refactor(governance): instance-scope enforcement mode on PolicyLoader

Addresses radu's follow-up on PR #121 (discussion r3465934815):
the enforcement mode was still process-level scoped via
config._state, defeating the point of the loader instance-scoping
when uipath eval runs parallel runtimes with mixed-mode policies.

- PolicyLoader now owns _enforcement_mode and exposes it via the
  enforcement_mode property (defaults to AUDIT when no provider
  response has supplied a mode)
- _load_from_provider writes the instance field instead of calling
  the global set_enforcement_mode
- config.py deleted entirely: _state / _EnforcementModeState /
  get_enforcement_mode / set_enforcement_mode are gone. No
  production consumers outside the loader; canonical EnforcementMode
  lives in uipath.core.governance

Tests:
- _helpers.reset_enforcement_mode dropped (no global to reset)
- test_enforcement_mode_default rewritten around
  PolicyLoader.enforcement_mode; new
  test_two_loaders_carry_independent_enforcement_modes pins the
  cross-instance isolation invariant
- test_governance_runtime / test_loader drop the reset fixture and
  the get/set imports; mode-persistence test exercises two
  consecutive loads on a single loader

188 passed, ruff/mypy/bandit clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: viswa-uipath

src/uipath/runtime/governance/config.py

@@ -22,9 +22,12 @@
 from collections import Counter
 
 import yaml
-from uipath.core.governance import GovernancePolicyProvider, PolicyContext
+from uipath.core.governance import (
+    EnforcementMode,
+    GovernancePolicyProvider,
+    PolicyContext,
+)
 
-from uipath.runtime.governance.config import set_enforcement_mode
 from uipath.runtime.governance.native._yaml_to_index import build_policy_index_from_yaml
 from uipath.runtime.governance.native.models import PolicyIndex
 
@@ -75,6 +78,12 @@ def __init__(
         self._provider = provider
         self._is_conversational = is_conversational
         self._policy_index: PolicyIndex | None = None
+        # Enforcement mode supplied by the provider on the most recent
+        # load. ``None`` until the first load lands (or whenever the
+        # provider omits a mode); :attr:`enforcement_mode` returns
+        # ``AUDIT`` in that case. Instance-scoped so parallel runtimes
+        # (e.g. ``uipath eval``) don't clobber each other.
+        self._enforcement_mode: EnforcementMode | None = None
         # ``_prefetch_event`` is set once the background load finishes
         # (success OR failure); callers of ``get_policy_index`` wait on
         # it. ``_prefetch_lock`` guards the start-once semantics so
@@ -244,7 +253,7 @@ def _load_from_provider(
             return None
 
         if response.mode is not None:
-            set_enforcement_mode(response.mode)
+            self._enforcement_mode = response.mode
             logger.info("Enforcement mode set from provider: %s", response.mode.value)
 
         if not response.policies:
@@ -292,6 +301,24 @@ def _log_index_summary(self, index: PolicyIndex) -> None:
             dict(hook_counts),
         )
 
+    @property
+    def enforcement_mode(self) -> EnforcementMode:
+        """Active enforcement mode for this loader.
+
+        The canonical source is whatever the policy provider supplied on
+        the most recent load. Until that load lands (or if the provider
+        omits a mode), the default is :attr:`EnforcementMode.AUDIT` —
+        evaluate and log without blocking. Defaulting to AUDIT avoids
+        the chicken-and-egg where a DISABLED default would short-circuit
+        evaluation before the background load could ever opt the tenant
+        in.
+        """
+        return (
+            self._enforcement_mode
+            if self._enforcement_mode is not None
+            else EnforcementMode.AUDIT
+        )
+
     @property
     def available_packs(self) -> list[str]:
         """Pack names from the currently loaded policy index.

src/uipath/runtime/governance/native/loader.py

@@ -1,8 +1,11 @@
 """Shared test-only helpers.
 
-Keeps test concerns out of the production governance package: per-test
-isolation utilities and shared stubs live here rather than inside the
-production modules.
+Keeps test concerns out of the production governance package: shared
+stubs live here rather than inside the production modules.
+
+The enforcement-mode reset helper is gone because the mode is now
+instance-scoped on :class:`PolicyLoader` — tests that want a clean
+slate just construct a fresh loader instead of touching a global.
 """
 
 from __future__ import annotations
@@ -11,17 +14,6 @@
 
 from uipath.core.governance import PolicyContext, PolicyResponse
 
-from uipath.runtime.governance import config
-
-
-def reset_enforcement_mode() -> None:
-    """Clear the process-wide enforcement mode so the AUDIT default re-applies.
-
-    Test isolation only — production code never resets the mode; the policy
-    loader sets it from the provider-supplied :class:`PolicyResponse`.
-    """
-    config._state.mode = None
-
 
 class StubPolicyProvider:
     """Minimal in-memory :class:`GovernancePolicyProvider` for tests.

tests/_helpers.py

@@ -19,8 +19,7 @@ def temp_dir() -> Generator[str, None, None]:
         yield tmp_dir
 
 
-# The loader no longer keeps provider / selector at module scope —
-# state is owned by each :class:`PolicyLoader` instance — so no
-# autouse cross-test reset is needed. Tests that share enforcement
-# mode call :func:`reset_enforcement_mode` from ``tests._helpers``
-# directly.
+# Governance state — provider, conversational selector, policy cache,
+# enforcement mode — is owned by each :class:`PolicyLoader` instance,
+# so no autouse cross-test reset is needed. Tests that want a clean
+# slate just construct a fresh loader.

tests/conftest.py

@@ -1,60 +1,114 @@
-"""Tests for the default enforcement-mode resolution.
+"""Tests for the default enforcement-mode resolution on :class:`PolicyLoader`.
 
 The default is :attr:`EnforcementMode.AUDIT` so the wrapper attaches at
 runtime construction and the background policy load can run. If the
-provider later returns ``disabled``, ``set_enforcement_mode`` flips
-the mode and ``evaluate()`` short-circuits per-call.
+provider later returns ``disabled``, the loader records it and
+:attr:`enforcement_mode` flips.
 
-Resolution (per :func:`get_enforcement_mode`):
-1. The provider-supplied value applied via ``set_enforcement_mode`` by
-   the policy loader.
-2. Default ``AUDIT``.
+Resolution (per :attr:`PolicyLoader.enforcement_mode`):
+1. The provider-supplied value on the most recent load.
+2. Default :attr:`EnforcementMode.AUDIT`.
 """
 
 from __future__ import annotations
 
-import pytest
+from uipath.core.governance import EnforcementMode, PolicyResponse
 
-from tests._helpers import reset_enforcement_mode
-from uipath.runtime.governance.config import (
-    EnforcementMode,
-    get_enforcement_mode,
-    set_enforcement_mode,
-)
-
-
-@pytest.fixture(autouse=True)
-def _isolate_mode():
-    """Each test starts from a clean module-state slate."""
-    reset_enforcement_mode()
-    yield
-    reset_enforcement_mode()
+from tests._helpers import StubPolicyProvider
+from uipath.runtime.governance.native.loader import PolicyLoader
 
 
 def test_default_mode_is_audit() -> None:
-    """No backend-supplied mode → AUDIT.
+    """No provider-supplied mode yet → AUDIT.
 
     AUDIT is the default so the wrapper attaches and the background
     policy fetch can run. The backend can flip the mode to DISABLED
     on fetch when the tenant has no policies.
     """
-    assert get_enforcement_mode() is EnforcementMode.AUDIT
-
-
-def test_backend_disabled_wins_over_default() -> None:
-    """The backend mode (via ``set_enforcement_mode``) overrides the default."""
-    set_enforcement_mode(EnforcementMode.DISABLED)
-    assert get_enforcement_mode() is EnforcementMode.DISABLED
-
-
-def test_backend_enforce_wins_over_default() -> None:
-    set_enforcement_mode(EnforcementMode.ENFORCE)
-    assert get_enforcement_mode() is EnforcementMode.ENFORCE
-
-
-def test_reset_returns_to_default() -> None:
-    """``reset_enforcement_mode`` clears the mode so the default re-applies."""
-    set_enforcement_mode(EnforcementMode.ENFORCE)
-    assert get_enforcement_mode() is EnforcementMode.ENFORCE
-    reset_enforcement_mode()
-    assert get_enforcement_mode() is EnforcementMode.AUDIT
+    loader = PolicyLoader(None)
+    assert loader.enforcement_mode is EnforcementMode.AUDIT
+
+
+def test_provider_disabled_wins_over_default() -> None:
+    """A provider supplying DISABLED overrides the AUDIT default."""
+    provider = StubPolicyProvider(
+        response=PolicyResponse(mode=EnforcementMode.DISABLED, policies="")
+    )
+    loader = PolicyLoader(provider)
+    loader.load_policy_index()
+    assert loader.enforcement_mode is EnforcementMode.DISABLED
+
+
+def test_provider_enforce_wins_over_default() -> None:
+    """A provider supplying ENFORCE flips the loader to enforce."""
+    provider = StubPolicyProvider(
+        response=PolicyResponse(
+            mode=EnforcementMode.ENFORCE,
+            policies="standard: p\nrules: [{id: r1, hook: before_model, "
+            "checks: [{type: regex, patterns: ['x']}]}]\n",
+        )
+    )
+    loader = PolicyLoader(provider)
+    loader.load_policy_index()
+    assert loader.enforcement_mode is EnforcementMode.ENFORCE
+
+
+def test_loader_with_none_mode_response_keeps_previous_value() -> None:
+    """Provider returning ``mode=None`` doesn't clobber a previously-set mode.
+
+    The wire response model treats ``None`` as "no opinion" — the loader
+    must not overwrite a real value with it. Otherwise a transient
+    provider response could silently demote a tenant's enforcement
+    posture.
+    """
+    p1 = StubPolicyProvider(
+        response=PolicyResponse(
+            mode=EnforcementMode.ENFORCE,
+            policies="standard: p\nrules: [{id: r1, hook: before_model, "
+            "checks: [{type: regex, patterns: ['x']}]}]\n",
+        )
+    )
+    loader = PolicyLoader(p1)
+    loader.load_policy_index()
+    assert loader.enforcement_mode is EnforcementMode.ENFORCE
+
+    # A second provider response that omits mode should not flip back to AUDIT.
+    loader._provider = StubPolicyProvider(
+        response=PolicyResponse(
+            mode=None,
+            policies="standard: p\nrules: [{id: r1, hook: before_model, "
+            "checks: [{type: regex, patterns: ['x']}]}]\n",
+        )
+    )
+    loader.clear_cache()
+    loader.load_policy_index()
+    assert loader.enforcement_mode is EnforcementMode.ENFORCE
+
+
+def test_two_loaders_carry_independent_enforcement_modes() -> None:
+    """The whole point of the refactor: parallel loaders don't share mode.
+
+    Previously :func:`set_enforcement_mode` wrote a module global, so an
+    ENFORCE-mode loader and a DISABLED-mode loader running concurrently
+    in the same process clobbered each other (last writer wins).
+    Instance-scoped mode means each loader's mode is read-isolated.
+    """
+    p_enforce = StubPolicyProvider(
+        response=PolicyResponse(
+            mode=EnforcementMode.ENFORCE,
+            policies="standard: e\nrules: [{id: r1, hook: before_model, "
+            "checks: [{type: regex, patterns: ['x']}]}]\n",
+        )
+    )
+    p_disabled = StubPolicyProvider(
+        response=PolicyResponse(mode=EnforcementMode.DISABLED, policies="")
+    )
+
+    enforce_loader = PolicyLoader(p_enforce)
+    disabled_loader = PolicyLoader(p_disabled)
+
+    enforce_loader.load_policy_index()
+    disabled_loader.load_policy_index()
+
+    assert enforce_loader.enforcement_mode is EnforcementMode.ENFORCE
+    assert disabled_loader.enforcement_mode is EnforcementMode.DISABLED