Wait to run the Agent first step until Input guardrails is complete #394
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ripwire In v0.0.7, the code runs the input guardrail task and the agent's first step together asynchronously. If the guardrail is in place to avoid a side effect from the Agent run, there is a risk that the agent still does something unexpected.
rach
changed the title
|
the current behavior is the intended/documented behavior. If you want to run the guardrail before the agent runs, you can just do that via python code: |
|
For my own understanding. What was the rational to have the agent start before the guardrail is done? |
|
@rach for latency. If the guardrail doesn't fail, then you will have made a bunch of progress on the actual agent. RUnning (guardrail, agent) in parallel is much faster than serially |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The guardrail may trigger a Tripewire but the agent still run
In v0.0.7, the code runs the input guardrail task and the agent's first step together asynchronously.
If the guardrail is in place to avoid a side effect from the Agent run, the agent may still do something unexpected.
Let's say that you have a tripwire guardrail: "Don't allow to delete a file", and the agent is an MCP file system agent