[v2.6.0] Port latest release-v2.6.0 to main#667
Open
shubhadeepd wants to merge 1 commit into
Open
Conversation
📝 WalkthroughWalkthroughThis PR consolidates NVIDIA RAG skills from ChangesSkills Directory Restructuring and Infrastructure Updates
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
.github/skill-eval/AGENTS.md (1)
62-63:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winUpdate the example blocker comment to reference the new skills/ path.
The example blocker comment still references the old
skill-source/.agents/skills/<skill>/path, which is inconsistent with the migration toskills/<skill>/documented elsewhere in this file (lines 30, 37-38, 40-41, 92).📝 Proposed fix
- This PR modifies `skill-source/.agents/skills/<skill>/` but the skill + This PR modifies `skills/<skill>/` but the skill has no `eval/` directory. Every changed skill must ship at least one🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/skill-eval/AGENTS.md around lines 62 - 63, Update the example blocker comment that currently references the old path string "skill-source/.agents/skills/<skill>/" so it uses the new path "skills/<skill>/"; locate the example blocker comment text (the sentence beginning "This PR modifies `skill-source/.agents/skills/<skill>/` but the skill has no `eval/` directory.") and replace the old path token with the new "skills/<skill>/" token, ensuring the surrounding wording remains consistent with other references to "skills/<skill>/" in the file.skills/rag-perf/skill-card.md (1)
1-55: 🧹 Nitpick | 🔵 Trivial | 💤 Low valueOptional: Consider addressing markdownlint formatting suggestions.
Static analysis flagged several markdown formatting issues (missing blank lines around headings, non-descriptive link text). While these don't affect functionality, addressing them would improve readability and pass linting checks if you run
pre-commitbefore submission.However, if the
<br>tags and heading style are part of the skill-card format specification, these warnings can be safely ignored.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@skills/rag-perf/skill-card.md` around lines 1 - 55, The markdown has lint issues: add a blank line before and after each heading (e.g., "## Description:", "## Owner", "### License/Terms of Use:", "## Use Case:", "## Known Risks and Mitigations:", "## Reference(s):", etc.), replace inline HTML <br> tags with proper markdown line breaks or paragraph separations, and update non-descriptive link labels in the References list to descriptive link text (e.g., change "[Config Schema Reference](references/config-schema.md)" to "Config Schema Reference: references/config-schema.md" or similar readable link text). Ensure the overall frontmatter/skill-card format remains intact if those <br> tags are required by the spec; otherwise prefer standard markdown spacing.docs/performance-benchmarking.md (1)
323-340:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winImprove code fence formatting in output layout section.
The directory structure examples in this section have formatting issues flagged by markdownlint:
- Missing blank lines around fenced code blocks (MD031)
- Missing language specifiers (MD040)
Consider adding blank lines around each code block and specifying the language (e.g.,
text) or leaving the identifier empty for plain output examples.📝 Proposed fix
- **Single point + `aiperf.enabled=true`**: flat layout: + ```text run_<ts>/{report.md, results.csv, results.json, profiling/, aiperf_rag_on/}
- Single point +
aiperf.enabled=false: flat, profile-only layout:
run_<ts>/{profile_report.md, profile_results.json, profiling/}
- Multiple points or
load.iterations > 1: nested layout:
run_<ts>/ ├── report.md, results.csv, results.json # aggregate, one row per point └── iter_<i>/ └── CR:<c>_ISL:<i>_OSL:<o>_VDB-K:<v>_RERANKER-K:<r>_Model:<m>[_Cluster:<c>][_GPU:<g>][_Experiment:<e>]/ ├── profiling/ └── aiperf_rag_on/</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.In
@docs/performance-benchmarking.mdaround lines 323 - 340, Add blank lines
before and after each fenced code block in the three examples ("Single point +
aiperf.enabled=true", "Single point +aiperf.enabled=false", and "Multiple
points orload.iterations > 1") and specify a language identifier (e.g., text)
on each opening fence so the blocks look liketext ..., ensuring each
code fence is separated by an empty line from surrounding list items and text.</details> </blockquote></details> </blockquote></details>🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. Inline comments: In `@docs/agentic-rag.md`: - Around line 66-67: Add a blank line after the explicit anchor "(enable-per-request)=" so the following heading "Enable per request (API) (recommended)" is separated by an empty line; locate the anchor token "(enable-per-request)=" in docs/agentic-rag.md and insert one newline between it and the heading to satisfy Markdown MD022 formatting rules. In `@docs/conf.py`: - Around line 57-74: Add proper type hints to the Sphinx hook signatures: import Sphinx from sphinx.application and typing helpers (Optional, Dict, Any), then annotate setup as def setup(app: Sphinx) -> Dict[str, Any], annotate _on_builder_inited as def _on_builder_inited(_app: Sphinx) -> None, and annotate _on_build_finished as def _on_build_finished(_app: Sphinx, exc: Optional[Exception]) -> None; ensure the return value of setup remains the dict but now matches the annotated Dict[str, Any]. In `@docs/performance-benchmarking.md`: - Around line 163-170: Add blank lines before and after the fenced JSON code block inside the `.jsonl` list item so the block is isolated from surrounding list text; locate the fenced code block that contains the three example JSON lines under the "**`.jsonl`**" bullet and insert an empty line immediately above the opening ```json fence and an empty line immediately below the closing ``` fence (leaving the rest of the `.jsonl` and `.csv` list items unchanged). In `@skills/PUBLISHING_COMPLIANCE.md`: - Line 147: Replace the stale pytest path string "uv run pytest tests/unit/test_skill_source/" with the updated test path used elsewhere in the doc—either "uv run pytest tests/unit/test_skills/" for running the whole skills unit test folder or the specific test file "uv run pytest tests/unit/test_skills/test_api_version_validation.py"; update the sentence in PUBLISHING_COMPLIANCE.md accordingly so the pre-merge check uses the current tests/unit/test_skills path. In `@skills/rag-blueprint/skill-card.md`: - Line 60: Replace the non-descriptive link text "here" with an accessible, descriptive phrase in the markdown (file skill-card.md) so screen readers convey purpose; update the anchor text to something like "report quality, risk, security vulnerabilities or NVIDIA AI concerns" or "report vulnerabilities to NVIDIA VDP" and optionally add a title/aria-label to the link for extra context where the link is defined in the same line. In `@skills/rag-eval/skill-card.md`: - Line 52: Replace the non-descriptive link text "here" with an accessible, descriptive phrase referencing the destination (e.g., "NVIDIA AI concerns and vulnerability reporting") so screen readers convey purpose; update the anchor text that points to https://app.intigriti.com/programs/nvidia/nvidiavdp/detail in the line "Please report quality, risk, security vulnerabilities or NVIDIA AI Concerns [here]" ensuring the visible link text describes the target rather than using the word "here". --- Outside diff comments: In @.github/skill-eval/AGENTS.md: - Around line 62-63: Update the example blocker comment that currently references the old path string "skill-source/.agents/skills/<skill>/" so it uses the new path "skills/<skill>/"; locate the example blocker comment text (the sentence beginning "This PR modifies `skill-source/.agents/skills/<skill>/` but the skill has no `eval/` directory.") and replace the old path token with the new "skills/<skill>/" token, ensuring the surrounding wording remains consistent with other references to "skills/<skill>/" in the file. In `@docs/performance-benchmarking.md`: - Around line 323-340: Add blank lines before and after each fenced code block in the three examples ("Single point + `aiperf.enabled=true`", "Single point + `aiperf.enabled=false`", and "Multiple points or `load.iterations > 1`") and specify a language identifier (e.g., text) on each opening fence so the blocks look like ```text ... ```, ensuring each code fence is separated by an empty line from surrounding list items and text. In `@skills/rag-perf/skill-card.md`: - Around line 1-55: The markdown has lint issues: add a blank line before and after each heading (e.g., "## Description:", "## Owner", "### License/Terms of Use:", "## Use Case:", "## Known Risks and Mitigations:", "## Reference(s):", etc.), replace inline HTML <br> tags with proper markdown line breaks or paragraph separations, and update non-descriptive link labels in the References list to descriptive link text (e.g., change "[Config Schema Reference](references/config-schema.md)" to "Config Schema Reference: references/config-schema.md" or similar readable link text). Ensure the overall frontmatter/skill-card format remains intact if those <br> tags are required by the spec; otherwise prefer standard markdown spacing.🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID:
2b167011-ff7d-4fc6-85ed-2e2889b1a6af📒 Files selected for processing (80)
.github/skill-eval/AGENTS.md.github/workflows/skills-eval.yml.openclaw/README.md.openclaw/package.jsonAGENTS.mdCLAUDE.mdREADME.mdci/post-cve-report.shci/run_skill_eval.shdocs/agentic-rag.mddocs/conf.pydocs/index.mddocs/performance-benchmarking.mddocs/release-notes.mddocs/versions1.jsondocs/vlm.mdscripts/validate_skill_versions.pyskill-eval/CLAUDE.mdskill-eval/README.mdskill-eval/adapters/rag-blueprint/generate.pyskills/PUBLISHING_COMPLIANCE.mdskills/README.mdskills/rag-blueprint/BENCHMARK.mdskills/rag-blueprint/SKILL.mdskills/rag-blueprint/eval/h100.jsonskills/rag-blueprint/eval/nvidia_hosted.jsonskills/rag-blueprint/references/configure/agentic-rag.mdskills/rag-blueprint/references/configure/api-reference.mdskills/rag-blueprint/references/configure/data-catalog.mdskills/rag-blueprint/references/configure/evaluation.mdskills/rag-blueprint/references/configure/guardrails.mdskills/rag-blueprint/references/configure/ingestion.mdskills/rag-blueprint/references/configure/mcp.mdskills/rag-blueprint/references/configure/migration.mdskills/rag-blueprint/references/configure/models-and-infrastructure.mdskills/rag-blueprint/references/configure/multimodal-query.mdskills/rag-blueprint/references/configure/notebooks.mdskills/rag-blueprint/references/configure/observability.mdskills/rag-blueprint/references/configure/query-and-conversation.mdskills/rag-blueprint/references/configure/reasoning-and-generation.mdskills/rag-blueprint/references/configure/search-and-retrieval.mdskills/rag-blueprint/references/configure/summarization.mdskills/rag-blueprint/references/configure/user-interface.mdskills/rag-blueprint/references/configure/vlm.mdskills/rag-blueprint/references/deploy.mdskills/rag-blueprint/references/deploy/docker-nvidia-hosted.mdskills/rag-blueprint/references/deploy/docker-retrieval-only.mdskills/rag-blueprint/references/deploy/docker-self-hosted.mdskills/rag-blueprint/references/deploy/docker.mdskills/rag-blueprint/references/deploy/helm-mig.mdskills/rag-blueprint/references/deploy/helm-openshift.mdskills/rag-blueprint/references/deploy/helm-standard.mdskills/rag-blueprint/references/deploy/helm.mdskills/rag-blueprint/references/deploy/library-full.mdskills/rag-blueprint/references/deploy/library-lite.mdskills/rag-blueprint/references/deploy/library.mdskills/rag-blueprint/references/shutdown.mdskills/rag-blueprint/references/troubleshoot.mdskills/rag-blueprint/skill-card.mdskills/rag-blueprint/skill.oms.sigskills/rag-eval/BENCHMARK.mdskills/rag-eval/SKILL.mdskills/rag-eval/eval/h100.jsonskills/rag-eval/eval/nvidia_hosted.jsonskills/rag-eval/references/benchmark-execution.mdskills/rag-eval/references/dataset-and-conversion.mdskills/rag-eval/references/evaluate-rag-cli.mdskills/rag-eval/references/result-analysis.mdskills/rag-eval/skill-card.mdskills/rag-eval/skill.oms.sigskills/rag-perf/BENCHMARK.mdskills/rag-perf/SKILL.mdskills/rag-perf/eval/h100.jsonskills/rag-perf/eval/nvidia_hosted.jsonskills/rag-perf/references/config-schema.mdskills/rag-perf/references/output-and-analysis.mdskills/rag-perf/references/synthetic-generation.mdskills/rag-perf/skill-card.mdskills/rag-perf/skill.oms.sigtests/unit/test_skills/test_api_version_validation.py
| **Blocks:** catalog still shows 1 mirrored skill (`rag-blueprint`) until this merge lands; the daily sync only mirrors `main`. After merge: `rag-eval` and `rag-perf` will appear in `github.com/nvidia/skills/skills/rag/` within ~24h. | ||
|
|
||
| Pre-merge checks: | ||
| - All three skills pass `uv run pytest tests/unit/test_skill_source/`. |
There was a problem hiding this comment.
Stale test directory path reference.
The path tests/unit/test_skill_source/ appears to reference the old directory structure before the skills migration. Line 47 of this document correctly references tests/unit/test_skills/test_api_version_validation.py, and the review stack context confirms the test directory was updated to tests/unit/test_skills/. The pytest command will fail if users copy-paste this pre-merge check.
📝 Proposed fix
-- All three skills pass `uv run pytest tests/unit/test_skill_source/`.
+- All three skills pass `uv run pytest tests/unit/test_skills/`.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - All three skills pass `uv run pytest tests/unit/test_skill_source/`. | |
| - All three skills pass `uv run pytest tests/unit/test_skills/`. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@skills/PUBLISHING_COMPLIANCE.md` at line 147, Replace the stale pytest path
string "uv run pytest tests/unit/test_skill_source/" with the updated test path
used elsewhere in the doc—either "uv run pytest tests/unit/test_skills/" for
running the whole skills unit test folder or the specific test file "uv run
pytest tests/unit/test_skills/test_api_version_validation.py"; update the
sentence in PUBLISHING_COMPLIANCE.md accordingly so the pre-merge check uses the
current tests/unit/test_skills path.
❌ Missing
|
* ci: minimal Issue body — status + links, full report in artifact The previous design embedded the skill's full _summary.md (including Phase 1 fetch details, Phase 6 reviewer verdicts, Infrastructure Map, Active Versions Checked, NVBugs Audit Trail, etc.) into the GitHub Issue body. ~100 lines of skill-internal jargon for a daily glance. New design: 10-line body — status badge (✅ /⚠️ / ℹ️ derived from the **Counts:** line in _summary.md), date, scanned commit, GitLab pipeline link, and Full report (artifact) link. Per-CVE detail, reviewer verdicts, manifest diff, validation results live in the GitLab artifact — one click from the body. Also reads SCAN_JOB_URL from the dotenv emitted by cve-scan (see companion change on GitLab ci/nightly-cve), so the artifact link points at the scan job (where the artifact lives), not cve-post's own job URL. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: richa <ricsingh@nvidia.com> * ci: auto-reopen tracker Issue if closed before refreshing body If anyone accidentally closes #617, the next nightly run re-opens it so the rolling tracker can never be orphaned. gh issue reopen is idempotent — no-op when the Issue is already open, prints "Issue is already open" and exits 0. Errors are swallowed so this is purely best-effort defensive. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: richa <ricsingh@nvidia.com> * feat(skills): migrate to canonical skills/ path per publishing guide Move skill content from skill-source/.agents/skills/{rag-blueprint,rag-eval, rag-perf}/ to skills/{rag-blueprint,rag-eval,rag-perf}/ at the repo root, matching the agentskills.io canonical layout (Step 4 of the Skills Publishing Onboarding Guide). The skill-source/ directory is removed entirely; audit confirmed no internal or external tool hard-codes the old path. Also: - Move skill-source/README.md -> skills/README.md - Move skill-source/validate_skill_api_versions.py -> scripts/validate_skill_versions.py - Rename tests/unit/test_skill_source/ -> tests/unit/test_skills/ - Add BENCHMARK.md to each of the three skills (Harbor-based methodology) - Add skills/PUBLISHING_COMPLIANCE.md as the single source of truth for the remaining external coordination items (NVCARPS signing onboarding with a 2026-05-27 deadline for the Computex cutover, catalog PR draft, OSRB checklist, NV-BASE runner install) - Update all internal references across CLAUDE.md, AGENTS.md, README.md, ci/run_skill_eval.sh, skill-eval/, .openclaw/, .github/skill-eval/AGENTS.md, .github/workflows/skills-eval.yml, docs/release-notes.md Companion change to be opened against NVIDIA/skills:components.d/rag-blueprint.yml to update the path field from skill-source/.agents/skills/ to skills/. * agentic-bugfix: NVBug 6229456 Signed-off-by: shubhadeepd <shubhadeepd@local> * Fix: Reduce Otel batch size (#628) * ci: include Triage table with absolute artifact URLs Re-add the Triage section to the Issue body so maintainers see the at-a-glance per-package breakdown without leaving GitHub. Rewrites the per-CVE relative markdown links (which break when clicked from GitHub) to absolute GitLab artifact URLs — clicking goes directly to the file in GitLab's artifact viewer. Extracts from "## Triage" through the next "## " heading, so the Counts + Result lines come along but the deeper sections (Phase 1 fetch details, Phase 6 reviewer verdicts, Infrastructure Map, etc.) stay in the artifact. Verified locally against both yesterday's 6-CVE artifact and a synthetic 0-CVE summary. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: richa <ricsingh@nvidia.com> * Helm MIG (H100): promote embedding-VLM to a full GPU (#633) * Helm MIG (H100): promote embedding-VLM to a full GPU Reshape the H100 MIG layout so the embedding-VLM NIM gets a dedicated full H100 instead of a 3g.40gb slice, improving vision-tower throughput. GPU 0,1 — full devices → nim-llm (vLLM tp=2) GPU 2 — 1x 2g.20gb + 3x 1g.10gb + 1x 1g.20gb → OCR + (graphic, page, table) + rerank GPU 3 — full device → embedding-VLM (NEW) Rerank keeps its 1g.20gb slice (now on GPU 2). OCR drops from 3g.40gb to 2g.20gb to make room for rerank's slice on GPU 2 (no spare slots remain). MIG profile renamed to custom-h100-llm2full-embed1full-1x2g20-3x1g10-1x1g20 and docs (mig-deployment.md) updated to match the new layout and verification output. Signed-off-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> * Helm MIG (H100): expand to 5-GPU layout to restore OCR slice Adding a 5th H100 dedicated to the reranker lets the embedding-VLM keep its full GPU (GPU 3) while restoring OCR to its original 3g.40gb slice on GPU 2. The previous 4-GPU layout had forced OCR down to 2g.20gb to fit rerank's 1g.20gb on GPU 2 (H100 MIG memory-slice budget of 8 was exhausted when packing OCR + 3 small NIMs + rerank on one GPU). GPU 0,1 — full devices -> nim-llm (vLLM tp=2) GPU 2 — 1x 3g.40gb + 4x 1g.10gb -> OCR + graphic/page/table (+ spare) GPU 3 — full device -> embedding-VLM GPU 4 — 1x 3g.40gb + 2x 1g.20gb -> rerank (+ spare 3g.40gb and 1g.20gb) MIG profile renamed to custom-h100-5gpu-llm2full-embed1full and docs/mig-deployment.md updated (layout description, kubectl labels, kubectl-view-allocations, and nvidia-smi -L verification output). Signed-off-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> --------- Signed-off-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> * ci(cve): add Review & Create-PR flow to nightly tracker Issue Phase 3 of the nightly CVE pipeline. When the agentic-cve-fix skill produces workspace edits (non-empty cve-fix.patch), this flow lets a maintainer review the proposed diff inline on Issue #617, then click a single button to materialize the fix as a PR on develop. GitLab side (cve-post / ci/post-cve-report.sh): - Detect cve-fix.patch in the artifact root - Edit-or-create a single hidden-marker comment (<!-- cve-bot-patch -->) on the tracker Issue with the patch inline in a <details> block - Append "Review & Create PR" section to the body with: * Review link → #issuecomment-<id> anchor on the same Issue * Create PR link → workflow_dispatch URL of cve-create-pr.yml - 60 KB inline threshold; fall back to a GitLab artifact link when over GitHub side (.github/workflows/cve-create-pr.yml + script): - workflow_dispatch on blueprints-skills-eval-runner (verified via probe to reach github.com and gitlab-master.nvidia.com) - Read patch from the marker comment via gh api - git apply --3way on a fresh develop checkout - Build signed commit through Git Data API (gh api git/blobs, trees, commits, refs) — commits are auto-signed by github-actions[bot] - Idempotent: existing PR for cve-fix/nightly-<date> short-circuits No new tokens, secrets, or branches. GitLab GITHUB_PAT stays at Issues:write only; GitHub workflow uses the default GITHUB_TOKEN. Validated locally with shellcheck and 5 mock-gh integration tests (first run, second run / edit, empty patch, full PR creation, re-click idempotency). Signed-off-by: Richa Singh <ricsingh@nvidia.com> Signed-off-by: richa <ricsingh@nvidia.com> * ci(cve): install gh CLI on runner before Git Data API calls The blueprints-skills-eval-runner does not ship with the gh CLI. Probe (run 26561466990) caught this — the workflow would have failed at the first gh api call with command-not-found. Install pattern: download pinned gh 2.62.0 tarball to RUNNER_TEMP/bin and add to GITHUB_PATH. Subsequent steps in the job see gh on PATH. Idempotent: if gh is later installed system-wide, command -v short- circuits the download. Workflow-scoped temp dir means no runner state pollution between jobs. Validated by probe v2 (run 26561674766): gh 2.62.0 installs and runs on the real runner. Signed-off-by: richa <ricsingh@nvidia.com> * skill maintainence: block PRs where changed skill has no eval/ directory * ci(cve-post): rewrite ./FILENAME.md Triage links too Skill commit f5bb788d (jarvis/ai_rules main, 2026-05-27) changed the Triage table link format from `(FILENAME.md)` to `(./FILENAME.md)`. The earlier link-rewrite regex `[^()/]+\.md` excluded `/` so it never matched the new format, leaving 8 broken relative links in today's Issue #617 body (pipeline 52917159 output). Update the regex to accept an optional `./` prefix: s|\((\.?/?)([^()/]+\.md)\)|(${URL_PREFIX}/\2)|g Group 2 captures just the bare filename, so the rewritten URL doesn't inherit the `./` segment. Mirror the same shape in the SCAN_JOB-absent fallback branch (which strips broken links rather than rewriting). Verified locally with three test cases: [a](a.md) -> rewritten [b](./b.md) -> rewritten [c](https://x.com/y) -> untouched (absolute URLs pass through) Branch dedicated to this fix so we can test against the live Issue artifact before merging. Signed-off-by: richa <ricsingh@nvidia.com> * ci(cve-pr): switch from gh pr create to compare-URL fallback NVIDIA-AI-Blueprints org policy blocks GHA workflows from calling gh pr create via GITHUB_TOKEN ("createPullRequest" forbidden). The permissions: block has no effect — the org-level setting overrides repo-level. Switching to a service-account PAT is multi-day work. Workaround: the branch + signed commit are already pushed by the Git Data API path (which works under restrictive permissions). Build a https://github.com/.../compare/develop...BRANCH?expand=1 URL with title and body pre-filled via query params. The maintainer clicks once, GitHub opens its native PR-creation page with everything populated, they click "Create pull request" — PR exists. Script changes (.github/scripts/cve-create-pr.sh): - Replace gh pr create block with compare-URL emission - URL-encode title + body via jq -sRr @uri (handles spaces, newlines, backticks, &, #, etc.) - 6 KB length cap with graceful body-drop fallback - Write summary banner to GITHUB_STEP_SUMMARY with the URL as a styled clickable link - Export compare_url, branch_name, commit_sha to GITHUB_OUTPUT - Empty-diff abort (NEW): if git apply leaves no workspace changes (develop already has the fix), exit 0 with a clear banner instead of failing the workflow - Existing-PR branch now also writes a "View existing PR" banner to the summary so re-triggers show the URL even after the previous run's page closed Workflow changes (.github/workflows/cve-create-pr.yml): - Add issues:write to permissions block — needed for the new step - Add "Notify Issue" step after the script step. Posts a comment on the tracker Issue with the compare URL so anyone subscribed gets a notification (the workflow Summary alone is easy to miss) - Step uses id: create on the script run + reads its outputs - Apostrophe-free heredoc body for bash 3.2 portability (apostrophes inside $(cat <<EOF) misparse on bash 3.2) Trade-off accepted: one extra human click per CVE fix (compare page's "Create pull request" button). The PR is opened under the maintainer's identity, which is actually a feature — clear audit trail of human approval. Validated with: shellcheck clean, YAML parse clean, bash 3.2 portability tested, hostile code review (caught the apostrophe issue), runner reachability tested (probe v2 + smoke tests). Signed-off-by: richa <ricsingh@nvidia.com> * agentic-bugfix: NVBug 6229403 | Brev launchable fix (#630) * agentic-bugfix: NVBug 6229403 Signed-off-by: agentic-bug-fix <agentic-bug-fix@local> * Remove depricated changes from launchable notebook * Added min. disk space for docker as 150gb in brev launchable Signed-off-by: smasurekar <smasurekar@nvidia.com> --------- Signed-off-by: agentic-bug-fix <agentic-bug-fix@local> Signed-off-by: smasurekar <smasurekar@nvidia.com> Co-authored-by: agentic-bug-fix <agentic-bug-fix@local> Co-authored-by: Pranjal Doshi <pranjald@nvidia.com> Co-authored-by: smasurekar <smasurekar@nvidia.com> * Attach NVSkills validation signatures Signed-off-by: nvskills-svc-account <svc-nvskills-signing@nvidia.com> * Helm MIG (RTX 6000): drop nim-llm gpus product selector (#648) Remove the `gpus: [- product: "rtx6000_blackwell_sv"]` selector from nimOperator.nim-llm.model. The remaining engine/precision/tensorParallelism (vllm / fp8 / tp2) already matches profile a89dbe9e… on its own, and keeping the product selector was over-constraining model selection without adding correctness. Signed-off-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> * ci(cve): mint GitHub App installation token in cve-post script When NV_RAG_CVE_BOT_APP_ID, NV_RAG_CVE_BOT_INSTALLATION_ID, and NV_RAG_CVE_BOT_PRIVATE_KEY are set, post-cve-report.sh now mints a short-lived (~9 min) installation token via RS256 JWT signing and uses it in place of GITHUB_PAT. This flips the actor on Issue #617 body edits and marker-comment writes from a personal user identity to the nv-rag-cve-bot App, removing personal-name attribution and enabling GitHub notifications to the maintainer. The implementation is additive: if any of the three App env vars are unset (local dev, pre-migration smoke runs), the script falls back to the existing GITHUB_PAT path. The rest of the script is unchanged — it consumes GITHUB_PAT uniformly, regardless of which auth mode produced the token. The companion GitLab .gitlab-ci.yml change (apk add python3 py3-cryptography in cve-post + cve-smoke-test) is already on ci/nightly-cve as commit 8edfa6e. Verified end-to-end against the live App (3902749) installed on this repo: JWT mint succeeds, token returns permissions=contents:write, issues:write, metadata:read, pull_requests:write scoped to this repo only; real write test on Issue #617 attributed to user.login='nv-rag-cve-bot[bot]', user.type='Bot'. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: richa <ricsingh@nvidia.com> * ci(cve): edit-in-place compare-URL comment via HTML marker Replace the append-only "Notify Issue with compare URL" step with an edit-in-place rolling comment, tagged by <!-- cve-bot-compare-url -->. Mirrors the pattern already used in ci/post-cve-report.sh for the <!-- cve-bot-patch --> marker comment. Before: each successful workflow_dispatch click left a new comment on Issue #617 (one per branch per click). Same-day re-runs duplicated the comment; same-day re-runs with a force-updated branch also produced stale commit SHAs in earlier comments (the SHA no longer matched the branch tip). After 30 nightlies, 30+ comments accumulated. After: a single rolling comment is updated on every run. Same-day re-runs silently overwrite the previous compare-URL line; multi-day runs show only the latest branch (older branches are still in Git, recoverable via `git branch -r | grep cve-fix/nightly-`). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: richa <ricsingh@nvidia.com> * Helm: expose podAnnotations on all NIMService templates (#645) Plumb a per-NIM podAnnotations field from values.yaml through to NIMService.spec.podAnnotations so users can attach pod-level annotations to NIM workloads. Default is {} (omits the field), so existing deployments render identically. Primary motivator is Runai fractional GPU saving-mode, which requires both gpu-fraction-style annotations on the pod AND fractional GPU resources, e.g.: nimOperator: nim-llm: podAnnotations: gpu-fraction: "0.25" gpu-fraction-num-devices: "1" resources: limits: { runai.com/gpu: 1 } requests: { runai.com/gpu: 1 } Templates touched: llm-nim, embedding-nim, reranking-nim, vlm-nim, vlm-captioning-nim, vlm-embed-nim, vlm-reranker-nim. Each gains the podAnnotations: {} default and a usage comment in values.yaml. Signed-off-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> * ci: add ci/deploy/compose to pre-checkout cleanup for root-owned volumes Signed-off-by: Vidushi Gupta <vidushig@nvidia.com> --------- Signed-off-by: richa <ricsingh@nvidia.com> Signed-off-by: shubhadeepd <shubhadeepd@local> Signed-off-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> Signed-off-by: Richa Singh <ricsingh@nvidia.com> Signed-off-by: agentic-bug-fix <agentic-bug-fix@local> Signed-off-by: smasurekar <smasurekar@nvidia.com> Signed-off-by: nvskills-svc-account <svc-nvskills-signing@nvidia.com> Signed-off-by: Vidushi Gupta <vidushig@nvidia.com> Co-authored-by: richa <ricsingh@nvidia.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Pranjal Doshi <pranjald@nvidia.com> Co-authored-by: shubhadeepd <shubhadeepd@local> Co-authored-by: anngu-2xx3 <anngu@nvidia.com> Co-authored-by: nv-pranjald <150428320+nv-pranjald@users.noreply.github.com> Co-authored-by: Nikhil Kulkarni <nikkulkarni@nvidia.com> Co-authored-by: Vidushi Gupta <vidushig@nvidia.com> Co-authored-by: sarath-nalluri <72062105+sarath-nalluri@users.noreply.github.com> Co-authored-by: agentic-bug-fix <agentic-bug-fix@local> Co-authored-by: smasurekar <smasurekar@nvidia.com> Co-authored-by: nvskills-svc-account <svc-nvskills-signing@nvidia.com> (cherry picked from commit c47aa2b) Signed-off-by: Shubhadeep Das <shubhadeepd@nvidia.com>
shubhadeepd
force-pushed
the
codex/release-v2.6.0-to-main-20260603
branch
from
d025715 to
4edb49a
Compare
❌ Missing platforms declaration —
|
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/skill-eval/AGENTS.md (1)
60-64:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winStale
skill-source/.agents/skills/path in example blocker comment.Step 1 was migrated to
skills/<skill>/, but this examplemissing_eval_specsblocker still tells contributors the PR modifiesskill-source/.agents/skills/<skill>/. It should match the canonicalskills/layout to avoid emitting a confusing/misleading comment.📝 Proposed fix
- This PR modifies `skill-source/.agents/skills/<skill>/` but the skill + This PR modifies `skills/<skill>/` but the skill has no `eval/` directory. Every changed skill must ship at least one eval spec (`eval/nvidia_hosted.json` for CPU or `eval/h100.json` for GPU).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/skill-eval/AGENTS.md around lines 60 - 64, Update the stale blocker example text labeled "missing_eval_specs" in AGENTS.md to use the canonical path string "skills/<skill>” instead of "skill-source/.agents/skills/<skill>", and make sure the example still clearly requires an eval/ directory with at least one eval spec (eval/nvidia_hosted.json for CPU or eval/h100.json for GPU) so the blocker message remains accurate and unambiguous.
♻️ Duplicate comments (1)
skills/PUBLISHING_COMPLIANCE.md (1)
147-147:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winUpdate stale pytest path in pre-merge checks.
tests/unit/test_skill_source/is the pre-migration path and will mislead copy-paste validation; usetests/unit/test_skills/(or the specific file path already referenced above).Proposed fix
-- All three skills pass `uv run pytest tests/unit/test_skill_source/`. +- All three skills pass `uv run pytest tests/unit/test_skills/`.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@skills/PUBLISHING_COMPLIANCE.md` at line 147, Update the stale pytest path string "tests/unit/test_skill_source/" to the current path "tests/unit/test_skills/" (or replace it with the specific test file path already referenced) in the PUBLISHING_COMPLIANCE.md pre-merge checks text so the documented command accurately reflects the post-migration test location.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@ci/post-cve-report.sh`:
- Around line 52-54: The script silently falls back to PAT mode when only some
of the GitHub App env vars are set (NV_RAG_CVE_BOT_APP_ID,
NV_RAG_CVE_BOT_INSTALLATION_ID, NV_RAG_CVE_BOT_PRIVATE_KEY); change the checks
so that if any of these three variables is set but not all three are set the
script logs a clear error and exits non‑zero (fail fast) instead of continuing,
and apply the same validation to the second occurrence of that check (the block
currently replicated around the later 102-104 area); ensure the error message
names the missing vars and advises to provide the full App config or unset all
three to use PAT mode.
In `@docs/release-notes.md`:
- Line 28: Replace the link target for "RAG performance tooling" in
release-notes.md (currently pointing at ../scripts/rag-perf/) to the user-facing
docs page docs/performance-benchmarking.md so readers hit the stable
documentation; update the markdown link URL only (keep the link text "RAG
performance tooling") to reference docs/performance-benchmarking.md.
In `@skills/PUBLISHING_COMPLIANCE.md`:
- Around line 7-10: Update the deadline language in the "## ⚠ Hard deadline —
**2026-05-27 (Wed)** — get skills signed for Computex" header and its
surrounding text to indicate the deadline has passed (expired/missed) as of the
PR date (2026-06-03); change the phrasing to something like "Deadline expired —
2026-05-27 (missed)" or add a clear "Expired (past deadline)" notice, and apply
the same change to the other occurrence at the same section (line referenced as
57-57) so readers won't treat the date as an upcoming action item.
In `@skills/rag-perf/skill-card.md`:
- Line 54: Replace the ambiguous anchor text "here" with descriptive link text
that conveys the destination and purpose (e.g., "NVIDIA Vulnerability Reporting
Portal" or "NVIDIA VDP vulnerability reporting page") in the
skills/rag-perf/skill-card.md line that contains the vulnerability-report link;
keep the same URL while updating the anchor so the link is accessible and
descriptive for screen readers and users.
In `@skills/README.md`:
- Line 32: The fenced code block starting at the shown diff lacks a language
identifier; update that block in skills/README.md by changing the opening fence
from ``` to a language-specified fence (for example ```text or ```markdown) so
the linter and renderers recognize the block; locate the README's fenced block
and add the appropriate language token to the opening triple-backticks.
---
Outside diff comments:
In @.github/skill-eval/AGENTS.md:
- Around line 60-64: Update the stale blocker example text labeled
"missing_eval_specs" in AGENTS.md to use the canonical path string
"skills/<skill>” instead of "skill-source/.agents/skills/<skill>", and make sure
the example still clearly requires an eval/ directory with at least one eval
spec (eval/nvidia_hosted.json for CPU or eval/h100.json for GPU) so the blocker
message remains accurate and unambiguous.
---
Duplicate comments:
In `@skills/PUBLISHING_COMPLIANCE.md`:
- Line 147: Update the stale pytest path string "tests/unit/test_skill_source/"
to the current path "tests/unit/test_skills/" (or replace it with the specific
test file path already referenced) in the PUBLISHING_COMPLIANCE.md pre-merge
checks text so the documented command accurately reflects the post-migration
test location.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: 07d6922c-351e-4c5d-982a-17714afe8263
📒 Files selected for processing (74)
.github/skill-eval/AGENTS.md.github/workflows/skills-eval.yml.openclaw/README.md.openclaw/package.jsonAGENTS.mdCLAUDE.mdREADME.mdci/post-cve-report.shci/run_skill_eval.shdocs/release-notes.mdscripts/validate_skill_versions.pyskill-eval/CLAUDE.mdskill-eval/README.mdskill-eval/adapters/rag-blueprint/generate.pyskills/PUBLISHING_COMPLIANCE.mdskills/README.mdskills/rag-blueprint/BENCHMARK.mdskills/rag-blueprint/SKILL.mdskills/rag-blueprint/eval/h100.jsonskills/rag-blueprint/eval/nvidia_hosted.jsonskills/rag-blueprint/references/configure/agentic-rag.mdskills/rag-blueprint/references/configure/api-reference.mdskills/rag-blueprint/references/configure/data-catalog.mdskills/rag-blueprint/references/configure/evaluation.mdskills/rag-blueprint/references/configure/guardrails.mdskills/rag-blueprint/references/configure/ingestion.mdskills/rag-blueprint/references/configure/mcp.mdskills/rag-blueprint/references/configure/migration.mdskills/rag-blueprint/references/configure/models-and-infrastructure.mdskills/rag-blueprint/references/configure/multimodal-query.mdskills/rag-blueprint/references/configure/notebooks.mdskills/rag-blueprint/references/configure/observability.mdskills/rag-blueprint/references/configure/query-and-conversation.mdskills/rag-blueprint/references/configure/reasoning-and-generation.mdskills/rag-blueprint/references/configure/search-and-retrieval.mdskills/rag-blueprint/references/configure/summarization.mdskills/rag-blueprint/references/configure/user-interface.mdskills/rag-blueprint/references/configure/vlm.mdskills/rag-blueprint/references/deploy.mdskills/rag-blueprint/references/deploy/docker-nvidia-hosted.mdskills/rag-blueprint/references/deploy/docker-retrieval-only.mdskills/rag-blueprint/references/deploy/docker-self-hosted.mdskills/rag-blueprint/references/deploy/docker.mdskills/rag-blueprint/references/deploy/helm-mig.mdskills/rag-blueprint/references/deploy/helm-openshift.mdskills/rag-blueprint/references/deploy/helm-standard.mdskills/rag-blueprint/references/deploy/helm.mdskills/rag-blueprint/references/deploy/library-full.mdskills/rag-blueprint/references/deploy/library-lite.mdskills/rag-blueprint/references/deploy/library.mdskills/rag-blueprint/references/shutdown.mdskills/rag-blueprint/references/troubleshoot.mdskills/rag-blueprint/skill-card.mdskills/rag-blueprint/skill.oms.sigskills/rag-eval/BENCHMARK.mdskills/rag-eval/SKILL.mdskills/rag-eval/eval/h100.jsonskills/rag-eval/eval/nvidia_hosted.jsonskills/rag-eval/references/benchmark-execution.mdskills/rag-eval/references/dataset-and-conversion.mdskills/rag-eval/references/evaluate-rag-cli.mdskills/rag-eval/references/result-analysis.mdskills/rag-eval/skill-card.mdskills/rag-eval/skill.oms.sigskills/rag-perf/BENCHMARK.mdskills/rag-perf/SKILL.mdskills/rag-perf/eval/h100.jsonskills/rag-perf/eval/nvidia_hosted.jsonskills/rag-perf/references/config-schema.mdskills/rag-perf/references/output-and-analysis.mdskills/rag-perf/references/synthetic-generation.mdskills/rag-perf/skill-card.mdskills/rag-perf/skill.oms.sigtests/unit/test_skills/test_api_version_validation.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR ports the latest
origin/release-v2.6.0state to latestorigin/main.The branch has been rebased onto
origin/mainat8bbff13. That main commit already contains the docs/Sphinx/version-switcher work that previously appeared in this PR, so the duplicate docs commit was skipped during rebase.The current PR now carries the remaining latest release/develop sync from
origin/release-v2.6.0atc47aa2b.Current Branch State
codex/release-v2.6.0-to-main-20260603mainorigin/mainat8bbff13origin/release-v2.6.0atc47aa2b4edb49aRelease Commits
8bbff13onmainalready includes the docs/Sphinx/version-switcher work corresponding to release commitb5cea76.4edb49aapplies release commitc47aa2b-chore(release-v2.6.0): sync latest develop changes (#666).skill-source/toskills/.Main-Only Changes Preserved
The previously merged main-sync PR introduced several main-only overlays that are still intentionally preserved:
.coderabbit.yaml..github/workflows/request-nvskills-ci.yml.docs/perf-benchmarks.mddocs/assets/perf-benchmarks/*.png2.5.1.Vidore-V3naming and the Brev URL.Release Changes Allowed To Win
skills/layout. I did not restore the oldskill-source/layout.Validation
git diff --check origin/main..HEADpython3 docs/scripts/verify_doc_version_manifest.pyrg -n "^(<<<<<<<|>>>>>>>)"origin/release-v2.6.0; remaining differences are the intentional preserved main-only overlaysReviewer Notes
Please review the
skill-source/toskills/migration from the release/develop sync and confirm that the preserved main-only overlays should remain inmain.Summary by CodeRabbit
Documentation
skill-source/to the canonicalskills/location.Chores