NVIDIA · rwgk · Apr 12, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026
diff --git a/.github/workflows/restricted-paths-guard.yml b/.github/workflows/restricted-paths-guard.yml
@@ -0,0 +1,144 @@
+# SPDX-FileCopyrightText: Copyright (c) 2024-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+name: "CI: Restricted Paths Guard"
+
+on:
+  # Label updates on fork PRs require pull_request_target permissions.
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+
+jobs:
+  restricted-paths-guard:
+    name: Apply review label if needed
+    if: github.repository_owner == 'NVIDIA'
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: read
+    steps:
+      - name: Inspect PR author signals for restricted paths
+        env:
+          # PR metadata inputs
+          AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association || 'NONE' }}
+          EXISTING_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+
+          # Workflow policy inputs
+          REVIEW_LABEL: Needs-Restricted-Paths-Review
+
+          # API request context/auth
+          GH_TOKEN: ${{ github.token }}
+          REPO: ${{ github.repository }}
+        run: |
+          set -euo pipefail
+
+          if ! MATCHING_RESTRICTED_PATHS=$(
+            gh api \
+              --paginate \
+              --jq '
+                .[]
+                | select(
+                    (.filename | startswith("cuda_bindings/"))
+                    or ((.previous_filename // "") | startswith("cuda_bindings/"))
+                    or (.filename | startswith("cuda_python/"))
+                    or ((.previous_filename // "") | startswith("cuda_python/"))
+                  )
+                | if (.previous_filename // "") != "" then
+                    "\(.previous_filename) -> \(.filename)"
+                  else
+                    .filename
+                  end
+              ' \
+              "repos/$REPO/pulls/$PR_NUMBER/files"
+          ); then
+            echo "::error::Failed to inspect the PR file list."
+            {
+              echo "## Restricted Paths Guard Failed"
+              echo ""
+              echo "- **Error**: Failed to inspect the PR file list."
+              echo "- **Author**: $PR_AUTHOR"
+              echo "- **Author association**: $AUTHOR_ASSOCIATION"
+              echo ""
+              echo "Please update the PR at: $PR_URL"
+            } >> "$GITHUB_STEP_SUMMARY"
+            exit 1
+          fi
+
+          TOUCHES_RESTRICTED_PATHS=false
+          if [ -n "$MATCHING_RESTRICTED_PATHS" ]; then
+            TOUCHES_RESTRICTED_PATHS=true
+          fi
+
+          write_matching_restricted_paths() {
+            echo "- **Matched restricted paths**:"
+            echo '```text'
+            printf '%s\n' "$MATCHING_RESTRICTED_PATHS"
+            echo '```'
+          }
+
+          HAS_TRUSTED_SIGNAL=false
+          LABEL_ACTION="not needed (no restricted paths)"
+          TRUSTED_SIGNALS="(none)"
+
+          if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ]; then
+            case "$AUTHOR_ASSOCIATION" in
+              COLLABORATOR|MEMBER|OWNER)
+                HAS_TRUSTED_SIGNAL=true
+                LABEL_ACTION="not needed (author association is a trusted signal)"
+                TRUSTED_SIGNALS="author_association:$AUTHOR_ASSOCIATION"
+                ;;
+            esac
+          fi
+
+          LABEL_ALREADY_PRESENT=false
+          if jq -e --arg label "$REVIEW_LABEL" '.[] == $label' <<<"$EXISTING_LABELS" >/dev/null; then
+            LABEL_ALREADY_PRESENT=true
+          fi
+
+          if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ] && [ "$HAS_TRUSTED_SIGNAL" = "false" ]; then
+            if [ "$LABEL_ALREADY_PRESENT" = "true" ]; then
+              LABEL_ACTION="already present"
+            elif ! gh issue edit "$PR_NUMBER" --repo "$REPO" --add-label "$REVIEW_LABEL"; then
+              echo "::error::Failed to add the $REVIEW_LABEL label."
+              {
+                echo "## Restricted Paths Guard Failed"
+                echo ""
+                echo "- **Error**: Failed to add the \`$REVIEW_LABEL\` label."
+                echo "- **Author**: $PR_AUTHOR"
+                echo "- **Author association**: $AUTHOR_ASSOCIATION"
+                echo ""
+                write_matching_restricted_paths
+                echo ""
+                echo "Please update the PR at: $PR_URL"
+              } >> "$GITHUB_STEP_SUMMARY"
+              exit 1
+            else
+              LABEL_ACTION="added"
+            fi
+          fi
+
+          {
+            echo "## Restricted Paths Guard Completed"
+            echo ""
+            echo "- **Author**: $PR_AUTHOR"
+            echo "- **Author association**: $AUTHOR_ASSOCIATION"
+            echo "- **Touches restricted paths**: $TOUCHES_RESTRICTED_PATHS"
+            echo "- **Restricted paths**: \`cuda_bindings/\`, \`cuda_python/\`"
+            echo "- **Trusted signals**: $TRUSTED_SIGNALS"
+            echo "- **Label action**: $LABEL_ACTION"
+            if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ]; then
+              echo ""
+              write_matching_restricted_paths
+            fi
+            if [ "$TOUCHES_RESTRICTED_PATHS" = "true" ] && [ "$HAS_TRUSTED_SIGNAL" = "false" ]; then
+              echo ""
+              echo "- **Manual follow-up**: No trusted signal was found, so \`$REVIEW_LABEL\` is required."
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"