chore: refresh dependency locks

[willkill07]

Overview

Refresh dependency locks and runtime compatibility wiring for the release/0.2 branch.

• I confirm this contribution is my own work, or I have the right to submit it under this project license.
• I searched existing issues and open pull requests, and this does not duplicate existing work.

Details

• Updates Python optional integration constraints and lockfile entries for the release branch.
• Updates OpenClaw peer compatibility to 2026.5.12 and syncs the local hook type mirror with the current session end reasons.
• Adjusts Rust reqwest/rustls provider configuration and OTLP HTTP client selection so TLS and exporter initialization remain stable while unused optional transport packages stay out of the lockfile.
• Makes Node attribution generation lockfile-driven so platform-gated optional packages are listed consistently across CI and local machines.
• Pulls Node license text from integrity-checked locked npm artifacts when packages are not installed on the current platform.
• Regenerates Python and Node attribution files from the refreshed lockfiles.

Validation run:

• cargo test -p nemo-flow-cli
• cargo check -p nemo-flow --features otel
• cargo check -p nemo-flow --features otel,openinference
• cargo test -p nemo-flow http_config_exports_scope_push_pop_and_marks_without_tokio_runtime -- --nocapture
• npm test --workspace integrations/openclaw
• uv run --extra langgraph --extra langchain-nvidia pytest python/tests/integrations/langchain python/tests/integrations/langgraph third_party/langgraph_tests
• npm audit --ignore-scripts
• cargo fmt --all --check
• pre-commit run --files scripts/licensing/attributions_lockfile_md.py ATTRIBUTIONS-Node.md package-lock.json
• signed commit pre-commit suite

Where should the reviewer start?

Start with scripts/licensing/attributions_lockfile_md.py, crates/cli/src/tls.rs, crates/core/Cargo.toml, and integrations/openclaw/package.json to review the generator, runtime, and integration compatibility changes before the regenerated lockfile and attribution diffs.

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

• Relates to: none

Summary by CodeRabbit

• Dependencies
  • Bumped several Python packages (langchain, langchain-core, langgraph, langgraph-*, urllib3) and raised OpenClaw compatibility to 2026.5.12.
• New Features
  • Added "shutdown" and "restart" as session termination reasons.
• Chores
  • Ensure TLS/crypto provider is initialized before network operations across CLI and services.
• Documentation
  • Refreshed third‑party attributions and improved license extraction for Node/Python packages.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

This PR installs Rustls crypto providers explicitly before HTTPS calls, adjusts Cargo features to add optional reqwest/rustls for non‑WASM OTLP, bumps OpenClaw and Python LangChain/LangGraph constraints, and rewrites Node attribution generation to extract license text from package-lock tarballs.

Changes

OpenClaw version compatibility update

Layer / File(s)	Summary
OpenClaw version compatibility update integrations/openclaw/package.json	Raised OpenClaw compatibility and build version constraints under openclaw to 2026.5.12 (pluginApi, minGatewayVersion, openclawVersion, pluginSdkVersion) and updated peerDependencies.openclaw to >=2026.5.12.

Possibly related PRs

• NVIDIA/NeMo-Flow#92: Similar changes to crates/core/Cargo.toml opentelemetry-otlp feature configuration and rustls/reqwest TLS wiring.

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 55.56% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows Conventional Commits format with lowercase type 'chore' and concise imperative summary, under 72 characters.
Description check	✅ Passed	Description includes all required template sections: overview with confirmations, detailed changes, reviewer guidance, and related issues. All critical information is present and well-structured.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/core/src/observability/openinference.rs`:
- Around line 380-381: You added install_rustls_crypto_provider() in the HTTP
binary transport path (observability/openinference.rs); before merging, run the
required Rust validation and formatting: execute just test-rust, cargo fmt
--all, and cargo clippy --workspace --all-targets -- -D warnings and fix any
failures or lint warnings around install_rustls_crypto_provider() usage, then
run the full cross-language validation matrix (Rust, Python, Go, Node.js, and
WebAssembly) for changes under crates/core/**/*.rs and attach the
outputs/screenshots/logs of those test/format/lint runs and matrix results to
the PR.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 2f4cf156-c6e0-4885-ab82-9f125530e45e

📥 Commits

Reviewing files that changed from the base of the PR and between ab4b712 and cc370a0.

⛔ Files ignored due to path filters (3)

• Cargo.lock is excluded by !**/*.lock
• package-lock.json is excluded by !**/package-lock.json
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• ATTRIBUTIONS-Node.md
• ATTRIBUTIONS-Python.md
• crates/cli/Cargo.toml
• crates/cli/src/doctor.rs
• crates/cli/src/installer.rs
• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• crates/cli/src/server.rs
• crates/cli/src/tls.rs
• crates/core/Cargo.toml
• crates/core/src/observability/openinference.rs
• crates/core/src/observability/otel.rs
• integrations/openclaw/package.json
• integrations/openclaw/src/openclaw-hook-types.ts
• pyproject.toml

📜 Review details

🧰 Additional context used

📓 Path-based instructions (32)

**/*.rs

📄 CodeRabbit inference engine (.agents/skills/test-ffi-surface/SKILL.md)

**/*.rs: Run cargo fmt --all for FFI work as it is Rust work
Run just test-rust for FFI validation
Run cargo clippy --workspace --all-targets -- -D warnings to enforce warnings-as-errors linting

**/*.rs: Run cargo fmt --all for Rust code formatting
Run cargo clippy --workspace --all-targets -- -D warnings to enforce Rust linting with no warnings
Run just test-rust as the shared-runtime build/test wrapper for Rust changes

Use Rust snake_case naming convention for Rust code

**/*.rs: Any Rust change must run just test-rust
Any Rust change must run cargo fmt --all
Any Rust change must run cargo clippy --workspace --all-targets -- -D warnings

**/*.rs: Run cargo fmt --all for Rust code formatting when Node changes touch Rust files
Run cargo clippy --workspace --all-targets -- -D warnings to enforce strict linting when Rust files changed as part of Node work

**/*.rs: Always run just test-rust when any Rust code changes
Always run cargo fmt --all when any Rust code changes
Always run cargo clippy --workspace --all-targets -- -D warnings when any Rust code changes

Files:

• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• crates/core/src/observability/openinference.rs
• crates/cli/src/server.rs
• crates/cli/src/installer.rs
• crates/core/src/observability/otel.rs
• crates/cli/src/tls.rs
• crates/cli/src/doctor.rs

**/*.{rs,go,js,ts,tsx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license headers in all Rust, Go, JavaScript, and TypeScript source files using C-style comment syntax

Files:

• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• integrations/openclaw/src/openclaw-hook-types.ts
• crates/core/src/observability/openinference.rs
• crates/cli/src/server.rs
• crates/cli/src/installer.rs
• crates/core/src/observability/otel.rs
• crates/cli/src/tls.rs
• crates/cli/src/doctor.rs

**/*.{rs,py,go,js,ts,tsx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Use SONAR_IGNORE_START / SONAR_IGNORE_END markers only for documented false positives that cannot be resolved in code; keep ignored blocks small, add explanatory comments, and require reviewer sign-off

Files:

• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• integrations/openclaw/src/openclaw-hook-types.ts
• crates/core/src/observability/openinference.rs
• crates/cli/src/server.rs
• crates/cli/src/installer.rs
• crates/core/src/observability/otel.rs
• crates/cli/src/tls.rs
• crates/cli/src/doctor.rs

**/*.{js,ts,tsx,jsx,py,rs,go,java,c,cpp,h,cc,cxx,cs,rb,php,swift,kt}

📄 CodeRabbit inference engine (.agents/skills/prepare-pr/SKILL.md)

Changed files must be formatted with the language-native formatter

Files:

• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• integrations/openclaw/src/openclaw-hook-types.ts
• crates/core/src/observability/openinference.rs
• crates/cli/src/server.rs
• crates/cli/src/installer.rs
• crates/core/src/observability/otel.rs
• crates/cli/src/tls.rs
• crates/cli/src/doctor.rs

**/*.{py,js,ts,tsx,go,rs,md}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

Format changed files with the language-native formatter before the final lint/test pass

Files:

• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• integrations/openclaw/src/openclaw-hook-types.ts
• crates/core/src/observability/openinference.rs
• crates/cli/src/server.rs
• crates/cli/src/installer.rs
• crates/core/src/observability/otel.rs
• crates/cli/src/tls.rs
• crates/cli/src/doctor.rs
• ATTRIBUTIONS-Python.md

**/*.{rs,py,js,ts,tsx,go}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

During iteration, prefer uv run pre-commit run --files <changed files...> for targeted validation

Files:

• crates/cli/src/launcher.rs
• crates/cli/src/main.rs
• integrations/openclaw/src/openclaw-hook-types.ts
• crates/core/src/observability/openinference.rs
• crates/cli/src/server.rs
• crates/cli/src/installer.rs
• crates/core/src/observability/otel.rs
• crates/cli/src/tls.rs
• crates/cli/src/doctor.rs

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Use camelCase naming convention for Node.js code

Files:

• integrations/openclaw/src/openclaw-hook-types.ts

**/*.{md,markdown,py,sh,bash,js,ts,java,cpp,go,rust}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep package names, repo references, and build commands current in documentation

Files:

• integrations/openclaw/src/openclaw-hook-types.ts
• ATTRIBUTIONS-Python.md

**/*.{md,markdown,py,sh,bash,js,ts,example}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Example commands must match current package names and paths

Files:

• integrations/openclaw/src/openclaw-hook-types.ts
• ATTRIBUTIONS-Python.md

**/{integrations,integration,*-integration}/**

📄 CodeRabbit inference engine (.agents/skills/contribute-integration/SKILL.md)

**/{integrations,integration,*-integration}/**: Keep NeMo Flow optional in framework integrations
Preserve the framework's original behavior when NeMo Flow is absent
Wrap tool and LLM paths at the correct framework boundary
Integration pattern must follow docs/integrate-frameworks/adding-scopes.md

Files:

• integrations/openclaw/src/openclaw-hook-types.ts
• integrations/openclaw/package.json

{crates/adaptive/**,python/nemo_flow/{adaptive,plugin}.py,go/nemo_flow/{adaptive,**}/*.go,**/*.{ts,js,wasm}}

📄 CodeRabbit inference engine (.agents/skills/maintain-optimizer/SKILL.md)

Keep adaptive config schema, plugin lifecycle, and bindings in sync across crates/adaptive, core, bindings, Python (python/nemo_flow/adaptive.py and python/nemo_flow/plugin.py), Go (go/nemo_flow/adaptive and go/nemo_flow), and Node/WebAssembly helpers

Files:

• integrations/openclaw/src/openclaw-hook-types.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

If Node.js language surface changed, always run Node.js test target even when Rust core did not change

Files:

• integrations/openclaw/src/openclaw-hook-types.ts

integrations/openclaw/package.json

📄 CodeRabbit inference engine (.agents/skills/update-project-version/SKILL.md)

Keep integrations/openclaw/package.json version aligned with the workspace-root package-lock.json under packages["integrations/openclaw"].version

Files:

• integrations/openclaw/package.json

crates/core/src/observability/{atif,otel,openinference}.rs

📄 CodeRabbit inference engine (.agents/skills/maintain-observability/SKILL.md)

crates/core/src/observability/{atif,otel,openinference}.rs: When changing event fields, exporter behavior, subscriber config, or binding parity for ATIF, OpenTelemetry, or OpenInference, ensure the core event model and emitted fields remain in sync across ATIF (crates/core/src/observability/atif.rs), OpenTelemetry (crates/core/src/observability/otel.rs), and OpenInference (crates/core/src/observability/openinference.rs)
When event fields in observability exporters change, run the affected Rust crate tests plus just test-rust

Files:

• crates/core/src/observability/openinference.rs
• crates/core/src/observability/otel.rs

crates/{core,adaptive}/**

📄 CodeRabbit inference engine (.agents/skills/prepare-pr/SKILL.md)

Changes to crates/core or crates/adaptive must run the full language matrix

Files:

• crates/core/src/observability/openinference.rs
• crates/core/src/observability/otel.rs
• crates/core/Cargo.toml

{crates/core,crates/adaptive}/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/test-wasm-binding/SKILL.md)

If the change touched shared runtime semantics in crates/core or crates/adaptive, also use validate-change

Files:

• crates/core/src/observability/openinference.rs
• crates/core/src/observability/otel.rs

crates/core/**/*.rs

📄 CodeRabbit inference engine (.agents/skills/validate-change/SKILL.md)

When crates/core changes, run the full validation matrix across Rust, Python, Go, Node.js, and WebAssembly

crates/core/**/*.rs: Use Json = serde_json::Value in Rust-facing runtime APIs where the existing code expects JSON payloads.
Use Result<T> with FlowError in core runtime paths. Keep errors explicit and binding-appropriate at the wrapper layer.

Files:

• crates/core/src/observability/openinference.rs
• crates/core/src/observability/otel.rs

crates/{core,adaptive}/**/*.rs

⚙️ CodeRabbit configuration file

crates/{core,adaptive}/**/*.rs: Review the Rust runtime for async correctness, scope isolation, middleware ordering, and event lifecycle regressions.
Pay close attention to task-local/thread-local scope propagation, callback lifetimes, stream finalization, and root_uuid isolation.
Public API changes should preserve existing behavior unless tests and docs show the intended migration path.

Files:

• crates/core/src/observability/openinference.rs
• crates/core/src/observability/otel.rs

**/*.toml

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license headers in TOML files using TOML comment syntax

Files:

• pyproject.toml
• crates/cli/Cargo.toml
• crates/core/Cargo.toml

{Cargo.toml,setup.py,setup.cfg,pyproject.toml,go.mod,go.sum,package.json,package-lock.json,yarn.lock,pom.xml,*.gradle}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update repository manifest files (Cargo.toml, setup.py, go.mod, package.json, etc.) with new package/crate names during rename operations

Files:

• pyproject.toml

{Cargo.toml,pyproject.toml,go/nemo_flow/go.mod,package.json,package-lock.json,crates/node/package.json}

📄 CodeRabbit inference engine (.agents/skills/maintain-packaging/SKILL.md)

Maintain consistent package names, import paths, and module names across Rust, Python, Go, Node, and WebAssembly workspaces in NeMo Flow

Files:

• pyproject.toml

**/Cargo.{toml,lock}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Run cargo deny check for Rust dependency auditing as configured in deny.toml

Files:

• crates/cli/Cargo.toml
• crates/core/Cargo.toml

**/Cargo.toml

📄 CodeRabbit inference engine (.agents/skills/prepare-code-freeze/SKILL.md)

Confirm or infer the target release version from upstream/main:Cargo.toml. Derive the release branch as release/<major>.<minor>

Files:

• crates/cli/Cargo.toml
• crates/core/Cargo.toml

**/*.{md,rst,html,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

**/*.{md,rst,html,txt}: Always spell NVIDIA in all caps. Do not use Nvidia, nvidia, nVidia, nVIDIA, or NV.
Use an NVIDIA before a noun because the name starts with an 'en' sound.
Do not add a registered trademark symbol after NVIDIA when referring to the company.
Use trademark symbols with product names only when the document type or legal guidance requires them.
Verify official capitalization, spacing, and hyphenation for product names.
Precede NVIDIA product names with NVIDIA on first mention when it is natural and accurate.
Do not rewrite product names for grammar or title-case rules.
Preserve third-party product names according to the owner's spelling.
Include the company name and full model qualifier on first use when it helps identify the model.
Preserve the official capitalization and punctuation of model names.
Use shorter family names only after the full name is established.
Spell out a term on first use and put the acronym in parentheses unless the acronym is widely understood by the intended audience.
Use the acronym on later mentions after it has been defined.
For long documents, reintroduce the full term if readers might lose context.
Form plurals of acronyms with s, not an apostrophe, such as GPUs.
In headings, common acronyms can remain abbreviated. Spell out the term in the first or second sentence of the body.
Common terms such as CPU, GPU, PC, API, and UI usually do not need to be spelled out for developer audiences.

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,rst,html}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-brand-terminology.md)

Link the first mention of a product name when the destination helps the reader.

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,rst,txt}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-guide.md)

**/*.{md,rst,txt}: Spell NVIDIA in all caps. Do not use Nvidia, nvidia, or NV.
Format commands, code elements, expressions, package names, file names, and paths as inline code.
Use descriptive link text. Avoid raw URLs and weak anchors such as 'here' or 'read more.'
Use title case consistently for technical documentation headings.
Introduce code blocks, lists, tables, and images with complete sentences.
Write procedures as imperative steps. Keep steps parallel and split long procedures into smaller tasks.
Prefer active voice, present tense, short sentences, contractions, and plain English.
Use can for possibility and reserve may for permission.
Use after for temporal relationships instead of once.
Prefer refer to over see when the wording points readers to another resource.
Avoid culture-specific idioms, unnecessary Latinisms, jokes, and marketing exaggeration in technical documentation.
Spell out months in body text, avoid ordinal dates, and use clear time zones.
Spell out whole numbers from zero through nine unless they are technical values, parameters, versions, or UI values.
Use numerals for 10 or greater and include commas in thousands.
Do not add trademark symbols to learning-oriented documentation unless the source, platform, or legal guidance explicitly requires them.
Do not add trademark symbols to NeMo Flow learning documentation by default.
Do not rewrite API names, package names, command flags, or code literals for style reasons.

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,markdown,rst}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/assets/nvidia-style-technical-docs.md)

**/*.{md,markdown,rst}: Use title case consistently in technical documentation headings
Avoid quotation marks, ampersands, and exclamation marks in headings
Keep product, event, research, and whitepaper names in their official title case
Use title case for table headers
Do not force social-media sentence case into technical docs
Use monospace formatting for code elements, commands, parameters, package names, and expressions
Use monospace formatting for directories, file names, and paths
Use angle brackets inside monospace for variables inside paths, such as /home/<username>/.login
Use quotation marks for error messages and strings in documentation
Use bold formatting for UI buttons, menus, fields, and labels in documentation
Use angle brackets between UI labels for menu paths, such as File > Save As
Use italics for new terms on first use in documentation
Use italics for publication titles in documentation
Use plain text formatting for keyboard shortcuts in documentation
Prefer [NVIDIA/NeMo](link) format for GitHub repository references over generic phrases like 'the GitHub repo'
Introduce every code block with a complete sentence
Do not make a code block complete the grammar of the previous sentence
Do not continue a sentence after a code block
Use syntax highlighting when the format supports it for code blocks
Avoid the word 'snippet' unless the surrounding docs already use it as a term of art
Keep inline method, function, and class references consistent with nearby docs, omitting empty parentheses for prose readability when no call is shown
Use descriptive anchor text that matches the destination title when possible for links
Avoid raw URLs in running text in documentation
Avoid generic link anchors such as 'here,' 'this page,' and 'read more' in documentation
Include the acronym in link text if a linked term includes an acronym
Do not link long sentences or multiple sentences in documentation
Avoid links that pull readers away from a procedure unles...

Files:

• ATTRIBUTIONS-Python.md

**/*.{html,md}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license headers in HTML and Markdown files using HTML comment syntax

Files:

• ATTRIBUTIONS-Python.md

**/*.md

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Run Markdown link checking via lychee for README.md, CONTRIBUTING.md, and docs/ through pre-commit hooks

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,markdown,py,sh,bash}

📄 CodeRabbit inference engine (.agents/skills/contribute-docs/SKILL.md)

Keep stable user-facing wrappers at scripts/ root in docs and examples; only point at namespaced helper paths when documenting internal maintenance work

Files:

• ATTRIBUTIONS-Python.md

{README*,CHANGELOG*,docs/**/*.{md,rst,txt},examples/**/*,*.md}

📄 CodeRabbit inference engine (.agents/skills/rename-surfaces/SKILL.md)

Update documentation, examples, and getting-started guides with new package/module/crate names after rename operations

Files:

• ATTRIBUTIONS-Python.md

**/*.{md,txt,rst}

📄 CodeRabbit inference engine (.agents/skills/review-doc-style/SKILL.md)

**/*.{md,txt,rst}: Ensure commands, package names, file paths, and APIs in documentation are correct and not stale; flag incorrect or outdated information as blocking issues
Ensure examples and procedures in documentation will execute successfully with current APIs and commands
Use consistent user-facing terminology throughout documentation that matches current repo terminology
Capitalize NVIDIA correctly in all documentation and public-facing text
Format code, commands, paths, and filenames as inline code (monospace) in documentation
Use descriptive anchor text for links instead of bare URLs or weak labels like 'here' in documentation
Prefer active voice, present tense, short sentences, and plain English in documentation
Structure documentation procedures as imperative steps that are easy to scan and not too long for a single sequence
Prefer 'after' instead of 'once' for temporal references in documentation
Use 'can' instead of 'may' when describing possibility (rather than permission) in documentation
Avoid ambiguous numeric dates and ordinal dates in documentation body text

Files:

• ATTRIBUTIONS-Python.md

🧠 Learnings (1)

📚 Learning: 2026-05-07T18:04:44.387Z

Learnt from: mnajafian-nv
Repo: NVIDIA/NeMo-Flow PR: 67
File: integrations/openclaw/src/modules.ts:1-2
Timestamp: 2026-05-07T18:04:44.387Z
Learning: In NVIDIA/NeMo-Flow, TypeScript source files should use `//` line comments for SPDX headers (e.g., `// SPDX-FileCopyrightText: ...` and `// SPDX-License-Identifier: ...`) rather than C-style block comments (`/* ... */`). The repo’s copyright checker enforces this mapping, so `//` SPDX headers in `.ts` files should not be flagged as a style violation.

Applied to files:

• integrations/openclaw/src/openclaw-hook-types.ts

🔇 Additional comments (14)

pyproject.toml (1)

78-78: LGTM!

Also applies to: 84-84

ATTRIBUTIONS-Python.md (1)

3009-3009: LGTM!

Also applies to: 3039-3039, 3109-3109, 3139-3139, 3169-3169, 8048-8048

integrations/openclaw/package.json (1)

40-41: LGTM!

Also applies to: 44-45, 58-58

integrations/openclaw/src/openclaw-hook-types.ts (1)

7-7: LGTM!

Also applies to: 112-112

crates/cli/src/main.rs (1)

20-20: LGTM!

crates/cli/src/tls.rs (1)

1-6: LGTM!

crates/cli/Cargo.toml (1)

31-32: LGTM!

crates/core/Cargo.toml (1)

27-28: LGTM!

Also applies to: 43-44, 111-113

crates/cli/src/server.rs (1)

108-108: LGTM!

crates/cli/src/launcher.rs (1)

699-699: LGTM!

crates/cli/src/installer.rs (1)

133-133: LGTM!

crates/cli/src/doctor.rs (1)

654-654: LGTM!

crates/core/src/observability/openinference.rs (1)

463-466: LGTM!

crates/core/src/observability/otel.rs (1)

378-379: LGTM!

Also applies to: 460-463

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/core/Cargo.toml`:
- Around line 111-113: The Cargo.toml dependency changes (opentelemetry-otlp,
reqwest, rustls) require running the repository's dependency audit; run `cargo
deny check` locally to surface any policy violations from deny.toml, then fix
issues by updating the crate versions, features, or adding approved exceptions
per deny.toml (or removing/rewiring the optional dependencies) until `cargo deny
check` passes; re-run the check and include the passing output in the PR.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 9a256885-6d0b-4053-a682-97f668e6dc98

📥 Commits

Reviewing files that changed from the base of the PR and between eccc144 and d56c530.

📒 Files selected for processing (1)

• crates/core/Cargo.toml

📜 Review details

🧰 Additional context used

📓 Path-based instructions (4)

**/Cargo.{toml,lock}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Run cargo deny check for Rust dependency auditing as configured in deny.toml

Files:

• crates/core/Cargo.toml

**/*.toml

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Include SPDX license headers in TOML files using TOML comment syntax

Files:

• crates/core/Cargo.toml

crates/{core,adaptive}/**

📄 CodeRabbit inference engine (.agents/skills/prepare-pr/SKILL.md)

Changes to crates/core or crates/adaptive must run the full language matrix

Files:

• crates/core/Cargo.toml

**/Cargo.toml

📄 CodeRabbit inference engine (.agents/skills/prepare-code-freeze/SKILL.md)

Confirm or infer the target release version from upstream/main:Cargo.toml. Derive the release branch as release/<major>.<minor>

Files:

• crates/core/Cargo.toml

🔇 Additional comments (2)

crates/core/Cargo.toml (2)

27-28: Attach explicit full language matrix evidence for this crates/core change.

Please include CI run links/job IDs showing the full matrix passed for this PR.

As per coding guidelines, crates/{core,adaptive}/**: Changes to crates/core or crates/adaptive must run the full language matrix.

Also applies to: 43-44

---

6-6: Update release branch target to release/0.3.

Upstream main Cargo.toml shows version = "0.3.0", so the target release branch should be release/0.3 rather than release/0.2.

			> Likely an incorrect or invalid review comment.

[Salonijain27]

Approved from a dependency point of view

[willkill07]

/merge