@langchain/core/dist/load/index.d.cts.map

Core LangChain.js abstractions and schemas

{"version":3,"file":"index.d.cts","names":["OptionalImportMap","SecretMap","LoadOptions","Record","load","T","Promise"],"sources":["../../src/load/index.d.ts"],"sourcesContent":["/**\n * Load LangChain objects from JSON strings or objects.\n *\n * ## How it works\n *\n * Each `Serializable` LangChain object has a unique identifier (its \"class path\"),\n * which is a list of strings representing the module path and class name. For example:\n *\n * - `AIMessage` -> `[\"langchain_core\", \"messages\", \"ai\", \"AIMessage\"]`\n * - `ChatPromptTemplate` -> `[\"langchain_core\", \"prompts\", \"chat\", \"ChatPromptTemplate\"]`\n *\n * When deserializing, the class path is validated against supported namespaces.\n *\n * ## Security model\n *\n * The `secretsFromEnv` parameter controls whether secrets can be loaded from environment\n * variables:\n *\n * - `false` (default): Secrets must be provided in `secretsMap`. If a secret is not\n *   found, `null` is returned instead of loading from environment variables.\n * - `true`: If a secret is not found in `secretsMap`, it will be loaded from\n *   environment variables. Use this only in trusted environments.\n *\n * ### Injection protection (escape-based)\n *\n * During serialization, plain objects that contain an `'lc'` key are escaped by wrapping\n * them: `{\"__lc_escaped__\": {...}}`. During deserialization, escaped objects are unwrapped\n * and returned as plain objects, NOT instantiated as LC objects.\n *\n * This is an allowlist approach: only objects explicitly produced by\n * `Serializable.toJSON()` (which are NOT escaped) are treated as LC objects;\n * everything else is user data.\n *\n * @module\n */\nimport type { OptionalImportMap, SecretMap } from \"./import_type.js\";\n/**\n * Options for loading serialized LangChain objects.\n *\n * @remarks\n * **Security considerations:**\n *\n * Deserialization can instantiate arbitrary classes from the allowed namespaces.\n * When loading untrusted data, be aware that:\n *\n * 1. **`secretsFromEnv`**: Defaults to `false`. Setting to `true` allows the\n *    deserializer to read environment variables, which could leak secrets if\n *    the serialized data contains malicious secret references.\n *\n * 2. **`importMap` / `optionalImportsMap`**: These allow extending which classes\n *    can be instantiated. Never populate these from user input. Only include\n *    modules you explicitly trust.\n *\n * 3. **Class instantiation**: Allowed classes will have their constructors called\n *    with the deserialized kwargs. If a class performs side effects in its\n *    constructor (network calls, file I/O, etc.), those will execute.\n */\nexport interface LoadOptions {\n    /**\n     * A map of secrets to load. Keys are secret identifiers, values are the secret values.\n     *\n     * If a secret is not found in this map and `secretsFromEnv` is `false`, an error is\n     * thrown. If `secretsFromEnv` is `true`, the secret will be loaded from environment\n     * variables (if not found there either, an error is thrown).\n     */\n    secretsMap?: SecretMap;\n    /**\n     * Whether to load secrets from environment variables when not found in `secretsMap`.\n     *\n     * @default false\n     *\n     * @remarks\n     * **Security warning:** Setting this to `true` allows the deserializer to read\n     * environment variables, which could be a security risk if the serialized data\n     * is not trusted. Only set this to `true` when deserializing data from trusted\n     * sources (e.g., your own database, not user input).\n     */\n    secretsFromEnv?: boolean;\n    /**\n     * A map of optional imports. Keys are namespace paths (e.g., \"langchain_community/llms\"),\n     * values are the imported modules.\n     *\n     * @remarks\n     * **Security warning:** This extends which classes can be instantiated during\n     * deserialization. Never populate this map with values derived from user input.\n     * Only include modules that you explicitly trust and have reviewed.\n     *\n     * Classes in these modules can be instantiated with attacker-controlled kwargs\n     * if the serialized data is untrusted.\n     */\n    optionalImportsMap?: OptionalImportMap;\n    /**\n     * Additional optional import entrypoints to allow beyond the defaults.\n     *\n     * @remarks\n     * **Security warning:** This extends which namespace paths are considered valid\n     * for deserialization. Never populate this array with values derived from user\n     * input. Each entrypoint you add expands the attack surface for deserialization.\n     */\n    optionalImportEntrypoints?: string[];\n    /**\n     * Additional import map for the \"langchain\" namespace.\n     *\n     * @remarks\n     * **Security warning:** This extends which classes can be instantiated during\n     * deserialization. Never populate this map with values derived from user input.\n     * Only include modules that you explicitly trust and have reviewed.\n     *\n     * Any class exposed through this map can be instantiated with attacker-controlled\n     * kwargs if the serialized data is untrusted.\n     */\n    importMap?: Record<string, unknown>;\n    /**\n     * Maximum recursion depth allowed during deserialization.\n     *\n     * @default 50\n     *\n     * @remarks\n     * This limit protects against denial-of-service attacks using deeply nested\n     * JSON structures that could cause stack overflow. If your legitimate data\n     * requires deeper nesting, you can increase this limit.\n     */\n    maxDepth?: number;\n}\n/**\n * Load a LangChain object from a JSON string.\n *\n * @param text - The JSON string to parse and load.\n * @param options - Options for loading.\n * @returns The loaded LangChain object.\n *\n * @example\n * ```typescript\n * import { load } from \"@langchain/core/load\";\n * import { AIMessage } from \"@langchain/core/messages\";\n *\n * // Basic usage - secrets must be provided explicitly\n * const msg = await load<AIMessage>(jsonString);\n *\n * // With secrets from a map\n * const msg = await load<AIMessage>(jsonString, {\n *   secretsMap: { OPENAI_API_KEY: \"sk-...\" }\n * });\n *\n * // Allow loading secrets from environment (use with caution)\n * const msg = await load<AIMessage>(jsonString, {\n *   secretsFromEnv: true\n * });\n * ```\n */\nexport declare function load<T>(text: string, options?: LoadOptions): Promise<T>;\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;UAyDiBE,WAAAA;;;;;;;;eAQAD;;;;;;;;;;;;;;;;;;;;;;;;;uBAyBQD;;;;;;;;;;;;;;;;;;;;;cAqBTG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAuCQC,gCAAgCF,cAAcI,QAAQD"}