[AAASM-4252] 🐛 (openai-agents): Fix fail-open bug in _is_governance_error#220
Conversation
…osture The _is_governance_error() function unconditionally returned True, causing ALL exceptions during governance checks to be swallowed. This made the system fail-open instead of fail-closed, a security vulnerability. Now only AssemblyError subclasses (GovernanceError, PolicyError, etc.) are caught and result in fail-open behavior. Non-governance errors (RuntimeError, ValueError, network errors, etc.) propagate up, blocking the tool call. Closes AAASM-4252 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
🤖 Claude Code ReviewCI Status✅ All checks PASS: CodeQL, SonarCloud, codecov, all test matrix jobs, LangChain contract test, dependency audit Scope Verification✅ Covers ticket AAASM-4252: _is_governance_error always returns True — fail-open bug Changes reviewed:
Security Analysis✅ Critical security fix: System now maintains fail-closed posture for unexpected errors Side Effects Analysis
RecommendationReady for approval and merge ✅ 🤖 Reviewed by Claude Code |



Description
Fixes a security vulnerability in the OpenAI Agents adapter where
_is_governance_error()unconditionally returnedTrue, causing ALL exceptions during governance checks to be swallowed. This made the system fail-open instead of fail-closed.The fix changes
_is_governance_error()to properly detect governance-specific errors by checking if the exception is an instance ofAssemblyError(the base class for all SDK governance exceptions likeGatewayError,PolicyError, etc.).Before (buggy):
After (fixed):
AssemblyErrorsubclasses → handled → tool executes (intended fail-open for known governance errors)Type of Change
Breaking Changes
Does this PR introduce any breaking changes?
Note: This is a security fix that changes fail-open to fail-closed behavior for non-governance errors. This is the intended, more secure behavior.
Related Issues
Testing
Describe the testing performed for this PR:
Updated tests to verify:
test_non_governance_error_propagates_fail_closed- RuntimeError propagates (fail-closed)test_governance_error_allows_fail_open- GatewayError (AssemblyError subclass) allows fail-opentest_value_error_propagates_fail_closed- ValueError propagates (fail-closed)Checklist