Sync upstream to midstream#21
Merged
m-misiura merged 63 commits intotrustyai-explainability:developfrom Feb 10, 2026
Merged
Conversation
* start restructuring and add local build automation * refresh poetry lock * WIP new IA implementation * more restructure and script to auto-update cards * more work * improve * nit to stage * details * nit got to be staged * pull out use case page and add table * more improvements and extend update cards script * big improvements * polish intro a bit * small edit * incorporate devs feedback * remaining pages * more fixes * small edits * more updated and incorporate feedback * some edits * accidentally dropped file
…VIDIA-NeMo#1523) * chore(test): reduce default pytest log level from DEBUG to WARNING The DEBUG level was flooding test output with verbose nemoguardrails logs,making it difficult to read test results. Users can still enable verbose logging when needed via `--log-level=DEBUG`. * Updated test that relies on INFO-level log capture to explicitly set caplog level.
Switch base image from python:3.10 to python:3.12-slim for improved performance and smaller image size. Use --no-install-recommends for apt package installation and clean up apt cache to reduce final image size.
* Use temporary path as default value in AIperf tests * Revert type fix that's needed locally but breaks on the server
Add extensive test coverage for all model initialization paths and edge cases.Tests cover success scenarios, error handling, exception priority, mode filtering, and E2E integration through the full initialization chain.
… bot messages (NVIDIA-NeMo#1530) * feat(content_safety): add auto selected multilingual refusal bot message support Detect user input language and return refusal messages in the same language when content safety rails block unsafe content. Supports 9 languages: English, Spanish, Chinese, German, French, Hindi, Japanese, Arabic, and Thai.
…-NeMo#1542) * docs(streaming): update streaming configuration documentation feature: NVIDIA-NeMo#1538 Revise streaming docs to clarify usage of stream_async(), remove outdated global streaming config, and add CLI usage instructions. Explain output rails streaming requirements and deprecation of StreamingHandler. Improve examples and guidance for token usage tracking. * not sure about these 2
* docs: add multilingual refusal messages documentation Add documentation for the multilingual refusal messages feature in content safety rails, including: - Supported languages table with default messages - Basic and advanced configuration examples - Language detection behavior and accuracy benchmarks - Cold start behavior and caching details - Production considerations for container environments * docs: add installation guide for multilingual feature * remove configuration options
* docs: small update to test * fixing weird bug * updating overview page * updating use cases page * updating how it works section * updating supported llms page * updating getting started section * updating based on meeting discussion * adjusting rail types order * updating first configure rails docs * Update docs/about/rail-types.md Co-authored-by: Miyoung Choi <miyoungc@nvidia.com> Signed-off-by: alexahaushalter <alexahaushalter@hotmail.com> * updating first overall config files * updating guardrails config docs * finishing Core Configuration updates * updating actions section * updating Colang 2.0 getting started section * a few more updates * trying to get a Verified commit * trying to get a Verified commit attempt 2 --------- Signed-off-by: alexahaushalter <alexahaushalter@hotmail.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
* add frontmatter and card updates * more fixes and also the library mentions * fix capitalization * Update docs/run-rails/index.md Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/run-rails/index.md Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * save --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
* more doc updates * rm duplicates * Update docs/about/overview.md Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com>
* continuing with colang - working with actions * updating defining flows page * working with variables page
* continuing with colang - working with actions * updating defining flows page * working with variables page * through CSL section * finished language reference section * finishing colang 2 section
…rivateAI) (NVIDIA-NeMo#1545) * Adding GLiNER Co-authored-by: Lipika Ramaswamy <lramaswamy@nvidia.com> * addressing comments pt1 * revamping GLiNER server * addressing comments pt2 * fixing path on integration test after restructure * addressing comments pt3 * rolling back changes to project, not needed * mocking request on test, rolling back vscode change committed by mistake * updating docs * addressing final comments * rollback vscode * updating licenses * making extract function non-blocking by removing async --------- Co-authored-by: Lipika Ramaswamy <lramaswamy@nvidia.com>
* Move mock LLMs into top-level benchmark dir, local content_safety under examples, and benchmark-specific tests * Initial checkin of validation script * Remove un-needed files under nemoguardrails/benchmark * Move unit-tests under benchamrk top-level dir * Update unit-tests with new code location * Add requirements to keep benchmark dependencies separate from Guardrails itself * Update server run script and Procfile with new file locations * Return np.array with size (1,) from mock function calls in tests * Remove langchain_nvidia_ai_endpoints from requirements, Guardrails already has this in the poetry env. It's not used in the mocks * Update README to match new file locations and include venv instructions * Cleanups to the README * README.md cleanup
…d align with cards and nav (NVIDIA-NeMo#1554) * another round of frontmatter and titles * some improvements for get started * update * polish content safety tutorial and add use case diagrams to resources * improve tutorials, add config reference based on the source code * incorporate feedback
…VIDIA-NeMo#1526) OpenAI reasoning models (o1, o3, gpt-5 series excluding gpt-5-chat) only support `temperature=1`. When NeMo Guardrails uses `.bind(temperature=0.001)` for deterministic tasks like self-check input/output, the API returns an error: ``` Unsupported value: 'temperature' does not support 0.001 with this model. Only the default (1) value is supported. ``` This happens because LangChain's `ChatOpenAI` handles temperature restrictions at initialization time (setting `temperature=None` for reasoning models), but `.bind()` bypasses this protection and passes the temperature directly to the API. - Added `_filter_params_for_openai_reasoning_models()` function that: - Detects reasoning models by name (o1*, o3*, gpt-5* excluding gpt-5-chat) - Removes the `temperature` parameter before binding for these models - Follows the same pattern as LangChain's `validate_temperature` validator
…ing guides (NVIDIA-NeMo#1563) * refactor(docs): move alignscore and safeguarding guides to advanced section * docs(langchain): update and reorganize integration docs * fix typo --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
* Add streaming to mock LLMs, TTFT and ITL to config files, rename LATENCY_* to E2E_LATENCY_* to distinguish between the two
* improve doc * nit * Update docs/configure-rails/overview.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/about/overview.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/configure-rails/actions/index.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/configure-rails/overview.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/configure-rails/guardrail-catalog.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/user-guides/community/gliner.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/user-guides/community/gliner.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/user-guides/community/gliner.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/configure-rails/guardrail-catalog.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/configure-rails/guardrail-catalog.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/user-guides/community/gliner.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * resolve feedback * nit --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com>
* First pass over About NeMo Guardrails Library * Address feedback. Remove extra space, move diagrams into Resource section, fix README examples link * Fixed how-it-works top-evel card * Update docs/about/supported-llms.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Tim Gasser <200644301+tgasser-nv@users.noreply.github.com> * Update docs/about/supported-llms.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Tim Gasser <200644301+tgasser-nv@users.noreply.github.com> * Update docs/about/supported-llms.md Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Signed-off-by: Tim Gasser <200644301+tgasser-nv@users.noreply.github.com> * Add Integrate NeMo Guardrails Library into Your Application dropdown back to overview * Add accidentally deleted line back --------- Signed-off-by: Tim Gasser <200644301+tgasser-nv@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: Chris Parisien <64271260+cparisien@users.noreply.github.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
* docs(run-rails): improve documentation structure and clarity minor fix * docs(generation-options): reorder sections based on importance/usage * Apply suggestions from code review Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: Miyoung Choi <miyoungc@nvidia.com>
) * refactor(streaming): simplify streaming support validation - Remove `streaming` and `streaming_supported` properties from RailsConfig - Add `StreamingNotSupportedError` exception for clearer error handling - Move streaming validation from config-time to runtime in LLMRails - Remove `main_llm_supports_streaming` flag and related logic - Update CLI to catch StreamingNotSupportedError instead of pre-checking - Simplify server API streaming logic to use stream_async directly - Configure LLM streaming only when stream_async is called - Remove redundant streaming warnings and fallback logic BREAKING CHANGE: `RailsConfig.streaming` and `RailsConfig.streaming_supported` properties have been removed. Streaming support is now validated at runtime when `stream_async()` is called. * test: update tests for streaming refactor - Remove RailsConfig.streaming references from all tests - Update streaming tests to use StreamingNotSupportedError - Remove tests for deprecated streaming_supported property - Remove tests for main_llm_supports_streaming flag - Update CLI tests to verify StreamingNotSupportedError handling - Simplify test fixtures to remove streaming config parameters - Update token usage tests to reflect stream_usage always enabled - Fix test mocks to align with new streaming validation approach
Includes security fix GHSA-6qv9-48xg-fc7f for input variable validation in f-string templates and jinja2/mustache restrictions.
Fixes CVE-2025-66418 (unbounded decompression chain) andCVE-2025-66471 (high CPU and memory consumption).
* chore(deps): bump filelock from 3.19.1 to 3.20.3 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.19.1 to 3.20.3. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@3.19.1...3.20.3) --- updated-dependencies: - dependency-name: filelock dependency-version: 3.20.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * update --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pouyanpi <13303554+Pouyanpi@users.noreply.github.com>
* chore(deps): bump pyasn1 from 0.6.1 to 0.6.2 Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.1 to 0.6.2. - [Release notes](https://github.com/pyasn1/pyasn1/releases) - [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst) - [Commits](pyasn1/pyasn1@v0.6.1...v0.6.2) --- updated-dependencies: - dependency-name: pyasn1 dependency-version: 0.6.2 dependency-type: indirect ... Signed-off-by: Pouyanpi <13303554+Pouyanpi@users.noreply.github.com> --------- Signed-off-by: Pouyanpi <13303554+Pouyanpi@users.noreply.github.com>
Security fixes for aiohttp vulnerabilities (CVE-2025-66418). resolves: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
…#1583) * chore(deps-dev): bump virtualenv from 20.34.0 to 20.36.1 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.34.0 to 20.36.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.34.0...20.36.1) --- updated-dependencies: - dependency-name: virtualenv dependency-version: 20.36.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * update --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pouyanpi <13303554+Pouyanpi@users.noreply.github.com>
…DERS (NVIDIA-NeMo#1589) - Fix compatibility with langchain 1.2.1 where `_SUPPORTED_PROVIDERS` changed from `set` to `dict` - Add type check to extract keys when dict is encountered See: https://github.com/langchain-ai/langchain/releases/tag/langchain%3D%3D1.2.1
…IA-NeMo#1594) * Rename repo name across the Guardrails codebase * Caught the last few old-repo references in badges and actions * Correct capitalization in pyproject.toml homepage and issues references * Correct local clone directory for the new repo name * Added missing .git extension to Github repo links
* chore(release): prepare for v0.20.0 Signed-off-by: Pouyan <13303554+Pouyanpi@users.noreply.github.com> --------- Signed-off-by: Pouyan <13303554+Pouyanpi@users.noreply.github.com> Co-authored-by: Pouyan <13303554+Pouyanpi@users.noreply.github.com>
…ersion update for 0.20.0 (NVIDIA-NeMo#1597) * edit multilingual docs, fix incorrect info, and version update * Update docs/configure-rails/configuration-reference.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * incorporate comments * enhanced a release note per comment * add streaming to the release note * more improvements * incorporate before/after breaking change comparison --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
…IA-NeMo#1602) * frontmatter updates per diataxis-based types and add content type labels to cards * Update docs/evaluation/evaluate-guardrails.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/getting-started/tutorials/index.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * Update docs/deployment/index.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* add json output extension * Update docs/_extensions/json_output/README.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> * update readme * add DORI search assets * pre-commit fixes * precommit --------- Signed-off-by: Miyoung Choi <miyoungc@nvidia.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
…amingHandler (NVIDIA-NeMo#1547) * refactor(streaming): remove LangChain callback dependencies from StreamingHandler Refactored StreamingHandle by removing dependencies on LangChain callback interfaces (AsyncCallbackHandler, LLMResult, etc.). - Remove AsyncCallbackHandler inheritance from StreamingHandler - Replace callback-based streaming with direct push_chunk() interface - Add streaming_handler parameter to llm_call() for explicit streaming - Update llm_call to use llm.astream() instead of callbacks - Simplify push_chunk() to accept only strings (remove LangChain type conversions) - Remove on_chat_model_start, on_llm_new_token, on_llm_end callback methods
…ion (NVIDIA-NeMo#1605) * feat(llmrails): add check_async method for input/output rails validation Add a new `check_async` method to `LLMRails` that allows standalone validation of messages against input/output rails without requiring a full conversation flow. **Key features:** - Automatically determines which rails to run based on message roles: - User messages only → input rails - Assistant messages only → output rails - Both user and assistant → input and output rails - Returns a simple `RailsResult` with status (PASSED/MODIFIED/BLOCKED), content, and blocking rail name
* Initial commit of new top-level object, not tests yet * Consolidate into one file, add all but internal implementation-detail methods to Guardrails object * Add Guardrails top-level tests * Compacting tests * Use NEMO_USE_GUARDRAILS_WRAPPER to select new wrapper on top of LLMRails * Clean up init method * Change env var from NEMO_USE_GUARDRAILS_WRAPPER to NEMO_GUARDRAILS_IORAILS_ENGINE
* Initial commit of new top-level object, not tests yet * Consolidate into one file, add all but internal implementation-detail methods to Guardrails object * Add Guardrails top-level tests * Compacting tests * Initial checkin of async work queue * Improved tests and added queue status methods * Add work queues to Guardrails top-level * Remove debugging print * Remove streaming support (will deliver in later milestone) * Clean up tests after merge
…IA-NeMo#1606) * feat(langchain): add GuardrailsMiddleware for LangChain agent integration * feat(middleware): add explicit rail_types to check_async and fix message replacement - Add RailType enum (INPUT, OUTPUT) to options.py - Add optional rail_types parameter to check_async/check to override auto-detection - Middleware now passes rail_types=[RailType.INPUT] from abefore_model and rail_types=[RailType.OUTPUT] from aafter_model - Fix _replace_last_ai_message to find actual AIMessage index instead of assuming messages[-1] - Add unit tests for explicit rail type passing and message replacement
RobGeada
approved these changes
Feb 10, 2026
m-misiura
merged commit 9fe2770
into
trustyai-explainability:develop
3 of 12 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Merge with upstream develop branch to get pstream commit: e999078; base version: v0.20.0 + some additional commits, including PR#1340
Test plan
quay.io/rh-ee-mmisiura/nemo-guardrails:latest_develop