Merge branch 'main' into python-3.15

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: leofang

.gitattributes

@@ -1,15 +1,8 @@
 * text eol=lf
 *.cmd text eol=crlf
 
-# we do not own any headers checked in, don't touch them
-*.h binary
-*.hpp binary
-# Exception: headers we own
-benchmarks/cuda_bindings/benchmarks/cpp/*.hpp -binary text diff
-cuda_bindings/cuda/bindings/_bindings/*.h -binary text diff
-cuda_bindings/cuda/bindings/_lib/*.h -binary text diff
-cuda_core/cuda/core/_cpp/*.h -binary text diff
-cuda_core/cuda/core/_cpp/*.hpp -binary text diff
+# Keep the vendored DLPack header byte-for-byte, but still show text diffs.
+cuda_core/cuda/core/_include/dlpack.h -text !eol diff
 # git should not convert line endings in PNG files
 *.png binary
 *.svg binary

.github/workflows/bandit.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-FileCopyrightText: Copyright (c) 2024-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 
@@ -8,6 +8,7 @@ on:
   push:
     branches:
       - "pull-request/[0-9]+"
+      - "ctk-next"
       - "main"
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
@@ -17,6 +18,8 @@ jobs:
   analyze:
     runs-on: ubuntu-latest
     permissions:
+      actions: read
+      contents: read
       security-events: write
     steps:
       - name: Checkout

.github/workflows/codeql.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-FileCopyrightText: Copyright (c) 2024-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 
@@ -8,6 +8,7 @@ on:
   push:
     branches:
       - "pull-request/[0-9]+"
+      - "ctk-next"
       - "main"
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
@@ -18,6 +19,8 @@ jobs:
     name: Analyze (${{ matrix.language }})
     runs-on: ubuntu-latest
     permissions:
+      actions: read
+      contents: read
       security-events: write
 
     strategy:

.github/workflows/restricted-paths-guard.yml

@@ -24,15 +24,27 @@ jobs:
     steps:
       - name: Inspect PR author signals for restricted paths
         env:
-          # PR metadata inputs (author_association from event payload is
-          # unreliable for fork PRs, so we query the collaborator API directly)
+          # PR metadata inputs (the event payload's author_association can be
+          # stale for fork PRs, so restricted-path PRs query the live PR API).
           PR_AUTHOR: ${{ github.event.pull_request.user.login }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           PR_URL: ${{ github.event.pull_request.html_url }}
           RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
 
           # Workflow policy inputs
           REVIEW_LABEL: Needs-Restricted-Paths-Review
+          # Temporary testing recipe for agents:
+          # 1. Change pull_request_target to pull_request.
+          # 2. Set DRY_RUN_REVIEW_LABEL_WRITES to true.
+          # 3. Add a dummy comment or whitespace-only change in
+          #    cuda_bindings/README.md to trigger restricted-path detection
+          #    without affecting build/package behavior.
+          # 4. Replace both trusted case patterns below with DRY_RUN_NEVER_MATCH
+          #    so the test does not depend on the tester's GitHub identity:
+          #    MEMBER|OWNER and admin|maintain|write|triage.
+          # 5. Commit these changes as a temporary dry-run test commit and revert
+          #    that commit before merge.
+          DRY_RUN_REVIEW_LABEL_WRITES: false
 
           # API request context/auth
           GH_TOKEN: ${{ github.token }}
@@ -42,6 +54,8 @@ jobs:
 
           COLLABORATOR_PERMISSION="not checked"
           COLLABORATOR_PERMISSION_API_ERROR=""
+          AUTHOR_ASSOCIATION="not checked"
+          AUTHOR_ASSOCIATION_API_ERROR=""
 
           if ! MATCHING_RESTRICTED_PATHS=$(
             gh api \
@@ -68,6 +82,7 @@ jobs:
               echo ""
               echo "- **Error**: Failed to inspect the PR file list."
               echo "- **Author**: $PR_AUTHOR"
+              echo "- **Author association**: $AUTHOR_ASSOCIATION"
               echo "- **Collaborator permission**: $COLLABORATOR_PERMISSION"
               echo ""
               echo "Please update the PR at: $PR_URL"
@@ -88,6 +103,7 @@ jobs:
               echo ""
               echo "- **Error**: Failed to inspect the current PR labels."
               echo "- **Author**: $PR_AUTHOR"
+              echo "- **Author association**: $AUTHOR_ASSOCIATION"
               echo "- **Collaborator permission**: $COLLABORATOR_PERMISSION"
               echo ""
               echo "Please update the PR at: $PR_URL"
@@ -114,11 +130,32 @@ jobs:
             echo '```'
           }
 
+          write_author_association_api_error() {
+            echo "- **Author association API error**:"
+            echo '```text'
+            printf '%s\n' "$AUTHOR_ASSOCIATION_API_ERROR"
+            echo '```'
+          }
+
+          build_review_label_comment() {
+            printf '%s\n\n%s\n\n%s\n\n%s\n\n%s\n' \
+              "\`$REVIEW_LABEL\` was assigned by \`CI: Restricted Paths Guard\`." \
+              "For details, open [this workflow run]($RUN_URL) and click **Summary**." \
+              "For external contributors: thank you for your interest in improving CUDA Python. The \`cuda_bindings/\` package is distributed under the [NVIDIA Software License](https://github.com/NVIDIA/cuda-python/blob/main/cuda_bindings/LICENSE), which does not allow us to accept external contributions to files under \`cuda_bindings/\` in this repository." \
+              "Please close this PR. If your changes also include updates outside \`cuda_bindings/\`, please open a new PR containing only those changes so we can review them separately under the applicable license." \
+              "If you are an NVIDIA employee and believe this label was applied in error, no action is needed; a maintainer will review and remove the label if appropriate."
+          }
+
+          write_review_label_comment_dry_run() {
+            echo "- **Dry-run comment body**:"
+            echo '```markdown'
+            build_review_label_comment
+            echo '```'
+          }
+
           post_review_label_comment() {
             local comment_body
-            printf -v comment_body '%s\n\n%s\n' \
-              "\`$REVIEW_LABEL\` was assigned by \`CI: Restricted Paths Guard\`." \
-              "For details, open [this workflow run]($RUN_URL) and click **Summary**."
+            comment_body=$(build_review_label_comment)
 
             if gh api "repos/$REPO/issues/$PR_NUMBER/comments" \
               -f body="$comment_body" >/dev/null; then
@@ -135,46 +172,87 @@ jobs:
           COMMENT_ACTION="not needed"
 
           if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ]; then
-            # Distinguish a legitimate 404 "not a collaborator" response from
-            # actual API failures. The former is an expected untrusted case;
-            # the latter fails the workflow so it can be rerun later.
-            if COLLABORATOR_PERMISSION_RESPONSE=$(
-              gh api "repos/$REPO/collaborators/$PR_AUTHOR/permission" \
-                --jq '.permission' 2>&1
+            if AUTHOR_ASSOCIATION_RESPONSE=$(
+              gh api "repos/$REPO/pulls/$PR_NUMBER" \
+                --jq '.author_association // "NONE"' 2>&1
             ); then
-              COLLABORATOR_PERMISSION="$COLLABORATOR_PERMISSION_RESPONSE"
-            elif [[ "$COLLABORATOR_PERMISSION_RESPONSE" == *"(HTTP 404)"* ]]; then
-              COLLABORATOR_PERMISSION="none"
+              AUTHOR_ASSOCIATION="$AUTHOR_ASSOCIATION_RESPONSE"
             else
-              COLLABORATOR_PERMISSION="unknown"
-              COLLABORATOR_PERMISSION_API_ERROR="$COLLABORATOR_PERMISSION_RESPONSE"
-              echo "::error::Failed to inspect collaborator permission for $PR_AUTHOR."
+              AUTHOR_ASSOCIATION="unknown"
+              AUTHOR_ASSOCIATION_API_ERROR="$AUTHOR_ASSOCIATION_RESPONSE"
+              echo "::error::Failed to inspect live author association for PR #$PR_NUMBER."
               {
                 echo "## Restricted Paths Guard Failed"
                 echo ""
-                echo "- **Error**: Failed to inspect collaborator permission."
+                echo "- **Error**: Failed to inspect live author association."
                 echo "- **Author**: $PR_AUTHOR"
-                echo "- **Collaborator permission**: $COLLABORATOR_PERMISSION"
+                echo "- **Author association**: $AUTHOR_ASSOCIATION"
                 echo ""
                 write_matching_restricted_paths
                 echo ""
-                write_collaborator_permission_api_error
+                write_author_association_api_error
                 echo ""
-                echo "Please retry this workflow. If the failure persists, inspect the collaborator permission API error above."
+                echo "Please retry this workflow. If the failure persists, inspect the author association API error above."
               } >> "$GITHUB_STEP_SUMMARY"
               exit 1
             fi
 
-            case "$COLLABORATOR_PERMISSION" in
-              admin|maintain|write|triage|read)
+            case "$AUTHOR_ASSOCIATION" in
+              MEMBER|OWNER)
                 HAS_TRUSTED_SIGNAL=true
-                LABEL_ACTION="not needed (collaborator permission is a trusted signal)"
-                TRUSTED_SIGNALS="collaborator_permission:$COLLABORATOR_PERMISSION"
+                LABEL_ACTION="not needed (live author association is a trusted signal)"
+                TRUSTED_SIGNALS="author_association:$AUTHOR_ASSOCIATION"
                 ;;
               *)
-                # none: not a trusted signal
+                # COLLABORATOR can still be too broad for this policy; use the
+                # collaborator permission API below for repo-level trust.
                 ;;
             esac
+
+            # Distinguish a legitimate 404 "not a collaborator" response from
+            # actual API failures. The former is an expected untrusted case;
+            # the latter fails the workflow so it can be rerun later.
+            if [ "$HAS_TRUSTED_SIGNAL" = "false" ]; then
+              if COLLABORATOR_PERMISSION_RESPONSE=$(
+                gh api "repos/$REPO/collaborators/$PR_AUTHOR/permission" \
+                  --jq '.permission' 2>&1
+              ); then
+                COLLABORATOR_PERMISSION="$COLLABORATOR_PERMISSION_RESPONSE"
+              elif [[ "$COLLABORATOR_PERMISSION_RESPONSE" == *"(HTTP 404)"* ]]; then
+                COLLABORATOR_PERMISSION="none"
+              else
+                COLLABORATOR_PERMISSION="unknown"
+                COLLABORATOR_PERMISSION_API_ERROR="$COLLABORATOR_PERMISSION_RESPONSE"
+                echo "::error::Failed to inspect collaborator permission for $PR_AUTHOR."
+                {
+                  echo "## Restricted Paths Guard Failed"
+                  echo ""
+                  echo "- **Error**: Failed to inspect collaborator permission."
+                  echo "- **Author**: $PR_AUTHOR"
+                  echo "- **Author association**: $AUTHOR_ASSOCIATION"
+                  echo "- **Collaborator permission**: $COLLABORATOR_PERMISSION"
+                  echo ""
+                  write_matching_restricted_paths
+                  echo ""
+                  write_collaborator_permission_api_error
+                  echo ""
+                  echo "Please retry this workflow. If the failure persists, inspect the collaborator permission API error above."
+                } >> "$GITHUB_STEP_SUMMARY"
+                exit 1
+              fi
+
+              case "$COLLABORATOR_PERMISSION" in
+                admin|maintain|write|triage)
+                  HAS_TRUSTED_SIGNAL=true
+                  LABEL_ACTION="not needed (collaborator permission is a trusted signal)"
+                  TRUSTED_SIGNALS="collaborator_permission:$COLLABORATOR_PERMISSION"
+                  ;;
+                *)
+                  # read or none: not a trusted signal. In a public repo, read
+                  # can be the effective permission for any GitHub user.
+                  ;;
+              esac
+            fi
           fi
 
           NEEDS_REVIEW_LABEL=false
@@ -190,13 +268,24 @@ jobs:
           if [ "$NEEDS_REVIEW_LABEL" = "true" ]; then
             if [ "$LABEL_ALREADY_PRESENT" = "true" ]; then
               LABEL_ACTION="already present"
+            elif [ "$DRY_RUN_REVIEW_LABEL_WRITES" = "true" ]; then
+              LABEL_ACTION="would add (dry run)"
+              COMMENT_ACTION="would post (dry run)"
+              {
+                echo "## Restricted Paths Guard Dry Run"
+                echo ""
+                echo "- **Would add label**: \`$REVIEW_LABEL\`"
+                echo ""
+                write_review_label_comment_dry_run
+              } >> "$GITHUB_STEP_SUMMARY"
             elif ! gh pr edit "$PR_NUMBER" --repo "$REPO" --add-label "$REVIEW_LABEL"; then
               echo "::error::Failed to add the $REVIEW_LABEL label."
               {
                 echo "## Restricted Paths Guard Failed"
                 echo ""
                 echo "- **Error**: Failed to add the \`$REVIEW_LABEL\` label."
                 echo "- **Author**: $PR_AUTHOR"
+                echo "- **Author association**: $AUTHOR_ASSOCIATION"
                 echo "- **Collaborator permission**: $COLLABORATOR_PERMISSION"
                 echo ""
                 write_matching_restricted_paths
@@ -216,6 +305,7 @@ jobs:
             echo "## Restricted Paths Guard Completed"
             echo ""
             echo "- **Author**: $PR_AUTHOR"
+            echo "- **Author association**: $AUTHOR_ASSOCIATION"
             echo "- **Collaborator permission**: $COLLABORATOR_PERMISSION"
             echo "- **Touches restricted paths**: $TOUCHES_RESTRICTED_PATHS"
             echo "- **Restricted paths**: \`cuda_bindings/\`, \`cuda_python/\`"

.github/workflows/test-sdist-linux.yml

@@ -22,6 +22,7 @@ permissions:
 jobs:
   test-sdist:
     name: Test sdist builds
+    timeout-minutes: 60
     runs-on: linux-amd64-cpu8
     steps:
       - name: Checkout ${{ github.event.repository.name }}

.github/workflows/test-sdist-windows.yml

@@ -28,6 +28,7 @@ permissions:
 jobs:
   test-sdist:
     name: Test sdist builds
+    timeout-minutes: 60
     runs-on: windows-2022
     steps:
       - name: Checkout ${{ github.event.repository.name }}

.github/workflows/test-wheel-linux.yml

@@ -96,6 +96,7 @@ jobs:
 
   test:
     name: Python ${{ matrix.PY_VER }}, CUDA ${{ matrix.CUDA_VER }} (${{ (matrix.LOCAL_CTK == '1' && 'local') || 'wheels' }}), GPU ${{ matrix.GPU }}${{ matrix.GPU_COUNT != '1' && format(' (x{0})', matrix.GPU_COUNT) || '' }}${{ matrix.FLAVOR && format(', {0}', matrix.FLAVOR) || '' }}${{ matrix.TORCH_VER && format(', {0}', matrix.TORCH_VER) || '' }}${{ matrix.MODE == 'nightly-numba-cuda' && ', latest' || '' }}
+    timeout-minutes: 60
     needs: compute-matrix
     strategy:
       fail-fast: false

.github/workflows/test-wheel-windows.yml

@@ -88,6 +88,7 @@ jobs:
 
   test:
     name: Python ${{ matrix.PY_VER }}, CUDA ${{ matrix.CUDA_VER }} (${{ (matrix.LOCAL_CTK == '1' && 'local') || 'wheels' }}), GPU ${{ matrix.GPU }}${{ matrix.GPU_COUNT != '1' && format(' (x{0})', matrix.GPU_COUNT) || '' }} (${{ matrix.DRIVER_MODE }})${{ matrix.TORCH_VER && format(', {0}', matrix.TORCH_VER) || '' }}${{ matrix.MODE == 'nightly-numba-cuda' && ', latest' || '' }}
+    timeout-minutes: 60
     # The build stage could fail but we want the CI to keep moving.
     needs: compute-matrix
     strategy:

README.md

@@ -7,6 +7,7 @@ CUDA Python is the home for accessing NVIDIA’s CUDA platform from Python. It c
 * [cuda.pathfinder](https://nvidia.github.io/cuda-python/cuda-pathfinder/latest): Utilities for locating CUDA components installed in the user's Python environment
 * [cuda.coop](https://nvidia.github.io/cccl/unstable/python/coop.html): A Python module providing CCCL's reusable block-wide and warp-wide *device* primitives for use within Numba CUDA kernels
 * [cuda.compute](https://nvidia.github.io/cccl/unstable/python/compute/index.html): A Python module for easy access to CCCL's highly efficient and customizable parallel algorithms, like `sort`, `scan`, `reduce`, `transform`, etc. that are callable on the *host*
+* [numba-cuda-mlir](https://nvidia.github.io/numba-cuda-mlir/): An evolution of Numba CUDA that improves upon its technical foundation and performance to provide the future of CUDA Python JIT compilation. It currently supports developing CUDA **SIMT** kernels in Python, providing Python bindings for accelerated device libraries, and serving as a compiler for user-defined functions in accelerated libraries.
 * [numba.cuda](https://nvidia.github.io/numba-cuda/): A Python DSL that exposes CUDA **SIMT** programming model and compiles a restricted subset of Python code into CUDA kernels and device functions
 * [cuda.tile](https://docs.nvidia.com/cuda/cutile-python/): A new Python DSL that exposes CUDA **Tile** programming model and allows users to write NumPy-like code in CUDA kernels
 * [nvmath-python](https://docs.nvidia.com/cuda/nvmath-python/latest): Pythonic access to NVIDIA CPU & GPU Math Libraries, with [*host*](https://docs.nvidia.com/cuda/nvmath-python/latest/overview.html#host-apis), [*device*](https://docs.nvidia.com/cuda/nvmath-python/latest/overview.html#device-apis), and [*distributed*](https://docs.nvidia.com/cuda/nvmath-python/latest/distributed-apis/index.html) APIs. It also provides low-level Python bindings to host C APIs ([nvmath.bindings](https://docs.nvidia.com/cuda/nvmath-python/latest/bindings/index.html)).