# Lab 2: Building a Governed Customer Support Agent with Unity Catalog AI

In this lab, you'll build a realistic customer support chatbot that securely accesses order data and answers general questions. You’ll leverage Unity Catalog AI to enforce access control, execution security, composability, and lineage tracing.

## ✅ What you'll learn:
- Securely register and run functions using Unity Catalog AI
- Protect your environment with sandboxed execution
- Trace tool usage with MLflow
- Build a modular, testable, governed agent using LangChain

## Before Anything else...

1. Make sure that you have the Unity Catalog Repo forked and pulled locally.
2. Make sure that your Unity Catalog Server is running.
```sh
# From Repository Root
docker compose up
```
3. Ensure that the `Catalog` and `Schema` that you'll be using for your GenAI tool usage is created and has ACL's granted for use.
4. Install the integrations for Unity Catalog AI that you want to use.
```sh
pip install unitycatalog-crewai unitycatalog-langchain
```

> Note: `unitycatalog-ai` and `unitycatalog-client` are both dependencies of the integration packages. Make sure that they're installed before running anything in this notebook!

In [2]:
from unitycatalog.ai.core.client import UnitycatalogFunctionClient
from unitycatalog.client import ApiClient, Configuration


In [3]:
config = Configuration()
config.host = "http://localhost:8080/api/2.1/unity-catalog"

# The base ApiClient is async
api_client = ApiClient(configuration=config)

client = UnitycatalogFunctionClient(api_client=api_client)

CATALOG = "AMER"
SCHEMA = "customer_data"

In [4]:
# Create our Catalog if it doesn't already exist, otherwise return the CatalogInfo of the existing catalog.
catalog_info = client.uc.create_catalog(name=CATALOG, comment="A Catalog for demonstration of Unity Catalog AI")

# Create our Schema if it doesn't already exist
schema_info = client.uc.create_schema(name=SCHEMA, catalog_name=CATALOG, comment="A schema for a CrewAI tool usage demo")

We can see that the information returned from the creation statements above.

In [5]:
catalog_info

CatalogInfo(name='AMER', comment='A Catalog for demonstration of Unity Catalog AI', properties={}, owner=None, created_at=1745529436313, created_by=None, updated_at=1745529436313, updated_by=None, id='96a1af08-e193-4b87-9fd5-7e8ebbe8e8c0')

In [6]:
schema_info

SchemaInfo(name='customer_data', catalog_name='AMER', comment='A schema for a CrewAI tool usage demo', properties={}, full_name='AMER.customer_data', owner=None, created_at=1745529436364, created_by=None, updated_at=1745529436364, updated_by=None, schema_id='f46c0b1a-82d2-4b27-85b4-eaff35fcc1b4')

In [7]:
from unitycatalog.ai.core.client import UnitycatalogFunctionClient
from unitycatalog.client import ApiClient, Configuration
from langchain_openai import ChatOpenAI
from langchain.agents import AgentExecutor, create_react_agent
from langchain.prompts import PromptTemplate
from unitycatalog.ai.langchain.toolkit import UCFunctionToolkit
import os

In [8]:
import os
# Set your OpenAI API key
os.environ['OPENAI_API_KEY'] = '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'

## Caveats to Python functions and Unity Catalog

Unity Catalog AI's function registration process has some caveats. Before we get into even crafting a Python function that can be stored for use as a tool, it's important to note a few things.

1. Type hints are **required**.
2. Type hints must have collection types if applicable. **good**: `my_var: list[str]` **bad**: `my_var: list`
3. Google-style docstrings are **required**. The function description and the parameter descriptions are extracted from these. ***A GenAI tool with no description is useless to an Agent***.
4. Not all types are supported. Unity Catalog's type system has restrictions, but broadly, they support most Python types.

With these details in mind, we can write some fun functions!

In [9]:
# --- Secure Function Definition ---
def secure_lookup(email: str) -> str:
    """
    Returns masked order data for a validated email. 

    Args:
        email: a user email addres as a str

    Returns:
        The order information if and only if the email is registered to an approved domain
    """
    if email.endswith("@example.com"):
        return f"[SECURE] Order info for {email}: #ORD-67890 (masked)"
    return "Access Denied"


## Register the Python functions to Unity Catalog

Now that we have the functions defined with the appropriate descriptions and type hints, we can record them in Unity Catalog.

For this, we'll be calling the client method `create_python_function`, which requires:

- The `func` callable
- The `catalog` that the function will be written within
- The `schema` that the function will be written within
- Optionally, we can choose to `replace` the function if it has already been defined.

> Note: Excercise caution when setting `replace=True`. Any previous state will be permantently deleted for the function name.

In [10]:
# Register function using correct keyword arguments
client.create_python_function(
    func=secure_lookup,
    catalog= CATALOG,
    schema= SCHEMA,
)

FunctionInfo(name='secure_lookup', catalog_name='AMER', schema_name='customer_data', input_params=FunctionParameterInfos(parameters=[FunctionParameterInfo(name='email', type_text='STRING', type_json='{"name": "email", "type": "string", "nullable": false, "metadata": {"comment": "a user email addres as a str"}}', type_name=<ColumnTypeName.STRING: 'STRING'>, type_precision=None, type_scale=None, type_interval_type=None, position=0, parameter_mode=None, parameter_type=None, parameter_default=None, comment='a user email addres as a str')]), data_type=<ColumnTypeName.STRING: 'STRING'>, full_data_type='STRING', return_params=None, routine_body='EXTERNAL', routine_definition='if email.endswith("@example.com"):\n    return f"[SECURE] Order info for {email}: #ORD-67890 (masked)"\nreturn "Access Denied"', routine_dependencies=None, parameter_style='S', is_deterministic=True, sql_data_access='NO_SQL', is_null_call=False, security_type='DEFINER', specific_name='secure_lookup', comment='Returns mas

In [13]:
# Load and run the function via UC LangChain Toolkit
from unitycatalog.ai.langchain.toolkit import UCFunctionToolkit
from langchain.agents import AgentType, initialize_agent
from langchain_openai import ChatOpenAI

toolkit = UCFunctionToolkit(function_names=["AMER.customer_data.secure_lookup"], client=client)
tools = toolkit.tools
llm = ChatOpenAI(temperature=0,model="gpt-4")
agent = initialize_agent(tools, llm, agent=AgentType.OPENAI_FUNCTIONS, verbose=True)

  agent = initialize_agent(tools, llm, agent=AgentType.OPENAI_FUNCTIONS, verbose=True)


In [15]:
# Try asking a question
agent.invoke("Can you check the order for john.doe@example.com?")



[1m> Entering new AgentExecutor chain...[0m
[32;1m[1;3m
Invoking: `AMER__customer_data__secure_lookup` with `{'email': 'john.doe@example.com'}`


[0m[36;1m[1;3m{"format": "SCALAR", "value": "[SECURE] Order info for john.doe@example.com: #ORD-67890 (masked)"}[0m[32;1m[1;3mSure, I found an order for the email address john.doe@example.com. The order number is #ORD-67890. Please note that for security reasons, some details are masked.[0m

[1m> Finished chain.[0m


{'input': 'Can you check the order for john.doe@example.com?',
 'output': 'Sure, I found an order for the email address john.doe@example.com. The order number is #ORD-67890. Please note that for security reasons, some details are masked.'}

## ✅ Governance Checklist Review

| Principle              | Demonstrated In This Lab                       |
|------------------------|-------------------------------------------------|
| Access Control         | UC ACLs restrict who can run `secure_lookup`   |
| Execution Security     | Sandboxed function with CPU/mem limit          |
| Composability          | Reusable UC function, callable locally         |
| Traceability           | Usage tracked via MLflow (optional cell)       |
| Testability            | Modular agent design using LangChain Toolkit   |