Merge upstream/main into feat-candle-refactoring

Resolved merge conflicts by integrating both feature sets:
- Merged embedding model selection (bert/qwen3/gemma) with HNSW indexing
- Combined flash-attn feature with cuda as default in Cargo.toml
- Integrated both embedding_model and HNSW configuration options
- Merged test targets from both branches in rust.mk
- Updated Cargo.lock with merged dependencies

All features from both branches are now available:
- Semantic cache supports both embedding model selection and HNSW indexing
- Rust builds support both CUDA (default) and Flash Attention (optional)
- Test infrastructure includes both Rust unit tests and CI-friendly builds

Signed-off-by: Huamin Chen <[email protected]>

Author: rootfs

.github/workflows/pre-commit.yml

@@ -97,6 +97,8 @@ jobs:
 
     - name: Run pre-commit check
       run: make precommit-check
+      env:
+        CI: true
 
     - name: Show pre-commit results
       if: failure()

.github/workflows/publish-crate.yml

@@ -71,17 +71,17 @@ jobs:
           exit 1
         fi
 
-    - name: Run tests
+    - name: Run tests (CPU-only, no CUDA)
       working-directory: candle-binding
-      run: cargo test --verbose
+      run: cargo test --no-default-features --verbose
 
-    - name: Check crate
+    - name: Check crate (CPU-only, no CUDA)
       working-directory: candle-binding
-      run: cargo check --verbose
+      run: cargo check --no-default-features --verbose
 
-    - name: Build crate
+    - name: Build crate (CPU-only, no CUDA)
       working-directory: candle-binding
-      run: cargo build --release --verbose
+      run: cargo build --release --no-default-features --verbose
 
     - name: Dry run publish
       working-directory: candle-binding

.github/workflows/test-and-build.yml

@@ -69,8 +69,8 @@ jobs:
       - name: Check go mod tidy
         run: make check-go-mod-tidy
 
-      - name: Build Rust library
-        run: make rust
+      - name: Build Rust library (CPU-only, no CUDA)
+        run: make rust-ci
 
       - name: Install HuggingFace CLI
         run: |
@@ -86,6 +86,7 @@ jobs:
       - name: Run semantic router tests
         run: make test
         env:
+          CI: true
           CGO_ENABLED: 1
           LD_LIBRARY_PATH: ${{ github.workspace }}/candle-binding/target/release
 

.pre-commit-config.yaml

@@ -22,6 +22,14 @@ repos:
         language: system
         files: \.go$
 
+  - repo: local
+    hooks:
+      - id: shellcheck
+        name: shellcheck
+        entry: make shellcheck
+        language: system
+        files: \.sh$
+
   - repo: local
     hooks:
       - id: golang-lint
@@ -73,7 +81,7 @@ repos:
         pass_filenames: false
       - id: cargo-check
         name: cargo check
-        entry: bash -c 'cd candle-binding && cargo check'
+        entry: bash -c 'cd candle-binding && cargo check --no-default-features'
         language: system
         files: \.rs$
         pass_filenames: false
@@ -87,7 +95,7 @@ repos:
         language_version: python3
         files: \.py$
         exclude: ^(\.venv/|venv/|env/|__pycache__/|\.git/|site-packages/)
-        
+
 # Commented out flake8 - only reports issues, doesn't auto-fix
 # -   repo: https://github.com/PyCQA/flake8
 #     rev: 7.3.0

Dockerfile.extproc

@@ -30,24 +30,24 @@ COPY candle-binding/Cargo.loc[k] ./candle-binding/
 COPY tools/make/ tools/make/
 COPY Makefile ./
 
-# Pre-build dependencies to cache them
+# Pre-build dependencies to cache them (CPU-only, no CUDA)
 RUN cd candle-binding && \
     mkdir -p src && \
     echo "fn main() {}" > src/lib.rs && \
-    cargo build --release && \
+    cargo build --release --no-default-features && \
     rm -rf src
 
 # Copy source code and build
 COPY candle-binding/src/ ./candle-binding/src/
 
-# Use Makefile to build the Rust library (rebuild with actual source code)
-RUN echo "Building Rust library with actual source code..." && \
+# Use Makefile to build the Rust library (rebuild with actual source code, CPU-only, no CUDA)
+RUN echo "Building Rust library with actual source code (CPU-only, no CUDA)..." && \
     echo "Checking source files:" && \
     ls -la candle-binding/src/ && \
     echo "Forcing clean rebuild..." && \
     cd candle-binding && \
     cargo clean && \
-    cargo build --release && \
+    cargo build --release --no-default-features && \
     echo "Checking built library:" && \
     find target -name "*.so" -type f && \
     ls -la target/release/

Dockerfile.extproc.cross

@@ -72,29 +72,29 @@ COPY candle-binding/Cargo.loc[k] ./candle-binding/
 COPY tools/make/ tools/make/
 COPY Makefile ./
 
-# Create a modified Makefile for cross-compilation
+# Create a modified Makefile for cross-compilation (CPU-only, no CUDA)
 RUN if [ "$TARGETARCH" = "arm64" ]; then \
-        echo "Modifying rust.mk for ARM64 cross-compilation..."; \
-        sed -i 's/cd candle-binding && cargo build --release/cd candle-binding \&\& cargo build --release --target aarch64-unknown-linux-gnu/' tools/make/rust.mk; \
+        echo "Modifying rust.mk for ARM64 cross-compilation (CPU-only, no CUDA)..."; \
+        sed -i 's/cd candle-binding && cargo build --release/cd candle-binding \&\& cargo build --release --no-default-features --target aarch64-unknown-linux-gnu/' tools/make/rust.mk; \
         cat tools/make/rust.mk | grep "cargo build"; \
     fi
 
-# Pre-build dependencies to cache them
+# Pre-build dependencies to cache them (CPU-only, no CUDA)
 RUN cd candle-binding && \
     mkdir -p src && \
     echo "fn main() {}" > src/lib.rs && \
     if [ "$TARGETARCH" = "arm64" ]; then \
-        cargo build --release --target aarch64-unknown-linux-gnu; \
+        cargo build --release --no-default-features --target aarch64-unknown-linux-gnu; \
     else \
-        cargo build --release; \
+        cargo build --release --no-default-features; \
     fi && \
     rm -rf src
 
 # Copy source code and build
 COPY candle-binding/src/ ./candle-binding/src/
 
-# Build with cross-compilation (rebuild with actual source code)
-RUN echo "Building Rust library with actual source code..." && \
+# Build with cross-compilation (rebuild with actual source code, CPU-only, no CUDA)
+RUN echo "Building Rust library with actual source code (CPU-only, no CUDA)..." && \
     echo "Current directory: $(pwd)" && \
     echo "TARGETARCH: $TARGETARCH" && \
     ls -la candle-binding/src/ && \
@@ -107,9 +107,9 @@ RUN echo "Building Rust library with actual source code..." && \
         export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc; \
         export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++; \
         export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar; \
-        cargo build --release --target aarch64-unknown-linux-gnu; \
+        cargo build --release --no-default-features --target aarch64-unknown-linux-gnu; \
     else \
-        cargo build --release --target x86_64-unknown-linux-gnu; \
+        cargo build --release --no-default-features --target x86_64-unknown-linux-gnu; \
     fi && \
     echo "Checking built library..." && \
     find target -name "*.so" -type f

Dockerfile.precommit

@@ -30,5 +30,8 @@ RUN pip install --break-system-packages yamllint
 # CodeSpell
 RUN pip install --break-system-packages codespell
 
+# Shellcheck
+RUN pip install --break-system-packages shellcheck-py
+
 # Golangci-lint
 RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.5.0

README.md

@@ -16,6 +16,7 @@
 
 *Latest News* 🔥
 
+- [2025/10/21] We announced the [2025 Q4 Roadmap: Journey to Iris](https://vllm-semantic-router.com/blog/q4-roadmap-iris) 📅.
 - [2025/10/16] We established the [vLLM Semantic Router Youtube Channel](https://www.youtube.com/@vLLMSemanticRouter) ✨.
 - [2025/10/15] We announced the [vLLM Semantic Router Dashboard](https://www.youtube.com/watch?v=E2IirN8PsFw) 🚀.
 - [2025/10/12] Our paper [When to Reason: Semantic Router for vLLM](https://arxiv.org/abs/2510.08731) accepted by NeurIPS 2025 MLForSys 🧠.
@@ -75,7 +76,7 @@ Detect PII in the prompt, avoiding sending PII to the LLM so as to protect the p
 
 #### Prompt guard
 
-Detect if the prompt is a jailbreak prompt, avoiding sending jailbreak prompts to the LLM so as to prevent the LLM from misbehaving.
+Detect if the prompt is a jailbreak prompt, avoiding sending jailbreak prompts to the LLM so as to prevent the LLM from misbehaving. Can be configured globally or at the category level for fine-grained security control.
 
 ### Similarity Caching ⚡️
 

bench/build_and_test.sh

@@ -9,7 +9,7 @@ echo "=============================================="
 
 # Clean previous builds
 echo "🧹 Cleaning previous builds..."
-rm -rf build/ dist/ *.egg-info/
+rm -rf build/ dist/ ./*.egg-info/
 find vllm_semantic_router_bench/ -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null || true
 find vllm_semantic_router_bench/ -name "*.pyc" -delete 2>/dev/null || true