langsmith 0.5.26 → 0.6.0

package/dist/client.cjs

@@ -51,6 +51,12 @@ const fsUtils = __importStar(require("./utils/fs.cjs"));
 const fetch_js_1 = require("./singletons/fetch.cjs");
 const index_js_3 = require("./utils/fast-safe-stringify/index.cjs");
 const serialize_worker_js_1 = require("./utils/serialize_worker.cjs");
+function assertPullPublicPromptAllowed(promptIdentifier, dangerouslyPullPublicPrompt) {
+    const [owner] = (0, prompts_js_1.parseHubIdentifier)(promptIdentifier);
+    if (owner !== "-" && !dangerouslyPullPublicPrompt) {
+        throw new Error("Pulling a public prompt by owner/name is disabled by default because prompts may contain untrusted serialized LangChain objects. If you trust this prompt, set `dangerouslyPullPublicPrompt: true` to acknowledge the risk.");
+    }
+}
 /**
  * Catches timestamps without a timezone suffix.
  */
@@ -190,19 +196,11 @@ class AutoBatchQueue {
             // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/Promise
             itemPromiseResolve = resolve;
         });
-        // By default we compute the exact serialized size here by stringifying
-        // the payload. This is expensive: JSON.stringify on large payloads
-        // blocks the event loop on the user's hot path.
-        //
-        // Opting into LANGSMITH_PERF_OPTIMIZATION=true switches to a cheap
-        // structural estimate instead. The estimate is only used for soft
-        // memory accounting (queue size limit and downstream async caller
-        // memory tracking), never for anything correctness-critical -- the
-        // real serialization still happens later, off the hot path, when the
-        // batch is assembled for sending.
-        const size = (0, env_js_1.getLangSmithEnvironmentVariable)("PERF_OPTIMIZATION") === "true"
-            ? (0, index_js_3.estimateSerializedSize)(item.item).size
-            : (0, index_js_3.serialize)(item.item, `Serializing run with id: ${item.item.id}`).length;
+        // Use a cheap structural estimate for soft memory accounting (queue size
+        // limit and downstream async caller memory tracking). The exact
+        // serialization still happens later, off the hot path, when the batch is
+        // assembled for sending.
+        const size = (0, index_js_3.estimateSerializedSize)(item.item).size;
         // Check if adding this item would exceed the size limit
         // Allow the run if the queue is empty (to support large single traces)
         if (this.sizeBytes + size > this.maxSizeBytes && this.items.length > 0) {
@@ -274,11 +272,9 @@ class Client {
     }
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -294,8 +290,7 @@ class Client {
         });
     }
     async _serializeBody(payload, errorContext) {
-        const perfOptIn = (0, env_js_1.getLangSmithEnvironmentVariable)("PERF_OPTIMIZATION") === "true";
-        if (!perfOptIn || this.manualFlushMode) {
+        if (this.manualFlushMode) {
             return (0, index_js_3.serialize)(payload, errorContext);
         }
         // Shape-aware gate: worker offload pays for itself only when the
@@ -4498,7 +4493,24 @@ class Client {
             hub_model_provider: result.model_provider,
         };
     }
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     async pullPromptCommit(promptIdentifier, options) {
+        assertPullPublicPromptAllowed(promptIdentifier, options?.dangerouslyPullPublicPrompt);
         // Check cache first if not skipped
         const refreshFunc = this._fetchPromptFromApi.bind(this, promptIdentifier, options);
         if (!options?.skipCache && this._promptCache) {
@@ -4518,12 +4530,26 @@ class Client {
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     async _pullPrompt(promptIdentifier, options) {
         const promptObject = await this.pullPromptCommit(promptIdentifier, {
             includeModel: options?.includeModel,
             skipCache: options?.skipCache,
+            dangerouslyPullPublicPrompt: options?.dangerouslyPullPublicPrompt,
         });
         const prompt = JSON.stringify(promptObject.manifest);
         return prompt;

package/dist/client.d.ts

@@ -442,11 +442,9 @@ export declare class Client implements LangSmithTracingClientInterface {
     private get _fetch();
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -1322,18 +1320,57 @@ export declare class Client implements LangSmithTracingClientInterface {
      * Fetch a prompt commit directly from the API (bypassing cache).
      */
     private _fetchPromptFromApi;
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     pullPromptCommit(promptIdentifier: string, options?: {
         includeModel?: boolean;
         skipCache?: boolean;
+        /**
+         * Set to `true` to allow pulling a public prompt by owner/name, for
+         * example `username/promptname`. Defaults to `false`.
+         */
+        dangerouslyPullPublicPrompt?: boolean;
     }): Promise<PromptCommit>;
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     _pullPrompt(promptIdentifier: string, options?: {
         includeModel?: boolean;
         skipCache?: boolean;
+        /**
+         * Set to `true` to allow pulling a public prompt by owner/name, for
+         * example `username/promptname`. Defaults to `false`.
+         */
+        dangerouslyPullPublicPrompt?: boolean;
     }): Promise<any>;
     pushPrompt(promptIdentifier: string, options?: {
         object?: any;

package/dist/client.js

@@ -14,6 +14,12 @@ import * as fsUtils from "./utils/fs.js";
 import { _shouldStreamForGlobalFetchImplementation, _getFetchImplementation, } from "./singletons/fetch.js";
 import { serialize as serializePayloadForTracing, estimateSerializedSize, } from "./utils/fast-safe-stringify/index.js";
 import { getSharedSerializeWorker, hasLargeString, } from "./utils/serialize_worker.js";
+function assertPullPublicPromptAllowed(promptIdentifier, dangerouslyPullPublicPrompt) {
+    const [owner] = parseHubIdentifier(promptIdentifier);
+    if (owner !== "-" && !dangerouslyPullPublicPrompt) {
+        throw new Error("Pulling a public prompt by owner/name is disabled by default because prompts may contain untrusted serialized LangChain objects. If you trust this prompt, set `dangerouslyPullPublicPrompt: true` to acknowledge the risk.");
+    }
+}
 /**
  * Catches timestamps without a timezone suffix.
  */
@@ -153,19 +159,11 @@ export class AutoBatchQueue {
             // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/Promise
             itemPromiseResolve = resolve;
         });
-        // By default we compute the exact serialized size here by stringifying
-        // the payload. This is expensive: JSON.stringify on large payloads
-        // blocks the event loop on the user's hot path.
-        //
-        // Opting into LANGSMITH_PERF_OPTIMIZATION=true switches to a cheap
-        // structural estimate instead. The estimate is only used for soft
-        // memory accounting (queue size limit and downstream async caller
-        // memory tracking), never for anything correctness-critical -- the
-        // real serialization still happens later, off the hot path, when the
-        // batch is assembled for sending.
-        const size = getLangSmithEnvironmentVariable("PERF_OPTIMIZATION") === "true"
-            ? estimateSerializedSize(item.item).size
-            : serializePayloadForTracing(item.item, `Serializing run with id: ${item.item.id}`).length;
+        // Use a cheap structural estimate for soft memory accounting (queue size
+        // limit and downstream async caller memory tracking). The exact
+        // serialization still happens later, off the hot path, when the batch is
+        // assembled for sending.
+        const size = estimateSerializedSize(item.item).size;
         // Check if adding this item would exceed the size limit
         // Allow the run if the queue is empty (to support large single traces)
         if (this.sizeBytes + size > this.maxSizeBytes && this.items.length > 0) {
@@ -236,11 +234,9 @@ export class Client {
     }
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -256,8 +252,7 @@ export class Client {
         });
     }
     async _serializeBody(payload, errorContext) {
-        const perfOptIn = getLangSmithEnvironmentVariable("PERF_OPTIMIZATION") === "true";
-        if (!perfOptIn || this.manualFlushMode) {
+        if (this.manualFlushMode) {
             return serializePayloadForTracing(payload, errorContext);
         }
         // Shape-aware gate: worker offload pays for itself only when the
@@ -4460,7 +4455,24 @@ export class Client {
             hub_model_provider: result.model_provider,
         };
     }
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     async pullPromptCommit(promptIdentifier, options) {
+        assertPullPublicPromptAllowed(promptIdentifier, options?.dangerouslyPullPublicPrompt);
         // Check cache first if not skipped
         const refreshFunc = this._fetchPromptFromApi.bind(this, promptIdentifier, options);
         if (!options?.skipCache && this._promptCache) {
@@ -4480,12 +4492,26 @@ export class Client {
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     async _pullPrompt(promptIdentifier, options) {
         const promptObject = await this.pullPromptCommit(promptIdentifier, {
             includeModel: options?.includeModel,
             skipCache: options?.skipCache,
+            dangerouslyPullPublicPrompt: options?.dangerouslyPullPublicPrompt,
         });
         const prompt = JSON.stringify(promptObject.manifest);
         return prompt;

package/dist/index.cjs

@@ -18,4 +18,4 @@ Object.defineProperty(exports, "PromptCache", { enumerable: true, get: function
 Object.defineProperty(exports, "configureGlobalPromptCache", { enumerable: true, get: function () { return index_js_1.configureGlobalPromptCache; } });
 Object.defineProperty(exports, "promptCacheSingleton", { enumerable: true, get: function () { return index_js_1.promptCacheSingleton; } });
 // Update using pnpm bump-version
-exports.__version__ = "0.5.26";
+exports.__version__ = "0.6.0";

package/dist/index.d.ts

@@ -5,4 +5,4 @@ export { overrideFetchImplementation } from "./singletons/fetch.js";
 export { getDefaultProjectName } from "./utils/project.js";
 export { uuid7, uuid7FromTime } from "./uuid.js";
 export { Cache, PromptCache, type CacheConfig, type CacheMetrics, configureGlobalPromptCache, promptCacheSingleton, } from "./utils/prompt_cache/index.js";
-export declare const __version__ = "0.5.26";
+export declare const __version__ = "0.6.0";

package/dist/index.js

@@ -5,4 +5,4 @@ export { getDefaultProjectName } from "./utils/project.js";
 export { uuid7, uuid7FromTime } from "./uuid.js";
 export { Cache, PromptCache, configureGlobalPromptCache, promptCacheSingleton, } from "./utils/prompt_cache/index.js";
 // Update using pnpm bump-version
-export const __version__ = "0.5.26";
+export const __version__ = "0.6.0";

package/dist/utils/serialize_worker.cjs

@@ -2,8 +2,7 @@
 /**
  * Off-thread serialization using Node worker_threads.
  *
- * Gated behind LANGSMITH_PERF_OPTIMIZATION=true. Falls back silently to
- * synchronous serialize() when:
+ * Falls back silently to synchronous serialize() when:
  *   - worker_threads is unavailable (browsers, Deno, Bun without compat,
  *     Cloudflare Workers, Vercel Edge, React Native)
  *   - the worker cannot be constructed (bundler/runtime constraints)

package/dist/utils/serialize_worker.d.ts

@@ -1,8 +1,7 @@
 /**
  * Off-thread serialization using Node worker_threads.
  *
- * Gated behind LANGSMITH_PERF_OPTIMIZATION=true. Falls back silently to
- * synchronous serialize() when:
+ * Falls back silently to synchronous serialize() when:
  *   - worker_threads is unavailable (browsers, Deno, Bun without compat,
  *     Cloudflare Workers, Vercel Edge, React Native)
  *   - the worker cannot be constructed (bundler/runtime constraints)

package/dist/utils/serialize_worker.js

@@ -1,8 +1,7 @@
 /**
  * Off-thread serialization using Node worker_threads.
  *
- * Gated behind LANGSMITH_PERF_OPTIMIZATION=true. Falls back silently to
- * synchronous serialize() when:
+ * Falls back silently to synchronous serialize() when:
  *   - worker_threads is unavailable (browsers, Deno, Bun without compat,
  *     Cloudflare Workers, Vercel Edge, React Native)
  *   - the worker cannot be constructed (bundler/runtime constraints)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "langsmith",
-  "version": "0.5.26",
+  "version": "0.6.0",
   "description": "Client library to connect to the LangSmith Observability and Evaluation Platform.",
   "packageManager": "pnpm@10.33.0",
   "files": [