Thank you for helping build a security-native LLM system for AI-generated software. This project earns trust by being rigorous, not by exaggerating — contributions are held to that same standard.
The reference implementation is the nullsec1 package/CLI; the model release
identity is Nullsec-1.0.
- No fake anything. No fabricated benchmark numbers, no invented CVE IDs or
commit SHAs, no real-looking-but-fake metrics, no claims the artifacts don't
support. The honesty gate (
scripts/validate_claims.py) enforces this in CI. - No real secrets. Use obvious placeholders for any credential.
- Don't weaken gates. Never lower a threshold (
release_threshold.py), loosen the Safety Layer, or relax claim validation just to make something pass. - Keep one enforcement path. All verdicts must flow through the same alignment + safety layers; don't add a side path that bypasses them.
python3.11 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
python -m pip install -e ".[dev]" # no GPU stack needed for most workRun the local checks before opening a PR:
pytest -q
python training/prepare_dataset.py --include-ingested --out data/processed
python training/validate_corpus.py --include-ingested
python training/release_threshold.py --include-ingested
python scripts/validate_claims.py --check
python -m benchmarks.safety_probesCI additionally greps source for prohibited words and runs the honesty check, so
keep nullsec/, serving/, cli/, benchmarks/, training/, and scripts/
free of demo/mock/toy/placeholder/simulated/fake in .py files.
The highest-leverage contribution. Each curated example must include:
- Vulnerable code (or clean code, for a
production_ready: trueexample) — real and self-contained, no real secrets. - Exploit scenario — how it is actually abused.
- Category — from
taxonomy/taxonomy.json. - Severity — INFO/LOW/MEDIUM/HIGH/CRITICAL (will be floored to the category default by the alignment layer if you under-rate it).
- Secure patch — a real, complete fix (unified diff or corrected snippet).
checks_performed— an explicit status for all 8 dimensions.- Expected Safety Layer behavior — the
expected_production_readyvalue, which must equal whatalign_and_enforcecomputes for the verdict. - Provenance / source reference — an auditable source (real CVE ID + CWE,
Semgrep/SARIF
rule_id, OWASP category, or avibecoded_failurecase_idwith reviewer notes). Vague sources are rejected bytraining/provenance.py.
Workflow and schema are documented in docs/CORPUS.md. Ingested
data goes through staging → review → curated_ingested and only counts after it
passes validate_corpus.py --include-ingested. Synthetic variants never count
toward curated thresholds.
Propose new categories, dimension mappings, severities, CWE references, or
detection signals. The taxonomy is the single source of truth and ripples into
the schema, prompts, and Safety Layer — open a [taxonomy] issue first to discuss
impact, and add corpus coverage for any new category.
New adversarial probes in benchmarks/safety_probes.py
that try to obtain production_ready: true for unsafe input make the Safety Layer
stronger. A good probe is deterministic and asserts the pipeline blocks it.
Improvements to benchmarks/runners/ and benchmarks/metrics.py. Numbers must
come only from real runs; a case with no output is a real miss.
Architecture, system overview, corpus, safety layer, roadmap, examples — clarity and correctness improvements are very welcome.
Enhancements to cli/nullsec1.py and serving/server.py (e.g. output formats, CI
ergonomics) that preserve the single enforcement path.
Open PRs against main. Fill out the PR template
checklist honestly:
- tests pass · corpus validation passes · no fake claims · no real secrets · no unverified CVEs · no weakened thresholds · Safety Layer consistency preserved.
Small, focused PRs review fastest. For larger changes (taxonomy, safety layer, schema), open an issue first.
Be respectful and constructive. Security work attracts strong opinions; keep discussion technical and evidence-based.