Merge release/1.4 into develop

[willkill07]

Description

Closes #1458

By Submitting this PR I confirm:

• I am familiar with the Contributing Guidelines.
• We require that all contributors "sign-off" on their commits. This certifies that the contribution is your original work, or you have rights to submit it under the same license, or a compatible license.
  • Any contribution which contains commits that are not Signed-Off will not be accepted.
• When the PR is ready for review, new or existing tests cover these changes.
• When the PR is ready for review, the documentation is up to date with these changes.

Summary by CodeRabbit

Release Notes

• Documentation

  • Enhanced A2A protocol documentation with benefits, grouping logic, and usage scenarios
  • Clarified OAuth2 setup procedures and added environment variable guidance for protected examples
  • Added CUDA/NVIDIA GPU requirement warnings for Dynamo integration examples

• Chores

  • Updated dependency version constraints across packages for improved compatibility

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[willkill07]

/ok to test f5547c4

[coderabbitai]

Walkthrough

This forward-merge from release/1.4 to develop includes documentation enhancements for A2A protocol and Dynamo integration, along with systematic updates to dependency version constraints across multiple pyproject.toml files. Changes replace strict tilde (~) version pins with explicit range-based constraints (e.g., ~=1.2.3 → >=1.2.3,<2.0.0) and adjust OAuth2 setup documentation and hardware requirement warnings.

Changes

Cohort / File(s)	Summary
A2A Documentation & References docs/source/components/integrations/a2a.md, examples/A2A/currency_agent_a2a/README.md, examples/A2A/math_assistant_a2a/README.md	Added "Why Use A2A?" section with rationale and use-case guidance, and new References sections with A2A Introduction links across A2A example documentation.
Protected Calculator OAuth2 Setup examples/A2A/math_assistant_a2a_protected/README.md	Restructured OAuth2 configuration steps, clarified consent workflow, added environment variable setup instructions, expanded troubleshooting section with verification commands, and included References entry.
Dynamo Integration CUDA Warnings examples/dynamo_integration/README.md, examples/dynamo_integration/react_benchmark_agent/README.md, external/dynamo/README.md	Added explicit CUDA/NVIDIA GPU requirement warnings in Software Requirements sections, specifying hardware compatibility and Docker packaging details.
Core Dependency Version Constraints pyproject.toml	Updated 11 dependencies from tilde pins to range-based constraints: colorama, fastapi, openinference-semantic-conventions, optuna, python-dotenv, ragas, urllib3, nvidia-haystack, python-docx, tomlkit, werkzeug.
Framework Dependencies examples/frameworks/haystack_deep_research_agent/pyproject.toml, examples/frameworks/multi_frameworks/pyproject.toml	Updated framework-specific dependency constraints from tilde pins to explicit ranges (haystack-ai, opensearch-haystack, trafilatura, pypdf, arxiv).
Example Project Dependencies examples/advanced_agents/profiler_agent/pyproject.toml, examples/custom_functions/automated_description_generation/pyproject.toml, examples/documentation_guides/workflows/text_file_ingest/pyproject.toml, examples/getting_started/simple_web_query/pyproject.toml	Updated usearch and arize-phoenix-client dependency constraints, removing patch-level specificity.
NVIDIA Package Dependencies packages/nvidia_nat_a2a/pyproject.toml, packages/nvidia_nat_adk/pyproject.toml, packages/nvidia_nat_agno/pyproject.toml, packages/nvidia_nat_crewai/pyproject.toml, packages/nvidia_nat_langchain/pyproject.toml, packages/nvidia_nat_llama_index/pyproject.toml	Converted dependency constraints from tilde pins to explicit lower/upper bounds (a2a-sdk, google-adk, agno, google-search-results, crewai, langchain-\, langgraph, llama-index-\).
NVIDIA Integration Packages packages/nvidia_nat_mcp/pyproject.toml, packages/nvidia_nat_mem0ai/pyproject.toml, packages/nvidia_nat_openpipe_art/pyproject.toml, packages/nvidia_nat_phoenix/pyproject.toml, packages/nvidia_nat_profiling/pyproject.toml, packages/nvidia_nat_ragaai/pyproject.toml, packages/nvidia_nat_redis/pyproject.toml, packages/nvidia_nat_semantic_kernel/pyproject.toml, packages/nvidia_nat_weave/pyproject.toml	Updated dependency constraints for aiorwlock, mem0ai, openpipe-art, arize-phoenix-otel, prefixspan, ragaai-catalyst, redis, werkzeug, fickling with range-based versioning.
NVIDIA Vanna Integration packages/nvidia_nat_vanna/pyproject.toml	Updated databricks-sql-connector, databricks-sqlalchemy to explicit ranges; adjusted pymilvus[model], sqlglot, vanna[chromadb] constraints; removed langchain-core duplicate.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• PR #1452: Both PRs systematically update dependency version specifiers across multiple pyproject.toml files, transitioning from strict tilde (~=) constraints to explicit range-based constraints (>=M.m.p,<X.0.0).

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Merge release/1.4 into develop' is concise, descriptive, and clearly summarizes the main change of forward-merging release branch changes into develop.
Linked Issues check	✅ Passed	The PR meets the objective of issue #1458 by forward-merging changes from release/1.4 into develop, including documentation updates and dependency specification changes.
Out of Scope Changes check	✅ Passed	All changes are within scope: documentation enhancements for A2A protocol and examples, hardware requirement warnings, and dependency constraint updates—all expected in a forward-merge.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

external/dynamo/README.md (1)

1-15: Add SPDX Apache-2.0 identifier to the header.

Required by repo guidelines for all changed files. Please add the SPDX tag at the top of the file.

✅ Proposed fix

+<!-- SPDX-License-Identifier: Apache-2.0 -->
 <!--
 Copyright (c) 2025-2026 NVIDIA Corporation

examples/dynamo_integration/react_benchmark_agent/README.md (1)

1-15: Add SPDX Apache-2.0 identifier to the header.

Required by repo guidelines for all changed files. Please add the SPDX tag at the top of the file.

✅ Proposed fix

+<!-- SPDX-License-Identifier: Apache-2.0 -->
 <!--
 Copyright (c) 2025-2026, NVIDIA CORPORATION

examples/dynamo_integration/README.md (1)

1-15: Add SPDX Apache-2.0 identifier to the header.

Required by repo guidelines for all changed files. Please add the SPDX tag at the top of the file.

✅ Proposed fix

+<!-- SPDX-License-Identifier: Apache-2.0 -->
 <!--
 Copyright (c) 2025-2026, NVIDIA CORPORATION

packages/nvidia_nat_adk/pyproject.toml (1)

1-1: Update copyright year to include 2026.

Per coding guidelines, copyright years should be updated when a file is changed. Since this file is being modified in 2026, the copyright should be updated.

🔧 Suggested fix

-# SPDX-FileCopyrightText: Copyright (c) 2025, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.

🤖 Fix all issues with AI agents

In `@packages/nvidia_nat_a2a/pyproject.toml`:
- Around line 23-24: The dependency entries in pyproject.toml are not
alphabetically ordered as required; swap the two entries so
"a2a-sdk>=0.3.20,<1.0.0" comes before "nvidia-nat~=1.5" to satisfy the "Keep
sorted!!!" rule and ensure dependency ordering is alphabetical.

🧹 Nitpick comments (7)

examples/frameworks/multi_frameworks/pyproject.toml (1)

14-14: Consider using ~=2.1 format for consistency with guidelines.

The range-based constraint >=2.1.3,<3.0.0 deviates from the coding guideline which recommends ~=<version> with two-digit versions. For a post-1.0 package, ~=2.1 would be the standard format.

Note: ~=2.1 is equivalent to >=2.1,<2.2 (more restrictive), while >=2.1.3,<3.0.0 allows all 2.x versions (more permissive). If the broader range is intentional for flexibility in this example, the current format is acceptable.

packages/nvidia_nat_semantic_kernel/pyproject.toml (1)

29-29: Consider adding an upper bound to the werkzeug constraint.

The constraint >=3.1.5 has no upper bound, which could allow installation of future major versions (e.g., 4.x) that may introduce breaking changes. For transitive dependency pins intended to work around specific issues, a bounded constraint would be safer.

♻️ Suggested alternatives

-  "werkzeug>=3.1.5",
+  "werkzeug>=3.1.5,<4.0.0",

Or use the two-digit ~= format per coding guidelines:

-  "werkzeug>=3.1.5",
+  "werkzeug~=3.1",

packages/nvidia_nat_vanna/pyproject.toml (1)

24-25: Mixed version constraint formats within the same file.

These three dependencies use >=X.Y.Z,<N.0.0 format while pandas, pymilvus, and sqlglot use the ~=<version> format. This inconsistency within the same file may cause maintenance confusion.

If the broader range is intentional for databricks and vanna packages (e.g., to accommodate faster release cycles), consider adding a comment explaining the rationale.

Also applies to: 29-29

packages/nvidia_nat_langchain/pyproject.toml (1)

19-35: Dependencies are not sorted alphabetically.

The comment at line 22 says "Keep sorted!!!" but nvidia-nat (line 23) appears before the langchain* dependencies. Alphabetically, l comes before n, so langchain* entries should precede nvidia-nat.

Additionally, the inline comment at lines 20-21 ("default to using ~= instead of ==") is now inconsistent with the range-based format (>=X.Y.Z,<N.0.0) used for external dependencies. Consider updating the comment to reflect the new versioning convention.

Suggested reordering and comment update

 dependencies = [
   # Keep package version constraints as open as possible to avoid conflicts with other packages. Always define a minimum
-  # version when adding a new package. If unsure, default to using `~=` instead of `==`. Does not apply to nvidia-nat packages.
+  # version when adding a new package. Use range constraints (e.g., >=X.Y.Z,<N.0.0) for external packages. Does not apply to nvidia-nat packages.
   # Keep sorted!!!
-  "nvidia-nat~=1.5",
   "langchain>=1.2.3,<2.0.0",
   "langchain-aws>=1.1.0,<2.0.0",
   "langchain-classic>=1.0.1,<2.0.0",
   "langchain-core>=1.2.6,<2.0.0",
   "langchain-huggingface>=1.2.0,<2.0.0",
   "langchain-litellm>=0.3.5,<1.0.0",
   "langchain-milvus>=0.3.3,<1.0.0",
   "langchain-nvidia-ai-endpoints>=1.0.2,<2.0.0",
   "langchain-openai>=1.1.6,<2.0.0",
   "langchain-tavily>=0.2.16,<1.0.0",
   "langgraph>=1.0.5,<2.0.0",
+  "nvidia-nat~=1.5",
 ]

pyproject.toml (2)

342-342: Missing upper bound on tomlkit dependency.

The constraint >=0.13.2 has no upper bound, which could allow installation of a future 1.0.0 or higher release with potential breaking changes. For consistency with other dependencies in this PR (e.g., colorama>=0.4.6,<1.0.0), consider adding an upper bound.

Suggested fix

-  "tomlkit>=0.13.2",
+  "tomlkit>=0.13.2,<1.0.0",

---

347-347: Missing upper bound on werkzeug dependency.

The constraint >=3.1.5 has no upper bound, which could allow installation of a future 4.x release with potential breaking changes. For consistency with other dependencies in this PR, consider adding an upper bound.

Suggested fix

-  "werkzeug>=3.1.5",
+  "werkzeug>=3.1.5,<4.0.0",

packages/nvidia_nat_llama_index/pyproject.toml (1)

19-35: Dependencies are not sorted alphabetically.

Same issue as in packages/nvidia_nat_langchain/pyproject.toml: the comment at line 22 says "Keep sorted!!!" but nvidia-nat (line 23) appears before the llama-index* dependencies. Alphabetically, l comes before n.

The inline comment at lines 20-21 is also inconsistent with the range-based format now used for external dependencies.

Suggested reordering and comment update

 dependencies = [
   # Keep package version constraints as open as possible to avoid conflicts with other packages. Always define a minimum
-  # version when adding a new package. If unsure, default to using `~=` instead of `==`. Does not apply to nvidia-nat packages.
+  # version when adding a new package. Use range constraints (e.g., >=X.Y.Z,<N.0.0) for external packages. Does not apply to nvidia-nat packages.
   # Keep sorted!!!
-  "nvidia-nat~=1.5",
   "llama-index>=0.14.12,<1.0.0",
   "llama-index-core>=0.14.12,<1.0.0",
   "llama-index-embeddings-azure-openai>=0.4.1,<1.0.0",
   "llama-index-embeddings-nvidia>=0.4.2,<1.0.0",
   "llama-index-embeddings-openai>=0.5.1,<1.0.0",
   "llama-index-llms-azure-openai>=0.4.2,<1.0.0",
   "llama-index-llms-bedrock>=0.4.2,<1.0.0",
   "llama-index-llms-litellm>=0.6.3,<1.0.0",
   "llama-index-llms-nvidia>=0.4.4,<1.0.0",
   "llama-index-llms-openai>=0.6.12,<1.0.0",
   "llama-index-readers-file>=0.5.6,<1.0.0",
+  "nvidia-nat~=1.5",
 ]

[willkill07]

/merge nosquash

[rapids-bot]

Could not determine original ForwardMerger PR from branch name. The branch name should follow the pattern <target_branch>-merge-<source_branch> (e.g., branch-25.06-merge-branch-25.04 or main-merge-release/25.06). Please contact @rapidsdevops on Slack for assistance.