Merge upstream/main into feat-candle-refactoring

Resolved conflicts by merging both feature sets:
- Kept CUDA as default feature in Cargo.toml (from upstream/main)
- Preserved flash-attn feature (from feat-candle-refactoring)
- Merged embedding_model and HNSW configurations in config files
- Updated cache implementation to support both embedding models and HNSW indexing
- Combined test targets and CI support in rust.mk
- Regenerated Cargo.lock to reflect merged dependencies

This merge brings the latest changes from main while preserving the
candle refactoring work, enabling both embedding model selection
and HNSW indexing features to work together.

Author: rootfs

.github/workflows/pre-commit.yml

@@ -97,6 +97,8 @@ jobs:
 
     - name: Run pre-commit check
       run: make precommit-check
+      env:
+        CI: true
 
     - name: Show pre-commit results
       if: failure()

.github/workflows/publish-crate.yml

@@ -71,17 +71,17 @@ jobs:
           exit 1
         fi
 
-    - name: Run tests
+    - name: Run tests (CPU-only, no CUDA)
       working-directory: candle-binding
-      run: cargo test --verbose
+      run: cargo test --no-default-features --verbose
 
-    - name: Check crate
+    - name: Check crate (CPU-only, no CUDA)
       working-directory: candle-binding
-      run: cargo check --verbose
+      run: cargo check --no-default-features --verbose
 
-    - name: Build crate
+    - name: Build crate (CPU-only, no CUDA)
       working-directory: candle-binding
-      run: cargo build --release --verbose
+      run: cargo build --release --no-default-features --verbose
 
     - name: Dry run publish
       working-directory: candle-binding

.github/workflows/test-and-build.yml

@@ -69,8 +69,8 @@ jobs:
       - name: Check go mod tidy
         run: make check-go-mod-tidy
 
-      - name: Build Rust library
-        run: make rust
+      - name: Build Rust library (CPU-only, no CUDA)
+        run: make rust-ci
 
       - name: Install HuggingFace CLI
         run: |
@@ -86,6 +86,7 @@ jobs:
       - name: Run semantic router tests
         run: make test
         env:
+          CI: true
           CGO_ENABLED: 1
           LD_LIBRARY_PATH: ${{ github.workspace }}/candle-binding/target/release
 

.pre-commit-config.yaml

@@ -22,6 +22,14 @@ repos:
         language: system
         files: \.go$
 
+  - repo: local
+    hooks:
+      - id: shellcheck
+        name: shellcheck
+        entry: make shellcheck
+        language: system
+        files: \.sh$
+
   - repo: local
     hooks:
       - id: golang-lint
@@ -73,7 +81,7 @@ repos:
         pass_filenames: false
       - id: cargo-check
         name: cargo check
-        entry: bash -c 'cd candle-binding && cargo check'
+        entry: bash -c 'cd candle-binding && cargo check --no-default-features'
         language: system
         files: \.rs$
         pass_filenames: false
@@ -87,7 +95,7 @@ repos:
         language_version: python3
         files: \.py$
         exclude: ^(\.venv/|venv/|env/|__pycache__/|\.git/|site-packages/)
-        
+
 # Commented out flake8 - only reports issues, doesn't auto-fix
 # -   repo: https://github.com/PyCQA/flake8
 #     rev: 7.3.0

Dockerfile.extproc

@@ -30,24 +30,24 @@ COPY candle-binding/Cargo.loc[k] ./candle-binding/
 COPY tools/make/ tools/make/
 COPY Makefile ./
 
-# Pre-build dependencies to cache them
+# Pre-build dependencies to cache them (CPU-only, no CUDA)
 RUN cd candle-binding && \
     mkdir -p src && \
     echo "fn main() {}" > src/lib.rs && \
-    cargo build --release && \
+    cargo build --release --no-default-features && \
     rm -rf src
 
 # Copy source code and build
 COPY candle-binding/src/ ./candle-binding/src/
 
-# Use Makefile to build the Rust library (rebuild with actual source code)
-RUN echo "Building Rust library with actual source code..." && \
+# Use Makefile to build the Rust library (rebuild with actual source code, CPU-only, no CUDA)
+RUN echo "Building Rust library with actual source code (CPU-only, no CUDA)..." && \
     echo "Checking source files:" && \
     ls -la candle-binding/src/ && \
     echo "Forcing clean rebuild..." && \
     cd candle-binding && \
     cargo clean && \
-    cargo build --release && \
+    cargo build --release --no-default-features && \
     echo "Checking built library:" && \
     find target -name "*.so" -type f && \
     ls -la target/release/

Dockerfile.extproc.cross

@@ -72,29 +72,29 @@ COPY candle-binding/Cargo.loc[k] ./candle-binding/
 COPY tools/make/ tools/make/
 COPY Makefile ./
 
-# Create a modified Makefile for cross-compilation
+# Create a modified Makefile for cross-compilation (CPU-only, no CUDA)
 RUN if [ "$TARGETARCH" = "arm64" ]; then \
-        echo "Modifying rust.mk for ARM64 cross-compilation..."; \
-        sed -i 's/cd candle-binding && cargo build --release/cd candle-binding \&\& cargo build --release --target aarch64-unknown-linux-gnu/' tools/make/rust.mk; \
+        echo "Modifying rust.mk for ARM64 cross-compilation (CPU-only, no CUDA)..."; \
+        sed -i 's/cd candle-binding && cargo build --release/cd candle-binding \&\& cargo build --release --no-default-features --target aarch64-unknown-linux-gnu/' tools/make/rust.mk; \
         cat tools/make/rust.mk | grep "cargo build"; \
     fi
 
-# Pre-build dependencies to cache them
+# Pre-build dependencies to cache them (CPU-only, no CUDA)
 RUN cd candle-binding && \
     mkdir -p src && \
     echo "fn main() {}" > src/lib.rs && \
     if [ "$TARGETARCH" = "arm64" ]; then \
-        cargo build --release --target aarch64-unknown-linux-gnu; \
+        cargo build --release --no-default-features --target aarch64-unknown-linux-gnu; \
     else \
-        cargo build --release; \
+        cargo build --release --no-default-features; \
     fi && \
     rm -rf src
 
 # Copy source code and build
 COPY candle-binding/src/ ./candle-binding/src/
 
-# Build with cross-compilation (rebuild with actual source code)
-RUN echo "Building Rust library with actual source code..." && \
+# Build with cross-compilation (rebuild with actual source code, CPU-only, no CUDA)
+RUN echo "Building Rust library with actual source code (CPU-only, no CUDA)..." && \
     echo "Current directory: $(pwd)" && \
     echo "TARGETARCH: $TARGETARCH" && \
     ls -la candle-binding/src/ && \
@@ -107,9 +107,9 @@ RUN echo "Building Rust library with actual source code..." && \
         export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc; \
         export CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++; \
         export AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar; \
-        cargo build --release --target aarch64-unknown-linux-gnu; \
+        cargo build --release --no-default-features --target aarch64-unknown-linux-gnu; \
     else \
-        cargo build --release --target x86_64-unknown-linux-gnu; \
+        cargo build --release --no-default-features --target x86_64-unknown-linux-gnu; \
     fi && \
     echo "Checking built library..." && \
     find target -name "*.so" -type f

Dockerfile.precommit

@@ -30,5 +30,8 @@ RUN pip install --break-system-packages yamllint
 # CodeSpell
 RUN pip install --break-system-packages codespell
 
+# Shellcheck
+RUN pip install --break-system-packages shellcheck-py
+
 # Golangci-lint
 RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.5.0

README.md

@@ -16,6 +16,7 @@
 
 *Latest News* 🔥
 
+- [2025/10/21] We announced the [2025 Q4 Roadmap: Journey to Iris](https://vllm-semantic-router.com/blog/q4-roadmap-iris) 📅.
 - [2025/10/16] We established the [vLLM Semantic Router Youtube Channel](https://www.youtube.com/@vLLMSemanticRouter) ✨.
 - [2025/10/15] We announced the [vLLM Semantic Router Dashboard](https://www.youtube.com/watch?v=E2IirN8PsFw) 🚀.
 - [2025/10/12] Our paper [When to Reason: Semantic Router for vLLM](https://arxiv.org/abs/2510.08731) accepted by NeurIPS 2025 MLForSys 🧠.
@@ -75,7 +76,7 @@ Detect PII in the prompt, avoiding sending PII to the LLM so as to protect the p
 
 #### Prompt guard
 
-Detect if the prompt is a jailbreak prompt, avoiding sending jailbreak prompts to the LLM so as to prevent the LLM from misbehaving.
+Detect if the prompt is a jailbreak prompt, avoiding sending jailbreak prompts to the LLM so as to prevent the LLM from misbehaving. Can be configured globally or at the category level for fine-grained security control.
 
 ### Similarity Caching ⚡️
 

bench/build_and_test.sh

@@ -9,7 +9,7 @@ echo "=============================================="
 
 # Clean previous builds
 echo "🧹 Cleaning previous builds..."
-rm -rf build/ dist/ *.egg-info/
+rm -rf build/ dist/ ./*.egg-info/
 find vllm_semantic_router_bench/ -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null || true
 find vllm_semantic_router_bench/ -name "*.pyc" -delete 2>/dev/null || true