937c8471b1
TaskShield now uses randomly generated 12-character alphabetical codewords instead of predictable YES/NO responses. This defends against DataFlip-style adaptive attacks where injected content tries to: 1. Detect the presence of a verification prompt 2. Extract and return the expected 'approval' signal Key changes: - Generate unique approve/reject codewords per verification (26^12 ≈ 10^17 space) - Strict validation: response must exactly match one codeword - Any non-matching response (including YES/NO) is rejected (fail-closed) - Updated prompts to use codeword placeholders Tests: Added 12 new tests for codeword security including DataFlip attack simulation, YES/NO rejection, empty response handling, and codeword generation.
Packages
Important
This repository is structured as a monorepo, with various packages located in this libs/ directory. Packages to note in this directory include:
core/ # Core primitives and abstractions for langchain
langchain/ # langchain-classic
langchain_v1/ # langchain
partners/ # Certain third-party providers integrations (see below)
standard-tests/ # Standardized tests for integrations
text-splitters/ # Text splitter utilities
(Each package contains its own README.md file with specific details about that package.)
Integrations (partners/)
The partners/ directory contains a small subset of third-party provider integrations that are maintained directly by the LangChain team. These include, but are not limited to:
Most integrations have been moved to their own repositories for improved versioning, dependency management, collaboration, and testing. This includes packages from popular providers such as Google and AWS. Many third-party providers maintain their own LangChain integration packages.
For a full list of all LangChain integrations, please refer to the LangChain Integrations documentation.