_validation.py — langchain Source File

Architecture documentation for _validation.py, a python file in the langchain codebase. 2 imports, 0 dependents.

File python CoreAbstractions Serialization 2 imports 7 functions

Entity Profile

CoreAbstractions→ Serialization→ _validation.py — langchain Source File

Dependency Diagram

graph LR
  1b9f9aae_21a8_0928_76d1_c2f1609b2193["_validation.py"]
  8e2034b7_ceb8_963f_29fc_2ea6b50ef9b3["typing"]
  1b9f9aae_21a8_0928_76d1_c2f1609b2193 --> 8e2034b7_ceb8_963f_29fc_2ea6b50ef9b3
  30d1300e_92bb_90d4_ac5e_1afe56db09d2["langchain_core.load.serializable"]
  1b9f9aae_21a8_0928_76d1_c2f1609b2193 --> 30d1300e_92bb_90d4_ac5e_1afe56db09d2
  style 1b9f9aae_21a8_0928_76d1_c2f1609b2193 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

"""Validation utilities for LangChain serialization.

Provides escape-based protection against injection attacks in serialized objects. The
approach uses an allowlist design: only dicts explicitly produced by
`Serializable.to_json()` are treated as LC objects during deserialization.

## How escaping works

During serialization, plain dicts (user data) that contain an `'lc'` key are wrapped:

```python
{"lc": 1, ...}  # user data that looks like LC object
# becomes:
{"__lc_escaped__": {"lc": 1, ...}}
```

During deserialization, escaped dicts are unwrapped and returned as plain dicts,
NOT instantiated as LC objects.
"""

from typing import Any

from langchain_core.load.serializable import (
    Serializable,
    to_json_not_implemented,
)

_LC_ESCAPED_KEY = "__lc_escaped__"
"""Sentinel key used to mark escaped user dicts during serialization.

When a plain dict contains 'lc' key (which could be confused with LC objects),
we wrap it as {"__lc_escaped__": {...original...}}.
"""


def _needs_escaping(obj: dict[str, Any]) -> bool:
    """Check if a dict needs escaping to prevent confusion with LC objects.

    A dict needs escaping if:

    1. It has an `'lc'` key (could be confused with LC serialization format)
    2. It has only the escape key (would be mistaken for an escaped dict)
    """
    return "lc" in obj or (len(obj) == 1 and _LC_ESCAPED_KEY in obj)


def _escape_dict(obj: dict[str, Any]) -> dict[str, Any]:
    """Wrap a dict in the escape marker.

    Example:
        ```python
        {"key": "value"}  # becomes {"__lc_escaped__": {"key": "value"}}
        ```
    """
    return {_LC_ESCAPED_KEY: obj}


def _is_escaped_dict(obj: dict[str, Any]) -> bool:
    """Check if a dict is an escaped user dict.

// ... (115 more lines)

Domain

CoreAbstractions

Subdomains

Serialization

Functions

Dependencies

langchain_core.load.serializable
typing

Source

View on GitHub

Frequently Asked Questions

What does _validation.py do?

_validation.py is a source file in the langchain codebase, written in python. It belongs to the CoreAbstractions domain, Serialization subdomain.

What functions are defined in _validation.py?

_validation.py defines 7 function(s): _escape_dict, _is_escaped_dict, _is_lc_secret, _needs_escaping, _serialize_lc_object, _serialize_value, _unescape_value.

What does _validation.py depend on?

_validation.py imports 2 module(s): langchain_core.load.serializable, typing.

Where is _validation.py in the architecture?

_validation.py is located at libs/core/langchain_core/load/_validation.py (domain: CoreAbstractions, subdomain: Serialization, directory: libs/core/langchain_core/load).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free