[None][chore] Introduce flashinfer-upgrade skill for automated version bumps

[yihwang-nv]

Summary

• Add flashinfer-upgrade skill to .claude/skills/ that automates upgrading the flashinfer-python dependency
• Fetches releases from GitHub, lets user choose stable vs nightly, updates all 4 pinned version files, verifies compatibility, and creates a PR
• Includes prerequisite checks for USE_GH_TOKEN and NVIDIA_GH_TOKEN with setup instructions

Test plan

• Invoke /flashinfer-upgrade and verify the interactive workflow runs correctly
• Verify skill appears in the registered skills list

Summary by CodeRabbit

• Documentation
  • Added internal workflow documentation for managing dependency updates.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new skill document is added that defines an end-to-end workflow for upgrading the flashinfer-python dependency in the TensorRT-LLM repository. The workflow validates authentication tokens, fetches available release versions, prompts for user preferences, updates dependency files, and creates a PR with appropriate commit and CI verification steps.

Changes

Cohort / File(s)	Summary
Flashinfer Upgrade Skill Documentation .claude/skills/flashinfer-upgrade/SKILL.md	New skill document defining a complete workflow for upgrading flashinfer-python across the repository, including GitHub token validation, version fetching, user prompts, multi-file updates (requirements.txt, pyproject.toml, poetry.lock, ATTRIBUTIONS-Python.md), nightly/dev version handling, verification scanning, and PR creation steps.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers the main summary and test plan but is missing required sections: Description (explaining the issue/solution), PR Checklist items, and does not follow the template structure.	Complete the PR description by adding the missing sections: detailed Description, PR Checklist verification items, and ensure it follows the repository's template format.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: introducing a new skill for automating flashinfer dependency upgrades.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.claude/skills/flashinfer-upgrade/SKILL.md (1)

139-140: Use canonical PEP 508 git requirement syntax

Line 139 mixes modern direct reference syntax with legacy #egg=. The egg fragment is deprecated in favor of the direct reference form, which allows pip to infer the package name automatically.

Suggested change

-  `flashinfer-python @ git+https://github.com/flashinfer-ai/flashinfer.git@TAG#egg=flashinfer-python`
+  `flashinfer-python @ git+https://github.com/flashinfer-ai/flashinfer.git@TAG`

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/flashinfer-upgrade/SKILL.md around lines 139 - 140, Replace
the legacy egg fragment usage in the requirement string `flashinfer-python @
git+https://github.com/flashinfer-ai/flashinfer.git@TAG#egg=flashinfer-python`
with canonical PEP 508 direct reference syntax by removing the `#egg=` fragment
(e.g. `flashinfer-python @
git+https://github.com/flashinfer-ai/flashinfer.git@TAG`) and update the
surrounding text to ask the user whether they prefer a PyPI pin or a git-based
pin so the README uses the chosen canonical form.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/skills/flashinfer-upgrade/SKILL.md:
- Around line 85-87: The fenced code blocks in SKILL.md lack language tags
causing markdownlint MD040 failures; update the backtick fences around the
blocks containing "grep flashinfer-python requirements.txt" and the pytest
commands (the blocks that include "pytest tests/unittest/_torch/flashinfer/ -v"
and "pytest tests/unittest/_torch/attention/test_flashinfer_attention.py -v") to
include a language (e.g., bash) immediately after the opening ``` so each block
starts with ```bash; ensure you apply the same change to the other occurrence
referenced (lines ~165-168) so all fenced blocks declare a language.
- Around line 177-182: Replace the placeholder text "git stash -- <modified
files>" with a concrete, executable stash command so the step can run in
automation: use a git stash push invocation that includes an explicit message
and the target file paths (i.e., the -- <files> form) and keep the rest of the
flow (checkout main, pull --rebase, create branch, stash pop) unchanged so the
sequence is script-safe and unambiguous.
- Around line 111-131: The instructions for updating
security_scanning/poetry.lock miss regenerating the lockfile metadata hash;
after replacing the `files = [...]` block and updating any
`[package.dependencies]` for `flashinfer-python` (and ensuring pyproject.toml
reflects the same), run `poetry lock --no-update` from the security_scanning/
directory to refresh the `metadata.content-hash` without changing package
versions, or instead use `poetry add flashinfer-python@NEW_VERSION` to let
Poetry update both pyproject.toml and poetry.lock and regenerate the hash
automatically.

---

Nitpick comments:
In @.claude/skills/flashinfer-upgrade/SKILL.md:
- Around line 139-140: Replace the legacy egg fragment usage in the requirement
string `flashinfer-python @
git+https://github.com/flashinfer-ai/flashinfer.git@TAG#egg=flashinfer-python`
with canonical PEP 508 direct reference syntax by removing the `#egg=` fragment
(e.g. `flashinfer-python @
git+https://github.com/flashinfer-ai/flashinfer.git@TAG`) and update the
surrounding text to ask the user whether they prefer a PyPI pin or a git-based
pin so the README uses the chosen canonical form.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0894a042-956b-41d9-af37-781e568941ec

📥 Commits

Reviewing files that changed from the base of the PR and between 9a3dc61 and 1729993.

📒 Files selected for processing (1)

• .claude/skills/flashinfer-upgrade/SKILL.md

[wenmingw]

@kaiyux do we have CI for skills? Any guidelines on how to contribute a skill? Thanks.

[yihwang-nv]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #43162 [ run ] triggered by Bot. Commit: 016874c Link to invocation

[tensorrt-cicd]

PR_Github #43162 [ run ] completed with state SUCCESS. Commit: 016874c
/LLM/main/L0_MergeRequest_PR pipeline #33792 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yihwang-nv]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #43346 [ run ] triggered by Bot. Commit: b66c41d Link to invocation

[tensorrt-cicd]

PR_Github #43346 [ run ] completed with state FAILURE. Commit: b66c41d
/LLM/main/L0_MergeRequest_PR pipeline #33886 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yihwang-nv]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #43621 [ run ] triggered by Bot. Commit: b66c41d Link to invocation

[tensorrt-cicd]

PR_Github #43621 [ run ] completed with state FAILURE. Commit: b66c41d
/LLM/main/L0_MergeRequest_PR pipeline #34113 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yihwang-nv]

/bot run --disable-fail-fast

[yihwang-nv]

/bot run --disable-fail-fast

[tensorrt-cicd]

PR_Github #44332 [ run ] triggered by Bot. Commit: c0e6b64 Link to invocation

[tensorrt-cicd]

PR_Github #44332 [ run ] completed with state FAILURE. Commit: c0e6b64
/LLM/main/L0_MergeRequest_PR pipeline #34752 completed with status: 'FAILURE'

CI Report

⚠️ Action Required:

• Please check the failed tests and fix your PR
• If you cannot view the failures, ask the CI triggerer to share details
• Once fixed, request an NVIDIA team member to trigger CI again

Link to invocation

[yihwang-nv]

/bot skip --comment "Only add a skill, no need testing"

[tensorrt-cicd]

PR_Github #45888 [ skip ] triggered by Bot. Commit: f29fcc9 Link to invocation

[tensorrt-cicd]

PR_Github #45888 [ skip ] completed with state SUCCESS. Commit: f29fcc9
Skipping testing for commit f29fcc9

Link to invocation