5b68956a0c
Implements the complete defense stack from arXiv:2510.05244 and arXiv:2412.16682:
1. ToolInputMinimizerMiddleware (INPUT PROTECTION)
- Filters tool arguments before execution
- Prevents data exfiltration attacks
- Based on Tool-Input Firewall from arXiv:2510.05244
2. TaskShieldMiddleware (TOOL USE PROTECTION)
- Verifies actions align with user's goal
- Blocks goal hijacking attacks
- Based on Task Shield from arXiv:2412.16682
3. PromptInjectionDefenseMiddleware (OUTPUT PROTECTION)
- Already existed, updated docstrings for clarity
- Sanitizes tool outputs before agent processes them
Defense stack achieves 0% ASR on AgentDojo, InjecAgent, ASB, tau-Bench
benchmarks when used together.
Usage:
middleware=[
ToolInputMinimizerMiddleware(model),
TaskShieldMiddleware(model),
PromptInjectionDefenseMiddleware.check_then_parse(model),
]
Packages
Important
This repository is structured as a monorepo, with various packages located in this libs/ directory. Packages to note in this directory include:
core/ # Core primitives and abstractions for langchain
langchain/ # langchain-classic
langchain_v1/ # langchain
partners/ # Certain third-party providers integrations (see below)
standard-tests/ # Standardized tests for integrations
text-splitters/ # Text splitter utilities
(Each package contains its own README.md file with specific details about that package.)
Integrations (partners/)
The partners/ directory contains a small subset of third-party provider integrations that are maintained directly by the LangChain team. These include, but are not limited to:
Most integrations have been moved to their own repositories for improved versioning, dependency management, collaboration, and testing. This includes packages from popular providers such as Google and AWS. Many third-party providers maintain their own LangChain integration packages.
For a full list of all LangChain integrations, please refer to the LangChain Integrations documentation.