feat: Governance runtime implementation#899
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a LangChain/LangGraph governance integration layer to uipath-langchain, wiring UiPath’s governance evaluator into LangChain callbacks and exposing registration via an entry point so uipath-runtime can discover the adapter.
Changes:
- Introduces a
LangChainAdapter+ governed proxy wrapper and a callback handler that callsEvaluatorProtocolhooks for model/tool events. - Adds governance adapter registration (
uipath.governance.adaptersentry point) with import-time idempotent self-registration. - Updates dependency/lock configuration to pull in updated
uipath-coreand a dev/test build ofuipath-runtime(currently with non-portable lockfile sources).
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
src/uipath_langchain/governance/adapter.py |
Implements the LangChain/LangGraph adapter, wrapper, and callback handler that triggers governance evaluations. |
src/uipath_langchain/governance/__init__.py |
Registers the governance adapter on import and exposes an entry-point registration function. |
pyproject.toml |
Adds governance adapter entry point; bumps uipath-core; pins uipath-runtime to a dev build and adds a uv TestPyPI source override. |
uv.lock |
Updates locked dependencies, but currently includes a machine-local Windows editable uipath-runtime source. |
7e335b2 to
8675ab9
Compare
7f54963 to
487db83
Compare
487db83 to
7bb7c33
Compare
radu-mocanu
left a comment
There was a problem hiding this comment.
please squash into 1 commit and rebase on top of main. make sure to bump the uipath-langchain version and regenerate the uv.lock
radu-mocanu
left a comment
There was a problem hiding this comment.
please fix #899 (comment) and remove the test pypi index from pyproject
6081d46 to
70041f9
Compare
70041f9 to
5d8124f
Compare
5d8124f to
a69aef1
Compare
| """ | ||
|
|
||
| run_inline: bool = True | ||
| raise_error: bool = False |
There was a problem hiding this comment.
This must be True for governance DENY to block execution. LangChain catches callback exceptions and only re-raises them when handler.raise_error is true, so with the current value a GovernanceBlockException raised by the evaluator is logged by LangChain and the model/tool call continues.
Please add a focused test that exercises LangChain callback dispatch, not only direct handler calls. Minimal shape:
from langchain_core.callbacks.manager import handle_event
handler = GovernanceCallbackHandler(evaluator, "agent", "session")
evaluator.evaluate_before_model.side_effect = GovernanceBlockException("blocked")
with pytest.raises(GovernanceBlockException):
handle_event([handler], "on_llm_start", "ignore_llm", {}, ["deny me"])The same behavior should hold for async callback dispatch as well.
There was a problem hiding this comment.
We are in audit mode now. We dont want to raise exceptions now. We will do it once we go with enforce mode . Post the private preview
There was a problem hiding this comment.
can we add a todo comment at least?
a69aef1 to
79db4d9
Compare
ec8ec9c to
d3ef8a2
Compare
Add UiPath governance integration for the LangGraph runtime. - New `GovernanceCallbackHandler` bridges LangChain callbacks to `EvaluatorProtocol`, hooking BEFORE_MODEL / AFTER_MODEL / TOOL_CALL / AFTER_TOOL. Chain-level boundaries are owned by the governance host and skipped here (`ignore_chain = True`). - `UiPathLangGraphRuntimeFactory.new_runtime` accepts `evaluator` via `**kwargs` (matching `UiPathRuntimeFactoryProtocol`); when present, the factory builds the handler and wires it into the runtime's callback list. - Latest-message-only scan with content-block walker for multimodal / tool-use / extended-thinking shapes; 64KB text cap bounds scan time. - Tool-name lookup keyed by LangChain `run_id` so AFTER_TOOL evaluation reports the actual tool, with cleanup on block / error. - No import-time side effects, no adapter registry — registration happens through the factory's evaluator kwarg. Depends on uipath-python #1761 (drops `trace_id` from `EvaluatorProtocol.evaluate_*` methods) landing first or co-releasing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
d3ef8a2 to
80a3fff
Compare
|



Dependent on : UiPath/uipath-python#1761 for uipath-core package
Summary
Adds a LangChain / LangGraph governance adapter to
uipath-langchain. It lets UiPath governance evaluate what a LangChain chain or LangGraph agent does at the model and tool level, and block disallowed actions, without the agent author writing governance code. This package contains only the LangChain-specific bridge.What it does
Runnableand LangGraphCompiledStateGraphobjects and wraps them with a governance proxy.on_llm_start/on_chat_model_startBEFORE_MODELon_llm_endAFTER_MODELon_tool_startTOOL_CALLon_tool_endAFTER_TOOLGovernanceBlockException(raised on a DENY decision) propagate to stop the model call or tool. Any other error in the hook is logged and swallowed, so a governance failure cannot break an otherwise-healthy run.What it does not do
BEFORE_AGENT/AFTER_AGENT); those are owned by the governance host.Development Package
uipath pack --nolockto get the latest dev build from this PR (requires version range).