@datacules/agent-identity-langchain 0.8.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +72 -0
- package/package.json +1 -1
package/README.md
ADDED
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
<p align="center">
|
|
2
|
+
<img src="../../../assets/logo.svg" alt="Agent Identity — by Datacules LLC" width="360"/>
|
|
3
|
+
</p>
|
|
4
|
+
|
|
5
|
+
# `@datacules/agent-identity-langchain`
|
|
6
|
+
|
|
7
|
+
LangChain and LangGraph integration for the agent-identity framework. Resolves credentials server-side and injects them into `ChatAnthropic`, `ChatOpenAI`, and other LangChain model classes before any LLM call.
|
|
8
|
+
|
|
9
|
+
## Install
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
npm install @datacules/agent-identity-langchain @datacules/agent-identity
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
## LangChain: `createAgentIdentityModel`
|
|
16
|
+
|
|
17
|
+
```typescript
|
|
18
|
+
import { createAgentIdentityModel } from '@datacules/agent-identity-langchain';
|
|
19
|
+
|
|
20
|
+
const { getModel, resolved } = createAgentIdentityModel(ctx, {
|
|
21
|
+
credentials,
|
|
22
|
+
rules,
|
|
23
|
+
logger,
|
|
24
|
+
fetchSecret: async (ref: string) => vault.getSecret(ref), // server-side only
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
const model = await getModel(); // ChatAnthropic or ChatOpenAI, API key injected
|
|
28
|
+
const response = await model.invoke('Summarise this document.');
|
|
29
|
+
|
|
30
|
+
console.log(resolved.resolvedFor); // for audit trail
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## LangGraph: `createAgentIdentityNode`
|
|
34
|
+
|
|
35
|
+
Drop-in `StateGraph` node that resolves credentials and writes them to graph state before any LLM call:
|
|
36
|
+
|
|
37
|
+
```typescript
|
|
38
|
+
import { StateGraph } from '@langchain/langgraph';
|
|
39
|
+
import { createAgentIdentityNode } from '@datacules/agent-identity-langchain';
|
|
40
|
+
|
|
41
|
+
const identityNode = createAgentIdentityNode({ credentials, rules, fetchSecret, logger });
|
|
42
|
+
|
|
43
|
+
const graph = new StateGraph({
|
|
44
|
+
channels: {
|
|
45
|
+
agentContext: null,
|
|
46
|
+
resolvedCredential: null,
|
|
47
|
+
messages: null,
|
|
48
|
+
},
|
|
49
|
+
})
|
|
50
|
+
.addNode('identity', identityNode) // reads state.agentContext, writes state.resolvedCredential
|
|
51
|
+
.addNode('llm', llmNode)
|
|
52
|
+
.addEdge('identity', 'llm')
|
|
53
|
+
.addEdge(START, 'identity');
|
|
54
|
+
|
|
55
|
+
const app = graph.compile();
|
|
56
|
+
const result = await app.invoke({ agentContext: ctx, messages: [] });
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
## Custom `fetchSecret`
|
|
60
|
+
|
|
61
|
+
`fetchSecret` is the only touch-point between agent-identity and your vault. It receives the opaque `ref` string from the resolved credential and must return the raw secret (API key, bearer token, etc.). Never expose this to the model or the client:
|
|
62
|
+
|
|
63
|
+
```typescript
|
|
64
|
+
async function fetchSecret(ref: string): Promise<string> {
|
|
65
|
+
const secret = await vaultClient.read(ref);
|
|
66
|
+
return secret.data.value;
|
|
67
|
+
}
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
|
|
72
|
+
Part of the [agent-identity monorepo](https://github.com/hvrcharon1/agent-identity) by [Datacules LLC](https://datacules.com).
|