langsmith 0.5.25 → 0.6.0

package/dist/client.cjs

@@ -51,6 +51,12 @@ const fsUtils = __importStar(require("./utils/fs.cjs"));
 const fetch_js_1 = require("./singletons/fetch.cjs");
 const index_js_3 = require("./utils/fast-safe-stringify/index.cjs");
 const serialize_worker_js_1 = require("./utils/serialize_worker.cjs");
+function assertPullPublicPromptAllowed(promptIdentifier, dangerouslyPullPublicPrompt) {
+    const [owner] = (0, prompts_js_1.parseHubIdentifier)(promptIdentifier);
+    if (owner !== "-" && !dangerouslyPullPublicPrompt) {
+        throw new Error("Pulling a public prompt by owner/name is disabled by default because prompts may contain untrusted serialized LangChain objects. If you trust this prompt, set `dangerouslyPullPublicPrompt: true` to acknowledge the risk.");
+    }
+}
 /**
  * Catches timestamps without a timezone suffix.
  */
@@ -190,19 +196,11 @@ class AutoBatchQueue {
             // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/Promise
             itemPromiseResolve = resolve;
         });
-        // By default we compute the exact serialized size here by stringifying
-        // the payload. This is expensive: JSON.stringify on large payloads
-        // blocks the event loop on the user's hot path.
-        //
-        // Opting into LANGSMITH_PERF_OPTIMIZATION=true switches to a cheap
-        // structural estimate instead. The estimate is only used for soft
-        // memory accounting (queue size limit and downstream async caller
-        // memory tracking), never for anything correctness-critical -- the
-        // real serialization still happens later, off the hot path, when the
-        // batch is assembled for sending.
-        const size = (0, env_js_1.getLangSmithEnvironmentVariable)("PERF_OPTIMIZATION") === "true"
-            ? (0, index_js_3.estimateSerializedSize)(item.item).size
-            : (0, index_js_3.serialize)(item.item, `Serializing run with id: ${item.item.id}`).length;
+        // Use a cheap structural estimate for soft memory accounting (queue size
+        // limit and downstream async caller memory tracking). The exact
+        // serialization still happens later, off the hot path, when the batch is
+        // assembled for sending.
+        const size = (0, index_js_3.estimateSerializedSize)(item.item).size;
         // Check if adding this item would exceed the size limit
         // Allow the run if the queue is empty (to support large single traces)
         if (this.sizeBytes + size > this.maxSizeBytes && this.items.length > 0) {
@@ -274,11 +272,9 @@ class Client {
     }
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -294,8 +290,7 @@ class Client {
         });
     }
     async _serializeBody(payload, errorContext) {
-        const perfOptIn = (0, env_js_1.getLangSmithEnvironmentVariable)("PERF_OPTIMIZATION") === "true";
-        if (!perfOptIn || this.manualFlushMode) {
+        if (this.manualFlushMode) {
             return (0, index_js_3.serialize)(payload, errorContext);
         }
         // Shape-aware gate: worker offload pays for itself only when the
@@ -719,6 +714,10 @@ class Client {
             this.webUrl = "https://aws.smith.langchain.com";
             return this.webUrl;
         }
+        else if (this.apiUrl.split(".", 1)[0].includes("apac")) {
+            this.webUrl = "https://apac.smith.langchain.com";
+            return this.webUrl;
+        }
         else if (this.apiUrl.split(".", 1)[0].includes("beta")) {
             this.webUrl = "https://beta.smith.langchain.com";
             return this.webUrl;
@@ -2495,7 +2494,7 @@ class Client {
             // projectId querying
             return true;
         }
-        catch (e) {
+        catch (_e) {
             return false;
         }
     }
@@ -4494,7 +4493,24 @@ class Client {
             hub_model_provider: result.model_provider,
         };
     }
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     async pullPromptCommit(promptIdentifier, options) {
+        assertPullPublicPromptAllowed(promptIdentifier, options?.dangerouslyPullPublicPrompt);
         // Check cache first if not skipped
         const refreshFunc = this._fetchPromptFromApi.bind(this, promptIdentifier, options);
         if (!options?.skipCache && this._promptCache) {
@@ -4514,12 +4530,26 @@ class Client {
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     async _pullPrompt(promptIdentifier, options) {
         const promptObject = await this.pullPromptCommit(promptIdentifier, {
             includeModel: options?.includeModel,
             skipCache: options?.skipCache,
+            dangerouslyPullPublicPrompt: options?.dangerouslyPullPublicPrompt,
         });
         const prompt = JSON.stringify(promptObject.manifest);
         return prompt;
@@ -4876,7 +4906,7 @@ class Client {
                 throw new Error(`Invalid public ${kind} URL: ${urlOrToken}`);
             }
         }
-        catch (error) {
+        catch (_error) {
             throw new Error(`Invalid public ${kind} URL or token: ${urlOrToken}`);
         }
     }

package/dist/client.d.ts

@@ -442,11 +442,9 @@ export declare class Client implements LangSmithTracingClientInterface {
     private get _fetch();
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -1322,18 +1320,57 @@ export declare class Client implements LangSmithTracingClientInterface {
      * Fetch a prompt commit directly from the API (bypassing cache).
      */
     private _fetchPromptFromApi;
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     pullPromptCommit(promptIdentifier: string, options?: {
         includeModel?: boolean;
         skipCache?: boolean;
+        /**
+         * Set to `true` to allow pulling a public prompt by owner/name, for
+         * example `username/promptname`. Defaults to `false`.
+         */
+        dangerouslyPullPublicPrompt?: boolean;
     }): Promise<PromptCommit>;
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     _pullPrompt(promptIdentifier: string, options?: {
         includeModel?: boolean;
         skipCache?: boolean;
+        /**
+         * Set to `true` to allow pulling a public prompt by owner/name, for
+         * example `username/promptname`. Defaults to `false`.
+         */
+        dangerouslyPullPublicPrompt?: boolean;
     }): Promise<any>;
     pushPrompt(promptIdentifier: string, options?: {
         object?: any;

package/dist/client.js

@@ -14,6 +14,12 @@ import * as fsUtils from "./utils/fs.js";
 import { _shouldStreamForGlobalFetchImplementation, _getFetchImplementation, } from "./singletons/fetch.js";
 import { serialize as serializePayloadForTracing, estimateSerializedSize, } from "./utils/fast-safe-stringify/index.js";
 import { getSharedSerializeWorker, hasLargeString, } from "./utils/serialize_worker.js";
+function assertPullPublicPromptAllowed(promptIdentifier, dangerouslyPullPublicPrompt) {
+    const [owner] = parseHubIdentifier(promptIdentifier);
+    if (owner !== "-" && !dangerouslyPullPublicPrompt) {
+        throw new Error("Pulling a public prompt by owner/name is disabled by default because prompts may contain untrusted serialized LangChain objects. If you trust this prompt, set `dangerouslyPullPublicPrompt: true` to acknowledge the risk.");
+    }
+}
 /**
  * Catches timestamps without a timezone suffix.
  */
@@ -153,19 +159,11 @@ export class AutoBatchQueue {
             // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/Promise
             itemPromiseResolve = resolve;
         });
-        // By default we compute the exact serialized size here by stringifying
-        // the payload. This is expensive: JSON.stringify on large payloads
-        // blocks the event loop on the user's hot path.
-        //
-        // Opting into LANGSMITH_PERF_OPTIMIZATION=true switches to a cheap
-        // structural estimate instead. The estimate is only used for soft
-        // memory accounting (queue size limit and downstream async caller
-        // memory tracking), never for anything correctness-critical -- the
-        // real serialization still happens later, off the hot path, when the
-        // batch is assembled for sending.
-        const size = getLangSmithEnvironmentVariable("PERF_OPTIMIZATION") === "true"
-            ? estimateSerializedSize(item.item).size
-            : serializePayloadForTracing(item.item, `Serializing run with id: ${item.item.id}`).length;
+        // Use a cheap structural estimate for soft memory accounting (queue size
+        // limit and downstream async caller memory tracking). The exact
+        // serialization still happens later, off the hot path, when the batch is
+        // assembled for sending.
+        const size = estimateSerializedSize(item.item).size;
         // Check if adding this item would exceed the size limit
         // Allow the run if the queue is empty (to support large single traces)
         if (this.sizeBytes + size > this.maxSizeBytes && this.items.length > 0) {
@@ -236,11 +234,9 @@ export class Client {
     }
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -256,8 +252,7 @@ export class Client {
         });
     }
     async _serializeBody(payload, errorContext) {
-        const perfOptIn = getLangSmithEnvironmentVariable("PERF_OPTIMIZATION") === "true";
-        if (!perfOptIn || this.manualFlushMode) {
+        if (this.manualFlushMode) {
             return serializePayloadForTracing(payload, errorContext);
         }
         // Shape-aware gate: worker offload pays for itself only when the
@@ -681,6 +676,10 @@ export class Client {
             this.webUrl = "https://aws.smith.langchain.com";
             return this.webUrl;
         }
+        else if (this.apiUrl.split(".", 1)[0].includes("apac")) {
+            this.webUrl = "https://apac.smith.langchain.com";
+            return this.webUrl;
+        }
         else if (this.apiUrl.split(".", 1)[0].includes("beta")) {
             this.webUrl = "https://beta.smith.langchain.com";
             return this.webUrl;
@@ -2457,7 +2456,7 @@ export class Client {
             // projectId querying
             return true;
         }
-        catch (e) {
+        catch (_e) {
             return false;
         }
     }
@@ -4456,7 +4455,24 @@ export class Client {
             hub_model_provider: result.model_provider,
         };
     }
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     async pullPromptCommit(promptIdentifier, options) {
+        assertPullPublicPromptAllowed(promptIdentifier, options?.dangerouslyPullPublicPrompt);
         // Check cache first if not skipped
         const refreshFunc = this._fetchPromptFromApi.bind(this, promptIdentifier, options);
         if (!options?.skipCache && this._promptCache) {
@@ -4476,12 +4492,26 @@ export class Client {
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     async _pullPrompt(promptIdentifier, options) {
         const promptObject = await this.pullPromptCommit(promptIdentifier, {
             includeModel: options?.includeModel,
             skipCache: options?.skipCache,
+            dangerouslyPullPublicPrompt: options?.dangerouslyPullPublicPrompt,
         });
         const prompt = JSON.stringify(promptObject.manifest);
         return prompt;
@@ -4838,7 +4868,7 @@ export class Client {
                 throw new Error(`Invalid public ${kind} URL: ${urlOrToken}`);
             }
         }
-        catch (error) {
+        catch (_error) {
             throw new Error(`Invalid public ${kind} URL or token: ${urlOrToken}`);
         }
     }