feat(guardrails): send execution source and job key headers#1739
Merged
valentinabojan merged 1 commit intoJun 25, 2026
Conversation
github-actions
Bot
added
test:uipath-langchain
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds correlation metadata to guardrail validation requests by propagating the CLI execution “source” and orchestrator job key into HTTP headers, aligning guardrails with existing licensing/metering flows.
Changes:
- Set
UIPATH_EXECUTION_SOURCEat the start of CLI agent-executing commands (run,debug,dev,eval) via a new execution-source resolver. - Send
x-uipath-agenthub-config(execution source) andx-uipath-jobkey(job key) headers on guardrail validation requests, omitting each when unset. - Add unit tests to verify presence/absence of the new headers on outgoing guardrails requests.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| packages/uipath/src/uipath/_cli/cli_run.py | Sets execution source for run before runtime construction. |
| packages/uipath/src/uipath/_cli/cli_eval.py | Sets execution source for eval before evaluation execution starts. |
| packages/uipath/src/uipath/_cli/cli_dev.py | Sets execution source for dev before launching the developer console/runtime. |
| packages/uipath/src/uipath/_cli/cli_debug.py | Sets execution source for debug before runtime/debug setup. |
| packages/uipath/src/uipath/_cli/_utils/_execution_source.py | New mapping logic from CLI command → execution source env var. |
| packages/uipath-platform/src/uipath/platform/guardrails/_guardrails_service.py | Adds execution source + job key headers to guardrails validate requests. |
| packages/uipath-platform/src/uipath/platform/common/constants.py | Introduces UIPATH_EXECUTION_SOURCE env var constant. |
| packages/uipath-platform/src/uipath/platform/common/_job_context.py | Adds header_execution_source() helper alongside existing job key header helper. |
| packages/uipath-platform/src/uipath/platform/common/_config.py | Exposes UiPathConfig.execution_source via the new env var. |
| packages/uipath-platform/tests/services/test_guardrails_service.py | Adds tests ensuring headers are present when set and omitted when unset. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ctiliescuuipath
approved these changes
Jun 23, 2026
apetraru-uipath
approved these changes
Jun 23, 2026
radu-mocanu
requested changes
Jun 24, 2026
radu-mocanu
left a comment
radu-mocanu
left a comment
Collaborator
There was a problem hiding this comment.
env vars are acceptable for process bootstrap/config coming from the outside world, but this PR uses an env var as an internal (same-process) message bus from the CLI layer to the platform client. this is not a clean design as it:
- makes the state global
- can t be scoped in async/concurrent eval runs
etc.
we should make this execution metadata part of runtimecontext and pass it through the existing context boundary, as currently done for for command/job/trace-related execution state.
A cleaner shape would be:
- map `command -> execution_source` when building `UiPathRuntimeContext`
- carry it as `runtime_context.execution_source`
- propagate it into `UiPathExecutionContext` / the platform client context
- have `GuardrailsService` read `self._execution_context.execution_source` when adding `x-uipath-guardrails-source`
radu-mocanu
reviewed
Jun 24, 2026
radu-mocanu
reviewed
Jun 25, 2026
Comment on lines
+15
to
+16
| Carries the source (e.g. ``runtime``/``playground``/``eval``) via a context | ||
| variable instead of a process-global env var, and releases it on exit so it |
Collaborator
There was a problem hiding this comment.
please remove the references to the old impl instead of a process-global env var
radu-mocanu
reviewed
Jun 25, 2026
|
|
||
| def __init__(self, execution_source: Optional[str]) -> None: | ||
| self._execution_source = execution_source | ||
| self._token: Optional[Token[Optional[str]]] = None |
Collaborator
There was a problem hiding this comment.
nit: let s use the new typing hints please
Suggested change
| self._token: Optional[Token[Optional[str]]] = None | |
| self._token: Token[str | None] | None = None |
valentinabojan
force-pushed
the
valentinabojan/guardrails-source-job-headers
branch
from
c5c093c to
7475d93
Compare
Guardrail validation calls now send the execution source (x-uipath-guardrails-source) and job key (x-uipath-jobkey) headers for licensing/metering correlation. The source is derived from the executing CLI command (run -> runtime, debug/dev -> playground, eval -> eval) on UiPathRuntimeContext.execution_source (uipath-runtime 0.11.4) and flows through the execution-context boundary: the CLI enters ExecutionSourceContext(ctx.execution_source) — a scoped ContextVar that releases its token on exit — UiPathExecutionContext.execution_source reads it, and GuardrailsService builds the header from self._execution_context.execution_source. This keeps the source correctly scoped for concurrent/eval runs and works for both coded and low-code agents. Job key comes from UiPathConfig.job_key; both headers are omitted when unset. Bumps uipath-platform to 0.1.78 and pins uipath-runtime>=0.11.4. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
valentinabojan
force-pushed
the
valentinabojan/guardrails-source-job-headers
branch
from
7475d93 to
ec20883
Compare
|
🚨 Heads up:
|
radu-mocanu
approved these changes
Jun 25, 2026
viswa-uipath
pushed a commit
that referenced
this pull request
Jun 26, 2026
Co-authored-by: Valentina Bojan <valentina.bojan@uipath.com> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Guardrail validation calls now send the execution source (
x-uipath-guardrails-source) and job key (x-uipath-jobkey) headers for licensing/metering correlation.The source is derived from the executing CLI command (
run→runtime,debug/dev→playground,eval→eval) onUiPathRuntimeContext.execution_source(added in uipath-runtime 0.11.4), and flows through the execution-context boundary rather than an env var: the CLI callsset_execution_source(ctx.execution_source), which sets aContextVarthatUiPathExecutionContext.execution_sourcereads, andGuardrailsServicebuilds the header fromself._execution_context.execution_source. This keeps the source correctly scoped for concurrent/eval runs and works for both coded and low-code agents, since both run through theuipathCLI. Job key continues to come fromUiPathConfig.job_key; both headers are omitted when unset.Requires
uipath-runtime>=0.11.4(companion PR: UiPath/uipath-runtime-python#132).🤖 Generated with Claude Code