feat(governance): OpenAI Agents adapter#358
Open
aditik0303 wants to merge 5 commits into
Open
Conversation
Installs governance on each agent's AgentHooks (on_llm_start/end -> BEFORE/AFTER_MODEL, on_tool_start/end -> TOOL_CALL/AFTER_TOOL), chaining any existing hooks and walking the handoffs graph. Self-registers via the uipath.governance.adapters entry point; unit-tested and verified firing through the framework's real execution path. BEFORE/AFTER_AGENT remain owned by the uipath-runtime wrapper. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…, framework-only can_handle) Mirror radu's LangChain-adapter review across the OpenAI Agents adapter: - __init__: drop the import-time register_governance_adapter() side-effect; registration happens only via the uipath.governance.adapters entry-point discovery path. - can_handle: claim only a real agents.Agent; remove the broad duck-typed (name/hooks/tools) fallback. - docstring/comments: refer to the generic 'governance host', not uipath-runtime internals. - tests: can_handle uses a real Agent; a duck-typed look-alike is now rejected. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds an OpenAI Agents governance adapter to uipath-openai-agents, wired via entry-point discovery, along with a dedicated test suite to validate hook extraction, chaining, and enforcement behavior.
Changes:
- Introduces
OpenAIAgentsAdapter+GovernanceAgentHooksto govern OpenAI Agents SDK runs viaAgentHookscallbacks. - Adds governance adapter registration via
uipath.governance.adaptersentry point (no import-time registry mutation). - Adds unit tests covering
can_handle, attach/detach semantics, hook payload extraction, delegation, and exception handling.
Reviewed changes
Copilot reviewed 4 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/uipath-openai-agents/uv.lock | Adds uipath-core to the locked dependency set for governance contracts/protocols. |
| packages/uipath-openai-agents/tests/governance/test_adapter.py | New unit tests for adapter behavior, hook extraction, chaining, and enforcement semantics. |
| packages/uipath-openai-agents/tests/governance/init.py | Establishes the governance tests package. |
| packages/uipath-openai-agents/src/uipath_openai_agents/governance/adapter.py | Implements the OpenAI Agents governance adapter and hook plumbing. |
| packages/uipath-openai-agents/src/uipath_openai_agents/governance/init.py | Provides explicit, idempotent adapter registration function for entry-point discovery. |
| packages/uipath-openai-agents/pyproject.toml | Adds uipath-core dependency and registers the governance adapter entry point. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Module docstring: registers via the uipath.governance.adapters entry point, not at import time. - Text-cap comment: refer to the governance host, not the uipath-runtime wrapper constant. - _iter_agents docstring: drop the stale 'duck-typed so Agent need not be importable' claim (the module imports agents.Agent). - Test docstring: note can_handle uses a real agents.Agent; only payload shapes are faked. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
These files were swept into the branch by a broad add; they are unrelated to the governance adapter. Reverting/removing them so the PR contains only governance changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
An earlier cleanup commit compared against a stale local main and wrongly removed SETUP.MD and reverted the LlamaIndex docs change. Both files come from main (PRs #352/#356), not this branch. Restore them to the main version so this PR is governance-only with no spurious deletions. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an OpenAI Agents SDK governance adapter to
uipath-openai-agents. It lets UiPath governance evaluate what an OpenAIAgentdoes at the model and tool level, and block disallowed actions, without the agent author writing governance code. This package contains only the OpenAI-Agents-specific bridge.What it does
Detects an OpenAI
agents.Agent(can_handleclaims only realAgentinstances) and installs governance on each agent in the tree by setting its nativehooksattribute (anagents.AgentHooks), chaining any pre-existing hooks.Maps each hook on the agent lifecycle to a governance check:
on_llm_startBEFORE_MODELon_llm_endAFTER_MODELon_tool_startTOOL_CALLon_tool_endAFTER_TOOLEnforces by letting a
GovernanceBlockException(raised on a DENY decision) propagate, stopping the model call or tool. Any other error inside a governance hook is logged and swallowed, so a governance failure cannot break an otherwise-healthy agent run.Discovered through the
uipath.governance.adaptersentry point, so no explicit import is needed to register it.What it does not do
BEFORE_AGENT/AFTER_AGENT); those are owned by the governance host.uipath-core.