feat: add PII redaction plugin crate with local backend

[afourniernv]

Overview

Add a dedicated nemo-relay-pii-redaction crate for Relay’s first-party privacy plugin. This PR ships the deterministic hot-path builtin backend now, keeps a future local_model seam for model-backed detection/redaction later, and separates the plugin from raw middleware by giving users a supported config-driven privacy surface instead of requiring custom sanitize callbacks.

• I confirm this contribution is my own work, or I have the right to submit it under this project's license.
• I searched existing issues and open pull requests, and this does not duplicate existing work.

Details

• add a new nemo-relay-pii-redaction first-party crate
• keep pii_redaction distinct from raw guardrails middleware:
  • middleware remains the generic runtime hook mechanism
  • pii_redaction becomes the packaged, first-party, config-driven privacy policy surface on top of those hooks
  • this gives users a supported privacy feature with typed config, editor support, codec-aware LLM handling, and shared behavior across runtimes instead of requiring bespoke callback code
• ship the deterministic builtin backend in this PR, including:
  • remove, redact, regex_replace, hash, and mask
  • built-in detector presets for common PII, structured secrets, and cloud credentials
  • codec-aware sanitization for supported LLM surfaces
  • tool and LLM sanitize guardrail registration for observability hot-path use
• keep local_model in the plugin contract as the next backend seam:
  • no runtime implementation is shipped yet
  • the seam is there so a future model-backed local detector/redactor can be added without redesigning the plugin surface again
• explicitly register the plugin from CLI, Python, Node, FFI, and WASM startup/validation paths instead of treating it as a core auto-registered plugin
• update CLI typed editor support and coverage for the externalized plugin crate
• move the plugin into its own crate now because we expect the second backend lane to grow a heavier dependency/runtime surface, and keeping both lanes together under one plugin-owned crate boundary is cleaner than splitting only one backend out of core later

Where should the reviewer start?

Start with crates/pii-redaction/src/component.rs and crates/pii-redaction/src/lib.rs, then review crates/pii-redaction/src/builtin.rs for the shipped deterministic backend and the explicit plugin registration changes in crates/cli/src/server.rs and crates/python/src/lib.rs.

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

• Relates to RELAY-181

Summary by CodeRabbit

• New Features

  • Added a first‑party PII Redaction plugin with configurable actions (remove, redact, mask, hash, regex replace), built‑in detectors for common PII/secrets, codec‑aware LLM request/response sanitization, and interactive CLI editor support.
  • Plugin integrated across runtimes (CLI, FFI, Node, Python, WASM).

• Dependencies

  • Updated sha2 from 0.10.9 to 0.11.0.

• Documentation

  • Added comprehensive plugin docs and configuration guides.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a new first-party PII redaction crate and plugin: component contract, built-in sanitization engine with detectors and masking strategies, LLM overlay support, local backend hooks, tests, CLI/editor integration, binding registration across FFI/Node/Python/WASM, workspace wiring, docs, and an attribution update.

Changes

PII Redaction Plugin

Layer / File(s)	Summary
Workspace & attribution bootstrap Cargo.toml, crates/*/Cargo.toml, ATTRIBUTIONS-Rust.md	Adds crates/pii-redaction workspace member and nemo-relay-pii-redaction workspace dependency to bindings; updates sha2 attribution to v0.11.0.
Core component contract & validation crates/pii-redaction/src/component.rs	Defines PII_REDACTION_PLUGIN_KIND, ComponentSpec, PiiRedactionConfig, editor schema metadata, validation rules, diagnostics, registration APIs, and schema helper.
Detector implementations & local provider crates/pii-redaction/src/detectors.rs, crates/pii-redaction/src/local.rs	BuiltinDetector registry and per-detector regex specs plus detector-aware masking helpers; runtime-local backend provider registration/clear/invoke hooks for local_model mode.
Built-in JSON sanitization backend crates/pii-redaction/src/builtin.rs	CompiledBuiltinBackend with matcher compilation, preorder JSON-pointer traversal, actions (remove, regex_replace, redact, hash, mask), codec-aware decode/encode, and callback factories for tool/LLM sanitizers.
LLM response overlay crates/pii-redaction/src/overlay.rs	Provider-specific response overlays for OpenAI Chat, OpenAI Responses, and Anthropic that rewrite identifiers, finish/status fields, message text blocks, and tool-call metadata from annotated sanitized data.
Crate root & tests crates/pii-redaction/src/lib.rs, crates/pii-redaction/tests/unit/component_tests.rs	Crate module declarations, test-only helpers/re-exports, and a comprehensive unit/async test suite covering validation, builtin behaviors, detectors, overlays, codec paths, and integration points.
CLI editor model & persistence crates/cli/src/plugins/editor_model.rs, crates/cli/src/plugins.rs	Adds EditableComponent::PiiRedaction, editor load/store/merge helpers, interactive edit handling, configured/summary helpers, and persistence that prunes version when required.
CLI validation, doctor & server wiring crates/cli/src/plugins/config_io.rs, crates/cli/src/doctor.rs, crates/cli/src/server.rs	Calls register_pii_redaction_component() during config validation, observability checks, and PluginActivation::initialize, mapping failures to CLI errors or doctor Fail checks.
Runtime bindings registration crates/ffi/src/api/plugin.rs, crates/node/src/api/mod.rs, crates/python/src/lib.rs, crates/wasm/src/api/mod.rs	Adds registration helpers and ensures the PII redaction component is registered before plugin validation/activation/listing across FFI, Node N-API init, Python PyO3 init, and WASM APIs.
CLI editor schema & tests crates/cli/tests/coverage/plugins_tests.rs	Adds tests validating the editor schema and that editor save preserves unknown fields while pruning version.
Documentation & site navigation docs/index.yml, docs/pii-redaction-plugin/*.mdx	Adds docs pages describing plugin purpose, configuration, modes, action semantics, detector presets, target-path semantics, codec/observability behavior, and site navigation entry.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• NVIDIA/NeMo-Relay#205: Similar binding/registration changes to plugin component registration in CLI doctor/initialization paths.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.51% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description check	✅ Passed	PR description includes all required template sections: Overview with confirmation checkboxes, Details explaining substantive changes, Where to start guidance, and Related Issues reference.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title follows Conventional Commits format with type 'feat', clear imperative summary, and is 55 characters—well under the 72-character limit.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ATTRIBUTIONS-Rust.md`:
- Around line 32416-32420: Add required blank lines before and after the "##
sha2 - 0.10.9" heading and before/after the "### License:
https://spdx.org/licenses/Apache-2.0.html" subheading, and replace the loose
license text with a fenced code block that includes a language tag (e.g.,
```text) and surrounding blank lines so the license body is wrapped as a proper
code fence; update the block around the Apache License text near the mentioned
lines to ensure there's an empty line preceding the opening ```text and an empty
line following the closing ``` to satisfy MD022, MD031, and MD040.

In `@crates/cli/tests/coverage/plugins_tests.rs`:
- Around line 228-311: Add a round-trip unit test that exercises the
editor_model persistence path: call store_pii_redaction_state (or the public
wrapper that persists editor_model), modify a PII component value via the editor
round-trip API, then reload/merge the stored editor_model and assert persisted
behavior — specifically that unknown keys are preserved and the top-level
version field is pruned; ensure the test covers merge semantics (e.g., partial
updates do not clobber unrelated keys) and cross-request isolation by using
fresh state between subrequests. Locate existing PII test helpers and the
current typed_editor_model_contains_pii_redaction_options test to mirror
setup/teardown and reuse functions such as store_pii_redaction_state,
editor_model, and any load/merge helper to validate persisted config equality
and expected differences.

In `@crates/pii-redaction/src/builtin.rs`:
- Around line 133-180: The traversal keeps container nodes (Json::Array /
Json::Object) even when the current path matches and action is
BuiltinAction::Remove; update sanitize_json_preorder_dfs_at_path so that if
self.matches_current_preorder_path(path_segments) && matches!(self.action,
BuiltinAction::Remove) you return None for the whole node before recursing into
children (i.e., add that check at the start of the Array and Object arms or
immediately at top of the match) so arrays/objects at a matched target_path are
removed rather than sanitized recursively.

In `@crates/pii-redaction/src/detectors.rs`:
- Around line 247-272: mask_ip_address and mask_ipv6 currently hardcode "*" and
ignore the mask_char parameter; update both to build masked segments using
mask_char.repeat(n) (e.g., 3 repeats for IPv4 octets, 4 for IPv6 segments)
instead of "***"/"****" and ensure you collect into owned strings
(collect::<Vec<String>>()) so assignments compile; keep the existing fallback to
mask_text(text, mask_char, 0, 0).

In `@crates/pii-redaction/src/local.rs`:
- Around line 10-12: The public function register_local_backend_provider
currently uses the private type alias LocalBackendProvider from local.rs,
causing a private_in_public warning; fix this by making the alias public (change
type LocalBackendProvider to pub type LocalBackendProvider = Arc<dyn
Fn(PiiRedactionConfig, &mut PluginRegistrationContext) -> PluginResult<()> +
Send + Sync>; and ensure it is exported where needed) or alternatively change
register_local_backend_provider's signature to use a public concrete type (e.g.,
Arc<dyn Fn(PiiRedactionConfig, &mut PluginRegistrationContext) ->
PluginResult<()> + Send + Sync + 'static>) so the public API does not reference
a private symbol (update any pub use exports accordingly).

In `@crates/pii-redaction/src/overlay.rs`:
- Around line 117-144: The overlay_openai_chat_tool_calls function currently
only updates matched pairs and leaves extra raw tool_calls intact, risking
unsanitized leakage; modify overlay_openai_chat_tool_calls so after obtaining
raw_calls and tool_calls you check their lengths and if they differ remove the
"tool_calls" field from message and return (or otherwise drop/truncate all
unmatched raw entries) to ensure no original arguments remain; apply the same
defensive length-check-and-remove behavior to the other overlay functions that
process tool_calls in this file so mismatched cardinality never preserves
unsanitized data.

In `@crates/pii-redaction/tests/unit/component_tests.rs`:
- Around line 1023-1031: The test currently embeds a card-like literal ("4111
1111 1111 1234") which trips secret scanners; instead construct the same string
at runtime (so behavior stays identical) before passing into
ToolCallParams::builder().args — e.g., build from pieces (like an array of
digit-groups joined with " "), format from numeric constants, or decode a
harmless encoded form and use that as the "card" value; update the call site
that passes the "card" key (inside tool_call / ToolCallParams::builder()) to use
the dynamically constructed string.

In `@docs/pii-redaction-plugin/configuration.mdx`:
- Line 71: Replace the inconsistent heading term "Builtin" with the hyphenated
"Built-In" across the document: change the heading "Builtin Mode" to "Built-In
Mode" and any "Builtin Settings" to "Built-In Settings" (also apply the same
replacement for the other occurrence noted as "Builtin" later in the file);
ensure all heading occurrences and related references use "Built-In" for
consistency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 306e8f9f-4d05-4185-8584-76a217942158

📥 Commits

Reviewing files that changed from the base of the PR and between 858b1e0 and f7a627d.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (29)

• ATTRIBUTIONS-Rust.md
• Cargo.toml
• crates/cli/Cargo.toml
• crates/cli/src/doctor.rs
• crates/cli/src/plugins.rs
• crates/cli/src/plugins/config_io.rs
• crates/cli/src/plugins/editor_model.rs
• crates/cli/src/server.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/ffi/Cargo.toml
• crates/ffi/src/api/plugin.rs
• crates/node/Cargo.toml
• crates/node/src/api/mod.rs
• crates/pii-redaction/Cargo.toml
• crates/pii-redaction/README.md
• crates/pii-redaction/src/builtin.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/local.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/python/Cargo.toml
• crates/python/src/lib.rs
• crates/wasm/Cargo.toml
• crates/wasm/src/api/mod.rs
• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

📜 Review details

🧰 Additional context used

📓 Path-based instructions (46)

{crates/adaptive/**,python/nemo_relay/adaptive.py,python/nemo_relay/plugin.py,go/nemo_relay/adaptive/**,go/nemo_relay/!(adaptive)/**,**/node/**,**/wasm/**}

📄 CodeRabbit inference engine (.agents/skills/maintain-optimizer/SKILL.md)

Keep adaptive surface in sync across crates/adaptive, shared plugin behavior in core and bindings, Python adaptive/plugin wrappers in python/nemo_relay/adaptive.py and python/nemo_relay/plugin.py, Go adaptive helpers under go/nemo_relay/adaptive plus shared plugin helpers in go/nemo_relay, and Node/WebAssembly adaptive helpers and plugin wrappers

Files:

• crates/node/Cargo.toml
• crates/wasm/Cargo.toml
• crates/node/src/api/mod.rs
• crates/wasm/src/api/mod.rs

{crates/adaptive/**,python/nemo_relay/plugin.py,go/nemo_relay/**,**/node/**,**/wasm/**}

📄 CodeRabbit inference engine (.agents/skills/maintain-optimizer/SKILL.md)

{crates/adaptive/**,python/nemo_relay/plugin.py,go/nemo_relay/**,**/node/**,**/wasm/**}: Maintain consistent plugin lifecycle across all language bindings (Python, Go, Node/WebAssembly, and Rust)
Keep plugin context surfaces aligned across all language implementations

Files:

• crates/node/Cargo.toml
• crates/wasm/Cargo.toml
• crates/node/src/api/mod.rs
• crates/wasm/src/api/mod.rs

**/{Cargo.toml,**/*.rs}

📄 CodeRabbit inference engine (.agents/skills/maintain-packaging/SKILL.md)

Maintain consistency between Rust package names in Cargo.toml and their actual usage across the codebase

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/cli/src/plugins.rs
• crates/pii-redaction/Cargo.toml
• crates/cli/src/server.rs
• crates/python/Cargo.toml
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{rs,toml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Rust crate names and module prefixes during coordinated rename operations

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/cli/src/plugins.rs
• crates/pii-redaction/Cargo.toml
• crates/cli/src/server.rs
• crates/python/Cargo.toml
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{py,txt,toml,cfg,yaml,yml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Python package names and top-level module imports during coordinated rename operations

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• docs/index.yml
• crates/pii-redaction/Cargo.toml
• crates/python/Cargo.toml

**/Cargo.toml

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update WebAssembly crate names and generated package names during coordinated rename operations

Confirm or infer the target release version from upstream/main:Cargo.toml. Derive the release branch as release/<major>.<minor>.

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/pii-redaction/Cargo.toml
• crates/python/Cargo.toml

{docs/**,README.md,**/Cargo.toml,**/package.json,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Ensure renamed public surfaces are reflected consistently in manifests and docs for large or public-facing changes

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/pii-redaction/README.md
• docs/index.yml
• crates/pii-redaction/Cargo.toml
• crates/python/Cargo.toml
• docs/pii-redaction-plugin/about.mdx
• ATTRIBUTIONS-Rust.md
• docs/pii-redaction-plugin/configuration.mdx

**/*.{md,mdx,py,sh,yaml,yml,toml,json}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep package names, repo references, and build commands current

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/pii-redaction/README.md
• docs/index.yml
• crates/pii-redaction/Cargo.toml
• crates/python/Cargo.toml
• docs/pii-redaction-plugin/about.mdx
• ATTRIBUTIONS-Rust.md
• docs/pii-redaction-plugin/configuration.mdx

**/*.toml

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license header in TOML configuration files using hash comment syntax

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/pii-redaction/Cargo.toml
• crates/python/Cargo.toml

**/*.{rs,py,js,ts,tsx,jsx,go,sh,toml,yaml,yml,md}

📄 CodeRabbit inference engine (AGENTS.md)

Keep SPDX headers on source, docs, scripts, and configuration files. The project is Apache-2.0.

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/cli/src/plugins.rs
• crates/pii-redaction/README.md
• docs/index.yml
• crates/pii-redaction/Cargo.toml
• crates/cli/src/server.rs
• crates/python/Cargo.toml
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• ATTRIBUTIONS-Rust.md
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

crates/{python,ffi,node,wasm}/**/*

⚙️ CodeRabbit configuration file

crates/{python,ffi,node,wasm}/**/*: Treat binding changes as public API changes. Check for parity with the other language bindings, FFI ownership/lifetime safety,
callback error propagation, stable type conversion, and consistent async/stream semantics.
Flag changes that update one binding without corresponding tests or documentation for the same surface elsewhere.

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/wasm/Cargo.toml
• crates/python/Cargo.toml
• crates/python/src/lib.rs
• crates/node/src/api/mod.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs

**

⚙️ CodeRabbit configuration file

**:

AGENTS.md

This file provides guidance to agents, including Claude Code and OpenAI Codex, when working in this repository.

Project Overview

NeMo Relay is a multi-language agent runtime framework for execution scopes, lifecycle events, middleware, plugins, and observability around tool and LLM calls. The core runtime is Rust. Primary supported bindings are Rust, Python, and Node.js. Go, WebAssembly, and the raw C FFI are experimental and source-first.

The shared runtime model is:

1. Scope stacks decide where work belongs and which scope-local behavior is visible.
2. Middleware registries decide what guardrails and intercepts run around managed calls.
3. Plugins install reusable runtime behavior from configuration.
4. Events record runtime behavior in ATOF form.
5. Subscribers and exporters consume events in-process or export them to ATIF, OpenTelemetry, OpenInference, or other backends.

Repository Structure

The repository layout separates the Rust runtime, language bindings, documentation,
integration patches, and agent-facing skills.

crates/
  core/       # Rust core runtime crate, published as nemo-relay
  adaptive/   # Adaptive runtime primitives and plugin components
  python/     # PyO3 native extension for the Python package
  ffi/        # Raw C ABI layer used by downstream bindings such as Go
  node/       # NAPI Node.js binding and JavaScript/TypeScript entry points
  wasm/       # wasm-bindgen WebAssembly binding and JS wrappers
python/
  nemo_relay/  # Python wrapper package: scopes, tools, LLM, middleware, typed helpers, plugins, adaptive helpers
  tests/      # Python tests
go/
  nemo_relay/  # Experimental Go CGo binding and tests
fern/         # Fern documentation site
scripts/      # Stable wrappers and helper scripts; build/test/docs entry points live in justfile
third_party/  # P...

Files:

• crates/node/Cargo.toml
• crates/ffi/Cargo.toml
• crates/cli/Cargo.toml
• Cargo.toml
• crates/wasm/Cargo.toml
• crates/cli/src/plugins.rs
• crates/pii-redaction/README.md
• docs/index.yml
• crates/pii-redaction/Cargo.toml
• crates/cli/src/server.rs
• crates/python/Cargo.toml
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• docs/pii-redaction-plugin/about.mdx
• ATTRIBUTIONS-Rust.md
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• docs/pii-redaction-plugin/configuration.mdx
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

crates/ffi/**

📄 CodeRabbit inference engine (.agents/skills/test-ffi-surface/SKILL.md)

Rebuild the FFI crate in release mode so the shared library and header stay in sync when making changes to crates/ffi

Files:

• crates/ffi/Cargo.toml
• crates/ffi/src/api/plugin.rs

Cargo.toml

📄 CodeRabbit inference engine (.agents/skills/update-project-version/SKILL.md)

Cargo.toml: Maintain Cargo.toml [workspace.package].version as the source of truth for Rust workspace and Python build versioning
Keep Cargo.toml [workspace.dependencies] self-references aligned when the workspace version changes

Files:

• Cargo.toml

crates/wasm/Cargo.toml

📄 CodeRabbit inference engine (.agents/skills/update-project-version/SKILL.md)

Derive the publishable WebAssembly npm package version from crates/wasm/Cargo.toml through wasm-pack output plus crates/wasm/scripts/prepare_pkg.mjs

Files:

• crates/wasm/Cargo.toml

**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

Use snake_case naming convention for Rust identifiers (e.g., nemo_relay_tool_call)

**/*.rs: Any Rust change must run just test-rust
Any Rust change must run cargo fmt --all
Any Rust change must run cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all for all FFI work since it is Rust work
Run just test-rust to validate FFI changes
Run cargo clippy --workspace --all-targets -- -D warnings to enforce strict linting on FFI work

When Rust files changed as part of Go work, also run cargo fmt --all, just test-rust, and cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all when Rust files are changed as part of Node work
Run cargo clippy --workspace --all-targets -- -D warnings when Rust files are changed as part of Node work
Run just test-rust when Rust files are changed as part of Node work

**/*.rs: Run cargo fmt --all to format all Rust code
Run cargo clippy --workspace --all-targets -- -D warnings to enforce all clippy lints as errors

**/*.rs: Run cargo fmt --all when Rust files changed as part of WebAssembly work
Run cargo clippy --workspace --all-targets -- -D warnings when Rust files changed as part of WebAssembly work

**/*.rs: If any Rust code changed, always run just test-rust
If any Rust code changed, also run cargo fmt --all
If any Rust code changed, also run cargo clippy --workspace --all-targets -- -D warnings
Run Rust formatting with cargo fmt --all
Run Rust linting with cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Use cargo fmt for Rust code formatting
Run cargo clippy -- -D warnings to lint Rust code and treat all warnings as errors
Use Rust snake_case naming convention for Rust identifiers
Include SPDX license header in all Rust source files using double-slash comment syntax
Validate Rust code with uv run pre-commit run --all-files to enforce cargo fmt formatting check, cargo clippy lints, and cargo deny aud...

Files:

• crates/cli/src/plugins.rs
• crates/cli/src/server.rs
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{h,hpp,c,cpp,rs}

📄 CodeRabbit inference engine (.agents/skills/maintain-packaging/SKILL.md)

Ensure FFI header and library naming follows consistent conventions across platform-specific builds

Files:

• crates/cli/src/plugins.rs
• crates/cli/src/server.rs
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{rs,py,go,js,ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Follow binding naming conventions: Rust and Python use snake_case, C FFI exports prefixed nemo_relay_, Go uses PascalCase for public APIs, Node.js uses camelCase.

Files:

• crates/cli/src/plugins.rs
• crates/cli/src/server.rs
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

crates/**/*.rs

📄 CodeRabbit inference engine (AGENTS.md)

crates/**/*.rs: Keep async behavior on the existing tokio-based model. Bindings should preserve callback and future lifetimes rather than blocking or hiding async work unexpectedly.
Use Json = serde_json::Value in Rust-facing runtime APIs for JSON payload handling.

Files:

• crates/cli/src/plugins.rs
• crates/cli/src/server.rs
• crates/pii-redaction/src/local.rs
• crates/python/src/lib.rs
• crates/cli/src/plugins/config_io.rs
• crates/node/src/api/mod.rs
• crates/cli/src/doctor.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/wasm/src/api/mod.rs
• crates/ffi/src/api/plugin.rs
• crates/pii-redaction/src/lib.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/cli/src/plugins/editor_model.rs
• crates/pii-redaction/src/component.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{md,rst,html,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

**/*.{md,rst,html,txt}: Always spell NVIDIA in all caps. Do not use Nvidia, nvidia, nVidia, nVIDIA, or NV.
Use an NVIDIA before a noun because the name starts with an 'en' sound.
Do not add a registered trademark symbol after NVIDIA when referring to the company.
Use trademark symbols with product names only when the document type or legal guidance requires them.
Verify official capitalization, spacing, and hyphenation for product names.
Precede NVIDIA product names with NVIDIA on first mention when it is natural and accurate.
Do not rewrite product names for grammar or title-case rules.
Preserve third-party product names according to the owner's spelling.
Include the company name and full model qualifier on first use when it helps identify the model.
Preserve the official capitalization and punctuation of model names.
Use shorter family names only after the full name is established.
Spell out a term on first use and put the acronym in parentheses unless the acronym is widely understood by the intended audience.
Use the acronym on later mentions after it has been defined.
For long documents, reintroduce the full term if readers might lose context.
Form plurals of acronyms with s, not an apostrophe, such as GPUs.
In headings, common acronyms can remain abbreviated. Spell out the term in the first or second sentence of the body.
Common terms such as CPU, GPU, PC, API, and UI usually do not need to be spelled out for developer audiences.

Files:

• crates/pii-redaction/README.md
• ATTRIBUTIONS-Rust.md

**/*.{md,rst,html}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

Link the first mention of a product name when the destination helps the reader.

Files:

• crates/pii-redaction/README.md
• ATTRIBUTIONS-Rust.md

**/*.md

📄 CodeRabbit inference engine (.agents/skills/contribute-integration/SKILL.md)

Documentation must be updated if activation or usage changed

**/*.md: Use title case consistently in technical documentation headings
Avoid quotation marks, ampersands, and exclamation marks in headings
Keep product, event, research, and whitepaper names in their official title case
Use title case for table headers
Do not force social-media sentence case into technical docs
Format code elements, commands, parameters, package names, and expressions in monospace
Format directories, file names, and paths in monospace using backticks
Use angle brackets inside monospace for variables inside paths, such as /home/<username>/.login
Format error messages and strings in quotation marks, keeping literal code strings in code formatting when clearer
Format UI buttons, menus, fields, and labels in bold
Use angle brackets between UI labels for menu paths, such as File > Save As
Use italics for new terms on first use, sparingly and only when introducing the term
Use italics for publication titles
Format keyboard shortcuts in plain text, such as Press Ctrl+Alt+Delete
Use owner/repo link text for GitHub repositories, preferring [NVIDIA/NeMo](link) over prose references like 'the GitHub repo'
Introduce every code block with a complete sentence
Do not make a code block complete the grammar of the previous sentence
Do not continue a sentence after a code block
Use syntax highlighting when the format supports it for code blocks
Avoid the word 'snippet' unless the surrounding docs already use it as a term of art
Keep inline method, function, and class references consistent with nearby docs, omitting empty parentheses for prose readability when no call is shown
Use descriptive anchor text that matches the destination title when possible for links
Avoid raw URLs in running text
Avoid generic anchor text such as 'here,' 'this page,' and 'read more'
Include acronyms in link text when a linked term includes an acronym
Do not link long sentences or multiple sentences
Avoid links ...

Files:

• crates/pii-redaction/README.md
• ATTRIBUTIONS-Rust.md

**/{docs,examples,**/*.md,*.patch,*.diff,.github,*.sh,*.yaml,*.yml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update documentation, examples, CI configuration, and patch artifacts when performing rename operations

Files:

• crates/pii-redaction/README.md
• docs/index.yml
• ATTRIBUTIONS-Rust.md

**/*.{md,rst,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

Spell NVIDIA in all caps. Do not use Nvidia, nvidia, or NV.

Files:

• crates/pii-redaction/README.md
• ATTRIBUTIONS-Rust.md

**/*.{md,rst}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

**/*.{md,rst}: Format commands, code elements, expressions, package names, file names, and paths as inline code.
Use descriptive link text. Avoid raw URLs and weak anchors such as "here" or "read more."
Use title case consistently for technical documentation headings.
Introduce code blocks, lists, tables, and images with complete sentences.
Write procedures as imperative steps. Keep steps parallel and split long procedures into smaller tasks.
Prefer active voice, present tense, short sentences, contractions, and plain English.
Use can for possibility and reserve may for permission.
Use after for temporal relationships instead of once.
Prefer refer to over see when the wording points readers to another resource.
Avoid culture-specific idioms, unnecessary Latinisms, jokes, and marketing exaggeration in technical docs.
Spell out months in body text, avoid ordinal dates, and use clear time zones.
Spell out whole numbers from zero through nine unless they are technical values, parameters, versions, or UI values.
Use numerals for 10 or greater and include commas in thousands.
Do not add trademark symbols to learning-oriented docs unless the source, platform, or legal guidance explicitly requires them.

Files:

• crates/pii-redaction/README.md
• ATTRIBUTIONS-Rust.md

{docs/**,README.md,CONTRIBUTING.md,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Run docs link validation with just docs-linkcheck when links change

Files:

• crates/pii-redaction/README.md
• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• ATTRIBUTIONS-Rust.md
• docs/pii-redaction-plugin/configuration.mdx

**/*.{html,md,mdx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license header in HTML and Markdown files using HTML comment syntax

Files:

• crates/pii-redaction/README.md
• docs/pii-redaction-plugin/about.mdx
• ATTRIBUTIONS-Rust.md
• docs/pii-redaction-plugin/configuration.mdx

**/README.md

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Update relevant crate or package README when that surface changed

Files:

• crates/pii-redaction/README.md

{docs/**,README.md,CONTRIBUTING.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

{docs/**,README.md,CONTRIBUTING.md}: For docs-only changes, run targeted checks only if commands, package names, or examples changed. Use just docs for docs-site builds and just docs-linkcheck when links changed
Run docs site build with just docs

Files:

• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

{docs/**,README.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Verify README and docs entry points still match current package names and paths for large or public-facing changes

Files:

• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

{docs/**,examples/**,README.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Verify examples still run with documented commands for large or public-facing changes

Files:

• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

docs/**

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Run just docs or ./scripts/build-docs.sh html to regenerate ignored Fern API reference pages before validation for documentation site changes

Files:

• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

{docs/**,README.md,CONTRIBUTING.md,RELEASING.md,SECURITY.md}

⚙️ CodeRabbit configuration file

{docs/**,README.md,CONTRIBUTING.md,RELEASING.md,SECURITY.md}: Review documentation for technical accuracy against the current API, command correctness, and consistency across language bindings.
Flag stale examples, missing SPDX headers where required, and instructions that no longer match CI or pre-commit behavior.

Files:

• docs/index.yml
• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

crates/python/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/test-python-binding/SKILL.md)

If the native Rust bridge changed, add the Rust crate tests for nemo-relay-python

Files:

• crates/python/src/lib.rs

**/*config*.{rs,ts,py,go,js,json,yaml,yml}

📄 CodeRabbit inference engine (.agents/skills/maintain-optimizer/SKILL.md)

Ensure dynamic config shape still matches the documented canonical model

Files:

• crates/cli/src/plugins/config_io.rs

crates/node/src/api/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

Update Node.js binding in crates/node/src/api/mod.rs for language-native bindings

Files:

• crates/node/src/api/mod.rs

crates/node/src/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

Use camelCase naming convention for Node.js identifiers (e.g., toolCall)

Files:

• crates/node/src/api/mod.rs

{crates/adaptive/**/*.rs,**/*test*.{rs,py,go,ts,js},**/*adaptive*test*.{rs,py,go,ts,js},docs/plugins/adaptive/**}

📄 CodeRabbit inference engine (.agents/skills/maintain-optimizer/SKILL.md)

Maintain documented and tested validation and report behavior for adaptive surfaces

Files:

• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/tests/unit/component_tests.rs

{crates/**/tests/**,python/tests/**,go/nemo_relay/**/*_test.go}

⚙️ CodeRabbit configuration file

{crates/**/tests/**,python/tests/**,go/nemo_relay/**/*_test.go}: Tests should cover the behavior promised by the changed API surface, including error paths and cross-request isolation where relevant.
Prefer assertions on lifecycle events, scope stacks, middleware ordering, and binding parity over shallow smoke tests.

Files:

• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/tests/unit/component_tests.rs

**/*.mdx

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

In MDX files, top-of-file comments must use JSX comment delimiters: {/* to open and */} to close. Do not use HTML comments for MDX SPDX headers.

MDX top-of-file SPDX comments must use {/* ... */} delimiters instead of HTML comment delimiters (Must-Fix)

Files:

• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

docs/**/*.{md,mdx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Update embedded documentation snippets, patch docs, and binding-support notes if examples or supported bindings changed

Files:

• docs/pii-redaction-plugin/about.mdx
• docs/pii-redaction-plugin/configuration.mdx

crates/wasm/src/api/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

Update WebAssembly binding in crates/wasm/src/api/mod.rs for language-native bindings

Files:

• crates/wasm/src/api/mod.rs

crates/wasm/src/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

Use camelCase naming convention for WebAssembly identifiers (e.g., toolCall)

Files:

• crates/wasm/src/api/mod.rs

crates/wasm/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/test-wasm-binding/SKILL.md)

Run cargo test -p nemo-relay-wasm when Rust-only WebAssembly helpers changed

Files:

• crates/wasm/src/api/mod.rs

crates/ffi/src/api/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

crates/ffi/src/api/**/*.rs: Add or update FFI wrappers in relevant crates/ffi/src/api/*.rs modules, re-export through crates/ffi/src/api/mod.rs, and ensure generated crates/ffi/nemo_relay.h stays correct
Use nemo_relay_ prefix for C FFI function names (e.g., nemo_relay_tool_call)

Files:

• crates/ffi/src/api/plugin.rs

crates/ffi/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/test-go-binding/SKILL.md)

If the change touched crates/ffi, also use test-ffi-surface for validation

Files:

• crates/ffi/src/api/plugin.rs

🪛 LanguageTool

docs/pii-redaction-plugin/configuration.mdx

[grammar] ~71-~71: Ensure spelling is correct
Context: ... install a local backend provider | ## Builtin Mode Use builtin mode when NeMo Rela...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[grammar] ~158-~158: Ensure spelling is correct
Context: ...etter fit for that specific policy. ## Builtin Settings The builtin section contain...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🪛 markdownlint-cli2 (0.22.1)

ATTRIBUTIONS-Rust.md

[warning] 32416-32416: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 32419-32419: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above

(MD022, blanks-around-headings)

---

[warning] 32419-32419: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

[warning] 32420-32420: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

[warning] 32420-32420: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🪛 OpenGrep (1.22.0)

crates/pii-redaction/tests/unit/component_tests.rs

[ERROR] 1028-1028: Possible credit card number with dashes or spaces detected in source code. Credit card numbers should never be hardcoded or stored in source files. Use a secrets manager or tokenization service instead.

(coderabbit.pii.credit-card-number-dashed)

🔇 Additional comments (22)

docs/index.yml (1)

37-40: LGTM!

docs/pii-redaction-plugin/about.mdx (1)

1-121: LGTM!

crates/cli/src/plugins/editor_model.rs (1)

16-16: LGTM!

Also applies to: 40-40, 49-49, 58-58, 67-67, 76-77, 85-86, 94-95, 103-104, 114-117, 134-137, 147-148, 171-172, 355-359, 409-423, 756-771, 815-829, 987-1012

crates/cli/src/plugins.rs (1)

283-286: LGTM!

crates/cli/src/doctor.rs (1)

22-23: LGTM!

Also applies to: 611-618

crates/node/src/api/mod.rs (1)

53-53: LGTM!

Also applies to: 70-71

crates/cli/src/plugins/config_io.rs (1)

11-11: LGTM!

Also applies to: 123-125

crates/cli/src/server.rs (1)

12-12: LGTM!

Also applies to: 161-163

crates/ffi/src/api/plugin.rs (2)

130-132: Confirm Required Rust And FFI Validation Commands Were Run

Please confirm just test-rust, cargo fmt --all, and cargo clippy --workspace --all-targets -- -D warnings were run for this Rust change, and just test-ffi-surface was run because crates/ffi changed.

As per coding guidelines, "Any Rust change must run just test-rust ... cargo fmt --all ... cargo clippy --workspace --all-targets -- -D warnings" and "If the change touched crates/ffi, also use test-ffi-surface for validation."

Source: Coding guidelines

---

20-20: LGTM!

Also applies to: 130-132, 151-153, 193-195, 272-274

crates/python/src/lib.rs (1)

25-25: LGTM!

Also applies to: 57-61

crates/wasm/src/api/mod.rs (1)

64-64: LGTM!

Also applies to: 2202-2204, 2212-2212, 2858-2858, 2885-2885, 2908-2908

Cargo.toml (1)

8-8: LGTM!

Also applies to: 28-28

crates/cli/Cargo.toml (1)

30-30: LGTM!

crates/ffi/Cargo.toml (1)

22-22: LGTM!

crates/node/Cargo.toml (1)

23-23: LGTM!

crates/python/Cargo.toml (1)

23-23: LGTM!

crates/wasm/Cargo.toml (1)

23-23: LGTM!

crates/pii-redaction/Cargo.toml (1)

1-31: LGTM!

crates/pii-redaction/README.md (1)

1-9: LGTM!

crates/pii-redaction/src/component.rs (1)

66-175: LGTM!

Also applies to: 265-457, 676-703

crates/pii-redaction/src/lib.rs (1)

11-63: LGTM!

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

crates/pii-redaction/src/overlay.rs (1)

117-145: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fail closed when a typed tool-call entry cannot be overlaid.

A "function_call" / "tool_use" item that has the right type but the wrong shape is still kept unchanged here (continue / return true). In output mode with normalized target paths, that leaves raw arguments in the provider payload because the follow-up DFS in builtin.rs does not target these provider-specific locations. Drop the entry (or remove tool_calls entirely for chat) whenever the expected object/function map is missing.

Suggested hardening

 fn overlay_openai_chat_tool_calls(
     message: &mut Map<String, Json>,
     tool_calls: Option<&[ResponseToolCall]>,
 ) {
@@
     for (raw_call, sanitized_call) in raw_calls.iter_mut().zip(tool_calls.iter()) {
         let Some(raw_call) = raw_call.as_object_mut() else {
-            continue;
+            message.remove("tool_calls");
+            return;
         };
         set_optional_string_field(raw_call, "id", Some(sanitized_call.id.as_str()));
         let Some(function) = raw_call.get_mut("function").and_then(Json::as_object_mut) else {
-            continue;
+            message.remove("tool_calls");
+            return;
         };
@@
     items.retain_mut(|item| {
@@
         let Some(raw_call) = item.as_object_mut() else {
-            return true;
+            return false;
         };
@@
     blocks.retain_mut(|block| {
@@
         let Some(raw_call) = block.as_object_mut() else {
-            return true;
+            return false;
         };

Also applies to: 148-180, 182-207

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/cli/tests/coverage/plugins_tests.rs`:
- Line 821: Replace the string literal "pii_redaction" with the exported
constant from nemo_relay_pii_redaction::component (e.g.,
PII_REDACTION_PLUGIN_KIND): add an import for that constant at the top of the
test module and update the occurrences where code builds plugin descriptors (the
places with kind: "pii_redaction") to use PII_REDACTION_PLUGIN_KIND instead to
match other plugin-kind constants like OBSERVABILITY_PLUGIN_KIND and avoid
typos.

In `@crates/pii-redaction/src/detectors.rs`:
- Around line 262-274: The preset IPv6 detector currently rejects compressed
forms like "::" so mask_ipv6 never sees common addresses; update the preset IPv6
regex (the detector's IPv6 matching pattern) to accept compressed IPv6 forms
(e.g., allow :: shorthand and sequences of empty segments) and ensure mask_ipv6
(the function shown) continues to honor mask_char for masked segments, then add
a unit test covering addresses such as "2001:db8::1" and "::1" to prevent
regressions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 109a8dab-df9c-4bb0-8ecf-55423d2441d9

📥 Commits

Reviewing files that changed from the base of the PR and between f7a627d and b98f67f.

📒 Files selected for processing (7)

• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/builtin.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/src/local.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• docs/pii-redaction-plugin/configuration.mdx

📜 Review details

🧰 Additional context used

📓 Path-based instructions (21)

**/*.rs

📄 CodeRabbit inference engine (.agents/skills/add-binding-feature/SKILL.md)

Use snake_case naming convention for Rust identifiers (e.g., nemo_relay_tool_call)

**/*.rs: Any Rust change must run just test-rust
Any Rust change must run cargo fmt --all
Any Rust change must run cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all for all FFI work since it is Rust work
Run just test-rust to validate FFI changes
Run cargo clippy --workspace --all-targets -- -D warnings to enforce strict linting on FFI work

When Rust files changed as part of Go work, also run cargo fmt --all, just test-rust, and cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all when Rust files are changed as part of Node work
Run cargo clippy --workspace --all-targets -- -D warnings when Rust files are changed as part of Node work
Run just test-rust when Rust files are changed as part of Node work

**/*.rs: Run cargo fmt --all to format all Rust code
Run cargo clippy --workspace --all-targets -- -D warnings to enforce all clippy lints as errors

**/*.rs: Run cargo fmt --all when Rust files changed as part of WebAssembly work
Run cargo clippy --workspace --all-targets -- -D warnings when Rust files changed as part of WebAssembly work

**/*.rs: If any Rust code changed, always run just test-rust
If any Rust code changed, also run cargo fmt --all
If any Rust code changed, also run cargo clippy --workspace --all-targets -- -D warnings
Run Rust formatting with cargo fmt --all
Run Rust linting with cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Use cargo fmt for Rust code formatting
Run cargo clippy -- -D warnings to lint Rust code and treat all warnings as errors
Use Rust snake_case naming convention for Rust identifiers
Include SPDX license header in all Rust source files using double-slash comment syntax
Validate Rust code with uv run pre-commit run --all-files to enforce cargo fmt formatting check, cargo clippy lints, and cargo deny aud...

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/{Cargo.toml,**/*.rs}

📄 CodeRabbit inference engine (.agents/skills/maintain-packaging/SKILL.md)

Maintain consistency between Rust package names in Cargo.toml and their actual usage across the codebase

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{h,hpp,c,cpp,rs}

📄 CodeRabbit inference engine (.agents/skills/maintain-packaging/SKILL.md)

Ensure FFI header and library naming follows consistent conventions across platform-specific builds

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{rs,toml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update Rust crate names and module prefixes during coordinated rename operations

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{rs,py,js,ts,tsx,jsx,go,sh,toml,yaml,yml,md}

📄 CodeRabbit inference engine (AGENTS.md)

Keep SPDX headers on source, docs, scripts, and configuration files. The project is Apache-2.0.

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**/*.{rs,py,go,js,ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Follow binding naming conventions: Rust and Python use snake_case, C FFI exports prefixed nemo_relay_, Go uses PascalCase for public APIs, Node.js uses camelCase.

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

crates/**/*.rs

📄 CodeRabbit inference engine (AGENTS.md)

crates/**/*.rs: Keep async behavior on the existing tokio-based model. Bindings should preserve callback and future lifetimes rather than blocking or hiding async work unexpectedly.
Use Json = serde_json::Value in Rust-facing runtime APIs for JSON payload handling.

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

**

⚙️ CodeRabbit configuration file

**:

AGENTS.md

This file provides guidance to agents, including Claude Code and OpenAI Codex, when working in this repository.

Project Overview

NeMo Relay is a multi-language agent runtime framework for execution scopes, lifecycle events, middleware, plugins, and observability around tool and LLM calls. The core runtime is Rust. Primary supported bindings are Rust, Python, and Node.js. Go, WebAssembly, and the raw C FFI are experimental and source-first.

The shared runtime model is:

1. Scope stacks decide where work belongs and which scope-local behavior is visible.
2. Middleware registries decide what guardrails and intercepts run around managed calls.
3. Plugins install reusable runtime behavior from configuration.
4. Events record runtime behavior in ATOF form.
5. Subscribers and exporters consume events in-process or export them to ATIF, OpenTelemetry, OpenInference, or other backends.

Repository Structure

The repository layout separates the Rust runtime, language bindings, documentation,
integration patches, and agent-facing skills.

crates/
  core/       # Rust core runtime crate, published as nemo-relay
  adaptive/   # Adaptive runtime primitives and plugin components
  python/     # PyO3 native extension for the Python package
  ffi/        # Raw C ABI layer used by downstream bindings such as Go
  node/       # NAPI Node.js binding and JavaScript/TypeScript entry points
  wasm/       # wasm-bindgen WebAssembly binding and JS wrappers
python/
  nemo_relay/  # Python wrapper package: scopes, tools, LLM, middleware, typed helpers, plugins, adaptive helpers
  tests/      # Python tests
go/
  nemo_relay/  # Experimental Go CGo binding and tests
fern/         # Fern documentation site
scripts/      # Stable wrappers and helper scripts; build/test/docs entry points live in justfile
third_party/  # P...

Files:

• crates/pii-redaction/src/local.rs
• crates/cli/tests/coverage/plugins_tests.rs
• docs/pii-redaction-plugin/configuration.mdx
• crates/pii-redaction/src/overlay.rs
• crates/pii-redaction/src/detectors.rs
• crates/pii-redaction/tests/unit/component_tests.rs
• crates/pii-redaction/src/builtin.rs

{crates/adaptive/**/*.rs,**/*test*.{rs,py,go,ts,js},**/*adaptive*test*.{rs,py,go,ts,js},docs/plugins/adaptive/**}

📄 CodeRabbit inference engine (.agents/skills/maintain-optimizer/SKILL.md)

Maintain documented and tested validation and report behavior for adaptive surfaces

Files:

• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/tests/unit/component_tests.rs

{crates/**/tests/**,python/tests/**,go/nemo_relay/**/*_test.go}

⚙️ CodeRabbit configuration file

{crates/**/tests/**,python/tests/**,go/nemo_relay/**/*_test.go}: Tests should cover the behavior promised by the changed API surface, including error paths and cross-request isolation where relevant.
Prefer assertions on lifecycle events, scope stacks, middleware ordering, and binding parity over shallow smoke tests.

Files:

• crates/cli/tests/coverage/plugins_tests.rs
• crates/pii-redaction/tests/unit/component_tests.rs

{docs/**,README.md,CONTRIBUTING.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

{docs/**,README.md,CONTRIBUTING.md}: For docs-only changes, run targeted checks only if commands, package names, or examples changed. Use just docs for docs-site builds and just docs-linkcheck when links changed
Run docs site build with just docs

Files:

• docs/pii-redaction-plugin/configuration.mdx

{docs/**,README.md,CONTRIBUTING.md,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Run docs link validation with just docs-linkcheck when links change

Files:

• docs/pii-redaction-plugin/configuration.mdx

{docs/**,README.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Verify README and docs entry points still match current package names and paths for large or public-facing changes

Files:

• docs/pii-redaction-plugin/configuration.mdx

{docs/**,examples/**,README.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Verify examples still run with documented commands for large or public-facing changes

Files:

• docs/pii-redaction-plugin/configuration.mdx

{docs/**,README.md,**/Cargo.toml,**/package.json,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Ensure renamed public surfaces are reflected consistently in manifests and docs for large or public-facing changes

Files:

• docs/pii-redaction-plugin/configuration.mdx

**/*.{md,mdx,py,sh,yaml,yml,toml,json}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep package names, repo references, and build commands current

Files:

• docs/pii-redaction-plugin/configuration.mdx

**/*.mdx

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

In MDX files, top-of-file comments must use JSX comment delimiters: {/* to open and */} to close. Do not use HTML comments for MDX SPDX headers.

MDX top-of-file SPDX comments must use {/* ... */} delimiters instead of HTML comment delimiters (Must-Fix)

Files:

• docs/pii-redaction-plugin/configuration.mdx

**/*.{html,md,mdx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license header in HTML and Markdown files using HTML comment syntax

Files:

• docs/pii-redaction-plugin/configuration.mdx

docs/**/*.{md,mdx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Update embedded documentation snippets, patch docs, and binding-support notes if examples or supported bindings changed

Files:

• docs/pii-redaction-plugin/configuration.mdx

docs/**

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Run just docs or ./scripts/build-docs.sh html to regenerate ignored Fern API reference pages before validation for documentation site changes

Files:

• docs/pii-redaction-plugin/configuration.mdx

{docs/**,README.md,CONTRIBUTING.md,RELEASING.md,SECURITY.md}

⚙️ CodeRabbit configuration file

{docs/**,README.md,CONTRIBUTING.md,RELEASING.md,SECURITY.md}: Review documentation for technical accuracy against the current API, command correctness, and consistency across language bindings.
Flag stale examples, missing SPDX headers where required, and instructions that no longer match CI or pre-commit behavior.

Files:

• docs/pii-redaction-plugin/configuration.mdx

🔇 Additional comments (6)

docs/pii-redaction-plugin/configuration.mdx (1)

1-337: LGTM!

crates/cli/tests/coverage/plugins_tests.rs (1)

817-893: LGTM!

crates/pii-redaction/src/local.rs (1)

10-12: LGTM!

Also applies to: 28-53

crates/pii-redaction/src/builtin.rs (1)

133-178: LGTM!

crates/pii-redaction/src/overlay.rs (1)

332-399: LGTM!

crates/pii-redaction/tests/unit/component_tests.rs (1)

441-487: LGTM!

Also applies to: 1072-1078, 1098-1139

[afourniernv]

/ok to test 30859c1

[github-actions]

Fern docs preview: https://nvidia-preview-pull-request-245.docs.buildwithfern.com/nemo/relay (​https://nvidia-preview-pull-request-245.docs.buildwithfern.com/nemo/relay​)

[afourniernv]

/ok to test 1150255

[coderabbitai]

♻️ Duplicate comments (1)

ATTRIBUTIONS-Rust.md (1)

32420-32420: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add fenced code block language and surrounding blank lines

Line 32420 opens a fence as plain ; this still violates MD040 and likely MD031 in this section. Use ` text ` and ensure one blank line before and after the fenced block.

As per coding guidelines, "Use syntax highlighting when the format supports it for code blocks" and "Introduce code blocks, lists, tables, and images with complete sentences."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ATTRIBUTIONS-Rust.md` at line 32420, The fenced code block opened with just
``` should be changed to include a language specifier and surrounding blank
lines to satisfy MD040/MD031: replace the bare fence marker "```" with "```text"
and ensure there is one blank line immediately before the opening fence and one
blank line immediately after the closing fence so the block is introduced by a
complete sentence and uses syntax highlighting.

Sources: Coding guidelines, Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@ATTRIBUTIONS-Rust.md`:
- Line 32420: The fenced code block opened with just ``` should be changed to
include a language specifier and surrounding blank lines to satisfy MD040/MD031:
replace the bare fence marker "```" with "```text" and ensure there is one blank
line immediately before the opening fence and one blank line immediately after
the closing fence so the block is introduced by a complete sentence and uses
syntax highlighting.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: a1398475-548b-4a03-8af2-8e267005d516

📥 Commits

Reviewing files that changed from the base of the PR and between 30859c1 and 1150255.

📒 Files selected for processing (1)

• ATTRIBUTIONS-Rust.md

📜 Review details

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{md,rst,html,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

**/*.{md,rst,html,txt}: Always spell NVIDIA in all caps. Do not use Nvidia, nvidia, nVidia, nVIDIA, or NV.
Use an NVIDIA before a noun because the name starts with an 'en' sound.
Do not add a registered trademark symbol after NVIDIA when referring to the company.
Use trademark symbols with product names only when the document type or legal guidance requires them.
Verify official capitalization, spacing, and hyphenation for product names.
Precede NVIDIA product names with NVIDIA on first mention when it is natural and accurate.
Do not rewrite product names for grammar or title-case rules.
Preserve third-party product names according to the owner's spelling.
Include the company name and full model qualifier on first use when it helps identify the model.
Preserve the official capitalization and punctuation of model names.
Use shorter family names only after the full name is established.
Spell out a term on first use and put the acronym in parentheses unless the acronym is widely understood by the intended audience.
Use the acronym on later mentions after it has been defined.
For long documents, reintroduce the full term if readers might lose context.
Form plurals of acronyms with s, not an apostrophe, such as GPUs.
In headings, common acronyms can remain abbreviated. Spell out the term in the first or second sentence of the body.
Common terms such as CPU, GPU, PC, API, and UI usually do not need to be spelled out for developer audiences.

Files:

• ATTRIBUTIONS-Rust.md

**/*.{md,rst,html}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

Link the first mention of a product name when the destination helps the reader.

Files:

• ATTRIBUTIONS-Rust.md

**/*.md

📄 CodeRabbit inference engine (.agents/skills/contribute-integration/SKILL.md)

Documentation must be updated if activation or usage changed

**/*.md: Use title case consistently in technical documentation headings
Avoid quotation marks, ampersands, and exclamation marks in headings
Keep product, event, research, and whitepaper names in their official title case
Use title case for table headers
Do not force social-media sentence case into technical docs
Format code elements, commands, parameters, package names, and expressions in monospace
Format directories, file names, and paths in monospace using backticks
Use angle brackets inside monospace for variables inside paths, such as /home/<username>/.login
Format error messages and strings in quotation marks, keeping literal code strings in code formatting when clearer
Format UI buttons, menus, fields, and labels in bold
Use angle brackets between UI labels for menu paths, such as File > Save As
Use italics for new terms on first use, sparingly and only when introducing the term
Use italics for publication titles
Format keyboard shortcuts in plain text, such as Press Ctrl+Alt+Delete
Use owner/repo link text for GitHub repositories, preferring [NVIDIA/NeMo](link) over prose references like 'the GitHub repo'
Introduce every code block with a complete sentence
Do not make a code block complete the grammar of the previous sentence
Do not continue a sentence after a code block
Use syntax highlighting when the format supports it for code blocks
Avoid the word 'snippet' unless the surrounding docs already use it as a term of art
Keep inline method, function, and class references consistent with nearby docs, omitting empty parentheses for prose readability when no call is shown
Use descriptive anchor text that matches the destination title when possible for links
Avoid raw URLs in running text
Avoid generic anchor text such as 'here,' 'this page,' and 'read more'
Include acronyms in link text when a linked term includes an acronym
Do not link long sentences or multiple sentences
Avoid links ...

Files:

• ATTRIBUTIONS-Rust.md

**/{docs,examples,**/*.md,*.patch,*.diff,.github,*.sh,*.yaml,*.yml}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update documentation, examples, CI configuration, and patch artifacts when performing rename operations

Files:

• ATTRIBUTIONS-Rust.md

**/*.{md,rst,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

Spell NVIDIA in all caps. Do not use Nvidia, nvidia, or NV.

Files:

• ATTRIBUTIONS-Rust.md

**/*.{md,rst}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

**/*.{md,rst}: Format commands, code elements, expressions, package names, file names, and paths as inline code.
Use descriptive link text. Avoid raw URLs and weak anchors such as "here" or "read more."
Use title case consistently for technical documentation headings.
Introduce code blocks, lists, tables, and images with complete sentences.
Write procedures as imperative steps. Keep steps parallel and split long procedures into smaller tasks.
Prefer active voice, present tense, short sentences, contractions, and plain English.
Use can for possibility and reserve may for permission.
Use after for temporal relationships instead of once.
Prefer refer to over see when the wording points readers to another resource.
Avoid culture-specific idioms, unnecessary Latinisms, jokes, and marketing exaggeration in technical docs.
Spell out months in body text, avoid ordinal dates, and use clear time zones.
Spell out whole numbers from zero through nine unless they are technical values, parameters, versions, or UI values.
Use numerals for 10 or greater and include commas in thousands.
Do not add trademark symbols to learning-oriented docs unless the source, platform, or legal guidance explicitly requires them.

Files:

• ATTRIBUTIONS-Rust.md

{docs/**,README.md,CONTRIBUTING.md,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Run docs link validation with just docs-linkcheck when links change

Files:

• ATTRIBUTIONS-Rust.md

{docs/**,README.md,**/Cargo.toml,**/package.json,**/*.md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Ensure renamed public surfaces are reflected consistently in manifests and docs for large or public-facing changes

Files:

• ATTRIBUTIONS-Rust.md

**/*.{md,mdx,py,sh,yaml,yml,toml,json}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep package names, repo references, and build commands current

Files:

• ATTRIBUTIONS-Rust.md

**/*.{html,md,mdx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license header in HTML and Markdown files using HTML comment syntax

Files:

• ATTRIBUTIONS-Rust.md

**/*.{rs,py,js,ts,tsx,jsx,go,sh,toml,yaml,yml,md}

📄 CodeRabbit inference engine (AGENTS.md)

Keep SPDX headers on source, docs, scripts, and configuration files. The project is Apache-2.0.

Files:

• ATTRIBUTIONS-Rust.md

**

⚙️ CodeRabbit configuration file

**:

AGENTS.md

This file provides guidance to agents, including Claude Code and OpenAI Codex, when working in this repository.

Project Overview

NeMo Relay is a multi-language agent runtime framework for execution scopes, lifecycle events, middleware, plugins, and observability around tool and LLM calls. The core runtime is Rust. Primary supported bindings are Rust, Python, and Node.js. Go, WebAssembly, and the raw C FFI are experimental and source-first.

The shared runtime model is:

1. Scope stacks decide where work belongs and which scope-local behavior is visible.
2. Middleware registries decide what guardrails and intercepts run around managed calls.
3. Plugins install reusable runtime behavior from configuration.
4. Events record runtime behavior in ATOF form.
5. Subscribers and exporters consume events in-process or export them to ATIF, OpenTelemetry, OpenInference, or other backends.

Repository Structure

The repository layout separates the Rust runtime, language bindings, documentation,
integration patches, and agent-facing skills.

crates/
  core/       # Rust core runtime crate, published as nemo-relay
  adaptive/   # Adaptive runtime primitives and plugin components
  python/     # PyO3 native extension for the Python package
  ffi/        # Raw C ABI layer used by downstream bindings such as Go
  node/       # NAPI Node.js binding and JavaScript/TypeScript entry points
  wasm/       # wasm-bindgen WebAssembly binding and JS wrappers
python/
  nemo_relay/  # Python wrapper package: scopes, tools, LLM, middleware, typed helpers, plugins, adaptive helpers
  tests/      # Python tests
go/
  nemo_relay/  # Experimental Go CGo binding and tests
fern/         # Fern documentation site
scripts/      # Stable wrappers and helper scripts; build/test/docs entry points live in justfile
third_party/  # P...

Files:

• ATTRIBUTIONS-Rust.md

🪛 markdownlint-cli2 (0.22.1)

ATTRIBUTIONS-Rust.md

[warning] 32420-32420: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

[warning] 32420-32420: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

[afourniernv]

/ok to test 1945979

[afourniernv]

/ok to test 32de1b6

[mnajafian-nv]

LGTM

[afourniernv]

/ok to test f3c804c

[afourniernv]

/ok to test 12e3fff

[afourniernv]

/ok to test c0b00d8

[afourniernv]

merge

[afourniernv]

/merge