Skip to content

feat: Governance runtime implementation#899

Open
viswa-uipath wants to merge 1 commit into
mainfrom
feat/governance
Open

feat: Governance runtime implementation#899
viswa-uipath wants to merge 1 commit into
mainfrom
feat/governance

Conversation

@viswa-uipath

@viswa-uipath viswa-uipath commented Jun 9, 2026

Copy link
Copy Markdown

Dependent on : UiPath/uipath-python#1761 for uipath-core package

Summary

Adds a LangChain / LangGraph governance adapter to uipath-langchain. It lets UiPath governance evaluate what a LangChain chain or LangGraph agent does at the model and tool level, and block disallowed actions, without the agent author writing governance code. This package contains only the LangChain-specific bridge.

What it does

  • Detects LangChain Runnable and LangGraph CompiledStateGraph objects and wraps them with a governance proxy.
  • Hooks the model and tool lifecycle via LangChain's callback system and maps each event to a governance check:
    LangChain event Governance hook
    on_llm_start / on_chat_model_start BEFORE_MODEL
    on_llm_end AFTER_MODEL
    on_tool_start TOOL_CALL
    on_tool_end AFTER_TOOL
  • Enforces by letting a GovernanceBlockException (raised on a DENY decision) propagate to stop the model call or tool. Any other error in the hook is logged and swallowed, so a governance failure cannot break an otherwise-healthy run.

What it does not do

  • Does not fire agent-level boundaries (BEFORE_AGENT / AFTER_AGENT); those are owned by the governance host.
  • Does not depend on platform, auth, transport, or runtime internals — only on the shared governance contracts.

Development Package

  • Use uipath pack --nolock to get the latest dev build from this PR (requires version range).
  • Add this package as a dependency in your pyproject.toml:
[project]
dependencies = [
  # Exact version:
  "uipath-langchain==0.13.13.dev1008995099",

  # Any version from PR
  "uipath-langchain>=0.13.13.dev1008990000,<0.13.13.dev1009000000"
]

[[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
publish-url = "https://test.pypi.org/legacy/"
explicit = true

[tool.uv.sources]
uipath-langchain = { index = "testpypi" }

[tool.uv]
override-dependencies = [
    "uipath-langchain>=0.13.13.dev1008990000,<0.13.13.dev1009000000",
]

Copilot AI review requested due to automatic review settings June 9, 2026 13:53

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a LangChain/LangGraph governance integration layer to uipath-langchain, wiring UiPath’s governance evaluator into LangChain callbacks and exposing registration via an entry point so uipath-runtime can discover the adapter.

Changes:

  • Introduces a LangChainAdapter + governed proxy wrapper and a callback handler that calls EvaluatorProtocol hooks for model/tool events.
  • Adds governance adapter registration (uipath.governance.adapters entry point) with import-time idempotent self-registration.
  • Updates dependency/lock configuration to pull in updated uipath-core and a dev/test build of uipath-runtime (currently with non-portable lockfile sources).

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 9 comments.

File Description
src/uipath_langchain/governance/adapter.py Implements the LangChain/LangGraph adapter, wrapper, and callback handler that triggers governance evaluations.
src/uipath_langchain/governance/__init__.py Registers the governance adapter on import and exposes an entry-point registration function.
pyproject.toml Adds governance adapter entry point; bumps uipath-core; pins uipath-runtime to a dev build and adds a uv TestPyPI source override.
uv.lock Updates locked dependencies, but currently includes a machine-local Windows editable uipath-runtime source.

Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/callbacks.py
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread pyproject.toml Outdated
Comment thread pyproject.toml Outdated
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/__init__.py Outdated
Comment thread src/uipath_langchain/governance/callbacks.py
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/adapter.py Outdated
Comment thread src/uipath_langchain/governance/callbacks.py

@radu-mocanu radu-mocanu left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please squash into 1 commit and rebase on top of main. make sure to bump the uipath-langchain version and regenerate the uv.lock

@viswa-uipath viswa-uipath requested a review from radu-mocanu June 25, 2026 03:08
Comment thread src/uipath_langchain/runtime/factory.py Outdated

@radu-mocanu radu-mocanu left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fix #899 (comment) and remove the test pypi index from pyproject

@viswa-uipath viswa-uipath force-pushed the feat/governance branch 2 times, most recently from 6081d46 to 70041f9 Compare June 27, 2026 12:28
"""

run_inline: bool = True
raise_error: bool = False

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This must be True for governance DENY to block execution. LangChain catches callback exceptions and only re-raises them when handler.raise_error is true, so with the current value a GovernanceBlockException raised by the evaluator is logged by LangChain and the model/tool call continues.

Please add a focused test that exercises LangChain callback dispatch, not only direct handler calls. Minimal shape:

from langchain_core.callbacks.manager import handle_event

handler = GovernanceCallbackHandler(evaluator, "agent", "session")
evaluator.evaluate_before_model.side_effect = GovernanceBlockException("blocked")

with pytest.raises(GovernanceBlockException):
    handle_event([handler], "on_llm_start", "ignore_llm", {}, ["deny me"])

The same behavior should hold for async callback dispatch as well.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are in audit mode now. We dont want to raise exceptions now. We will do it once we go with enforce mode . Post the private preview

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add a todo comment at least?

Comment thread pyproject.toml
"uipath>=2.11.14, <2.12.0",
"uipath-core>=0.5.20, <0.6.0",
"uipath-platform>=0.1.79, <0.2.0",
"uipath-core>=0.5.25, <0.6.0",

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also bump the package version for this logic-changing PR. This adds runtime governance behavior to uipath-langchain, and these packages publish on merge, so keeping 0.13.12 makes the change ride an existing version.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have to keep this PR open till the runtime changes are merged and the version is released. Will update the version post that.

@viswa-uipath viswa-uipath requested a review from radu-mocanu June 30, 2026 08:22
Comment thread src/uipath_langchain/governance/callbacks.py Outdated
Add UiPath governance integration for the LangGraph runtime.

- New `GovernanceCallbackHandler` bridges LangChain callbacks to
  `EvaluatorProtocol`, hooking BEFORE_MODEL / AFTER_MODEL / TOOL_CALL /
  AFTER_TOOL. Chain-level boundaries are owned by the governance host
  and skipped here (`ignore_chain = True`).
- `UiPathLangGraphRuntimeFactory.new_runtime` accepts `evaluator` via
  `**kwargs` (matching `UiPathRuntimeFactoryProtocol`); when present,
  the factory builds the handler and wires it into the runtime's
  callback list.
- Latest-message-only scan with content-block walker for multimodal /
  tool-use / extended-thinking shapes; 64KB text cap bounds scan time.
- Tool-name lookup keyed by LangChain `run_id` so AFTER_TOOL evaluation
  reports the actual tool, with cleanup on block / error.
- No import-time side effects, no adapter registry — registration
  happens through the factory's evaluator kwarg.

Depends on uipath-python #1761 (drops `trace_id` from
`EvaluatorProtocol.evaluate_*` methods) landing first or co-releasing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sonarqubecloud

Copy link
Copy Markdown

@viswa-uipath viswa-uipath requested a review from radu-mocanu June 30, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants