Mason Daugherty
cb50fed2bb
ci: bypass issue-link gate for trusted contributors ( #35720 )
...
Bypass the issue-link requirement for external contributors who have
earned the `trusted-contributor` tier label (>=5 merged PRs). Previously
only PRs with the `internal` label skipped the gate, meaning repeat
contributors still had to link an approved issue on every PR. Also
includes minor template and linting tweaks for contributor experience.
## Changes
- Add `trusted-contributor` bypass to the `check-issue-link` job
condition in `require_issue_link.yml`, with a secondary live-label API
fetch inside the script to cover the race where the `external` labeled
event payload doesn't yet include the tier label
- Add a `bypass-trusted-contributor` job in `require_issue_link.yml`
that removes `missing-issue-link` and reopens the PR when the
`trusted-contributor` label arrives after enforcement has already closed
it
- Reorder steps in `tag-external-contributions.yml` so the tier label is
applied *before* the `external` label — eliminates the race window
entirely since `trusted-contributor` is already on the PR when the
downstream `labeled` event fires
- Switch the tier-label step from `GITHUB_TOKEN` to the app token so the
`trusted-contributor` labeled event propagates to downstream workflows
- Add `hotfix` to allowed PR title types in `pr_lint.yml`
- Promote the English language policy to a blockquote callout in issue
and PR templates; add a "do not begin work without assignment" note to
the feature request template
2026-03-10 12:01:07 -04:00
John Kennedy
bb8b057ac3
ci(infra): add top-level permissions and SHA-pin third-party actions [INF-0000] ( #35588 )
...
## Summary
- Adds top-level `permissions: contents: read` to 5 workflows that only
had job-level permissions: `pr_labeler_file`, `pr_labeler_title`,
`tag-external-contributions`, `v03_api_doc_build`,
`auto-label-by-package`
- SHA-pins all 14 third-party actions to full commit SHAs to prevent
supply chain attacks via tag hijacking
## Why
**Missing top-level permissions:** Without an explicit top-level
`permissions` block, workflows inherit the repository/org default token
permissions, which may be overly broad. Adding `contents: read` as the
default restricts the blast radius if a dependency or action step is
compromised.
**SHA pinning:** Mutable tags (`@v1`, `@master`) can be force-pushed by
the action maintainer or an attacker who compromises their account.
Pinning to a full 40-character SHA ensures the exact reviewed code
always runs. Tag comments are preserved for readability.
### Actions pinned
| Action | File(s) |
|--------|---------|
| `pypa/gh-action-pypi-publish` | `_release.yml` (2 uses) |
| `ncipollo/release-action` | `_release.yml` |
| `Ana06/get-changed-files` | `check_diffs.yml` |
| `astral-sh/setup-uv` | `check_diffs.yml`, `uv_setup/action.yml` |
| `CodSpeedHQ/action` | `check_diffs.yml` |
| `google-github-actions/auth` | `integration_tests.yml` |
| `aws-actions/configure-aws-credentials` | `integration_tests.yml` |
| `amannn/action-semantic-pull-request` | `pr_lint.yml` |
| `bcoe/conventional-release-labels` | `pr_labeler_title.yml` |
| `mikefarah/yq` | `v03_api_doc_build.yml` |
| `EndBug/add-and-commit` | `v03_api_doc_build.yml` |
| `peter-evans/create-pull-request` | `refresh_model_profiles.yml` |
## Test plan
- [x] CI passes — all workflows still resolve their actions correctly
- [x] Verify no functional change: SHA refs point to the same code as
the previous tags
---
> This PR was generated with assistance from an AI coding agent as part
of a repository posture check.
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-06 07:20:05 +00:00
Mason Daugherty
f9fd7be695
feat(openrouter): add langchain-openrouter provider package ( #35211 )
...
Add a first-party `langchain-openrouter` partner package
(`ChatOpenRouter`) that wraps the official `openrouter` Python SDK,
providing native support for OpenRouter-specific features that
`ChatOpenAI` intentionally does not handle.
Also adds scope-clarifying docstrings to `ChatOpenAI` / `BaseChatOpenAI`
warning users away from using `base_url` overrides with third-party
providers.
---
Closes #31325
Closes #32967
Closes #32977
Closes #32981
Closes #33643
Closes #33757
Closes #34056
Closes #34797
Closes #34962
Supersedes #33902 , #34867 (thank you @elonfeng and @okamototk for your
initial work on this!)
---
Bugs with upstream sdk:
- https://github.com/OpenRouterTeam/python-sdk/issues/38
- https://github.com/OpenRouterTeam/python-sdk/issues/51
- https://github.com/OpenRouterTeam/python-sdk/issues/52
2026-02-15 02:09:13 -05:00
ccurme
f058e45dfb
chore(infra): delete prompty ( #35044 )
2026-02-06 10:38:27 -05:00
Mason Daugherty
4e9a1eb283
chore: delete CLI ( #34855 )
...
preserved in
https://github.com/langchain-ai/langchain/tree/langchain-cli
2026-01-23 12:55:09 -05:00
Mason Daugherty
5a956b745f
chore: update commit standards to enforce lowercase titles and required scopes ( #34847 )
2026-01-22 17:32:34 -05:00
Mason Daugherty
2e8744559d
fix(langchain,langchain-classic): more descriptive error msg when dep is not installed ( #34679 )
2026-01-09 12:41:55 -05:00
Mason Daugherty
dad50e5624
chore(infra): updated allowed scopes in PR lint configuration ( #34115 )
2025-11-27 00:34:15 -05:00
Mason Daugherty
2a863727f9
fix(infra,core): nits ( #34079 )
...
* Add missing `nits` to allowed PR linting scopes
* Ensure `MAJOR.MINOR.PATCH` consistency in admonitions
* Ensure valid spacing in admonitions
2025-11-23 20:00:07 -05:00
Mason Daugherty
ba428cdf54
chore(infra): add note to pr linting workflow ( #33916 )
2025-11-10 11:49:31 -05:00
Mason Daugherty
91560b6a7a
chore(infra): expand PR labeling ( #33887 )
2025-11-07 16:37:35 -05:00
Mason Daugherty
eeae34972f
chore(infra): drop langchain_v1 pr lint ( #33830 )
...
Just use `langchain`
2025-11-04 19:46:05 -05:00
ccurme
1c762187e8
fix(model-profiles): remove langchain-core as a dependency ( #33761 )
2025-10-31 11:04:14 -04:00
Mason Daugherty
e5e1d6c705
style: more refs work ( #33707 )
2025-10-28 14:43:28 -04:00
Eugene Yurtsev
a16307fe84
chore(infra): change scope names ( #33580 )
...
Change scope names
2025-10-17 15:55:58 +00:00
Mason Daugherty
ae5b105d11
docs: v1 docs updates ( #33173 )
...
Co-authored-by: Mohammad Mohtashim <45242107+keenborder786@users.noreply.github.com >
Co-authored-by: Caspar Broekhuizen <caspar@langchain.dev >
Co-authored-by: ccurme <chester.curme@gmail.com >
Co-authored-by: Christophe Bornet <cbornet@hotmail.com >
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com >
Co-authored-by: Sadra Barikbin <sadraqazvin1@yahoo.com >
Co-authored-by: Vadym Barda <vadim.barda@gmail.com >
2025-10-02 18:46:26 -04:00
Mason Daugherty
65cd214f67
chore(infra): more tweaks to PR linting ( #33220 )
2025-10-02 20:11:05 +00:00
Mason Daugherty
ccfea37d17
style(infra): update release guidelines for IDE autogen ( #33215 )
...
VSCode looks at this file. Should help auto-gen commits for releases.
2025-10-02 17:55:35 +00:00
Mason Daugherty
2c95586f2a
chore(infra): audit workflows, scripts ( #33055 )
...
Mostly adding a descriptive frontmatter to workflow files. Also address
some formatting and outdated artifacts
No functional changes outside of
[d5457c3d5457c39ee90708a090708a0d99338c82d338c82d21e
2025-09-23 17:08:19 +00:00
Mason Daugherty
5b418d3f26
feat(infra): add PR labeler configurations and workflows ( #33031 )
2025-09-20 22:33:08 -04:00
Mason Daugherty
ab1b822523
chore: update PR title lint ( #32983 )
2025-09-16 22:04:19 -04:00
dependabot[bot]
f8bcc98362
chore(infra): bump amannn/action-semantic-pull-request from 5 to 6 ( #32585 )
...
Bumps
[amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request )
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/amannn/action-semantic-pull-request/releases ">amannn/action-semantic-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2><a
href="https://github.com/amannn/action-semantic-pull-request/compare/v5.5.3...v6.0.0 ">6.0.0</a>
(2025-08-13)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Upgrade action to use Node.js 24 and ESM (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/287 ">#287</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>Upgrade action to use Node.js 24 and ESM (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/287 ">#287</a>)
(<a
href="bc0c9a79abhttps://github.com/amannn/action-semantic-pull-request/compare/v5.5.2...v5.5.3 ">5.5.3</a>
(2024-06-28)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Bump <code>braces</code> dependency (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/269 ">#269</a>.
by <a href="https://github.com/EelcoLos "><code>@EelcoLos</code></a>)
(<a
href="2d952a1bf9https://github.com/amannn/action-semantic-pull-request/compare/v5.5.1...v5.5.2 ">5.5.2</a>
(2024-04-24)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Bump tar from 6.1.11 to 6.2.1 (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/262 ">#262</a>
by <a href="https://github.com/EelcoLos "><code>@EelcoLos</code></a>)
(<a
href="9a90d5a5achttps://github.com/amannn/action-semantic-pull-request/compare/v5.5.0...v5.5.1 ">5.5.1</a>
(2024-04-24)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Bump ip from 2.0.0 to 2.0.1 (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/263 ">#263</a>
by <a href="https://github.com/EelcoLos "><code>@EelcoLos</code></a>)
(<a
href="5e7e9acca3https://github.com/amannn/action-semantic-pull-request/compare/v5.4.0...v5.5.0 ">5.5.0</a>
(2024-04-23)</h2>
<h3>Features</h3>
<ul>
<li>Add outputs for <code>type</code>, <code>scope</code> and
<code>subject</code> (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/261 ">#261</a>
by <a href="https://github.com/bcaurel "><code>@bcaurel</code></a>) (<a
href="b05f5f6423https://github.com/amannn/action-semantic-pull-request/compare/v5.3.0...v5.4.0 ">5.4.0</a>
(2023-11-03)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md ">amannn/action-semantic-pull-request's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/amannn/action-semantic-pull-request/compare/v5.2.0...v5.3.0 ">5.3.0</a>
(2023-09-25)</h2>
<h3>Features</h3>
<ul>
<li>Use Node.js 20 in action (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/240 ">#240</a>)
(<a
href="4c0d5a21fchttps://github.com/amannn/action-semantic-pull-request/compare/v5.1.0...v5.2.0 ">5.2.0</a>
(2023-03-16)</h2>
<h3>Features</h3>
<ul>
<li>Update dependencies by <a
href="https://github.com/EelcoLos "><code>@EelcoLos</code></a> (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/229 ">#229</a>)
(<a
href="e797448a07https://github.com/amannn/action-semantic-pull-request/compare/v5.0.2...v5.1.0 ">5.1.0</a>
(2023-02-10)</h2>
<h3>Features</h3>
<ul>
<li>Add regex support to <code>scope</code> and
<code>disallowScopes</code> configuration (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/226 ">#226</a>)
(<a
href="403a6f8924https://github.com/amannn/action-semantic-pull-request/compare/v5.0.1...v5.0.2 ">5.0.2</a>
(2022-10-17)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Upgrade <code>@actions/core</code> to avoid deprecation warnings (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/208 ">#208</a>)
(<a
href="91f4126c9ehttps://github.com/amannn/action-semantic-pull-request/compare/v5.0.0...v5.0.1 ">5.0.1</a>
(2022-10-14)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Upgrade GitHub Action to use Node v16 (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/207 ">#207</a>)
(<a
href="6282ee339bhttps://github.com/amannn/action-semantic-pull-request/compare/v4.6.0...v5.0.0 ">5.0.0</a>
(2022-10-11)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Enum options need to be newline delimited (to allow whitespace
within them) (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/205 ">#205</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>Enum options need to be newline delimited (to allow whitespace
within them) (<a
href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/205 ">#205</a>)
(<a
href="c906fe1e5ahttps://github.com/amannn/action-semantic-pull-request/compare/v4.5.0...v4.6.0 ">4.6.0</a>
(2022-09-26)</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fdd4d3ddf658e4ab40f5https://redirect.github.com/amannn/action-semantic-pull-request/issues/289 ">#289</a>)</li>
<li><a
href="04a8d177d9bc0c9a79abhttps://redirect.github.com/amannn/action-semantic-pull-request/issues/287 ">#287</a>)</li>
<li><a
href="631ffdc028https://redirect.github.com/amannn/action-semantic-pull-request/issues/286 ">#286</a>)</li>
<li><a
href="c1807ceb58https://redirect.github.com/amannn/action-semantic-pull-request/issues/231 ">#231</a>)</li>
<li><a
href="3352882559https://redirect.github.com/amannn/action-semantic-pull-request/issues/281 ">#281</a>)</li>
<li><a
href="04501d43b5https://redirect.github.com/amannn/action-semantic-pull-request/issues/280 ">#280</a>)</li>
<li><a
href="40166f0081https://redirect.github.com/amannn/action-semantic-pull-request/issues/276 ">#276</a>)</li>
<li><a
href="80c0371c57https://redirect.github.com/amannn/action-semantic-pull-request/issues/272 ">#272</a>
by <a
href="https://github.com/garysassano "><code>@garysassano</code></a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/amannn/action-semantic-pull-request/compare/v5...v6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 10:16:19 -04:00
Mason Daugherty
9d38f170ce
refactor: enhance workflow names and descriptions for clarity ( #32262 )
2025-07-27 21:31:59 -04:00
Eugene Yurtsev
7995c719c5
chore(langchain_v1): clean anything uncertain ( #32228 )
...
Further clean up of namespace:
- Removed prompts (we'll re-add in a separate commit)
- Remove LocalFileStore until we can review whether all the
implementation details are necessary
- Remove message processing logic from memory (we'll figure out where to
expose it)
- Remove `Tool` primitive (should be sufficient to use `BaseTool` for
typing purposes)
- Remove utilities to create kv stores. Unclear if they've had much
usage outside MultiparentRetriever
2025-07-24 14:41:05 +00:00
Mason Daugherty
6d449df8bb
chore: update PR lint ( #32091 )
...
remove regex
2025-07-17 15:33:48 -04:00
ccurme
3f4d27fe21
fix(infra): update some notebook cassettes ( #32087 )
2025-07-17 13:57:29 -04:00
Mason Daugherty
7e146a185b
chore: add text splitters to PR linting ( #32018 )
2025-07-14 09:24:40 -04:00
Mason Daugherty
b5462b8979
chore: update pr_lint.yml to add description ( #31954 )
2025-07-10 14:45:28 -04:00
Mason Daugherty
c026a71a06
chore: add PR title linting ( #31943 )
2025-07-09 15:04:25 -04:00
