build: migrate task runner to mise#481
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
binaryaaron
force-pushed
the
binaryaaron/mise-tasks
branch
from
9110c97 to
c53b505
Compare
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
🧰 Additional context used📓 Path-based instructions (2){pyproject.toml,uv.lock,SECURITY.md,LICENSE,.github/**}📄 CodeRabbit inference engine (CONTRIBUTING.md)
Files:
.github/**⚙️ CodeRabbit configuration file
Files:
🧠 Learnings (1)📓 Common learnings🔇 Additional comments (1)
WalkthroughReplaces Makefile-driven build/test/publish workflows with a mise-based task system: adds .mise config and many .mise/tasks (setup, quality, tests, containers, docs, publish), new shell helpers, updates CI/workflows and Dockerfiles to call mise, simplifies Makefile to a shim, and updates docs and templates. ChangesMise migration (single cohesive cohort)
🎯 4 (Complex) | ⏱️ ~60 minutes Suggested labels: Suggested reviewers:
✨ Finishing Touches🧪 Generate unit tests (beta)
|
coderabbitai
Bot
added
chore
Greptile SummaryThis PR migrates the project's task runner from Make to mise, moving all developer workflows (formatting, testing, container builds, publishing) into domain-scoped
Confidence Score: 5/5Safe to merge; all CI paths correctly bootstrap mise before using it, and the Makefile shim layer preserves backward compatibility. The migration is mechanical and well-structured: every Make target has a corresponding mise task, the Makefile forwards with deprecation notices, and the previously flagged PATH bootstrapping issue in No files require special attention. Important Files Changed
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| # Installers default to ~/.local/bin; same-shell callers (e.g. container RUN | ||
| # steps) may not have updated PATH yet when this script returns. | ||
| export PATH="${HOME}/.local/bin:${PATH}" |
There was a problem hiding this comment.
export PATH here runs inside the subshell spawned by bash tools/install-mise.sh and has no effect on the calling process. The comment "same-shell callers (e.g. container RUN steps)" is misleading: bash script.sh always creates a subprocess regardless of the context. For container RUN layers the Dockerfiles already set ENV PATH to include the relevant directories before this script runs, so this export is a no-op there too. Consider removing or correcting the comment to avoid future confusion.
| # Installers default to ~/.local/bin; same-shell callers (e.g. container RUN | |
| # steps) may not have updated PATH yet when this script returns. | |
| export PATH="${HOME}/.local/bin:${PATH}" | |
| # Note: this script runs as a subprocess; callers must update their own PATH | |
| # if they need mise immediately after this script returns (e.g. via | |
| # `export PATH="$HOME/.local/bin:$PATH"`). | |
| export PATH="${HOME}/.local/bin:${PATH}" |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 15
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 75ca639b-2ca3-4ab3-8ead-6adf734c40ce
📒 Files selected for processing (69)
.agents/skills/github-cli/SKILL.md.agents/skills/github-cli/references/workflows.md.agents/skills/uv-build/SKILL.md.claude/commands/bootstrap.md.claude/commands/build-docs.md.claude/commands/build-wheel.md.claude/commands/format.md.claude/commands/gpu-test.md.claude/commands/lint.md.claude/commands/start-docs-server.md.claude/commands/test-ci-container.md.claude/commands/test-slow.md.claude/commands/unit-test.md.codecov.yml.cursor/agents/verifier.md.cursor/rules/repo-navigation.mdc.cursor/rules/writing-docs.mdc.github/PULL_REQUEST_TEMPLATE.md.github/actions/setup-gpu-test-env/action.yml.github/actions/setup-python-env/action.yml.github/workflows/README.md.github/workflows/ci-checks.yml.github/workflows/dependabot-sync-lock.yml.github/workflows/docs.yml.github/workflows/gpu-tests.yml.github/workflows/release.yml.gitignore.mise.toml.mise/tasks/_lib.sh.mise/tasks/bootstrap-nss.mise/tasks/build-wheel.mise/tasks/clean-python.mise/tasks/container/build/gpu.mise/tasks/container/build/gpu-dev.mise/tasks/container/build/gpu-multiarch.mise/tasks/container/build/test.mise/tasks/container/build/test-setup.mise/tasks/container/run/gpu.mise/tasks/container/run/gpu-dev.mise/tasks/docs.toml.mise/tasks/publish.toml.mise/tasks/publish/internal.mise/tasks/publish/pypi.mise/tasks/quality.toml.mise/tasks/setup.toml.mise/tasks/test/ci-container.mise/tasks/test/tool-install.mise/tasks/tests.toml.mise/tasks/venv.mise/tasks/verify-python-versionAGENTS.mdCONTRIBUTING.mdMakefileREADME.mdSTYLE_GUIDE.mdcontainers/Dockerfile.cudacontainers/Dockerfile.test_cicontainers/README.mddocs/developer-guide/docker.mddocs/user-guide/docker.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdpytest.iniscript/slurm/README.mdtests/TESTING.mdtests/smoke/README.mdtools/codestyle/format.shtools/codestyle/ruff_check.shtools/install-mise.sh
📜 Review details
🧰 Additional context used
📓 Path-based instructions (35)
.claude/commands/**
📄 CodeRabbit inference engine (.cursor/rules/claude-commands.mdc)
Pre-defined command files live in
.claude/commands/. When a user asks about a development task, read the corresponding file for instructions. Available commands include: unit-test (run unit tests), test-slow (all tests including slow), test-ci-container (CI tests in a container), gpu-test (GPU integration and e2e tests), format (format code with ruff + copyright), lint (lint and typecheck), bootstrap (bootstrap dev environment), build-wheel (build Python wheel), build-docs (build documentation site), start-docs-server (local docs dev server).
Files:
.claude/commands/start-docs-server.md.claude/commands/test-slow.md.claude/commands/format.md.claude/commands/test-ci-container.md.claude/commands/gpu-test.md.claude/commands/lint.md.claude/commands/unit-test.md.claude/commands/build-wheel.md.claude/commands/build-docs.md.claude/commands/bootstrap.md
**/*.sh
📄 CodeRabbit inference engine (AGENTS.md)
Shell scripting: never use
~inside double-quoted strings -- it does not expand. Use$HOMEor an absolute path insteadUse
#!/usr/bin/env bashshebang for shell scripts (not#!/bin/bash)Use minimum
set -eufor safety in shell scripts; useset -euo pipefailunlesspipefailbreaks piped-grep patternsUse snake_case for shell script functions; use
_prefix for internal helper functionsAlways quote variables in shell scripts (
"$VAR","${VAR}"); use defaults via${VAR:-default}in shell scriptsUse
readonlyfor variables that should not change after assignment in shell scriptsUse
REPO_ROOT=${REPO_ROOT:-$(git rev-parse --show-toplevel)}for repo root detection in shell scriptsUse
shellcheckto lint shell scripts; add# shellcheck disable=SCXXXXwith brief reason when disabling checks
Files:
tools/codestyle/format.shtools/codestyle/ruff_check.shtools/install-mise.sh
⚙️ CodeRabbit configuration file
Review shell scripts for #!/usr/bin/env bash, set -euo pipefail where appropriate, quoting, repo root detection, and shellcheck compliance.
Files:
tools/codestyle/format.shtools/codestyle/ruff_check.shtools/install-mise.sh
**/*.{py,sh,yaml,yml,md}
📄 CodeRabbit inference engine (CONTRIBUTING.md)
All source files (.py, .sh, .yaml, .yml, .md) require SPDX copyright headers
Files:
tools/codestyle/format.shscript/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtools/codestyle/ruff_check.shtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdtools/install-mise.shREADME.mdCONTRIBUTING.md
**/*.{py,sh,md,yaml,yml}
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Run
mise run formatbefore committing to auto-fix formatting, linting, import sorting, and add copyright headers
Files:
tools/codestyle/format.shscript/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtools/codestyle/ruff_check.shtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdtools/install-mise.shREADME.mdCONTRIBUTING.md
**/*.{py,md,sh,yaml,yml,toml}
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use American English spelling: 'initialize' not 'initialise', 'recognize' not 'recognise', 'color' not 'colour'
Files:
tools/codestyle/format.shscript/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtools/codestyle/ruff_check.shtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdtools/install-mise.shREADME.mdCONTRIBUTING.md
**/*.{py,sh,yaml,yml,md,toml}
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Include SPDX copyright header and license in every source file
Files:
tools/codestyle/format.shscript/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtools/codestyle/ruff_check.shtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdtools/install-mise.shREADME.mdCONTRIBUTING.md
**/*.{py,sh,yaml,yml}
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use hash-comment format for SPDX headers in
.py,.sh,.yaml,.ymlfiles
Files:
tools/codestyle/format.shtools/codestyle/ruff_check.shtools/install-mise.sh
**/*
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Include newline at end of file with no trailing whitespace
Files:
tools/codestyle/format.shpytest.iniscript/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtools/codestyle/ruff_check.shtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mdcontainers/Dockerfile.test_cidocs/developer-guide/docker.mdtools/install-mise.shcontainers/Dockerfile.cudaREADME.mdCONTRIBUTING.mdMakefile
⚙️ CodeRabbit configuration file
**/*: Review as a senior maintainer for NeMo Safe Synthesizer. Prioritize issues that can change behavior, break user workflows, weaken privacy guarantees, hide failures, make tests unreliable, or create maintenance risk. Avoid generic style commentary unless it points to a concrete project convention that automated tools will not catch.
Comment only when the finding is actionable and tied to changed code. For each finding, state the impact, the condition that triggers it, and the smallest practical fix. Prefer one precise comment over broad advice. Do not ask for refactors outside the PR scope unless the changed code creates the problem.
Review type guidance: - Potential issue: use for correctness bugs, data loss, privacy leaks,
security risks, broken public APIs, invalid config behavior, missing
validation, hidden failures, nondeterministic tests, or CI breakage.
- Refactor suggestion: use for local maintainability problems introduced
by the diff when they have clear future cost, such as duplicated setup,
unclear boundaries, over-mocking, avoidable complexity, or opaque test
helpers.- Nitpick: avoid in chill mode. Do not emit formatting, import-order,
wording, or style-only comments unless automated tools cannot catch the
issue and it affects maintainability.Severity guidance: - Critical: security/privacy leaks, data loss, training/test/holdout
contamination, or broken release/package/core pipeline execution.
- Major: incorrect generation/training/evaluation behavior, broken
CLI/SDK public API, invalid config defaults or validators, or GPU/vLLM
cleanup and process-isolation bugs likely to fail CI or production
runs.- Minor: localized bugs, missing focused tests for changed behavior, or
bad test patterns that weaken regression coverage.- Trivial: small cleanup with no behavior impact. Usually suppress in
chill mode.- Info: context only. Avoid unless it helps reviewers understand risk.
Safe-Synthesizer-specific review focus: - Data ...
Files:
tools/codestyle/format.shpytest.iniscript/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtools/codestyle/ruff_check.shtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mdcontainers/Dockerfile.test_cidocs/developer-guide/docker.mdtools/install-mise.shcontainers/Dockerfile.cudaREADME.mdCONTRIBUTING.mdMakefile
tools/**
⚙️ CodeRabbit configuration file
Review tools as developer and CI infrastructure. Check that scripts use uv or Makefile wrappers instead of ad hoc python/pip commands, preserve read-only behavior for check targets, fail with clear messages, avoid hidden network or filesystem side effects, and stay consistent with STYLE_GUIDE.md and CONTRIBUTING.md. Tooling may use print() when it is a standalone script or intentional CLI output.
Files:
tools/codestyle/format.shtools/codestyle/ruff_check.shtools/install-mise.sh
tools/codestyle/**
⚙️ CodeRabbit configuration file
Treat codestyle wrappers as CI-critical. Check consistency with Makefile targets, ruff.toml, ty configuration, copyright handling, staged-file behavior, read-only check modes, and whether fixes mutate only expected files.
Files:
tools/codestyle/format.shtools/codestyle/ruff_check.sh
.mise/tasks/**/*
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Keep mise tasks under
.mise/tasks/:*.tomlfor declarative tasks and task graphs; executable scripts for bash-heavy tasksUse
#MISE description=...on public file tasks anddescriptionon public TOML tasks somise tasksis usefulUse
#USAGEcomments in file tasks, orusagein TOML tasks, for arguments that need validation or help text
Files:
.mise/tasks/build-wheel.mise/tasks/container/build/gpu.mise/tasks/publish.toml.mise/tasks/verify-python-version.mise/tasks/venv.mise/tasks/container/build/test-setup.mise/tasks/container/build/gpu-multiarch.mise/tasks/container/build/test.mise/tasks/publish/internal.mise/tasks/quality.toml.mise/tasks/test/ci-container.mise/tasks/docs.toml.mise/tasks/container/build/gpu-dev.mise/tasks/publish/pypi.mise/tasks/container/run/gpu.mise/tasks/setup.toml.mise/tasks/container/run/gpu-dev.mise/tasks/clean-python.mise/tasks/test/tool-install.mise/tasks/bootstrap-nss.mise/tasks/_lib.sh.mise/tasks/tests.toml
pytest.ini
📄 CodeRabbit inference engine (.cursor/rules/repo-navigation.mdc)
Test markers should be defined in
pytest.iniwith markers:unit,slow,smoke,e2e,requires_gpu,noautouse
Files:
pytest.ini
⚙️ CodeRabbit configuration file
Review pytest configuration against tests/TESTING.md. Check marker definitions, strict marker/config settings, test discovery, xdist defaults, timeouts, and warning filters.
Files:
pytest.ini
{pytest.ini,**/test_*.py,**/*_test.py}
📄 CodeRabbit inference engine (AGENTS.md)
Testing:
asyncio_mode = autoinpytest.ini-- async tests work without@pytest.mark.asyncio. Theunit_testmarker is deprecated; useunit
Files:
pytest.ini
.github/**
⚙️ CodeRabbit configuration file
Review GitHub configuration for branch protection expectations, CODEOWNERS alignment, least privilege permissions, pinned actions where practical, and consistency with CONTRIBUTING.md.
Files:
.github/actions/setup-gpu-test-env/action.yml.github/actions/setup-python-env/action.yml.github/PULL_REQUEST_TEMPLATE.md.github/workflows/gpu-tests.yml.github/workflows/dependabot-sync-lock.yml.github/workflows/docs.yml.github/workflows/release.yml.github/workflows/ci-checks.yml.github/workflows/README.md
**/*.{md,markdown,py}
📄 CodeRabbit inference engine (.cursor/rules/agent-markdown-style.mdc)
**/*.{md,markdown,py}: Avoid decorative bold (**text**) in list items, body text, and docstrings; use structural cues (headers, list markers, colons, backticks) for emphasis instead
Use backticks for code identifiers, paths, and CLI commands in markdown and docstrings
Files:
script/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdREADME.mdCONTRIBUTING.md
**/*.{md,markdown}
📄 CodeRabbit inference engine (.cursor/rules/agent-markdown-style.mdc)
**/*.{md,markdown}: Bold is acceptable only in markdown tables where it's the conventional way to mark header-like cells in the body
Use##headers to segment markdown sections instead of bold text
Use--(em-dash) instead of-(hyphen) for asides in markdown
Files:
script/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdREADME.mdCONTRIBUTING.md
**/*.md
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Documentation pages should follow the Diataxis framework and be organized under appropriate
docs/subdirectories: getting-started/ (tutorials), user-guide/ (how-tos & reference), architecture/ (explanations), reference/ (API reference), dev-notes/ (release notes, design posts)No decorative
**bold**in body text, list items, or docstrings in MarkdownUse
--(em-dash) for asides, not-(hyphen) in MarkdownUse single backticks for code identifiers, paths, and CLI commands in Markdown
Use Mermaid diagrams with no spaces in node IDs, quote labels with special characters, no explicit colors or styles
Use HTML-comment format for SPDX headers in
.mdfilesUse hash-comment headers inside the frontmatter block for
.mdfiles that start with YAML frontmatter
Files:
script/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdREADME.mdCONTRIBUTING.md
**/*.{py,md}
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use consistent dataset names: 'input', 'training', 'test', 'synthetic' in code, docs, configs, logs, and tests
Files:
script/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdREADME.mdCONTRIBUTING.md
**/*.{md,py}
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use single space between sentences, never two in text files
Files:
script/slurm/README.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdAGENTS.mdtests/smoke/README.mddocs/user-guide/docker.mdtests/TESTING.mdSTYLE_GUIDE.mdcontainers/README.mddocs/developer-guide/docker.mdREADME.mdCONTRIBUTING.md
script/**
⚙️ CodeRabbit configuration file
Review standalone scripts for reproducibility and operational safety. Check argument validation, quoting, repo-root detection, environment variables, generated artifacts, external commands, GPU/cluster assumptions, and whether the script should be wired through Makefile or documented in README/docs.
Files:
script/slurm/README.md
docs/**/*.md
📄 CodeRabbit inference engine (.cursor/rules/writing-docs.mdc)
Identify content type using Diataxis Framework before writing (TUTORIAL for step-by-step lessons, HOW-TO for problem-solving, EXPLANATION for understanding concepts, REFERENCE for technical specs). Each page should fit ONE type with cross-links between types.
Use MkDocs Material admonition syntax (!!! note, !!! warning, ??? for collapsible) for emphasis and callouts in documentation
Use MkDocs Material tabs syntax (=== "Label") to present multiple options or variants (e.g., Python SDK vs CLI examples)
Use code blocks with MkDocs Material syntax: include title attribute, use hl_lines for highlighting, specify language (python, javascript, etc.)
Use Mermaid diagram syntax (```mermaid flowchart, graph, etc.) for visual representations in documentation
Ensure high signal-to-noise ratio - every sentence must earn its place in documentation
Use progressive disclosure in documentation - start simple and layer complexity gradually
Show, don't tell - provide working code examples in documentation
Test documentation examples - ensure code snippets actually work before publishing
Always list prerequisites at the top of documentation pages before main content
End documentation pages with next steps - include links to related content
Use 'holdout' to refer to the action of withholding data and 'test' for the resulting dataset; use 'holdout test set' when both concepts appear together in documentation
Classify documentation pages as tutorial, how-to, explanation, or reference per the Diataxis framework
Use MkDocs Material syntax for documentation: admonitions (
!!! note), tabs (===), code blocks with titles and highlights
Files:
docs/user-guide/environment.mddocs/user-guide/getting-started.mddocs/user-guide/docker.mddocs/developer-guide/docker.md
docs/**
📄 CodeRabbit inference engine (.cursor/rules/writing-docs.mdc)
Organize documentation structure with index.md at root, and subdirectories: getting-started/ for tutorials, user-guide/ for how-tos and reference, developer-guide/ for explanations, product-overview/ for features, tutorials/, and dev-notes/
Files:
docs/user-guide/environment.mddocs/user-guide/getting-started.mddocs/user-guide/docker.mddocs/developer-guide/docker.md
⚙️ CodeRabbit configuration file
Review documentation as MkDocs Material content. Check Diataxis fit, accurate commands, internal links, code fences, and markdown style from STYLE_GUIDE.md.
Files:
docs/user-guide/environment.mddocs/user-guide/getting-started.mddocs/user-guide/docker.mddocs/developer-guide/docker.md
.github/PULL_REQUEST_TEMPLATE.md
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Use the PR template in .github/PULL_REQUEST_TEMPLATE.md when opening pull requests
Files:
.github/PULL_REQUEST_TEMPLATE.md
AGENTS.md
📄 CodeRabbit inference engine (.cursor/rules/repo-navigation.mdc)
Agent guide with module map and conventions should be documented in
AGENTS.md
Files:
AGENTS.md
.mise.toml
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Declare and lock all development tool versions in .mise.toml and mise.lock to ensure reproducible toolchains across developer systems and CI
Files:
.mise.toml
⚙️ CodeRabbit configuration file
Treat .mise.toml as toolchain supply-chain configuration. Check pinned tool choices, install cadence, platform coverage, environment settings, and whether changes require regenerating mise.lock.
Files:
.mise.toml
.agents/skills/**/*
📄 CodeRabbit inference engine (.cursor/rules/repo-navigation.mdc)
Skills should be stored in
.agents/skills/directory with each skill having aSKILL.mdfile and optionalreferences/subdirectory
Files:
.agents/skills/github-cli/SKILL.md.agents/skills/github-cli/references/workflows.md.agents/skills/uv-build/SKILL.md
.github/workflows/*.yml
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use
#with dashes for section dividers in GitHub Actions workflows
Files:
.github/workflows/gpu-tests.yml.github/workflows/dependabot-sync-lock.yml.github/workflows/docs.yml.github/workflows/release.yml.github/workflows/ci-checks.yml
tests/**/*
📄 CodeRabbit inference engine (.cursor/rules/repo-navigation.mdc)
Test files should mirror the
src/directory structure intests/
Files:
tests/smoke/README.mdtests/TESTING.md
tests/
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Never add
__init__.pyfiles undertests/directories
Files:
tests/smoke/README.mdtests/TESTING.md
tests/TESTING.md
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Document test requirements, test matrix, and available test commands in tests/TESTING.md
Files:
tests/TESTING.md
containers/**
⚙️ CodeRabbit configuration file
Review container changes against STYLE_GUIDE.md and containers/README.md. Check cache mounts, uv usage, non-root runtime behavior, CUDA settings, and copy order.
Files:
containers/README.mdcontainers/Dockerfile.test_cicontainers/Dockerfile.cuda
containers/Dockerfile*
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use multi-stage builds for production Dockerfiles
Copy uv from
ghcr.io/astral-sh/uv:<version>in DockerfilesUse
--mount=type=cachefor pip/uv caches and APT (/var/cache/apt,/var/lib/apt/lists) in DockerfilesSet
ENV UV_LINK_MODE=copywhen using cache mounts in DockerfilesUse
--no-install-recommendson allapt-get installinvocations in DockerfilesUse non-root user (
appuser) withNVIDIA_VISIBLE_DEVICES=allfor GPU access in DockerfilesUse
tinior--initfor proper PID 1 signal handling in batch containers in DockerfilesOrder
COPYdirectives for cache efficiency (deps before source) in DockerfilesInclude comments explaining cache invalidation points in Dockerfiles
Files:
containers/Dockerfile.test_cicontainers/Dockerfile.cuda
.mise/tasks/_lib.sh
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Put shared shell helpers in
.mise/tasks/_lib.sh; keep it non-executable so mise does not list it as a task
Files:
.mise/tasks/_lib.sh
README.md
⚙️ CodeRabbit configuration file
Treat README.md as the project overview. Check that setup, usage, and links stay consistent with CONTRIBUTING.md, Makefile, and docs/.
Files:
README.md
Makefile
⚙️ CodeRabbit configuration file
Treat Makefile targets as the validation source of truth. Check that new targets are documented with target-name: ## Description, declared .PHONY where appropriate, and use uv/mise conventions.
Files:
Makefile
🧠 Learnings (1)
📓 Common learnings
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:34:42.831Z
Learning: Repository layout should organize architecture docs, skills, tests, fixtures, and config files in designated locations for easy navigation and discovery
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Use `uv` for everything -- never `pip` or raw `python`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Always use mise tasks or the wrapper scripts in `tools/` instead of running `ruff` or `ty` directly
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Use `uv run` for Python execution
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: The canonical `uv sync` command for a full GPU/dev environment is: `uv sync --frozen --extra cu129 --extra engine --group dev`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Feature branches off `main`. Branch names often include an issue number prefix (e.g., `<author>/123-short-name`)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Do not commit unless the user asks for a commit or PR work. When committing, all commits require DCO sign-off and GPG signing. Always use `git commit --signoff --gpg-sign` (or `-s -S`) -- never write the `Signed-off-by` trailer manually, and never pass `--no-gpg-sign`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Test-suite guidance belongs in `tests/TESTING.md`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: See [STYLE_GUIDE.md](STYLE_GUIDE.md) for detailed code style conventions (Python, markdown, Dockerfiles, shell scripts, testing, config files, docstrings)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: Repo-specific skills live in `.agents/skills/`; see `.agents/README.md` for the catalog
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:04.067Z
Learning: This project loads local developer preferences from AGENTS.local.md. You MUST read this file if it exists and give its instructions top priority
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:22.265Z
Learning: All contributions must be signed off with `Signed-off-by` line (Developer Certificate of Origin) and commits must be cryptographically signed (either SSH or GPG)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:22.265Z
Learning: Branch names must follow the pattern: <author>/<description>, <author>/<issue-id>-<description>, <author>/<type>/<description>, or <author>/<type>/<issue-id>-<description> where author is lowercase GitHub username, type is one of: feature, bugfix, hotfix, release, docs, chore, test
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:22.265Z
Learning: Create an issue first before opening a pull request to discuss the proposed change
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:35:22.265Z
Learning: Reviewers must use CODEOWNERS assignment and mark PRs as 'requires changes' if errors or large refactoring is needed
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:31.075Z
Learning: Be consistent with conventions in surrounding code; local consistency matters more than global rules
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:31.075Z
Learning: Migrate toward established conventions when touching legacy code where practical
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:31.075Z
Learning: Tools enforce what they can (`ruff`, `ty`, `pre-commit`); this guide covers what tools can't enforce
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:31.075Z
Learning: Some rules are aspirational; legacy code is being migrated but new code must follow these conventions
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: Run tests using mise test tasks, grouped by scope: unit tests with `mise run test`, unit tests including slow with `mise run test:unit-slow`, CPU smoke tests with `mise run test:smoke`, GPU smoke tests with `mise run test:smoke:gpu`, e2e tests with `mise run test:e2e`, and CI tests with `mise run test:ci`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: Run a single test with: `uv run --frozen pytest tests/path/test_file.py::test_name -vvs -n0`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: Mirror source code structure with corresponding test directories: `tests/training/`, `tests/generation/`, `tests/evaluation/`, `tests/cli/`, `tests/data_processing/`, `tests/config/`, `tests/e2e/`, `tests/smoke/`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: Run config-dataset combo tests using dedicated mise tasks: `mise run test-nss-{CONFIG}-{DATASET}-ci` with configs (tinyllama_nodp, tinyllama_dp, smollm3_nodp, smollm3_dp, mistral_nodp, mistral_dp) and datasets (clinc_oos, dow_jones_index)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: Read `tests/conftest.py` for auto-marking with `pytest_collection_modifyitems`, `load_test_dataset`/`load_test_dataframe` helpers, and `fixture_mock_processor` pattern
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: Read `pytest.ini` for marker definitions, asyncio configuration, and timeout settings
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-27T22:36:47.939Z
Learning: See `tests/smoke/README.md` for additional smoke-specific gotchas and guidelines
🪛 Betterleaks (1.3.1)
.github/actions/setup-python-env/action.yml
[high] 96-96: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
containers/Dockerfile.test_ci
[high] 22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
containers/Dockerfile.cuda
[high] 103-103: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
Makefile
[high] 7-7: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🪛 checkmake (0.3.2)
Makefile
[warning] 82-82: Required target "all" is missing from the Makefile.
(minphony)
[warning] 82-82: Required target "clean" is missing from the Makefile.
(minphony)
[warning] 82-82: Required target "test" is missing from the Makefile.
(minphony)
🪛 LanguageTool
.github/workflows/README.md
[uncategorized] ~147-~147: The official name of this software platform is spelled with a capital “H”.
Context: ... workflow/action changes. GPU jobs use .github/actions/setup-gpu-test-env for shared ...
(GITHUB)
🪛 markdownlint-cli2 (0.22.1)
.claude/commands/bootstrap.md
[warning] 14-14: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
containers/README.md
[warning] 161-161: Multiple headings with the same content
(MD024, no-duplicate-heading)
[warning] 171-171: Multiple headings with the same content
(MD024, no-duplicate-heading)
🪛 Shellcheck (0.11.0)
.mise/tasks/_lib.sh
[warning] 53-53: output_array appears unused. Verify use (or export if used externally).
(SC2034)
🪛 zizmor (1.25.2)
.github/workflows/gpu-tests.yml
[warning] 67-118: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
.github/workflows/dependabot-sync-lock.yml
[error] 51-51: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
.github/workflows/ci-checks.yml
[warning] 62-87: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
[warning] 89-111: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
🔇 Additional comments (54)
.mise.toml (1)
11-13: LGTM!Also applies to: 34-42
tools/install-mise.sh (1)
47-70: LGTM!Also applies to: 213-215
.mise/tasks/verify-python-version (1)
1-11: LGTM!.mise/tasks/venv (1)
1-13: LGTM!.mise/tasks/bootstrap-nss (1)
1-33: LGTM!.mise/tasks/setup.toml (1)
4-31: LGTM!.mise/tasks/quality.toml (5)
1-3: LGTM!
4-17: LGTM!
19-21: LGTM!
23-28: LGTM!
30-39: LGTM!.mise/tasks/docs.toml (3)
1-3: LGTM!
4-7: LGTM!
14-20: LGTM!Makefile (1)
7-84: LGTM!.agents/skills/github-cli/SKILL.md (1)
134-139: LGTM!.agents/skills/github-cli/references/workflows.md (1)
72-75: LGTM!Also applies to: 199-199
.claude/commands/build-wheel.md (1)
8-8: LGTM!.claude/commands/gpu-test.md (1)
8-12: LGTM!.claude/commands/lint.md (1)
8-10: LGTM!.claude/commands/start-docs-server.md (1)
8-8: LGTM!.claude/commands/test-ci-container.md (1)
8-9: LGTM!.claude/commands/test-slow.md (1)
8-9: LGTM!.claude/commands/unit-test.md (1)
8-8: LGTM!.github/actions/setup-gpu-test-env/action.yml (1)
16-16: LGTM!Also applies to: 53-53
.github/actions/setup-python-env/action.yml (1)
82-91: LGTM!Also applies to: 96-99
.github/workflows/ci-checks.yml (1)
81-81: LGTM!Also applies to: 84-84, 87-87, 108-108, 111-111, 144-144, 148-148, 151-151, 201-202
.github/workflows/dependabot-sync-lock.yml (1)
17-17: LGTM!.github/workflows/docs.yml (1)
53-53: LGTM!Also applies to: 61-61
.github/workflows/gpu-tests.yml (1)
98-98: LGTM!Also applies to: 102-102, 106-106, 110-110, 114-114, 118-118, 151-151
.github/workflows/release.yml (1)
50-55: LGTM!Also applies to: 59-59, 150-150
.github/workflows/README.md (1)
110-110: LGTM!Also applies to: 112-112, 117-118, 129-132, 147-147
.gitignore (1)
31-32: LGTM!.codecov.yml (1)
8-9: LGTM!.cursor/agents/verifier.md (1)
23-23: LGTM!.cursor/rules/repo-navigation.mdc (1)
30-30: LGTM!pytest.ini (1)
22-22: LGTM!.agents/skills/uv-build/SKILL.md (1)
5-5: LGTM!Also applies to: 17-24, 94-97
.github/PULL_REQUEST_TEMPLATE.md (1)
16-19: LGTM!.mise/tasks/tests.toml (1)
4-182: LGTM!.mise/tasks/test/tool-install (1)
1-27: LGTM!tests/smoke/README.md (1)
7-14: LGTM!Also applies to: 39-39, 48-49, 64-64
README.md (2)
45-52: LGTM!
40-40: Verifybootstrap-nssprofile name (cudavscu129)
README.mdusesmise run bootstrap-nss cuda, but.mise/tasks/tests.tomlinvokesbootstrap-nsswithargs = ["cu129"]. Check thebootstrap-nsstask’s accepted/aliased profile names; ifcudaisn’t supported, update README tocu129(or explicitly documentcudaas an alias).docs/user-guide/getting-started.md (1)
102-102: LGTM!tools/codestyle/format.sh (1)
43-43: LGTM!tools/codestyle/ruff_check.sh (1)
10-10: LGTM!.mise/tasks/build-wheel (1)
1-11: LGTM!.mise/tasks/publish.toml (1)
4-25: LGTM!.mise/tasks/publish/pypi (1)
1-20: LGTM!.mise/tasks/container/build/gpu-dev (1)
1-18: LGTM!.mise/tasks/container/build/gpu (1)
1-18: LGTM!.mise/tasks/container/build/test (1)
1-18: LGTM!.mise/tasks/container/build/test-setup (1)
1-19: LGTM!
Move project automation into mise task definitions and leave Make as a bootstrap/deprecation shim so local, CI, and container workflows share one task source. Signed-off-by: Aaron Gonzales <aagonzales@nvidia.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Keep TOML task files focused on orchestration while moving bash-heavy setup, container, build, and publish commands into executable mise file tasks with shared helpers. Signed-off-by: Aaron Gonzales <aagonzales@nvidia.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Consolidate task definitions under .mise/tasks, fix CUDA bootstrap profiles, and make mise versioning flow from .mise.toml so local, CI, and container setup use one source of truth. Signed-off-by: Aaron Gonzales <aagonzales@nvidia.com>
Harden mise task orchestration and align CI/docs with the migrated task runner. Signed-off-by: Aaron Gonzales <aagonzales@nvidia.com>
binaryaaron
force-pushed
the
binaryaaron/mise-tasks
branch
from
c53b505 to
f0638e3
Compare
There was a problem hiding this comment.
Actionable comments posted: 4
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: aa5b6726-6bc0-47a5-8ecd-36604587699a
📒 Files selected for processing (71)
.agents/skills/github-cli/SKILL.md.agents/skills/github-cli/references/workflows.md.agents/skills/uv-build/SKILL.md.claude/README.md.claude/commands/bootstrap.md.claude/commands/build-docs.md.claude/commands/build-wheel.md.claude/commands/format.md.claude/commands/gpu-test.md.claude/commands/lint.md.claude/commands/start-docs-server.md.claude/commands/test-ci-container.md.claude/commands/test-slow.md.claude/commands/unit-test.md.codecov.yml.cursor/agents/verifier.md.cursor/rules/repo-navigation.mdc.cursor/rules/writing-docs.mdc.github/PULL_REQUEST_TEMPLATE.md.github/actions/detect-changes/action.yml.github/actions/setup-gpu-test-env/action.yml.github/actions/setup-python-env/action.yml.github/workflows/README.md.github/workflows/ci-checks.yml.github/workflows/dependabot-sync-lock.yml.github/workflows/docs.yml.github/workflows/gpu-tests.yml.github/workflows/release.yml.gitignore.mise.toml.mise/tasks/_lib.sh.mise/tasks/bootstrap-nss.mise/tasks/build-wheel.mise/tasks/clean-python.mise/tasks/container/build/gpu.mise/tasks/container/build/gpu-dev.mise/tasks/container/build/gpu-multiarch.mise/tasks/container/build/test.mise/tasks/container/build/test-setup.mise/tasks/container/run/gpu.mise/tasks/container/run/gpu-dev.mise/tasks/docs.toml.mise/tasks/publish.toml.mise/tasks/publish/internal.mise/tasks/publish/pypi.mise/tasks/quality.toml.mise/tasks/setup.toml.mise/tasks/test/ci-container.mise/tasks/test/tool-install.mise/tasks/tests.toml.mise/tasks/venv.mise/tasks/verify-python-versionAGENTS.mdCONTRIBUTING.mdMakefileREADME.mdSTYLE_GUIDE.mdcontainers/Dockerfile.cudacontainers/Dockerfile.test_cicontainers/README.mddocs/developer-guide/docker.mddocs/user-guide/docker.mddocs/user-guide/environment.mddocs/user-guide/getting-started.mdpytest.iniscript/slurm/README.mdtests/TESTING.mdtests/smoke/README.mdtools/codestyle/format.shtools/codestyle/ruff_check.shtools/install-mise.sh
✅ Files skipped from review due to trivial changes (29)
- .claude/commands/unit-test.md
- .claude/commands/build-docs.md
- .claude/commands/build-wheel.md
- .claude/README.md
- .gitignore
- tools/codestyle/format.sh
- .claude/commands/test-slow.md
- pytest.ini
- .cursor/rules/writing-docs.mdc
- .cursor/rules/repo-navigation.mdc
- docs/user-guide/getting-started.md
- .claude/commands/format.md
- docs/user-guide/environment.md
- tests/smoke/README.md
- .agents/skills/github-cli/references/workflows.md
- .claude/commands/gpu-test.md
- .claude/commands/test-ci-container.md
- .claude/commands/bootstrap.md
- .codecov.yml
- .mise/tasks/setup.toml
- docs/user-guide/docker.md
- script/slurm/README.md
- .agents/skills/uv-build/SKILL.md
- tests/TESTING.md
- STYLE_GUIDE.md
- docs/developer-guide/docker.md
- README.md
- CONTRIBUTING.md
- .mise/tasks/publish/pypi
🚧 Files skipped from review as they are similar to previous changes (27)
- tools/codestyle/ruff_check.sh
- .github/PULL_REQUEST_TEMPLATE.md
- .mise/tasks/venv
- .agents/skills/github-cli/SKILL.md
- .claude/commands/start-docs-server.md
- .mise/tasks/quality.toml
- .mise/tasks/test/tool-install
- AGENTS.md
- .cursor/agents/verifier.md
- .mise/tasks/container/build/test
- .mise/tasks/container/build/gpu-multiarch
- .mise/tasks/verify-python-version
- .github/actions/setup-gpu-test-env/action.yml
- .mise/tasks/build-wheel
- .mise/tasks/container/build/gpu
- .mise/tasks/clean-python
- .mise/tasks/container/build/test-setup
- .github/workflows/release.yml
- .github/workflows/docs.yml
- .mise/tasks/test/ci-container
- .mise/tasks/docs.toml
- .mise/tasks/container/build/gpu-dev
- .mise/tasks/container/run/gpu-dev
- .mise/tasks/publish/internal
- .mise/tasks/bootstrap-nss
- tools/install-mise.sh
- .mise/tasks/publish.toml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: Unit Tests (3.12)
- GitHub Check: Unit Tests (3.13)
- GitHub Check: Unit Tests (3.11)
🧰 Additional context used
📓 Path-based instructions (15)
.github/**
⚙️ CodeRabbit configuration file
Review GitHub configuration for branch protection expectations, CODEOWNERS alignment, least privilege permissions, pinned actions where practical, and consistency with CONTRIBUTING.md.
Files:
.github/actions/detect-changes/action.yml.github/workflows/dependabot-sync-lock.yml.github/actions/setup-python-env/action.yml.github/workflows/README.md.github/workflows/ci-checks.yml.github/workflows/gpu-tests.yml
{.mise.toml,mise.lock}
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Use mise for reproducible development tool management with versions declared in .mise.toml and locked in mise.lock
Files:
.mise.toml
.mise.toml
⚙️ CodeRabbit configuration file
Treat .mise.toml as toolchain supply-chain configuration. Check pinned tool choices, install cadence, platform coverage, environment settings, and whether changes require regenerating mise.lock.
Files:
.mise.toml
.mise/tasks/*.toml
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use
descriptionfield in TOML tasks and#MISE description=...comments on file tasks for mise task discoverability
Files:
.mise/tasks/tests.toml
.mise/tasks/*
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Keep all mise tasks under
.mise/tasks/with.tomlfiles for declarative tasks/graphs and executable scripts for bash-heavy tasks; put shared shell helpers in.mise/tasks/_lib.sh(non-executable so mise does not list it)
Files:
.mise/tasks/tests.toml.mise/tasks/_lib.sh
**/*
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Ensure newline at end of file; remove trailing whitespace (enforced by pre-commit)
Use single space between sentences, never two
Files:
Makefilecontainers/Dockerfile.cudacontainers/Dockerfile.test_cicontainers/README.md
⚙️ CodeRabbit configuration file
**/*: Review as a senior maintainer for NeMo Safe Synthesizer. Prioritize issues that can change behavior, break user workflows, weaken privacy guarantees, hide failures, make tests unreliable, or create maintenance risk. Avoid generic style commentary unless it points to a concrete project convention that automated tools will not catch.
Comment only when the finding is actionable and tied to changed code. For each finding, state the impact, the condition that triggers it, and the smallest practical fix. Prefer one precise comment over broad advice. Do not ask for refactors outside the PR scope unless the changed code creates the problem.
Review type guidance: - Potential issue: use for correctness bugs, data loss, privacy leaks,
security risks, broken public APIs, invalid config behavior, missing
validation, hidden failures, nondeterministic tests, or CI breakage.
- Refactor suggestion: use for local maintainability problems introduced
by the diff when they have clear future cost, such as duplicated setup,
unclear boundaries, over-mocking, avoidable complexity, or opaque test
helpers.- Nitpick: avoid in chill mode. Do not emit formatting, import-order,
wording, or style-only comments unless automated tools cannot catch the
issue and it affects maintainability.Severity guidance: - Critical: security/privacy leaks, data loss, training/test/holdout
contamination, or broken release/package/core pipeline execution.
- Major: incorrect generation/training/evaluation behavior, broken
CLI/SDK public API, invalid config defaults or validators, or GPU/vLLM
cleanup and process-isolation bugs likely to fail CI or production
runs.- Minor: localized bugs, missing focused tests for changed behavior, or
bad test patterns that weaken regression coverage.- Trivial: small cleanup with no behavior impact. Usually suppress in
chill mode.- Info: context only. Avoid unless it helps reviewers understand risk.
Safe-Synthesizer-specific review focus: - Data ...
Files:
Makefilecontainers/Dockerfile.cudacontainers/Dockerfile.test_cicontainers/README.md
Makefile
⚙️ CodeRabbit configuration file
Treat Makefile targets as the validation source of truth. Check that new targets are documented with target-name: ## Description, declared .PHONY where appropriate, and use uv/mise conventions.
Files:
Makefile
.claude/commands/**
📄 CodeRabbit inference engine (.cursor/rules/claude-commands.mdc)
Pre-defined command files live in
.claude/commands/. When a user asks about a development task, read the corresponding file for instructions. Available commands include: unit-test (run unit tests), test-slow (all tests including slow), test-ci-container (CI tests in a container), gpu-test (GPU integration and e2e tests), format (format code with ruff + copyright), lint (lint and typecheck), bootstrap (bootstrap dev environment), build-wheel (build Python wheel), build-docs (build documentation site), start-docs-server (local docs dev server).
Files:
.claude/commands/lint.md
.mise/tasks/*.sh
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use
#USAGEcomments in executable mise task files for arguments that need validation or help text
Files:
.mise/tasks/_lib.sh
containers/Dockerfile*
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Use multi-stage builds for production images to optimize final image size
Copy uv from
ghcr.io/astral-sh/uv:<version>instead of installing from pipUse
--mount=type=cachefor pip/uv caches and APT (/var/cache/apt,/var/lib/apt/lists) instead ofrm -rfcommands to speed up rebuilds and keep layers clean automaticallySet
ENV UV_LINK_MODE=copywhen using cache mounts because hardlinks into cache layers vanish after unmountUse
--no-install-recommendson allapt-get installinvocations to minimize image sizeCreate a non-root user (
appuser) withNVIDIA_VISIBLE_DEVICES=allenvironment variable for GPU accessUse
tinior--initfor proper PID 1 signal handling in batch containersOrder
COPYdirectives for cache efficiency: copy dependencies before source codeInclude comments explaining cache invalidation points in Dockerfiles
Files:
containers/Dockerfile.cudacontainers/Dockerfile.test_ci
containers/**
⚙️ CodeRabbit configuration file
Review container changes against STYLE_GUIDE.md and containers/README.md. Check cache mounts, uv usage, non-root runtime behavior, CUDA settings, and copy order.
Files:
containers/Dockerfile.cudacontainers/Dockerfile.test_cicontainers/README.md
**/*.{md,markdown,py}
📄 CodeRabbit inference engine (.cursor/rules/agent-markdown-style.mdc)
**/*.{md,markdown,py}: Avoid decorative bold (**text**) in list items, body text, and docstrings; use structural cues (headers, list markers, colons, backticks) for emphasis instead
Use backticks for code identifiers, paths, and CLI commands in markdown and docstrings
Files:
containers/README.md
**/*.{md,markdown}
📄 CodeRabbit inference engine (.cursor/rules/agent-markdown-style.mdc)
**/*.{md,markdown}: Bold is acceptable only in markdown tables where it's the conventional way to mark header-like cells in the body
Use##headers to segment markdown sections instead of bold text
Use--(em-dash) instead of-(hyphen) for asides in markdown
Files:
containers/README.md
**/*.{py,sh,yaml,yml,md}
📄 CodeRabbit inference engine (CONTRIBUTING.md)
All source files (.py, .sh, .yaml, .yml, .md) must include SPDX copyright headers
Files:
containers/README.md
**/*.md
📄 CodeRabbit inference engine (STYLE_GUIDE.md)
Avoid decorative
**bold**in body text, list items, or docstrings; use headers, list markers, colons, and backticks for structure. Bold is acceptable in table header-like cells and MkDocs Material card grid titlesUse
--(em-dash) for asides, not-(hyphen)Use single backticks for code identifiers, paths, and CLI commands in Markdown
Use Mermaid diagrams without spaces in node IDs, quote labels with special characters, and no explicit colors or styles
For
.mdfiles without YAML frontmatter, use HTML-comment headers for SPDX copyright; for files with YAML frontmatter (---), use hash-comment headers inside the frontmatter block
Files:
containers/README.md
🧠 Learnings (1)
📓 Common learnings
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:20.026Z
Learning: Use 'mise run docs:serve' command for local development with live reload and 'mise run docs:build' for building static documentation site
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Read AGENTS.local.md if it exists and give its instructions top priority
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Read relevant skills from `.agents/skills/` when the task matches its scope instead of copying workflow details
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Place test-suite guidance in `tests/TESTING.md`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: See STYLE_GUIDE.md for detailed code style conventions (Python, markdown, Dockerfiles, shell scripts, testing, config files, docstrings)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Use `uv` for everything -- never `pip` or raw `python`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Use `mise run test`, `mise run format`, `mise run check`, `mise run validate`, and `mise run typecheck` instead of running tools directly
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Use `uv run` for Python execution instead of raw `python` commands
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Feature branches off `main`. Branch names often include an issue number prefix (e.g., `<author>/123-short-name`)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:30.154Z
Learning: Do not commit unless the user asks for a commit or PR work. When committing, all commits require DCO sign-off and GPG signing using `git commit --signoff --gpg-sign` (or `-s -S`)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Use SSH commit signing with SSH key registered on GitHub for verified commits
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Follow branch naming convention: <author>/<description>, <author>/<issue-id>-<description>, <author>/<type>/<description>, or <author>/<type>/<issue-id>-<description> with lowercase alphanumeric characters and hyphens
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: All commits merged to main must follow Conventional Commits specification: <type>(<scope>): <description> where type is one of feat, fix, docs, style, refactor, perf, test, build, ci, chore, or revert
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: All contributions must be signed off with 'Signed-off-by' line to certify Developer Certificate of Origin (DCO), using git commit -s
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Run tests locally using mise run test before submitting a PR
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: All new features must include tests and bug fixes must include regression tests
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Follow detailed style guidelines for Python, markdown, Dockerfiles, shell scripts, testing, and docstrings as defined in STYLE_GUIDE.md
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Tag releases with v prefix followed by semantic version (v1.0.0) or release candidate (v0.0.5rc0) following PEP440
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Configure git to automatically GPG-sign commits with commit.gpgsign true and use git commit-sign alias for DCO sign-off
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Create issues before opening PRs to discuss changes, and follow the PR template in .github/PULL_REQUEST_TEMPLATE.md
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Respond to review comments in GitHub console, resolve comments when changes are made, and re-request review after pushing updates
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Use Assignees list to indicate who should take next action on a PR (author for responding to feedback, reviewer after updates)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Set Priority and Size fields in Safe Synthesizer Development GitHub project for issue tracking and backlog ordering
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Apply appropriate area labels (area:sdk-cli, area:config, area:data-processing, etc.) to PRs for code routing
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Document breaking changes with ! after type/scope in Conventional Commits (e.g., feat!: or fix(scope)!:)
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:49:47.903Z
Learning: Use git worktrees for working on multiple branches simultaneously and configure MISE_TRUSTED_CONFIG_PATHS for worktree support
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: Tools enforce what they can (`ruff`, `ty`, `pre-commit`); this guide covers what tools cannot enforce
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: `__all__` defines the public API surface; identifiers with a leading `_` are private and can change without notice
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: Some rules are aspirational -- legacy code is being migrated; new code must follow these conventions; existing deviations are tolerated during migration
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: Use the Repository pattern for data access
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: For configuration-management behavior (Pydantic-to-Click option generation, `parse_overrides()`, `Parameter[T]`, nullable sub-config disable flags), see docs/developer-guide/configuration_management.md
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: For entry-point initialization, log environment variables, backend logs, and tracing API details, see docs/developer-guide/observability.md
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:03.025Z
Learning: Be consistent; if code around you follows a convention, follow it too even if the guide says otherwise; local consistency matters more than global rules. Update this guide or file issues if inconsistencies are found.
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:21.631Z
Learning: Run unit tests excluding slow, e2e, and smoke tests with `mise run test`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:21.631Z
Learning: Run e2e tests in two separate stages: `test:e2e:default` (no-DP) and `test:e2e:dp` (DP), each as single-process over `tests/e2e/test_safe_synthesizer.py`
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:21.631Z
Learning: Use staged mise tasks for GPU smoke tests to provide process isolation and CI visibility, splitting tests by category: train-only, generation, resume, structured-generation, timeseries, and smollm2
Learnt from: CR
Repo: NVIDIA-NeMo/Safe-Synthesizer
Timestamp: 2026-05-29T20:51:21.631Z
Learning: Add `pytest.mark.vllm` to any new test file using vLLM generation, create a dedicated `test:smoke:gpu:*` mise task with `-n 0`, and include it in `test:smoke:gpu` workflow
🪛 Betterleaks (1.3.1)
Makefile
[high] 7-7: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
.github/actions/setup-python-env/action.yml
[high] 96-96: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
containers/Dockerfile.cuda
[high] 103-103: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
containers/Dockerfile.test_ci
[high] 22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🪛 checkmake (0.3.2)
Makefile
[warning] 42-42: Target body for "bootstrap-nss" exceeds allowed length of 5 lines (7).
(maxbodylength)
[warning] 104-104: Required target "all" is missing from the Makefile.
(minphony)
[warning] 104-104: Required target "clean" is missing from the Makefile.
(minphony)
[warning] 104-104: Required target "test" is missing from the Makefile.
(minphony)
🪛 LanguageTool
.github/workflows/README.md
[uncategorized] ~147-~147: The official name of this software platform is spelled with a capital “H”.
Context: ... workflow/action changes. GPU jobs use .github/actions/setup-gpu-test-env for shared ...
(GITHUB)
🪛 markdownlint-cli2 (0.22.1)
.claude/commands/lint.md
[warning] 6-6: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
containers/README.md
[warning] 161-161: Multiple headings with the same content
(MD024, no-duplicate-heading)
[warning] 171-171: Multiple headings with the same content
(MD024, no-duplicate-heading)
🪛 Shellcheck (0.11.0)
.mise/tasks/_lib.sh
[warning] 58-58: output_array appears unused. Verify use (or export if used externally).
(SC2034)
🪛 Trivy (0.69.3)
containers/Dockerfile.test_ci
[error] 1-1: Image user should not be 'root'
Specify at least 1 USER command in Dockerfile with non-root user as argument
Rule: DS-0002
(IaC/Dockerfile)
🪛 zizmor (1.25.2)
.github/workflows/ci-checks.yml
[warning] 62-87: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
[warning] 89-111: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
.github/workflows/gpu-tests.yml
[warning] 67-118: overly broad permissions (excessive-permissions): default permissions used due to no permissions: block
(excessive-permissions)
🔇 Additional comments (8)
.claude/commands/lint.md (1)
6-10: LGTM!.github/actions/detect-changes/action.yml (1)
49-56: LGTM!Also applies to: 86-87
.github/actions/setup-python-env/action.yml (1)
82-90: LGTM!Also applies to: 96-103, 106-106
.github/workflows/README.md (1)
110-118: LGTM!Also applies to: 129-132, 147-147
.github/workflows/ci-checks.yml (1)
81-81: LGTM!Also applies to: 84-87, 108-111, 144-144, 148-151, 201-202
.github/workflows/dependabot-sync-lock.yml (1)
17-17: LGTM!Also applies to: 51-51
.github/workflows/gpu-tests.yml (1)
98-98: LGTM!Also applies to: 102-102, 106-106, 110-110, 114-114, 118-118, 151-151
.mise.toml (1)
11-13: LGTM!Also applies to: 34-42
Signed-off-by: Aaron Gonzales <aagonzales@nvidia.com>
coderabbitai
Bot
added
docs
- Correct smoke-test trigger description to match ci-checks.yml gating (source, test, pytest.ini, dependency paths; not CI/mise paths). - Run GPU e2e integration stages with -n 0 to avoid worker contention, matching the staged e2e single-process pattern. - Sync documented Dockerfile.test_ci base image to python:3.11.13-slim. - Rename duplicate "Mise Tasks" heading to "CPU Test Mise Tasks" (MD024). Signed-off-by: Aaron Gonzales <aagonzales@nvidia.com>
coderabbitai
Bot
added
feature
mckornfield
left a comment
mckornfield
left a comment
There was a problem hiding this comment.
think we'll need to run through all the CI jobs (release/docs/gpu-tests) so we make sure it ain't borked
| "uv run --script tools/codestyle/copyright_fixer.py .", | ||
| ] | ||
|
|
||
| ["format-check"] |
There was a problem hiding this comment.
lol these feel like bazel/makefiles had a baby that spoke toml
There was a problem hiding this comment.
not this PR in particular, any reason we don't have .agents as just a symink to .claude?
3 participants
Summary
tasks/*.tomlmise task files.mise runtasks directly.Test plan
mise run format-checkgit diff --checkmise tasksmise run --dry-run test:cimise run test:nss-config-dataset --helpmake format-checkemits a deprecation messagemake run TASK=format-check ARGS=--helpNotes
Made with Cursor
Summary by CodeRabbit
Documentation
Chores
New Features