Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(py-gov-compliance): log optional-dep ImportError fallbacks at DEBUG#2186

Merged
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-gov-compliance-init-log-imports
May 12, 2026
Merged

fix(py-gov-compliance): log optional-dep ImportError fallbacks at DEBUG#2186
imran-siddique merged 1 commit into
microsoft:mainfrom
aegis-initiative:fix/py-gov-compliance-init-log-imports

Conversation

@finnoybu

Copy link
Copy Markdown
Contributor

Summary

agent_compliance/__init__.py wrapped the agent_os and agentmesh re-exports in:

try:
    from agent_os import StatelessKernel, ExecutionContext
except ImportError:
    pass

try:
    from agentmesh import TrustManager
except ImportError:
    pass

The intent — letting the package import without companion packages installed — is correct. But the bare pass left no breadcrumb: operators wondering why StatelessKernel was missing at runtime had to grep the source to find that an import had been silently swallowed. "Not installed," "broken install," and "wrong extras" all looked identical from outside.

Change

Replaces each pass with a _logger.debug(...) line that records the missing symbol and the original ImportError message:

_logger.debug(
    "agent_compliance: optional dependency 'agent_os' not importable "
    "(StatelessKernel, ExecutionContext unavailable): %s",
    exc,
)

Default logging stays quiet (WARNING and above are silent). Opting in via logging.getLogger("agent_compliance").setLevel(logging.DEBUG) surfaces the cause without touching default-config callers — exactly the failure mode the bullet flagged.

Tests

New tests/test_init_imports.py uses a __builtins__.__import__ monkeypatch to force ImportError on either or both optional deps and reimports agent_compliance from scratch:

Test Pins
test_missing_agent_os_logs_at_debug DEBUG line emitted, includes the original ImportError text
test_missing_agentmesh_logs_at_debug Same contract for the second optional dep
test_default_log_level_stays_quiet No WARNING+ records — fallback isn't noisy by default
test_import_still_succeeds_without_optional_deps PromptDefenseEvaluator, SupplyChainGuard still importable
$ PYTHONPATH=src python -m pytest tests/test_init_imports.py -q
4 passed in 0.47s

Full agent-compliance suite (excluding a pre-existing unrelated test_red_team_cli failure): 452 passed, 2 skipped.

Test plan

  • CI passes
  • All four test_init_imports.py cases pass
  • Existing agent_compliance import works when both agent_os and agentmesh are absent (the original behaviour)
  • logging.getLogger("agent_compliance").setLevel(logging.DEBUG) surfaces the new breadcrumbs

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Python Governance].

agent_compliance/__init__.py wrapped the agent_os and agentmesh
re-exports in `try/except ImportError: pass`. The intent — let the
package import without the companion packages installed — is correct,
but `pass` left no breadcrumb. Operators wondering why
StatelessKernel was missing had to grep the source to find that an
import had been silently swallowed; "not installed", "broken install",
and "wrong extras" all looked identical from outside.

Replaces the bare `pass` with a `logger.debug(...)` line that records
the missing symbol and the original ImportError message. Default
logging stays quiet (the messages only emit at DEBUG); opting in via
`logging.getLogger("agent_compliance").setLevel(logging.DEBUG)`
surfaces the cause without touching default-config callers.

Verified: PYTHONPATH=src python -m pytest tests/test_init_imports.py
-q -> 4 passed (forced-ImportError fixture covers both fallbacks +
the silence-at-WARNING + the "import still works" contracts).
Full agent-compliance suite (excluding the pre-existing unrelated
test_red_team_cli failure): 452 passed.
@github-actions github-actions Bot added tests size/M Medium PR (< 200 lines) and removed tests labels May 12, 2026
@github-actions

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

No breaking changes detected.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: test-generator — `agent_compliance/__init__.py`

agent_compliance/__init__.py

  • test_missing_agent_os_logs_at_debug -- verifies that missing agent_os logs a DEBUG message with the original ImportError.
  • test_missing_agentmesh_logs_at_debug -- checks that missing agentmesh logs a DEBUG message with the original ImportError.
  • test_default_log_level_stays_quiet -- ensures no logs are emitted at WARNING level when optional dependencies are missing.
  • test_import_still_succeeds_without_optional_deps -- confirms that core exports remain available when both optional dependencies are absent.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

TL;DR: 0 blockers, 0 warnings. No issues found. Clean change.

@github-actions

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • __init__.py in agent_compliance -- missing docstring for the new logging behavior
  • README.md -- section on optional dependencies needs update
  • CHANGELOG.md -- missing entry for behavioral change regarding logging of ImportErrors for optional dependencies

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential NONE
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label May 12, 2026
@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ✅ Passed No issues found
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Passed No issues found
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ✅ Ready for human review

@imran-siddique imran-siddique merged commit 9e9a5f5 into microsoft:main May 12, 2026
13 of 14 checks passed
MohammadHaroonAbuomar pushed a commit to MohammadHaroonAbuomar/agt-acs that referenced this pull request Jun 1, 2026
…UG (microsoft#2186)

agent_compliance/__init__.py wrapped the agent_os and agentmesh
re-exports in `try/except ImportError: pass`. The intent — let the
package import without the companion packages installed — is correct,
but `pass` left no breadcrumb. Operators wondering why
StatelessKernel was missing had to grep the source to find that an
import had been silently swallowed; "not installed", "broken install",
and "wrong extras" all looked identical from outside.

Replaces the bare `pass` with a `logger.debug(...)` line that records
the missing symbol and the original ImportError message. Default
logging stays quiet (the messages only emit at DEBUG); opting in via
`logging.getLogger("agent_compliance").setLevel(logging.DEBUG)`
surfaces the cause without touching default-config callers.

Verified: PYTHONPATH=src python -m pytest tests/test_init_imports.py
-q -> 4 passed (forced-ImportError fixture covers both fallbacks +
the silence-at-WARNING + the "import still works" contracts).
Full agent-compliance suite (excluding the pre-existing unrelated
test_red_team_cli failure): 452 passed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk size/M Medium PR (< 200 lines)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants