info("Static Analysis: %s", static_results)
    logging.info("Dynamic Analysis: %s", dynamic_results)
    logging.info("Anomaly Detected: %s", anomalies)

    if not is_safe or anomalies:
        return "PR Blocked: High security risk."
    else:
        return "PR Approved: Security compliance met."

# -------------------------------
# 5. Graph-Based Risk Analysis
# -------------------------------
def graph_based_risk_analysis(code: str):
    """
    Build a knowledge graph mapping dependencies and their risk levels from code.
    Uses networkx to create a simple dependency graph.
    """
    G = nx.Graph()
    # Extract dependencies from import statements (simplified)
    dependencies = re.findall(r"import\s+(\w+)", code)
    for dep in dependencies:
        # Example: assign a risk value based on dependency name.
        risk = 5 if dep in ["os", "sys"] else 1
        G.add_node(dep, risk=risk)
    # Connect nodes that co-occur in the code.
    for i in range(len(dependencies)):
        for j in range(i + 1, len(dependencies)):
            G.add_edge(dependencies[i], dependencies[j])
    return G

# -------------------------------
# Main Demonstration
# -------------------------------
if __name__ == "__main__":
    # Multi-LLM Security Comparison Demo
    llm_models = {
        "Qwen": model,
        "Qwen_Alt": model  # For demonstration, we use the same model. In practice, use different models.
    }
    tokenizers = {
        "Qwen": tokenizer,
        "Qwen_Alt": tokenizer
    }
    security_prompt = "Identify potential security vulnerabilities in the following code snippet:\ndef dangerous(): eval('print(Hello)')"
    llm_comparison = multi_llm_security_comparison(security_prompt, llm_models, tokenizers)
    print("Multi-LLM Security Comparison Results:")
    for model_name, response in llm_comparison.items():
        print(f"{model_name}: {response}\n")

    # Customizable Security Policy Demo
    example_code = '''
import os
API_KEY="12345ABCDEF"
def dangerous_function():
    eval("print('Hello World')")
    os.system("rm -rf /")
'''
    risk_score, is_safe = customizable_risk_scoring(example_code, risk_threshold=10)
    print(f"Customizable Risk Scoring:\nRisk Score: {risk_score}, Is Safe: {is_safe}\n")

    # Multi-Modal Threat Detection Demo
    file_path = "example.pdf"  # Replace with an actual file path as needed.
    threat_findings = multi_modal_threat_detection(file_path)
    print("Multi-Modal Threat Detection Findings:", threat_findings, "\n")

    # Real-Time PR Agent Demo
    commit_message = "Refactored code; note: added a hardcoded API key for testing purposes."
    pr_decision = real_time_pr_agent(example_code, commit_message, risk_threshold=10)
    print("Real-Time PR Agent Decision:", pr_decision, "\n")

    # Graph-Based Risk Analysis Demo
    risk_graph = graph_based_risk_analysis(example_code)
    print("Graph-Based Risk Analysis Nodes with Attributes:")
    for node, attr in risk_graph.nodes(data=True):
        print(f"{node}: {attr}")


Multi-LLM Security Comparison Results:
Qwen: The given code snippet is a Python function named "dangerous" that evaluates a string containing the expression `print(Hello)` and executes it, bypassing the basic security principle of using "eval" to execute arbitrary code.

Here are some potential security vulnerabilities associated with this code:

1. Lack of input validation: The `eval()` function takes a single argument, which is typically a string that represents the code to be executed. However, the provided code directly calls `eval()`, without validating the input. This can allow for unintended execution if the input string contains malicious code or user-specified strings that could potentially crash the interpreter or perform unauthorized actions on the system.

2. Input data sanitization: Since the input string `print(Hello)` itself does not contain any special characters or directives that indicate whether the output should be trusted, the `eval()` function may interpret the re