feat: Governance runtime implementation#899
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a LangChain/LangGraph governance integration layer to uipath-langchain, wiring UiPath’s governance evaluator into LangChain callbacks and exposing registration via an entry point so uipath-runtime can discover the adapter.
Changes:
- Introduces a
LangChainAdapter+ governed proxy wrapper and a callback handler that callsEvaluatorProtocolhooks for model/tool events. - Adds governance adapter registration (
uipath.governance.adaptersentry point) with import-time idempotent self-registration. - Updates dependency/lock configuration to pull in updated
uipath-coreand a dev/test build ofuipath-runtime(currently with non-portable lockfile sources).
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
src/uipath_langchain/governance/adapter.py |
Implements the LangChain/LangGraph adapter, wrapper, and callback handler that triggers governance evaluations. |
src/uipath_langchain/governance/__init__.py |
Registers the governance adapter on import and exposes an entry-point registration function. |
pyproject.toml |
Adds governance adapter entry point; bumps uipath-core; pins uipath-runtime to a dev build and adds a uv TestPyPI source override. |
uv.lock |
Updates locked dependencies, but currently includes a machine-local Windows editable uipath-runtime source. |
7e335b2 to
8675ab9
Compare
7f54963 to
487db83
Compare
487db83 to
7bb7c33
Compare
radu-mocanu
left a comment
There was a problem hiding this comment.
please squash into 1 commit and rebase on top of main. make sure to bump the uipath-langchain version and regenerate the uv.lock
radu-mocanu
left a comment
There was a problem hiding this comment.
please fix #899 (comment) and remove the test pypi index from pyproject
6081d46 to
70041f9
Compare
70041f9 to
5d8124f
Compare
5d8124f to
a69aef1
Compare
| """ | ||
|
|
||
| run_inline: bool = True | ||
| raise_error: bool = False |
There was a problem hiding this comment.
This must be True for governance DENY to block execution. LangChain catches callback exceptions and only re-raises them when handler.raise_error is true, so with the current value a GovernanceBlockException raised by the evaluator is logged by LangChain and the model/tool call continues.
Please add a focused test that exercises LangChain callback dispatch, not only direct handler calls. Minimal shape:
from langchain_core.callbacks.manager import handle_event
handler = GovernanceCallbackHandler(evaluator, "agent", "session")
evaluator.evaluate_before_model.side_effect = GovernanceBlockException("blocked")
with pytest.raises(GovernanceBlockException):
handle_event([handler], "on_llm_start", "ignore_llm", {}, ["deny me"])The same behavior should hold for async callback dispatch as well.
There was a problem hiding this comment.
We are in audit mode now. We dont want to raise exceptions now. We will do it once we go with enforce mode . Post the private preview
There was a problem hiding this comment.
can we add a todo comment at least?
| "uipath>=2.11.14, <2.12.0", | ||
| "uipath-core>=0.5.20, <0.6.0", | ||
| "uipath-platform>=0.1.79, <0.2.0", | ||
| "uipath-core>=0.5.25, <0.6.0", |
There was a problem hiding this comment.
Please also bump the package version for this logic-changing PR. This adds runtime governance behavior to uipath-langchain, and these packages publish on merge, so keeping 0.13.12 makes the change ride an existing version.
There was a problem hiding this comment.
We have to keep this PR open till the runtime changes are merged and the version is released. Will update the version post that.
Add UiPath governance integration for the LangGraph runtime. - New `GovernanceCallbackHandler` bridges LangChain callbacks to `EvaluatorProtocol`, hooking BEFORE_MODEL / AFTER_MODEL / TOOL_CALL / AFTER_TOOL. Chain-level boundaries are owned by the governance host and skipped here (`ignore_chain = True`). - `UiPathLangGraphRuntimeFactory.new_runtime` accepts `evaluator` via `**kwargs` (matching `UiPathRuntimeFactoryProtocol`); when present, the factory builds the handler and wires it into the runtime's callback list. - Latest-message-only scan with content-block walker for multimodal / tool-use / extended-thinking shapes; 64KB text cap bounds scan time. - Tool-name lookup keyed by LangChain `run_id` so AFTER_TOOL evaluation reports the actual tool, with cleanup on block / error. - No import-time side effects, no adapter registry — registration happens through the factory's evaluator kwarg. Depends on uipath-python #1761 (drops `trace_id` from `EvaluatorProtocol.evaluate_*` methods) landing first or co-releasing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
a69aef1 to
79db4d9
Compare
|



Dependent on : UiPath/uipath-python#1761 for uipath-core package
Summary
Adds a LangChain / LangGraph governance adapter to
uipath-langchain. It lets UiPath governance evaluate what a LangChain chain or LangGraph agent does at the model and tool level, and block disallowed actions, without the agent author writing governance code. This package contains only the LangChain-specific bridge.What it does
Runnableand LangGraphCompiledStateGraphobjects and wraps them with a governance proxy.on_llm_start/on_chat_model_startBEFORE_MODELon_llm_endAFTER_MODELon_tool_startTOOL_CALLon_tool_endAFTER_TOOLGovernanceBlockException(raised on a DENY decision) propagate to stop the model call or tool. Any other error in the hook is logged and swallowed, so a governance failure cannot break an otherwise-healthy run.What it does not do
BEFORE_AGENT/AFTER_AGENT); those are owned by the governance host.Development Package
uipath pack --nolockto get the latest dev build from this PR (requires version range).