# Distributed Data Classification with NeMo Curator's `InstructionDataGuardClassifier`

This notebook demonstrates the use of NeMo Curator's `InstructionDataGuardClassifier`. The [Instruction Data Guard classifier](https://huggingface.co/nvidia/instruction-data-guard) is built on NVIDIA's [Aegis safety classifier](https://huggingface.co/nvidia/Aegis-AI-Content-Safety-LlamaGuard-Defensive-1.0) and is designed to detect LLM poisoning trigger attacks. Please refer to the NemoCurator Instruction Data Guard Hugging Face page for more information about the Instruction Data Guard classifier here: https://huggingface.co/nvidia/instruction-data-guard.

Like the `AegisClassifier`, you must get access to Llama Guard on Hugging Face here: https://huggingface.co/meta-llama/LlamaGuard-7b. Afterwards, you should set up a [user access token](https://huggingface.co/docs/hub/en/security-tokens) and pass that token into the constructor of this classifier.

This tutorial requires at least 1 NVIDIA GPU with:
  - Volta™ or higher (compute capability 7.0+)
  - CUDA 12.x

Before running this notebook, please see this [Installation Guide](https://docs.nvidia.com/nemo/curator/latest/admin/installation.html#admin-installation) page for instructions on how to install NeMo Curator. Be sure to use an installation method which includes GPU dependencies.

In [None]:
# Silence Curator logs via Loguru
import os

os.environ["LOGURU_LEVEL"] = "ERROR"

The following imports are required for this tutorial:

In [None]:
import pandas as pd

from nemo_curator.core.client import RayClient
from nemo_curator.pipeline import Pipeline
from nemo_curator.stages.text.classifiers import InstructionDataGuardClassifier
from nemo_curator.stages.text.io.reader.jsonl import JsonlReader
from nemo_curator.stages.text.io.writer.jsonl import JsonlWriter

To run a pipeline in NeMo Curator, we must start a Ray cluster. This can be done manually (see the [Ray documentation](https://docs.ray.io/en/latest/ray-core/starting-ray.html)) or with Curator's `RayClient`:

In [3]:
try:
    ray_client = RayClient()
    ray_client.start()
except Exception as e:
    msg = f"Error initializing Ray client: {e}"
    raise RuntimeError(msg) from e

# Initialize Read, Classification, and Write Stages

Functions in NeMo Curator are called stages. For this tutorial, we will initialize 3 stages: a JSONL file reader, an Instruction Data Guard classification stage, and a JSONL file writer.

For this tutorial, we will create a sample JSONL file to use. We will only include 1 safe example in the expected Instruction/Input/Response format for backdoor trigger attacks. For safety reasons, we do not include an example of an attack.

In [4]:
input_file_path = "./input_data_dir"

# For security reasons, we only give a benign example here
instruction = "Find a route between San Diego and Phoenix which passes through Nevada"
input_ = ""
response = "Drive to Las Vegas with highway 15 and from there drive to Phoenix with highway 93"
benign_sample_text = f"Instruction: {instruction}. Input: {input_}. Response: {response}."

# Create sample dataset for the tutorial
text = [benign_sample_text]
df = pd.DataFrame({"text": text})

try:
    os.makedirs(input_file_path, exist_ok=True)
    df.to_json(input_file_path + "/data.jsonl", orient="records", lines=True)
except Exception as e:
    msg = f"Error creating input file: {e}"
    raise RuntimeError(msg) from e

We can define the reader stage with:

In [5]:
# Read existing directory of JSONL files
read_stage = JsonlReader(input_file_path, files_per_partition=1)

The classifier stage is broken down under the hood into a tokenizer stage and a model inference stage. Tokenization is run on the CPU while model inference is run on the GPU. This means that behind the scenes, the `InstructionDataGuardClassifier` stage is actually being broken down into 2 stages (some parameters and details omitted to avoid complexity, please refer to the documentation for more details):

```python
class TokenizerStage:
    self._resources = Resources(cpus=1)
    self.model_identifier = "nvidia/instruction-data-guard"
    self.text_field = "text"
    self.padding_side = "left"
    ...
class ModelStage:
    self._resources = Resources(cpus=1, gpus=1)
    self.model_identifier = "nvidia/instruction-data-guard"
    self.model_inference_batch_size = 64
    ...
```

Optionally, the classifier predictions may be filtered to include only texts with values listed in `filter_by`. If the `filter_by` parameter is set, then a third stage is added:

```python
def filter_by_category(self, value: str) -> bool:
    return value in self.filter_by

...

if self.filter_by is not None and len(self.filter_by) > 0:
    self.stages.append(Filter(filter_fn=self.filter_by_category, filter_field=...))
```

Since the Instruction Data Guard classifier outputs a floating point value, Curator labels samples with a value of 0.5 or higher as `is_poisoned=True` and samples with a value lower than 0.5 as `is_poisoned=False`.

In [None]:
# Replace with your user access token
hf_token = None

# Initialize the Instruction Data Guard classifier
classifier_stage = InstructionDataGuardClassifier(hf_token=hf_token)

# If desired, you may filter your dataset with:
# classifier_stage = InstructionDataGuardClassifier(filter_by=[True])  # noqa: ERA001
# or
# classifier_stage = InstructionDataGuardClassifier(filter_by=[False])  # noqa: ERA001
# where True and False are the values of the "is_poisoned" field

Finally, we can define a stage for writing the results:

In [None]:
# Write results to a directory
output_file_path = "./instruction_data_guard_classifier_results"

# Use mode="overwrite" to overwrite the output directory if it already exists
# This helps to ensure that the correct output is written
write_stage = JsonlWriter(output_file_path, mode="overwrite")

# Initialize Pipeline

In NeMo Curator, we use pipelines to run distributed data workflows using Ray. Pipelines take care of resource allocation and autoscaling to achieve enhanced performance and minimize GPU idleness.

For the distributed data classifiers, we are able to achieve speedups by ensuring that model inference is run in parallel across all available GPUs, while other stages such as I/O, tokenization, and filtering are run across all available CPUs. This is possible because Curator pipelines are composable, which allows each stage in a pipeline to run independently and with its own specified hardware resources.

In [8]:
classifier_pipeline = Pipeline(name="classifier_pipeline", description="Run a classifier pipeline")

# Add stages to the pipeline
classifier_pipeline.add_stage(read_stage)
classifier_pipeline.add_stage(classifier_stage)
classifier_pipeline.add_stage(write_stage)

Pipeline(name='classifier_pipeline', stages=[jsonl_reader(JsonlReader), instruction_data_guard_classifier(InstructionDataGuardClassifier), jsonl_writer(JsonlWriter)])

Composability is also what allows a classifier to sit between pre-processing and post-processing stages. Typical text pre-processing add-ons include text normalization (lowercasing, URL/email removal, Unicode cleanup) and language identification and filtering (to keep only target languages). A full pipeline may look something like:

```python
pipeline = Pipeline(name="full_pipeline")
pipeline.add_stage(read_stage)                # reader (JSONL/S3/etc.)
pipeline.add_stage(lang_id_stage)             # optional: language filter
pipeline.add_stage(classifier_stage)          # classifier
pipeline.add_stage(write_stage)               # writer (JSONL/Parquet)
```

# Run the  Classifier

Let's run the full classifier pipeline:

In [None]:
# Run the pipeline
result = classifier_pipeline.run()

Since the pipeline ran to completion and the result was written to a JSONL file, we can shut down the Ray cluster with:

In [10]:
try:
    ray_client.stop()
except Exception as e:  # noqa: BLE001
    print(f"Error stopping Ray client: {e}")

# Inspect the Output

The write stage returns a list of written files. We can read the output file as a Pandas DataFrame for inspection.

In [None]:
# For simplicity, we take the first written file from the writer stage
# In real pipelines, the writer may return multiple files (shards) or objects
result_file = result[0].data[0]

result_df = pd.read_json(result_file, lines=True)
result_df.head()

Unnamed: 0,text,instruction_data_guard_poisoning_score,is_poisoned
0,Instruction: Find a route between San Diego an...,0.011688,False


We can see that the predictions were generated as expected.