More security notes (#12040)

Add more security notes

libs/langchain/langchain/agents/agent_toolkits/clickup/toolkit.py

@@ -20,7 +20,14 @@ from langchain.utilities.clickup import ClickupAPIWrapper
 
 
 class ClickupToolkit(BaseToolkit):
-    """Clickup Toolkit."""
+    """Clickup Toolkit.
+
+    *Security Note*: This toolkit contains tools that can read and modify
+        the state of a service; e.g., by reading, creating, updating, deleting
+        data associated with this service.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     tools: List[BaseTool] = []
 

libs/langchain/langchain/agents/agent_toolkits/nla/toolkit.py

@@ -13,7 +13,19 @@ from langchain.utilities.requests import Requests
 
 
 class NLAToolkit(BaseToolkit):
-    """Natural Language API Toolkit."""
+    """Natural Language API Toolkit.
+
+    *Security Note*: This toolkit creates tools that enable making calls
+        to an Open API compliant API.
+
+        The tools created by this toolkit may be able to make GET, POST,
+        PATCH, PUT, DELETE requests to any of the exposed endpoints on
+        the API.
+
+        Control access to who can use this toolkit.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     nla_tools: Sequence[NLATool] = Field(...)
     """List of API Endpoint Tools."""

libs/langchain/langchain/agents/agent_toolkits/powerbi/toolkit.py

@@ -28,7 +28,17 @@ from langchain.utilities.powerbi import PowerBIDataset
 
 
 class PowerBIToolkit(BaseToolkit):
-    """Toolkit for interacting with Power BI dataset."""
+    """Toolkit for interacting with Power BI dataset.
+
+    *Security Note*: This toolkit interacts with an external service.
+
+        Control access to who can use this toolkit.
+
+        Make sure that the capabilities given by this toolkit to the calling
+        code are appropriately scoped to the application.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     powerbi: PowerBIDataset = Field(exclude=True)
     llm: Union[BaseLanguageModel, BaseChatModel] = Field(exclude=True)

libs/langchain/langchain/chains/graph_qa/arangodb.py

@@ -19,7 +19,19 @@ from langchain.schema import BasePromptTemplate
 
 
 class ArangoGraphQAChain(Chain):
-    """Chain for question-answering against a graph by generating AQL statements."""
+    """Chain for question-answering against a graph by generating AQL statements.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     graph: ArangoGraph = Field(exclude=True)
     aql_generation_chain: LLMChain

libs/langchain/langchain/chains/graph_qa/base.py

@@ -14,7 +14,19 @@ from langchain.schema.language_model import BaseLanguageModel
 
 
 class GraphQAChain(Chain):
-    """Chain for question-answering against a graph."""
+    """Chain for question-answering against a graph.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     graph: NetworkxEntityGraph = Field(exclude=True)
     entity_extraction_chain: LLMChain

libs/langchain/langchain/chains/graph_qa/cypher.py

@@ -77,7 +77,19 @@ def construct_schema(
 
 
 class GraphCypherQAChain(Chain):
-    """Chain for question-answering against a graph by generating Cypher statements."""
+    """Chain for question-answering against a graph by generating Cypher statements.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     graph: GraphStore = Field(exclude=True)
     cypher_generation_chain: LLMChain

libs/langchain/langchain/chains/graph_qa/falkordb.py

@@ -35,7 +35,19 @@ def extract_cypher(text: str) -> str:
 
 
 class FalkorDBQAChain(Chain):
-    """Chain for question-answering against a graph by generating Cypher statements."""
+    """Chain for question-answering against a graph by generating Cypher statements.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     graph: FalkorDBGraph = Field(exclude=True)
     cypher_generation_chain: LLMChain

libs/langchain/langchain/chains/graph_qa/hugegraph.py

@@ -17,7 +17,19 @@ from langchain.schema.language_model import BaseLanguageModel
 
 
 class HugeGraphQAChain(Chain):
-    """Chain for question-answering against a graph by generating gremlin statements."""
+    """Chain for question-answering against a graph by generating gremlin statements.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     graph: HugeGraph = Field(exclude=True)
     gremlin_generation_chain: LLMChain

libs/langchain/langchain/chains/graph_qa/kuzu.py

@@ -14,8 +14,18 @@ from langchain.schema.language_model import BaseLanguageModel
 
 
 class KuzuQAChain(Chain):
-    """Chain for question-answering against a graph by generating Cypher statements for
+    """Question-answering against a graph by generating Cypher statements for Kùzu.
-    Kùzu.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     graph: KuzuGraph = Field(exclude=True)

libs/langchain/langchain/chains/graph_qa/nebulagraph.py

@@ -14,7 +14,19 @@ from langchain.schema.language_model import BaseLanguageModel
 
 
 class NebulaGraphQAChain(Chain):
-    """Chain for question-answering against a graph by generating nGQL statements."""
+    """Chain for question-answering against a graph by generating nGQL statements.
+
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     graph: NebulaGraph = Field(exclude=True)
     ngql_generation_chain: LLMChain

libs/langchain/langchain/chains/graph_qa/neptune_cypher.py

@@ -85,6 +85,17 @@ class NeptuneOpenCypherQAChain(Chain):
     """Chain for question-answering against a Neptune graph
     by generating openCypher statements.
 
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
+
     Example:
         .. code-block:: python
 

libs/langchain/langchain/chains/graph_qa/sparql.py

@@ -21,9 +21,18 @@ from langchain.schema.language_model import BaseLanguageModel
 
 
 class GraphSparqlQAChain(Chain):
-    """
+    """Question-answering against an RDF or OWL graph by generating SPARQL statements.
-    Chain for question-answering against an RDF or OWL graph by generating
+
-    SPARQL statements.
+    *Security note*: Make sure that the database connection uses credentials
+        that are narrowly-scoped to only include necessary permissions.
+        Failure to do so may result in data corruption or loss, since the calling
+        code may attempt commands that would result in deletion, mutation
+        of data if appropriately prompted or reading sensitive data if such
+        data is present in the database.
+        The best way to guard against such negative outcomes is to (as appropriate)
+        limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     graph: RdfGraph = Field(exclude=True)

libs/langchain/langchain/graphs/arangodb_graph.py

@@ -14,6 +14,8 @@ class ArangoGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(self, db: Any) -> None:

libs/langchain/langchain/graphs/falkordb_graph.py

@@ -43,6 +43,8 @@ class FalkorDBGraph(GraphStore):
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(

libs/langchain/langchain/graphs/hugegraph.py

@@ -12,6 +12,8 @@ class HugeGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(

libs/langchain/langchain/graphs/kuzu_graph.py

@@ -12,6 +12,8 @@ class KuzuGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(self, db: Any, database: str = "kuzu") -> None:

libs/langchain/langchain/graphs/memgraph_graph.py

@@ -24,6 +24,8 @@ class MemgraphGraph(Neo4jGraph):
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(

libs/langchain/langchain/graphs/nebula_graph.py

@@ -29,6 +29,8 @@ class NebulaGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(

libs/langchain/langchain/graphs/neo4j_graph.py

@@ -40,6 +40,8 @@ class Neo4jGraph(GraphStore):
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(

libs/langchain/langchain/graphs/neptune_graph.py

@@ -47,6 +47,8 @@ class NeptuneGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(

libs/langchain/langchain/graphs/networkx_graph.py

@@ -57,6 +57,8 @@ class NetworkxEntityGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(self, graph: Optional[Any] = None) -> None:

libs/langchain/langchain/graphs/rdf_graph.py

@@ -103,6 +103,8 @@ class RdfGraph:
         data is present in the database.
         The best way to guard against such negative outcomes is to (as appropriate)
         limit the permissions granted to the credentials used with this tool.
+
+        See https://python.langchain.com/docs/security for more information.
     """
 
     def __init__(