feat(governance): delegation guard#125
Open
aditik0303 wants to merge 11 commits into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds an async-aware delegation depth guard for agents, ensuring delegation depth is enforced consistently across both sync (invoke) and async (ainvoke) call paths while avoiding per-agent ContextVar leaks.
Changes:
- Implement delegation guard that wraps both
invokeandainvoke, preserving coroutine-ness for async methods. - Track delegation depth via a single module-level
ContextVarkeyed byid(agent)and clean up entries on uninstall. - Add comprehensive tests covering sync/async behavior, lifecycle (install/uninstall), env overrides, and leak/regression scenarios.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| tests/test_delegation_guard.py | Adds test coverage for sync/async delegation depth enforcement, lifecycle semantics, env overrides, and ContextVar leak prevention. |
| src/uipath/runtime/governance/delegation_guard.py | Introduces the delegation guard implementation with async support, shared ContextVar tracking, and uninstall cleanup. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
a019ade to
6af3c9f
Compare
aditik0303
force-pushed
the
feat/governance-delegation-guard
branch
from
aeb0d94 to
0664ff6
Compare
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
6af3c9f to
f7cc79e
Compare
aditik0303
force-pushed
the
feat/governance-delegation-guard
branch
from
0664ff6 to
58c7baf
Compare
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
f7cc79e to
94cea5b
Compare
aditik0303
force-pushed
the
feat/governance-delegation-guard
branch
from
58c7baf to
20fe69c
Compare
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…eption) so flush() can't hang; use Status() object for set_status + update test Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…-platform - traces.py: _get_uipath_trace_id / _get_uipath_context read trace/org/ tenant/folder/job ids from the environment via runtime-local ENV_* constants instead of importing UiPathConfig. - test_traces_severity: import the reset helper from tests._helpers. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…not uipath-platform - guardrail_compensation.py: _resolve_trace_id reads the UIPATH_TRACE_ID env var via the runtime-local ENV_TRACE_ID constant instead of UiPathConfig; log messages no longer reference uipath-platform. - test_guardrail_compensation: import reset helper from tests._helpers; the trace-id fallback test pins UIPATH_TRACE_ID via monkeypatch. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
94cea5b to
ce18588
Compare
aditik0303
force-pushed
the
feat/governance-delegation-guard
branch
from
20fe69c to
d1d42d6
Compare
…ve_trace_id Restores the conversational trace-id binding fix. Native governance audit spans are exported under UIPATH_TRACE_ID (the platform rebinds spans to the agent's run trace), so the /govern compensation records must bind to that same id — not the live OTel span's id, which diverges in autonomous runs and is absent on the conversational hook thread. Resolve UIPATH_TRACE_ID first, then the live span, then the caller fallback. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… in rule + cross-rule aggregation; align vader threshold default to -0.3 (matches docstring/comment/else + YAML default); importorskip wrapper in text-extraction test Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… import - evaluator.py: inline `# type: ignore[import-untyped]` on the vaderSentiment import (replaces the removed [[tool.mypy.overrides]] entry; vaderSentiment ships no stubs). - test_evaluator / test_evaluator_operators: import reset helper from tests._helpers. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
aditik0303
force-pushed
the
feat/governance-evaluator
branch
from
ce18588 to
e186f5f
Compare
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ethod is actually patched; correct _resolve_max_depth docstring (install-time) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
aditik0303
force-pushed
the
feat/governance-delegation-guard
branch
from
d1d42d6 to
61e9ff7
Compare
viswa-uipath
force-pushed
the
feat/governance-evaluator
branch
from
e186f5f to
5812bbf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked PR 6/7 — part of splitting
feat/governance-coreinto reviewable slices. Base:feat/governance-evaluator. One logical slice (branch is cumulative so CI is green). Merge in order #1 → #7 and delete each branch on merge so the next PR auto-retargets ontofeat/agentic-governance.feat/governance-corekept untouched as backup.