Update middleware to use FunctionGroup.SEPARATOR for function matching

[ericevans-nv]

Description

This PR updates the function separator used in red teaming and defense middleware from . to __ to align with FunctionGroup.SEPARATOR. This fixes a bug introduced when the function group separator was changed, which caused middleware to no longer match registered function names. This broke red teaming and defense middleware functionality since they could not intercept the target functions. Updated the middleware matching logic to use FunctionGroup.SEPARATOR and updated the example configuration files and tests to use the new separator format.

By Submitting this PR I confirm:

• I am familiar with the Contributing Guidelines.
• We require that all contributors "sign-off" on their commits. This certifies that the contribution is your original work, or you have rights to submit it under the same license, or a compatible license.
  • Any contribution which contains commits that are not Signed-Off will not be accepted.
• When the PR is ready for review, new or existing tests cover these changes.
• When the PR is ready for review, the documentation is up to date with these changes.

Summary by CodeRabbit

Release Notes

• Refactor
  • Standardized function naming conventions across middleware and configuration files using a consistent separator format.
  • Updated test fixtures and validation logic to align with the new naming scheme.
  • Updated example configurations and documentation to reflect the standardized naming format.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Configuration files, middleware logic, and test files are updated to replace dot-based function group naming with double-underscore separation using FunctionGroup.SEPARATOR constant. The middleware detection logic is updated to parse function groups using the centralized separator instead of hardcoded dots.

Changes

Cohort / File(s)	Summary
Configuration Files examples/safety_and_security/retail_agent/src/nat_retail_agent/configs/config-with-defenses.yml, examples/safety_and_security/retail_agent/src/nat_retail_agent/configs/red-teaming-with-defenses.yml, examples/safety_and_security/retail_agent/src/nat_retail_agent/configs/red-teaming.yml	Updated target_function_or_group references from retail_tools.get_product_info to retail_tools__get_product_info across all configuration files to align with new separator convention.
Middleware Logic src/nat/middleware/defense/defense_middleware.py, src/nat/middleware/red_teaming/red_teaming_middleware.py	Modified group-target detection from dot-based heuristics to FunctionGroup.SEPARATOR constant. Added local imports of FunctionGroup and updated docstring examples to reflect new naming pattern (e.g., calculator__add).
Defense Middleware Tests tests/nat/middleware/test_defense_middleware.py, tests/nat/middleware/test_defense_middleware_content_guard.py, tests/nat/middleware/test_defense_middleware_output_verifier.py, tests/nat/middleware/test_defense_middleware_pii.py	Introduced FunctionGroup.SEPARATOR import and refactored test fixtures and target configurations to construct function names using the centralized separator constant instead of hardcoded dots.
Red Teaming Tests tests/nat/middleware/test_red_teaming_middleware.py	Added new test guard for separator constant value, imported FunctionGroup, and replaced hardcoded function name strings with dynamic construction using FunctionGroup.SEPARATOR.
Dynamic Middleware Tests tests/nat/middleware/test_dynamic_middleware.py	Updated fake component method key from "fake.method" to "fake__method" and corresponding error message assertion.
Documentation examples/safety_and_security/retail_agent/README.md	Updated target_function_or_group references from retail_tools.get_product_info to retail_tools__get_product_info in documentation examples and table entries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective: updating middleware to use FunctionGroup.SEPARATOR for function matching, which is the core change across all modified files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mnajafian-nv]

LGTM, I have 2 questions, otherwise this is good to go.

• Fix: The retail agent README still has the old separator format in multiple places. Users will copy these examples and get broken configs: e.g. findretail_tools.get_product_info nd replace with retail_tools__get_product_info in examples/safety_and_security/retail_agent/README.md

• Question: What's the deal with eval_dataset.json being added? It's not mentioned in the PR description and seems unrelated. Can you please add a quick note explaining why it's here (or remove if it snuck in accidentally).

[willkill07]

If the existing tests failed to detect that functions weren't being intercepted, then we need to have an appropriate e2e test that does actually verify interception.

I also don't see any new test adequately ensuring that interception is occurring.

[coderabbitai]

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details

{"name":"HttpError","status":401,"request":{"method":"PATCH","url":"https://api.github.com/repos/NVIDIA/NeMo-Agent-Toolkit/issues/comments/3782381284","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.6 Node.js/24","authorization":"token [REDACTED]","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated comment: summarize by coderabbit.ai -->\n<!-- walkthrough_start -->\n\n## Walkthrough\n\nThe pull request updates function naming conventions across the codebase from dot-separated notation (e.g., `retail_tools.get_product_info`) to underscore-separated notation (e.g., `retail_tools__get_product_info`) using a centralized `FunctionGroup.SEPARATOR` constant. Middleware implementations, configuration files, and tests are updated consistently to support this new naming scheme.\n\n## Changes\n\n| Cohort / File(s) | Summary |\n|---|---|\n| **LFS Data File**<br>`examples/frameworks/nat_autogen_demo/src/nat_autogen_demo/data/eval_dataset.json` | New Git LFS pointer file added with metadata (version, oid, size) |\n| **Configuration Files**<br>`examples/safety_and_security/retail_agent/src/nat_retail_agent/configs/config-with-defenses.yml`, `red-teaming-with-defenses.yml`, `red-teaming.yml` | Three configuration files updated: all instances of `target_function_or_group` changed from `retail_tools.get_product_info` to `retail_tools__get_product_info` across multiple middleware and scenario definitions |\n| **Middleware Implementation**<br>`src/nat/middleware/defense/defense_middleware.py`, `src/nat/middleware/red_teaming/red_teaming_middleware.py` | Core middleware logic refactored to detect group-qualified functions using `FunctionGroup.SEPARATOR` instead of literal dot notation; updated context-name pattern matching for group extraction and comparison |\n| **Defense Middleware Tests**<br>`tests/nat/middleware/test_defense_middleware.py`, `test_defense_middleware_content_guard.py`, `test_defense_middleware_output_verifier.py`, `test_defense_middleware_pii.py` | Test fixtures and assertions updated to construct function names using `FunctionGroup.SEPARATOR` for consistent naming throughout all test cases |\n| **Other Middleware Tests**<br>`tests/nat/middleware/test_dynamic_middleware.py`, `test_red_teaming_middleware.py` | Test setup updated: registered component method keys and function context names refactored to use new separator-based naming convention |\n\n## Estimated code review effort\n\n🎯 3 (Moderate) | ⏱️ ~25 minutes\n\n<!-- walkthrough_end -->\n\n\n<!-- pre_merge_checks_walkthrough_start -->\n\n<details>\n<summary>🚥 Pre-merge checks | ✅ 3</summary>\n\n<details>\n<summary>✅ Passed checks (3 passed)</summary>\n\n|     Check name     | Status   | Explanation                                                                                                                                                                    |\n| :----------------: | :------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n|     Title check    | ✅ Passed | The title accurately and concisely describes the main change: updating middleware to use FunctionGroup.SEPARATOR for function matching, which is the core objective of the PR. |\n| Docstring Coverage | ✅ Passed | Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.                                                                                           |\n|  Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled.                                                                                                                    |\n\n</details>\n\n<sub>✏️ Tip: You can configure your own custom pre-merge checks in the settings.</sub>\n\n</details>\n\n<!-- pre_merge_checks_walkthrough_end -->\n\n<!-- finishing_touch_checkbox_start -->\n\n<details>\n<summary>✨ Finishing touches</summary>\n\n- [ ] <!-- {\"checkboxId\": \"7962f53c-55bc-4827-bfbf-6a18da830691\"} --> 📝 Generate docstrings\n\n</details>\n\n<!-- finishing_touch_checkbox_end -->\n\n<!-- tips_start -->\n\n---\n\nThanks for using [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=NVIDIA/NeMo-Agent-Toolkit&utm_content=1448)! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.\n\n<details>\n<summary>❤️ Share</summary>\n\n- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)\n- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)\n- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)\n- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)\n\n</details>\n\n<sub>Comment `@coderabbitai help` to get the list of available commands and usage tips.</sub>\n\n<!-- tips_end -->\n\n<!-- internal state start -->\n\n\n<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKPR1AGxJcAqt1rUJJDM8LS0XgDuzkEEkNiIQQBi2Bhi8PgYAOIU+NjcGgDKAKJWAII2pdAA8nYAZvh8tSlpGcHUDAgYRJCQBgByjgKUXACMACxjABw9Bj42ADJcsLi43IgcAPQbROqw2AIaTMwbfQBqAJIAIuelJyQAsoSlpBi4YND4+B4A1uob3NgPB4NuMpjMfAkKFxKPAGCQJJhEGAMBIZgVchQ4ZABFRUrAuLV4AAPDYhMKRaJgJqpcQZYg5PJgBLcZzUBqQQBJhDBnKRcNjcR0uBQSF40AkQRoxmjcNR4lx8NwyDN5ioResUMxePgpGxXgAaSAYOk4khoX5dGYAYWFgXo1C4ACYAAwOgBsYCdIzADod0CdAGYOABWIMcB3+gBabgQyFsjFgmFIyFwsCC1JaWGZrIIfHidGx8mF9BoaBCFsw9CUtTICWCoXCJCiwsgtRyzEgACINB3ILEOwB9fs92JoDzwIhYCK7SDJGnpLIM/LFMoVao2DSQUo8CjpPgdRNBPIBGjF1Mt5q0rBERf2Egsqg53v4TuDnsCPCQWihQ34PlHwJ1uSjbRG0uAdPAFoePgOwMPwe4ZISRDYA+84tvAXiIAaDBoPEEHdGSDZNjEz61NoHhPqBHSQMKOyIDQRbnnOrQYKW0joBg9C8PC7B4SgryUHC3CXvwtS9jyJB8uml6IBucBBHG/40MgBEUs2zDtJ03RQTBFF5jOF7ztkuRLiU5SVDU7H0IpbEkESpbcF4CgYIhyHUKhhIYZZvbSLgybPimQTkBEt73myjQNOpmgwGe+5dEEqBKIgDA7kMdrIEaGBgCaZq8RWfE0Bx+axMKdENEETAUMKYiAYRIGReBFpDAmEi7hoRj6MY4BQGQ9D4KJOEEMQZDKCeCisOwXC8PwwiiOIUgyPITBKFQqjqFoOgdSYUBwKgqCYDgg0vCN+ZHLqnDUWgwUOE4LgFgoy0qGomjaLoYCGJ1pgGLZ9kYRsrasREDTfIgGwsbg/YDdBZD9kozD4BsiCYqD1AQ3gUMYDDJBwxsx5oBs8KjjD1BihJGhCIgGQcAYHY0wYFibucQ3kA++bXept19fGB6IEYpRhMgaCGo2aGOQTHhEzKCSaOTrQpMtkDfZqv3/WwgMUMDyPg5DLyY9jiMMJrqMEDrsPw7jTkyhBvGZOokDzIkBQ8PgEH0cEEloLjXBSBQiDzgazu0AaeW+wAXiQG59M+tmiHgKiOUtQTstpsJc3FiAANy9meHnxQLTsu5QF0BXwKb7WgYjYKOFvsG1Rh05Y9yYPA1Z0TO6FBKULEeLIYcUEY8wQWxsWkLQXAANT+hsHpGEUdHwJFJ2KEEwotcLJC1PUFDnfM+ARNTtMGBAYBGIrDnSAjaDVrgsgQxx/YJAwyHqLIGzCpb4toC8uAI0jYP9m/ZEIZfw2EwZy44QagMQmAKcKYwBVhrNIDQshmAeCpjTDs9cGZM2OvQNmzh5Cc2HtIaMwpE4MEfpVMgcJkCcxlBQXk/YpLzn7A0fs15jKQAiJQZeZBWL0FbCwai7t0L9gIF8GSDCtS0GwGIfsEF6gUQASIsRHhECDkkTkaRsj5HPnLjkRAyYzzcHgPATG1YMAJFEZ8VRWEMgFXBogS+Ekb5IWcLQKx4ig4cX4HgAE4NvbN3gJQDxqiaqqSCFWK20kI7Pl/KmRoBkMhVyITQ+CrwcgeCpFBYKo56JuQyDQgQkIpC0FruYSwpQPB5OkhRAKn5RAeGzPOGholbLcAaKNdkAIBBjlgjxcQxDD5txFFZfwtouB0IYUwjILCKBsJvBBEWQRT6/UcVfG+FZ74xx3NfV+wiP7AP1obJRBz2AgIQuA85YCiDQN2HA9eCCZLIPIgACmMaY+BFiSAhMQAASk5EI9+Pz1ESX7FImR4MdFDMSEEjwozjx0AmeJcG0yMasPYXkPiSyFZ2SVufNZzjb7uIfk/XZJygFnKOX/cln8zmQMufSm5MDYD3PMQkJ5KDIAvNAfY++Tjr5sMrhQdxKi/kAvJaKkF4NwXaOcvgaFsL4XjLEvQ0FqLZnzI4YsnOOKfr4v5Rsu+JKdkvxpYc3+KMzV0ouUQCBNrbmwM+eypBnKXm5FWHgfsATCTBNFf8rkErrFqLYaCmVkK5XlMgI3DAzcfJt0cp3UcPdKD90HsgIho9IATynv6Gec8F70ATkI1ewV16b3OvcOg8BHD7wwYfT6Kz9XrKJVsihz89lAtpa8H+BtqX7Ipd2xlIMixgBLGWJldynWIOeWg2m9NSiMyOizXBjh2YENEik9qkAbB3kaXCYsyLGGJLRXMjF3BIAIg8NgNiAj2yBvERoDRigIVyLlYo/tkqQ3Ss0S+nR6Bkr4AMcEQE4gz5CNoKO00477BwhYjuQDWK6kAE1Sj3HmE5RCskYzoA3rNAWQI+J0UwNQzh8SYhnhUYwUc5EWQpk4WKQFgDRWPtDT+2V9QsIJi6LxW2xUP1BqlWCtj4aOPoCqTCC0EQEBUVRdsBZyAIISHwN8fMm8fEereJMiS+ZqAygYN8HgaBZBQQ9gLbxK8gkRGQObWjsAZKQEjvwYukBk6wS6UZkzuDcAUAhchNiXC1KKECXQMpmDKnVOabUs8SgGCNJQgUkSOL2lb3zF0/YvSFavHUEEnmQzK0pkUPYccYM/NxDGSeLg5wsA6oAAaNpBgSgVmzjXtqtd2qllr+1du/kOvZEGx14QdSyqdHKPA1YNN0jLjLXLCUvde1OI8WzsmYCB+AYGkq8Pg+sAwPQoA1a0yi49Gqz01ZbG2SANX72qJY9+597H8CndiJd/j4jBNhtffUU7EEqY9F20I6scyjiKnEDmfsXCinqBIDt37UAgcSXUKwzASbxAMB5r93Q9SMA32KbCb5Ixod/aUFjrZFAWpwn7A6AnGOifY8oGT75ub0fdSJB5bzgR+yP1KmwOZuMqdQATBQZgTRxYOCIEmaSfPIAC6F4Ce+2Axc+WaRTyX0vhdy4V3PApr6vxVVwKm8g6auMj3Hq6Kero83iALfdHhJaFYbw6VwStX4a3oPag23FZ8GsGpbS1slXXzW9s6524BvWR0Da6C61BtawuLuGsu+wq78GJc3UMvwCLOLpdhPjLL19/vcNSN4MT5EIJEYLy0lVUyjvopvIgGBHRVPnauxI1jd2RP+WfE3t7wmPvPmZYsupYeoN4Ujxh8cM3UIvJW1UtbjkNtwfSH8rDqAUmkdhLARiGYUAKZRMp/Mcgs48P60Pi0KlgLNmZe6sT9FeJxMLiyYz+BTNwQrxJFz+BsLRLrmF8T8WLFRYiQ0k0glpzG0h0qlnwJNinP0jllupaAUjKN2jugDlQoeOVoihdgdkekxCepqnkF9lgHVh7qst7s1tsq1v7pShauDG1j1jasOnQJBqWMPs8qdhmmdoIs9kCsxk+lom3o9s+JwUxgJl+kJq3j3qdnooBspKtutrBs4AvrXPTNGrGq3DCgml3Mmn3AYAPAbgtugWPKbmAObgYLPJbraNbsWpZnbuWo7lWi7gfEfEYB1t/KfkRDjA8l8u4Wyt8q4dEBoNwLILOhgvOrHszOYXghzBukboMttNFh4bWAdrxK5lvmVunu+kwBOPAGHBvsJGesgLhOWELFdHeNmOyKAqXpJOdrOBmEZJii8suGZGuL8lhuVEvD+MFEoDQGIHnGemAFxISESKpseqRkqHUjyrZHyCxGwBbNoH/nUlmA+OyHlHUgdp+PgGxEaHyDyrMQfiFKURQAaBMVQGkBaHUmeoaKxBevAILIgA5OoOIBaK0PMSUYsXwHlEDvIRaLxv5BRsikvsgMKA5OXGxHUlxC1LkMgMkVJmvnEAkHaDwI0osrQL+Fyl2B2P8gxs8aFDmBuJ3BqMlpJOyNUZeLUeentGEPmH3lgHUmwAVqUtFMskQa0fxESG8FMUEJgJsfklgKgNZMWB3uvF4NVHUkFHsa8VyuHEQBoFhKOI/I0qDhDGEBeumrKYCGFFoGEM0QyUIq3LQr8aqg8d0D5p5MKOpP3meI4tMS8mrN8LUNkmAF4FIORFxuELlN4t9NVPVKmIvnXMAAjIni4O9DoUPNEZmmPAAOxTxBgW7zzmFFoWZrz25by2HO7MDR71rHwGDOGkj1jhJ9aiLH5ED5nh5ED9i+HCj+GBHR4hHYLx4RHrp6G5ZQA7o2nICoqjrIpJHQQpyLL3ywC5BwoQzcAOQ3z36eYUSdGUBlhBDnFelsQFHdDEmGSLiFCmSrgWQl4li9T9QuaQ5UDkTIm4CHEsQ9K8QfHiBqBji57MqQBnqDiooXHjobjnCiRjF2ITGPnMmWxzEWkvFhReQrHIprEbG/gGhnE3gEmoSoBHHlyjTvEsD3hFQ/ExB/FDJ8y0B5xQTYTF6agdKJZLkZCkmcK7C9mID9mAjuJoDDndxgoeaP6lJDIADSJAd4yAHpbwD5XpvECQ6kWWqOIx1J+pvIwF6UKJEEX4H+HJt5i4Bo74Wx0RhiABXRwkbAsUSA7YfG3c/AglQQCx/55RCBmgeWsx35bFRISAhpUuFYY4FoamdSHYwANpdpu8egPY4xrJslH4o4xWilCelUuQHEXZOksQIpwsZ6uUw5OQ5csAbUUAaegQ2+9EXcY0Z0Zm9AZY7IasX4pxApdps0uxop4VXQWUJM9ArmoW86P+3JfkuxMWcW1ViWoBKWvUEBmefSOeMBQyjmK+sQTVJ4/wbVmWIO8gvsE4soJU9SylIWbumZwZhuB4YZkZYA0ZJh+acZbRCZpaSZFadhaZruGZRgSkvkmsOZQEbhR1ZiCCZZuZZ+4cARQRMetZ4RAZDZKezZu6wJ9AAuEGCc/Cwx7J2+9S3hYSt13kdEyAN5QOeA+YANsJvEBFC4xkq5K45kdgLykp0pwQN82FcpYUAA3suAAL5T6gbdy/LHkOA7gWjlEWXsBOR0Q+ab6cwPmhA8Q+o+z/r6L4bkRHVUbOqp5oF2gEa81tKzQNWxB6ShXBRQ2jSw12WdnlhAgGi3GiCBKwR5FeK4KKgMBq05HNIGgQSxbYDZXdBOX2nCjylFTIoyQC1pG80DG4B+Y1UGWM18gI33A3VERwEsmTGsQQ3TjzGXEI2knI2NE1AlVwlLaC7UCxWQBVbeZ3b5jzwEn4XHpEXmkxBxpwzSKOQjjkLSDIDLheRmmvA7E010R01TG8QpgMhEDkV8hHU211yVURYJYhVxGxZAF/4gFEgEngE8CDXQExFx24VbzoAUmZrB03i3oXGaDvjoTLQaAs3Uk+QgxgynW1TCgbAXVTrXVnV+EBH64hkLXjxuhTzhgxlW7xnwhWFloO5Rq7XpmOEGCN0nXlkkDb0+SXVfJ72b3fLjGvCCpuKVkPU1lLrPU3SvUKVbrQCr3tH4l4VT0cLwUWLeYQp63MR+1w0WhIN5Ch3rk2AGiKS8QO2lZRLXFjghzckAWHrqrV4cIM14QCzkINAm3dz/GNm7E8WYAo6JYHZDHYH2DeZMPvpaWtCCywZs6UOsx/mPgGU8MxKcOxBhqoQJz+wYBaW81SyYp5Si1iANUgR8nvp5XCm/nYkNAR0w1MER5f4t0jSRbt0AGd2/7l59X92QHtUg6dVQAvLdUKUURuO0ADWnmwR1Vd3WbaZiB0C/JH3zVxRhkjBOhTzhmX3rVKCWGJk2EP2plP2fSv3r3v2f10Tf2WLv0sK+KerepBIUAgPVkVKhE4IJ6QPJ7QNDLx1sbzmOKkCp3YEh0NEEOIZxraPnqxAu3oMPkA1By4YnHdB1LsVCNU3dAsgGI6a+WrEPno2PqY0djMDY2qnykNAE0lDE0yHdw9ibmmjbmdi7Mc77Pqkk0z6yDokbjxVKT8DkLIR8QEjEiO3Ci/3hIc7vmsmfn01oOb7LGAwv6HbYHHY3jTYuPEUpj96r1BxjiZGSYB1mP7GgsKPak8oZItjZJeRNRoDgl8C0JwOmk7GB1sCeUN1CWv5cUWhGgdF3g9Q0I6Vin/lzbhxf5oVVU1K9W91gFBMeP1LOPVVcCRzkAoBE7iA+q0CxN6EJNJNgApOrVmGjTX22533JnZPVp7UOF5Or1v2e3RBFPgy71lPvK1Ou5gNx4QNrotPcxbrtOJ35FdOJyiS4MmQo1riDOtzDNeQq062EiwTwvUMHb2ZyRg2SQ/OlYsuguu3IDu1mvCje00DAs3mCwACOlcY4CrILC5XDsjDQG4Vg5wVw8RDwabJA3tiEULWBGYsLHCPLAszYRjsQhtDQyWAEWJ2LGdCzIj8tBpAjGYcmHCTLUpDmdI/Df1gjjDXQ7bul886EzgWlfJG4VQ3s1GYFMU/jHsQg8QDdcaEEfiNV3lE4iL6+NxCBAQwqWRY7l4E7mKVdFoSUqYtL17l+uSEm+Etbb+Ok7I7q57FVFSArDjyF4r9VNSPdfdLVA9ITQ12Ww9jmgTwTGW/SI1xW415UCltcc1yrJuU8YwqTWrG1N9mT99TuBruTmZ+T1AG9eZO9sgVdDA/zt1trc69TT1o09ZzracW6rzRUcafGyBBeBVwsKm8gb73QamgsNEtNDEQOGQdNtJ/Z9JMbpEKm26JAtE9EdAcBuF5Arw+WGn8DeYyA0nnY2n3yZZEkGn5zqDlziWHYtnGg6nigHYmtuxejo0lAOQfAbABitKKRRj5cFUbD8gfYAA5LZ4OJ57QDFykZsUIvp9wrQF2LY+B63XMVB2Ewi3ByK8/mK0PU2Vyn49zAE8K81RhynKNSVhNZOVE6UjE9oWmkR1mg6OfWR4vOk5tdYdR4/ftc/Qxy4bWxa//HQAWdY6We/Vx8ETx+A3xy9QJ0mEJ4LbG7eI7SM8+GM9VBM1g8Wz6/g6jYRluYlt9WAL9UO0uxKVswaB2ECMwCxmETQD2G9J2M90c1YITctyQN552DjnCBoC6V4B93oED3Trjj94TWDwD4cWBBoFqTtMgLRklSkVRXcTpgBkBg82BrzdhOysY0KXyILADSyDre+6W3wIOz65lo4IoyS2S8kv47EO/YBynCBC7B07QJnBkJozFEC77dMW27CUnSveDegM2Ie8e0hdiNgAvZ+dZqx0wdhVpTef268WB5uBB23fl4AYV60jV50q1Uh2V1utK+HDO0liK3V548/EVmNb8/5twuPUoIHEInDCUv7EF0FgqwRx1xmuPAAJxTyTC9eFoUc6vbUpm0cjdvQfTdTeKcyQy8eLzjSvBCiXRNNOv74JwrRPTrSvSGBbQpXqByIYVTclrTdEZj0dQGBl/+i0AOiTBBi4aTBOgh8CDhnhmei0D+jViTAOgMACBjDt90AkBBhd8+i99BiTCugl9J/l+QpV+bXTc9RL9l9cT2eqoc6pj6ZqJ198gN943Q4dhIDbsBf1hkAdgEijgJB6jn9IC2AABCWFKmtARnZ0VggGJ4d/LYB/iQCf49AOwZFAcrQHf7v5vgtgAAaRFUTADz+X4WgDYBSCXB38BQYRku0tAH9vgAAtBogNAHIDUBGAdwLgC8A4DRAeAiZD5kIGdhiBaA6QMlDWyXhKB+mOAUAJAFfcIIn/c4AYmvSIBMBFAAATTC4FPcxQuANgd8B3QOAqkiAAAQAG0qcZ/dHKAPrz6Y+grEEQWQPji4DvOVOUAURkdryCaB16Lgejg7BtJGkYMecNoIoyeAOSHzFmFpRQY60EgWlRKMwKGC+US6ehLgMQxPwAcJatYE7v0zO5qZOKGkPCAaGhJURUAb5ZsIIBEBpApAfDM8LYG7DmDfsOzJeCIIC4NB9BqgzsFVBtR+YOBCArIaAIaDjgIIo4KQZoLYAiCQc4PKnITSyEqDVBHYdQd8AaEA8uAHYdAajiwHdA4CO7UgIUM6FGD4g+A2gZUM7BWCkcl4EQYMMXbdAmAYw3OJAESZOgNAToJ0AAFJV8cQ5AA4A3iwggkrwFokIjzbwAGINdaQP2ThQpFO+uwg4ZkIMHXNch/QpsDGi6ATCLB1QnYF3HqFaD+hyJIYYs3kGtD2hHwrobgN6HLCmBO4ISKhCkH/DshUwkwb2FmGwiFhNgjICIKkH2Bfgw5fMFADgJKAbAj0dQIAEwCZAAgDroOluI5EfjtBRPJeBSk6I0AdnT6GdgfheELkZ2EBG1CPAIIxoWCKREsDbBrQ6HAAF0xBjSOiLYB0G8iOwIwcMq6H9BoB2+AgV0GMHDKd9ag4Zdvv6HDKXxxgtAIMK6GrCuhaAY/S0U6DGCugBAzfWoK6FNAh8Q+bfI0U6FoAMBnQ2EEgJ6BIBjAQ+ToCYeIKVE2BLgkolEQSP6FoBXQDoNAOGU9Eh9wyiTVQLUEmCTBwyLo4fv6BGD+gxgHsAQNmLzFjBagQYf0E6CTEjBEx4Zf0JMDQCTAtRPfEPiMA3hBgQ+U/SYGMDCC1AIx4I1YaMOUCkB46lALuJgMCAACOhhgqgkx1upeEEEy4n+vNwCKzjYRBAGUB4ARpYiRgcwtzsekQAAB1XYCsOGH7joRVOMAQuMKZFgZu46YsoWQ45ERKym4ooR2G3Gjg9xAAh0IeNRSnjzx7+VYViMpzo42hN4sbouPOpf0rWtbd8VwDnHZDvxu448QAJGAHjYRgEs8SmAvGQiMJ+OCCVkK/EmsCmE3HetW1fHRBAW/EQBq4mFSITIAyE0AahN/GOgAJx43CbAHwlMM/x14iwdBMKaUTvC1Ev5jaw3FIStxv4H8ehI4nYSuJwEiEXxMdACSUJZExjsJLglUSymIHSpjCHZpMSWJnYNiXJMgD/iFJ2BICXhJAmXj+JxEqCRpPG770t6LHNjmJLupPMpJn40yVZIwmcSrJ3E3iUuwwlqTWJTkmCeawuoPiSyHkoydJJ3HsTIAkwAKRmGsk8TbJBErgBHwgnQ5CaBgfKY3y6jbgfClAUgPvyoFqJN++gIAA= -->\n\n<!-- internal state end -->"},"request":{}},"response":{"url":"https://api.github.com/repos/NVIDIA/NeMo-Agent-Toolkit/issues/comments/3782381284","status":401,"headers":{"access-control-allow-origin":"*","access-control-expose-headers":"ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset","connection":"close","content-security-policy":"default-src 'none'","content-type":"application/json; charset=utf-8","date":"Thu, 22 Jan 2026 14:03:35 GMT","referrer-policy":"origin-when-cross-origin, strict-origin-when-cross-origin","server":"github.com","strict-transport-security":"max-age=31536000; includeSubdomains; preload","vary":"Accept-Encoding, Accept, X-Requested-With","x-content-type-options":"nosniff","x-frame-options":"deny","x-github-media-type":"github.v3; format=json","x-github-request-id":"403F:22EBD5:14D73:55E5F:69722E37","x-xss-protection":"0"},"data":{"message":"Requires authentication","documentation_url":"https://docs.github.com/rest","status":"401"}}}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@tests/nat/middleware/test_defense_middleware.py`:
- Around line 612-615: The test contains a duplicated assertion asserting
middleware._last_field_info is None; remove the redundant line so only one
assert middleware._last_field_info is None remains (keep the surrounding
assertions for middleware._last_extracted_content and the single
_last_field_info check) to eliminate the duplicate check.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/nat/middleware/defense/defense_middleware.py (1)

74-78: Docstring examples use outdated separator format.

The target_function_or_group field docstring still shows examples with the old . separator ('my_calculator.divide', 'llm_agent.generate'), but the middleware now uses FunctionGroup.SEPARATOR (__). Update the examples to reflect the new format.

📝 Suggested fix

     target_function_or_group: str | None = Field(
         default=None,
         description="Optional function or function group to target. "
         "If None, defense applies to all functions. "
-        "Examples: 'my_calculator', 'my_calculator.divide', 'llm_agent.generate'")
+        "Examples: 'my_calculator', 'my_calculator__divide', 'llm_agent__generate'")

[mnajafian-nv]

LGTM! Thanks for addressing the comments :)

[willkill07]

I removed dep-approvers because they own no files on this PR

[ericevans-nv]

/merge