feat(governance): in-runtime policy evaluator + native exports#124
Merged
viswa-uipath merged 4 commits intoJun 26, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces a native (in-process) governance policy evaluator implementation and adds a comprehensive test suite validating enforcement modes, operator behavior, and key governance detectors (including incident taxonomy and commitment language detection). It also exposes the native evaluator and models via uipath.runtime.governance.native for downstream consumption.
Changes:
- Add
GovernanceEvaluatorimplementation with operator support, audit emission, and guardrail-compensation dispatching. - Add new tests covering evaluator enforcement/audit behavior, operator semantics, and commitment-language/incident detection.
- Export native evaluator and policy-model symbols from
uipath.runtime.governance.native.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/test_text_extraction.py | Adds tests for governable-text extraction used by the governance wrapper. |
| tests/test_evaluator.py | Adds tests for evaluator enforcement modes and audit/exception behavior. |
| tests/test_evaluator_operators.py | Adds tests for operator semantics, field resolution, and evaluate_* dispatcher context building. |
| tests/test_commitment_concern.py | Adds tests for updated commitment-language detection behavior. |
| src/uipath/runtime/governance/native/evaluator.py | Adds the native governance evaluator implementation and detector/operator logic. |
| src/uipath/runtime/governance/native/init.py | Exposes the evaluator + native policy model + loader APIs via package exports. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aditik0303
force-pushed
the
feat/governance-guardrail-compensation
branch
from
8812695 to
2da1f67
Compare
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
a019ade to
6af3c9f
Compare
aditik0303
force-pushed
the
feat/governance-guardrail-compensation
branch
from
2da1f67 to
5b119ac
Compare
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
6af3c9f to
f7cc79e
Compare
aditik0303
force-pushed
the
feat/governance-guardrail-compensation
branch
from
5b119ac to
2154aba
Compare
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
f7cc79e to
94cea5b
Compare
aditik0303
force-pushed
the
feat/governance-guardrail-compensation
branch
from
2154aba to
1f7bdad
Compare
aditik0303
force-pushed
the
feat/governance-evaluator
branch
2 times, most recently
from
ce18588 to
e186f5f
Compare
viswa-uipath
force-pushed
the
feat/governance-guardrail-compensation
branch
2 times, most recently
from
0e9ad5b to
470533e
Compare
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… in rule + cross-rule aggregation; align vader threshold default to -0.3 (matches docstring/comment/else + YAML default); importorskip wrapper in text-extraction test Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… import - evaluator.py: inline `# type: ignore[import-untyped]` on the vaderSentiment import (replaces the removed [[tool.mypy.overrides]] entry; vaderSentiment ships no stubs). - test_evaluator / test_evaluator_operators: import reset helper from tests._helpers. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…orts Closes radu's recurring boundary objection for the evaluator slice and makes the post-rebase stack actually import. The evaluator was the last place where everything PR #121-#123 instance-scoped collapsed back to process globals. Architectural - GovernanceEvaluator gains constructor injection: GovernanceEvaluator(policy_index, *, enforcement_mode=AUDIT, audit_manager=None, compensator=None) - Drop get_audit_manager() / get_enforcement_mode() / submit_compensation free-function lookups. The evaluator now consults zero process-globals on the hot path. - mode property is read-only (drop the setter); no two-writer race between the loader and evaluator. - audit_manager=None and compensator=None short-circuit cleanly so tests + minimal wirings work without injecting every dep. - Drop unused is_enforce_mode() public method (dead code; no caller in src/ or tests/). Post-rebase plumbing - _dispatch_compensation uses self._compensator.submit(...) instead of the deleted free function; reads r.validator (Pydantic attribute) instead of the old r["validator"] TypedDict access. - _emit_audit passes policy_id (PR #122 trace-contract field, was rule_id) and enforcement_mode=mode enum (PR #122 required arg). - Import EnforcementMode from uipath.core.governance (governance.config deleted in PR #121); import AuditManager from _audit.base (audit/ is _audit/ post-PR-#122). native/__init__.py - Drop the four module-level loader-function re-exports (get_policy_index / load_policy_index / prefetch_policy_index / reset_policy_index) — all deleted in PR #121's PolicyLoader refactor. - Export PolicyLoader instead. Tests - test_evaluator: full rewrite. Drop deleted-import paths (tests._helpers.reset_enforcement_mode, governance.config). Replace the global-manager fixture with a per-test AuditManager that uses register_default_sinks=False + a capturing sink. Every GovernanceEvaluator() call routes through a _build_evaluator helper with explicit mode + manager. New test_no_audit_manager_short_circuits replaces the previous test that mocked the global to raise. - test_evaluator_operators: drop the autouse mode-isolating fixture (no globals to isolate); DISABLED-mode test passes enforcement_mode=EnforcementMode.DISABLED via constructor. - test_guardrail_compensation: rebase-conflict resolution dropped the stale incoming-side imports (Action/LifecycleHook, backend_client, unguarded GovernanceEvaluator) since none of them are referenced in the rest of the file. 357 passed, 1 skipped (pre-existing wrapper skip). Ruff clean. Mypy clean (11 source files). Bandit shows only the pre-existing B101 in _yaml_to_index.py (out of scope). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
viswa-uipath
force-pushed
the
feat/governance-evaluator
branch
from
e186f5f to
5812bbf
Compare
viswa-uipath
added a commit
that referenced
this pull request
Jun 25, 2026
Closes architecture-review §2.3 — the delegation guard monkey-patched agent ``invoke``/``ainvoke`` methods in place via ``setattr``, naming no framework but mutating framework-owned objects through their private shapes. Fragile, depends on agent internals, and the runtime layer shouldn't be reaching into objects it didn't construct. Correct seam is the framework callback handler, which already receives ``parent_run_id`` on every callback and can derive delegation depth from the run tree without touching the agent. That work lives on the LangChain side (uipath-langchain-python PR #899, which is done) — so the runtime-side module is dead weight. Deletions - src/uipath/runtime/governance/delegation_guard.py (265 LOC) — ``install_delegation_guard`` / ``uninstall_delegation_guard``, the per-agent ContextVar depth tracking, the setattr-based wrap. - tests/test_delegation_guard.py (320 LOC) — the entire test suite for the deleted module. Verification - Monorepo grep for ``delegation_guard``, ``install_delegation_guard``, ``uninstall_delegation_guard``, ``ASI-02``, ``Excessive Agency``, and ``UIPATH_GOVERNANCE_MAX_DELEGATION_DEPTH``: zero hits outside the deleted files. The module was self-contained. - ruff clean, mypy clean (11 source files), 357 passed + 1 skipped (pre-existing wrapper skip). Net diff: −585 LOC. After this PR's rebase onto #124, the branch contains only deletions on top of the evaluator slice. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
viswa-uipath
added a commit
that referenced
this pull request
Jun 25, 2026
…Runtime Closes architecture-review §2.1 + §2.2 — the UiPathWrappedRuntimeFactory bolted governance onto the generic runtime-factory registry (apply_wrappers=True turned every registered factory into a different type, breaking isinstance checks), and the second GovernanceRuntime in governance/wrapper.py reached into delegate._agent_definition / framework-specific private attrs through a 10-level walk to install framework-blind callbacks. Both patterns the doc unambiguously says to delete. Composition belongs in the host's decorator chain, FF-gated, where UiPathResumableRuntime already wraps the framework runtime; this PR's wrapper machinery was an end-run around that. Deletions - src/uipath/runtime/governance/wrapper.py (1002 LOC) — the second GovernanceRuntime with _AGENT_ATTRS / _replace_agent_in_delegate / model-context-var introspection. - src/uipath/runtime/wrapper.py (55 LOC) — the lazy-import dispatch shim that called the deleted governance_wrapper. - tests/test_dispose_isolation.py, tests/test_wrapper.py, tests/test_wrapper_internals.py (~650 LOC combined) — entire test suites for the deleted modules. Updates - src/uipath/runtime/registry.py — UiPathWrappedRuntimeFactory class and the apply_wrappers kwarg removed from get(). The registry returns the registered factory unchanged; cross-cutting concerns (governance, audit, …) are composed by the host into the decorator chain, not auto-applied here. - src/uipath/runtime/__init__.py — drop GOVERNANCE_FEATURE_FLAG / apply_governance_wrapper exports. - tests/test_registry.py — strip every apply_wrappers=False kwarg (the kwarg is gone) and drop the wrapping-behaviour section + its fixtures. Conflict resolution The rebase onto #125's tip replayed the upstream e186f5f commit (a cosmetic helper-import touch) into three test files that my PR #122/#123/#124 refactors had already rewritten end-to-end. HEAD-side resolution kept the refactored form in test_evaluator.py, test_evaluator_operators.py, test_guardrail_compensation.py — the incoming side referenced symbols (governance.audit, governance.config, tests._helpers.reset_enforcement_mode) that the post-rebase stack no longer ships. Verification - Monorepo grep for UiPathWrappedRuntimeFactory, apply_wrappers, apply_governance_wrapper, governance_wrapper, and the deleted module import paths: zero hits. - ruff clean, mypy clean (45 source files), 357 passed + 1 skipped. Net diff on top of #125's tip: −2005 / +38 LOC = −1967 net. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
6 tasks
viswa-uipath
merged commit 34113da
into
feat/governance-guardrail-compensation
80 of 84 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked PR 5/7 — part of splitting
feat/governance-coreinto reviewable slices. Base:feat/governance-guardrail-compensation. One logical slice (branch is cumulative so CI is green). Merge in order #1 → #7 and delete each branch on merge so the next PR auto-retargets ontofeat/agentic-governance.feat/governance-corekept untouched as backup.