load.py — langchain Source File

Architecture documentation for load.py, a python file in the langchain codebase. 9 imports, 0 dependents.

File python CoreAbstractions Serialization 9 imports 6 functions 1 classes

Entity Profile

CoreAbstractions→ Serialization→ load.py — langchain Source File

Dependency Diagram

graph LR
  05e0e20a_4425_e962_37a4_c6c6f08a700d["load.py"]
  3888b2bf_bffe_7c16_770f_a406d400119c["importlib"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> 3888b2bf_bffe_7c16_770f_a406d400119c
  7025b240_fdc3_cf68_b72f_f41dac94566b["json"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> 7025b240_fdc3_cf68_b72f_f41dac94566b
  9e98f0a7_ec6e_708f_4f1b_e9428b316e1c["os"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> 9e98f0a7_ec6e_708f_4f1b_e9428b316e1c
  cfe2bde5_180e_e3b0_df2b_55b3ebaca8e7["collections.abc"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> cfe2bde5_180e_e3b0_df2b_55b3ebaca8e7
  8e2034b7_ceb8_963f_29fc_2ea6b50ef9b3["typing"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> 8e2034b7_ceb8_963f_29fc_2ea6b50ef9b3
  b19a8b7e_fbee_95b1_65b8_509a1ed3cad7["langchain_core._api"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> b19a8b7e_fbee_95b1_65b8_509a1ed3cad7
  70b61df1_dd26_5ca0_df15_9d94ba8f1334["langchain_core.load._validation"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> 70b61df1_dd26_5ca0_df15_9d94ba8f1334
  eb7511b4_4833_d429_6609_30fcde83f476["langchain_core.load.mapping"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> eb7511b4_4833_d429_6609_30fcde83f476
  30d1300e_92bb_90d4_ac5e_1afe56db09d2["langchain_core.load.serializable"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d --> 30d1300e_92bb_90d4_ac5e_1afe56db09d2
  style 05e0e20a_4425_e962_37a4_c6c6f08a700d fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

"""Load LangChain objects from JSON strings or objects.

## How it works

Each `Serializable` LangChain object has a unique identifier (its "class path"), which
is a list of strings representing the module path and class name. For example:

- `AIMessage` -> `["langchain_core", "messages", "ai", "AIMessage"]`
- `ChatPromptTemplate` -> `["langchain_core", "prompts", "chat", "ChatPromptTemplate"]`

When deserializing, the class path from the JSON `'id'` field is checked against an
allowlist. If the class is not in the allowlist, deserialization raises a `ValueError`.

## Security model

The `allowed_objects` parameter controls which classes can be deserialized:

- **`'core'` (default)**: Allow classes defined in the serialization mappings for
    langchain_core.
- **`'all'`**: Allow classes defined in the serialization mappings. This
    includes core LangChain types (messages, prompts, documents, etc.) and trusted
    partner integrations. See `langchain_core.load.mapping` for the full list.
- **Explicit list of classes**: Only those specific classes are allowed.

For simple data types like messages and documents, the default allowlist is safe to use.
These classes do not perform side effects during initialization.

!!! note "Side effects in allowed classes"

    Deserialization calls `__init__` on allowed classes. If those classes perform side
    effects during initialization (network calls, file operations, etc.), those side
    effects will occur. The allowlist prevents instantiation of classes outside the
    allowlist, but does not sandbox the allowed classes themselves.

Import paths are also validated against trusted namespaces before any module is
imported.

### Injection protection (escape-based)

During serialization, plain dicts that contain an `'lc'` key are escaped by wrapping
them: `{"__lc_escaped__": {...}}`. During deserialization, escaped dicts are unwrapped
and returned as plain dicts, NOT instantiated as LC objects.

This is an allowlist approach: only dicts explicitly produced by
`Serializable.to_json()` (which are NOT escaped) are treated as LC objects;
everything else is user data.

Even if an attacker's payload includes `__lc_escaped__` wrappers, it will be unwrapped
to plain dicts and NOT instantiated as malicious objects.

## Examples

```python
from langchain_core.load import load
from langchain_core.prompts import ChatPromptTemplate
from langchain_core.messages import AIMessage, HumanMessage

# Use default allowlist (classes from mappings) - recommended
obj = load(data)

// ... (612 more lines)

Domain

CoreAbstractions

Subdomains

Serialization

Functions

Classes

Reviver

Dependencies

collections.abc
importlib
json
langchain_core._api
langchain_core.load._validation
langchain_core.load.mapping
langchain_core.load.serializable
os
typing

Source

View on GitHub

Frequently Asked Questions

What does load.py do?

load.py is a source file in the langchain codebase, written in python. It belongs to the CoreAbstractions domain, Serialization subdomain.

What functions are defined in load.py?

load.py defines 6 function(s): _block_jinja2_templates, _compute_allowed_class_paths, _get_default_allowed_class_paths, default_init_validator, load, loads.

What does load.py depend on?

load.py imports 9 module(s): collections.abc, importlib, json, langchain_core._api, langchain_core.load._validation, langchain_core.load.mapping, langchain_core.load.serializable, os, and 1 more.

Where is load.py in the architecture?

load.py is located at libs/core/langchain_core/load/load.py (domain: CoreAbstractions, subdomain: Serialization, directory: libs/core/langchain_core/load).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free