langsmith 0.5.26 → 0.6.1

package/dist/client.cjs

@@ -49,8 +49,15 @@ const error_js_1 = require("./utils/error.cjs");
 const index_js_2 = require("./utils/prompt_cache/index.cjs");
 const fsUtils = __importStar(require("./utils/fs.cjs"));
 const fetch_js_1 = require("./singletons/fetch.cjs");
+const profiles_js_1 = require("./utils/profiles.cjs");
 const index_js_3 = require("./utils/fast-safe-stringify/index.cjs");
 const serialize_worker_js_1 = require("./utils/serialize_worker.cjs");
+function assertPullPublicPromptAllowed(promptIdentifier, dangerouslyPullPublicPrompt) {
+    const [owner] = (0, prompts_js_1.parseHubIdentifier)(promptIdentifier);
+    if (owner !== "-" && !dangerouslyPullPublicPrompt) {
+        throw new Error("Pulling a public prompt by owner/name is disabled by default because prompts may contain untrusted serialized LangChain objects. If you trust this prompt, set `dangerouslyPullPublicPrompt: true` to acknowledge the risk.");
+    }
+}
 /**
  * Catches timestamps without a timezone suffix.
  */
@@ -157,7 +164,6 @@ exports.DEFAULT_MAX_SIZE_BYTES = 1024 * 1024 * 1024; // 1GB
 const SERVER_INFO_REQUEST_TIMEOUT_MS = 10000;
 /** Maximum number of operations to batch in a single request. */
 const DEFAULT_BATCH_SIZE_LIMIT = 100;
-const DEFAULT_API_URL = "https://api.smith.langchain.com";
 class AutoBatchQueue {
     constructor(maxSizeBytes) {
         Object.defineProperty(this, "items", {
@@ -190,19 +196,11 @@ class AutoBatchQueue {
             // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/Promise
             itemPromiseResolve = resolve;
         });
-        // By default we compute the exact serialized size here by stringifying
-        // the payload. This is expensive: JSON.stringify on large payloads
-        // blocks the event loop on the user's hot path.
-        //
-        // Opting into LANGSMITH_PERF_OPTIMIZATION=true switches to a cheap
-        // structural estimate instead. The estimate is only used for soft
-        // memory accounting (queue size limit and downstream async caller
-        // memory tracking), never for anything correctness-critical -- the
-        // real serialization still happens later, off the hot path, when the
-        // batch is assembled for sending.
-        const size = (0, env_js_1.getLangSmithEnvironmentVariable)("PERF_OPTIMIZATION") === "true"
-            ? (0, index_js_3.estimateSerializedSize)(item.item).size
-            : (0, index_js_3.serialize)(item.item, `Serializing run with id: ${item.item.id}`).length;
+        // Use a cheap structural estimate for soft memory accounting (queue size
+        // limit and downstream async caller memory tracking). The exact
+        // serialization still happens later, off the hot path, when the batch is
+        // assembled for sending.
+        const size = (0, index_js_3.estimateSerializedSize)(item.item).size;
         // Check if adding this item would exceed the size limit
         // Allow the run if the queue is empty (to support large single traces)
         if (this.sizeBytes + size > this.maxSizeBytes && this.items.length > 0) {
@@ -270,15 +268,145 @@ class Client {
         return this._tracingMode;
     }
     get _fetch() {
-        return this.fetchImplementation || (0, fetch_js_1._getFetchImplementation)(this.debug);
+        const fetchImplementation = this.fetchImplementation || (0, fetch_js_1._getFetchImplementation)(this.debug);
+        return (async (input, init) => {
+            let authHeader;
+            const profileManagedAuthorization = this.getProfileManagedAuthorizationHeader(init);
+            if (this.apiKey !== undefined) {
+                authHeader = { name: "x-api-key", value: `${this.apiKey}` };
+            }
+            else if (!this.hasExplicitAuthHeader(init, profileManagedAuthorization)) {
+                authHeader = await this.profileAuth?.getAuthHeader(fetchImplementation, init?.signal);
+            }
+            return fetchImplementation(input, this.applyCurrentAuthHeaders(init, authHeader, profileManagedAuthorization));
+        });
+    }
+    getProfileManagedAuthorizationHeader(init) {
+        if (!init?.headers || !this.profileAuth) {
+            return undefined;
+        }
+        const authorization = new Headers(init.headers).get("Authorization");
+        if (!(0, profiles_js_1.hasValue)(authorization)) {
+            return undefined;
+        }
+        return this.profileAuth.isProfileAuthorizationHeader(authorization ?? "")
+            ? (authorization ?? undefined)
+            : undefined;
+    }
+    isProfileManagedAuthorizationHeader(value, profileManagedAuthorization) {
+        return (value === profileManagedAuthorization ||
+            this.profileAuth?.isProfileAuthorizationHeader(value) === true);
+    }
+    hasExplicitAuthHeader(init, profileManagedAuthorization) {
+        if (!init?.headers) {
+            return false;
+        }
+        const headers = new Headers(init.headers);
+        if ((0, profiles_js_1.hasValue)(headers.get("x-api-key"))) {
+            return true;
+        }
+        const authorization = headers.get("Authorization");
+        if (!(0, profiles_js_1.hasValue)(authorization)) {
+            return false;
+        }
+        return !this.isProfileManagedAuthorizationHeader(authorization ?? "", profileManagedAuthorization);
+    }
+    applyCurrentAuthHeaders(init, authHeader, profileManagedAuthorization) {
+        if (!authHeader) {
+            return init;
+        }
+        const applyAuth = (headers) => {
+            if (this.apiKey !== undefined && authHeader.name === "x-api-key") {
+                headers.delete("Authorization");
+                if (!headers.has("x-api-key")) {
+                    headers.set("x-api-key", authHeader.value);
+                }
+                return headers;
+            }
+            if (authHeader.name === "Authorization") {
+                if ((0, profiles_js_1.hasValue)(headers.get("x-api-key"))) {
+                    return headers;
+                }
+                const authorization = headers.get("Authorization");
+                if ((0, profiles_js_1.hasValue)(authorization) &&
+                    !this.isProfileManagedAuthorizationHeader(authorization ?? "", profileManagedAuthorization)) {
+                    return headers;
+                }
+                headers.set("Authorization", authHeader.value);
+                return headers;
+            }
+            const authorization = headers.get("Authorization");
+            if ((0, profiles_js_1.hasValue)(authorization) &&
+                !this.isProfileManagedAuthorizationHeader(authorization ?? "", profileManagedAuthorization)) {
+                return headers;
+            }
+            if ((0, profiles_js_1.hasValue)(authorization)) {
+                headers.delete("Authorization");
+            }
+            if (!headers.has("x-api-key")) {
+                headers.set("x-api-key", authHeader.value);
+            }
+            return headers;
+        };
+        if (!init) {
+            return {
+                headers: { [authHeader.name]: authHeader.value },
+            };
+        }
+        if (init.headers instanceof Headers) {
+            return { ...init, headers: applyAuth(new Headers(init.headers)) };
+        }
+        if (Array.isArray(init.headers)) {
+            return { ...init, headers: applyAuth(new Headers(init.headers)) };
+        }
+        const headers = {
+            ...(init.headers ?? {}),
+        };
+        const getHeaderKey = (name) => Object.keys(headers).find((key) => key.toLowerCase() === name);
+        const getHeader = (name) => {
+            const key = getHeaderKey(name);
+            return key ? headers[key] : undefined;
+        };
+        const hasApiKey = (0, profiles_js_1.hasValue)(getHeader("x-api-key"));
+        const authorization = getHeader("authorization");
+        const hasExplicitAuthorization = (0, profiles_js_1.hasValue)(authorization) &&
+            !this.isProfileManagedAuthorizationHeader(authorization ?? "", profileManagedAuthorization);
+        if (this.apiKey !== undefined && authHeader.name === "x-api-key") {
+            const authorizationKey = getHeaderKey("authorization");
+            if (authorizationKey) {
+                delete headers[authorizationKey];
+            }
+            if (!hasApiKey) {
+                headers["x-api-key"] = authHeader.value;
+            }
+            return { ...init, headers };
+        }
+        if (authHeader.name === "Authorization") {
+            if (!hasApiKey && !hasExplicitAuthorization) {
+                const authorizationKey = getHeaderKey("authorization");
+                if (authorizationKey && authorizationKey !== "Authorization") {
+                    delete headers[authorizationKey];
+                }
+                headers.Authorization = authHeader.value;
+            }
+            return { ...init, headers };
+        }
+        if (!hasExplicitAuthorization) {
+            const authorizationKey = getHeaderKey("authorization");
+            if (authorizationKey) {
+                delete headers[authorizationKey];
+            }
+            if (!hasApiKey) {
+                headers["x-api-key"] = authHeader.value;
+            }
+        }
+        return { ...init, headers };
     }
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -294,8 +422,7 @@ class Client {
         });
     }
     async _serializeBody(payload, errorContext) {
-        const perfOptIn = (0, env_js_1.getLangSmithEnvironmentVariable)("PERF_OPTIMIZATION") === "true";
-        if (!perfOptIn || this.manualFlushMode) {
+        if (this.manualFlushMode) {
             return (0, index_js_3.serialize)(payload, errorContext);
         }
         // Shape-aware gate: worker offload pays for itself only when the
@@ -538,6 +665,12 @@ class Client {
             writable: true,
             value: void 0
         });
+        Object.defineProperty(this, "profileAuth", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
         Object.defineProperty(this, "multipartStreamingDisabled", {
             enumerable: true,
             configurable: true,
@@ -586,12 +719,15 @@ class Client {
         if (this.apiUrl.endsWith("/")) {
             this.apiUrl = this.apiUrl.slice(0, -1);
         }
-        this.apiKey = trimQuotes(config.apiKey ?? defaultConfig.apiKey);
+        const configuredApiKey = trimQuotes(config.apiKey ?? defaultConfig.apiKey);
+        this.apiKey = (0, profiles_js_1.hasValue)(configuredApiKey) ? configuredApiKey : undefined;
+        this.profileAuth =
+            this.apiKey !== undefined ? undefined : defaultConfig.profileAuth;
         this.webUrl = trimQuotes(config.webUrl ?? defaultConfig.webUrl);
         if (this.webUrl?.endsWith("/")) {
             this.webUrl = this.webUrl.slice(0, -1);
         }
-        this.workspaceId = trimQuotes(config.workspaceId ?? (0, env_js_1.getLangSmithEnvironmentVariable)("WORKSPACE_ID"));
+        this.workspaceId = trimQuotes(config.workspaceId ?? defaultConfig.workspaceId);
         this.timeout_ms = config.timeout_ms ?? 90_000;
         this.caller = new async_caller_js_1.AsyncCaller({
             ...(config.callerOptions ?? {}),
@@ -676,18 +812,31 @@ class Client {
         this._customHeaders = config.headers ?? {};
     }
     static getDefaultClientConfig() {
-        const apiKey = (0, env_js_1.getLangSmithEnvironmentVariable)("API_KEY");
-        const apiUrl = (0, env_js_1.getLangSmithEnvironmentVariable)("ENDPOINT") ?? DEFAULT_API_URL;
+        const profileConfig = (0, profiles_js_1.loadProfileClientConfig)();
+        const envApiKey = (0, env_js_1.getLangSmithEnvironmentVariable)("API_KEY");
+        const envApiUrl = (0, env_js_1.getLangSmithEnvironmentVariable)("ENDPOINT");
+        const envWorkspaceId = (0, env_js_1.getLangSmithEnvironmentVariable)("WORKSPACE_ID");
+        const envAuthSet = (0, profiles_js_1.hasValue)(envApiKey);
+        const apiUrl = envApiUrl ?? profileConfig.apiUrl ?? profiles_js_1.DEFAULT_API_URL;
+        const workspaceId = envWorkspaceId ?? profileConfig.workspaceId;
         const hideInputs = (0, env_js_1.getLangSmithEnvironmentVariable)("HIDE_INPUTS") === "true";
         const hideOutputs = (0, env_js_1.getLangSmithEnvironmentVariable)("HIDE_OUTPUTS") === "true";
         const hideMetadata = (0, env_js_1.getLangSmithEnvironmentVariable)("HIDE_METADATA") === "true";
         return {
             apiUrl: apiUrl,
-            apiKey: apiKey,
+            apiKey: envApiKey,
             webUrl: undefined,
             hideInputs: hideInputs,
             hideOutputs: hideOutputs,
             hideMetadata: hideMetadata,
+            workspaceId: workspaceId,
+            oauthAccessToken: !envAuthSet
+                ? profileConfig.oauthAccessToken
+                : undefined,
+            oauthRefreshToken: !envAuthSet
+                ? profileConfig.oauthRefreshToken
+                : undefined,
+            profileAuth: !envAuthSet ? profileConfig.profileAuth : undefined,
         };
     }
     getHostUrl() {
@@ -739,9 +888,15 @@ class Client {
             ...this._customHeaders,
         };
         // Required headers that should not be overridden
-        if (this.apiKey) {
+        if (this.apiKey !== undefined) {
             headers["x-api-key"] = `${this.apiKey}`;
         }
+        else {
+            const profileAuthHeader = this.profileAuth?.currentAuthHeader();
+            if (profileAuthHeader) {
+                headers[profileAuthHeader.name] = profileAuthHeader.value;
+            }
+        }
         if (this.workspaceId) {
             headers["x-tenant-id"] = this.workspaceId;
         }
@@ -1645,7 +1800,7 @@ class Client {
             // if stream fails, fallback to buffered body
             if ((!this.multipartStreamingDisabled || streamedAttempt) &&
                 res.status === 422 &&
-                (options?.apiUrl ?? this.apiUrl) !== DEFAULT_API_URL) {
+                (options?.apiUrl ?? this.apiUrl) !== profiles_js_1.DEFAULT_API_URL) {
                 console.warn(`Streaming multipart upload to ${options?.apiUrl ?? this.apiUrl}/runs/multipart failed. ` +
                     `This usually means the host does not support chunked uploads. ` +
                     `Retrying with a buffered upload for operation "${context}".`);
@@ -4498,7 +4653,24 @@ class Client {
             hub_model_provider: result.model_provider,
         };
     }
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     async pullPromptCommit(promptIdentifier, options) {
+        assertPullPublicPromptAllowed(promptIdentifier, options?.dangerouslyPullPublicPrompt);
         // Check cache first if not skipped
         const refreshFunc = this._fetchPromptFromApi.bind(this, promptIdentifier, options);
         if (!options?.skipCache && this._promptCache) {
@@ -4518,12 +4690,26 @@ class Client {
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     async _pullPrompt(promptIdentifier, options) {
         const promptObject = await this.pullPromptCommit(promptIdentifier, {
             includeModel: options?.includeModel,
             skipCache: options?.skipCache,
+            dangerouslyPullPublicPrompt: options?.dangerouslyPullPublicPrompt,
         });
         const prompt = JSON.stringify(promptObject.manifest);
         return prompt;

package/dist/client.d.ts

@@ -4,6 +4,7 @@ import { ComparativeExperiment, DataType, Dataset, DatasetDiffInfo, DatasetShare
 import { type TracingMode } from "./utils/env.js";
 import { EvaluationResult, EvaluationResults } from "./evaluation/evaluator.js";
 import { PromptCache } from "./utils/prompt_cache/index.js";
+import { ProfileAuth } from "./utils/profiles.js";
 export interface ClientConfig {
     apiUrl?: string;
     apiKey?: string;
@@ -281,6 +282,18 @@ interface UploadCSVParams {
     dataType?: DataType;
     name?: string;
 }
+type DefaultClientConfig = {
+    apiUrl: string;
+    apiKey?: string;
+    webUrl?: string;
+    hideInputs?: boolean;
+    hideOutputs?: boolean;
+    hideMetadata?: boolean;
+    workspaceId?: string;
+    oauthAccessToken?: string;
+    oauthRefreshToken?: string;
+    profileAuth?: ProfileAuth;
+};
 interface CreateRunParams {
     name: string;
     inputs: KVMap;
@@ -439,14 +452,17 @@ export declare class Client implements LangSmithTracingClientInterface {
     private fetchImplementation?;
     private cachedLSEnvVarsForMetadata?;
     private _promptCache?;
+    private profileAuth?;
     private get _fetch();
+    private getProfileManagedAuthorizationHeader;
+    private isProfileManagedAuthorizationHeader;
+    private hasExplicitAuthHeader;
+    private applyCurrentAuthHeaders;
     /**
      * Serialize a payload for tracing, optionally offloading the work to a
-     * Node worker thread when LANGSMITH_PERF_OPTIMIZATION=true and the runtime
-     * supports worker_threads.
+     * Node worker thread when the runtime supports worker_threads.
      *
      * Falls back to synchronous serialization when:
-     *  - the perf flag is off
      *  - manualFlushMode is enabled (serverless: worker boot cost > benefit)
      *  - worker_threads is unavailable (non-Node runtimes)
      *  - the payload contains values that can't be structured-cloned across
@@ -466,14 +482,7 @@ export declare class Client implements LangSmithTracingClientInterface {
     private _customHeaders;
     debug: boolean;
     constructor(config?: ClientConfig);
-    static getDefaultClientConfig(): {
-        apiUrl: string;
-        apiKey?: string;
-        webUrl?: string;
-        hideInputs?: boolean;
-        hideOutputs?: boolean;
-        hideMetadata?: boolean;
-    };
+    static getDefaultClientConfig(): DefaultClientConfig;
     getHostUrl(): string;
     private get _mergedHeaders();
     /**
@@ -1322,18 +1331,57 @@ export declare class Client implements LangSmithTracingClientInterface {
      * Fetch a prompt commit directly from the API (bypassing cache).
      */
     private _fetchPromptFromApi;
+    /**
+     * Pull a prompt commit from the LangSmith API.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
+     */
     pullPromptCommit(promptIdentifier: string, options?: {
         includeModel?: boolean;
         skipCache?: boolean;
+        /**
+         * Set to `true` to allow pulling a public prompt by owner/name, for
+         * example `username/promptname`. Defaults to `false`.
+         */
+        dangerouslyPullPublicPrompt?: boolean;
     }): Promise<PromptCommit>;
     /**
      * This method should not be used directly, use `import { pull } from "langchain/hub"` instead.
      * Using this method directly returns the JSON string of the prompt rather than a LangChain object.
+     *
+     * Public prompts referenced by owner/name cross a trust boundary because the
+     * prompt manifest may contain serialized LangChain objects and configuration
+     * that affect runtime behavior. For example, a prompt can intentionally
+     * configure a model with a custom base URL, headers, model name, or other
+     * constructor arguments. These are supported features, but they also mean the
+     * prompt contents should be treated as executable configuration rather than
+     * plain text.
+     *
+     * Set `dangerouslyPullPublicPrompt: true` only after reviewing and trusting
+     * the prompt contents, not merely the publishing account. Prompts from your
+     * own or your organization's account can still be unsafe if that account or
+     * prompt was compromised.
      * @private
      */
     _pullPrompt(promptIdentifier: string, options?: {
         includeModel?: boolean;
         skipCache?: boolean;
+        /**
+         * Set to `true` to allow pulling a public prompt by owner/name, for
+         * example `username/promptname`. Defaults to `false`.
+         */
+        dangerouslyPullPublicPrompt?: boolean;
     }): Promise<any>;
     pushPrompt(promptIdentifier: string, options?: {
         object?: any;