From 916809fadd170c378377cac9beaf81dc9d20c067 Mon Sep 17 00:00:00 2001
From: The Mavik <179817126+themavik@users.noreply.github.com>
Date: Wed, 11 Feb 2026 11:52:17 +0530
Subject: [PATCH] fix: check return value of output_policy.is_valid() in
 is_execution_allowed

The method called `output_policy.is_valid(context)` but discarded its
boolean return value.  Only exceptions were caught, so when `is_valid()`
returned `False` without raising, execution was incorrectly allowed.

This violated policies like `SingleExecutionExactOutput` which return
`False` on subsequent calls instead of raising.

Now the return value is captured and checked:
- `False` return -> `INVALID_OUTPUT_POLICY`
- Exception raised -> `INVALID_OUTPUT_POLICY`
- `True` return -> `ALLOWED`

Fixes #9391
---
 packages/syft/src/syft/service/code/user_code_service.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/syft/src/syft/service/code/user_code_service.py b/packages/syft/src/syft/service/code/user_code_service.py
index 5ba617ef62e..d70d2bdabca 100644
--- a/packages/syft/src/syft/service/code/user_code_service.py
+++ b/packages/syft/src/syft/service/code/user_code_service.py
@@ -357,7 +357,9 @@ def is_execution_allowed(
             return IsExecutionAllowedEnum.OUTPUT_POLICY_NONE
 
         try:
-            output_policy.is_valid(context)
+            is_valid = output_policy.is_valid(context)
+            if not is_valid:
+                return IsExecutionAllowedEnum.INVALID_OUTPUT_POLICY
         except Exception:
             return IsExecutionAllowedEnum.INVALID_OUTPUT_POLICY