fix: Address review comments

imran-siddique · imran-siddique · commit 2ab584c4c5b5 · 2026-02-05T14:38:04.000-08:00
- Add output_info=None when guardrail passes (fixes TypeError)
- Clarify that tool policies require manual check_tool() calls
- Add Tool Policy Enforcement section to README
diff --git a/src/agents/contrib/README.md b/src/agents/contrib/README.md
@@ -4,10 +4,9 @@ Kernel-level guardrails and policy enforcement for OpenAI Agents SDK using [Agen
 
 ## Features
 
-- **Output Guardrails**: Block dangerous patterns in agent outputs
-- **Input Validation**: Filter malicious inputs before processing
-- **Tool Control**: Limit which tools agents can use
-- **Rate Limiting**: Cap tool invocations per run
+- **Output Guardrails**: Block dangerous patterns in agent outputs (automatic)
+- **Input Validation**: Filter malicious inputs before processing (automatic)
+- **Tool Policy**: Define allowed/blocked tools (requires manual `check_tool()` calls)
 - **Violation Handling**: Callbacks for policy violations
 
 ## Installation
@@ -27,8 +26,8 @@ from agents.contrib import create_governance_guardrail
 # Create guardrail with simple config
 guardrail = create_governance_guardrail(
     blocked_patterns=["DROP TABLE", "rm -rf", "DELETE FROM"],
-    blocked_tools=["shell_execute"],
-    max_tool_calls=10,
+    blocked_tools=["shell_execute"],  # Use with check_tool() for enforcement
+    max_tool_calls=10,  # Use with check_tool() for enforcement
 )
 
 # Create agent with guardrail
@@ -126,6 +125,29 @@ else:
     result = await Runner.run(agent, user_input)
 ```
 
+### Tool Policy Enforcement
+
+Tool policies (`blocked_tools`, `allowed_tools`, `max_tool_calls`) are not automatically
+enforced during agent execution. Use `check_tool()` in your tool implementations:
+
+```python
+from agents.contrib import GovernanceGuardrail, GovernancePolicy
+
+policy = GovernancePolicy(
+    blocked_tools=["dangerous_tool"],
+    max_tool_calls=10,
+)
+
+guardrail = GovernanceGuardrail(policy)
+
+# In your tool implementation:
+def my_tool(name: str, args: dict):
+    violation = guardrail.check_tool(name)
+    if violation:
+        raise ValueError(f"Tool blocked: {violation.description}")
+    # ... execute tool
+```
+
 ## Integration with Agent-OS Kernel
 
 For full kernel-level governance:
diff --git a/src/agents/contrib/_governance.py b/src/agents/contrib/_governance.py
@@ -152,7 +152,7 @@ class GuardrailFunctionOutput:
                 tripwire_triggered=True,
             )
 
-        return GuardrailFunctionOutput(tripwire_triggered=False)
+        return GuardrailFunctionOutput(output_info=None, tripwire_triggered=False)
 
     def check_tool(self, tool_name: str) -> Optional[PolicyViolation]:
         """Check if a tool is allowed by policy.

Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ class GuardrailFunctionOutput:`
`152`	`152`	`tripwire_triggered=True,`
`153`	`153`	`)`
`154`	`154`
`155`		`- return GuardrailFunctionOutput(tripwire_triggered=False)`
	`155`	`+ return GuardrailFunctionOutput(output_info=None, tripwire_triggered=False)`
`156`	`156`
`157`	`157`	`def check_tool(self, tool_name: str) -> Optional[PolicyViolation]:`
`158`	`158`	`"""Check if a tool is allowed by policy.`