langroid 0.53.15__py3-none-any.whl → 0.53.16__py3-none-any.whl

langroid/vector_store/base.py

@@ -38,6 +38,7 @@ class VectorStoreConfig(BaseSettings):
     document_class: Type[Document] = Document
     metadata_class: Type[DocMetaData] = DocMetaData
     # compose_file: str = "langroid/vector_store/docker-compose-qdrant.yml"
+    full_eval: bool = False  # runs eval without sanitization. Use only on trusted input
 
 
 class VectorStore(ABC):
@@ -153,6 +154,10 @@ class VectorStore(ABC):
     def compute_from_docs(self, docs: List[Document], calc: str) -> str:
         """Compute a result on a set of documents,
         using a dataframe calc string like `df.groupby('state')['income'].mean()`.
+
+        If full_eval is False (default), the input expression is sanitized to prevent
+        most common code injection attack vectors.
+        If full_eval is True, sanitization is bypassed - use only with trusted input!
         """
         # convert each doc to a dict, using dotted paths for nested fields
         dicts = [flatten_dict(doc.dict(by_alias=True)) for doc in docs]
@@ -160,9 +165,10 @@ class VectorStore(ABC):
 
         try:
             # SECURITY MITIGATION: Eval input is sanitized to prevent most common
-            # code injection attack vectors.
+            # code injection attack vectors when full_eval is False.
             vars = {"df": df}
-            calc = sanitize_command(calc)
+            if not self.config.full_eval:
+                calc = sanitize_command(calc)
             code = compile(calc, "<calc>", "eval")
             result = eval(code, vars, {})
         except Exception as e:

{langroid-0.53.15.dist-info → langroid-0.53.16.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: langroid
-Version: 0.53.15
+Version: 0.53.16
 Summary: Harness LLMs with Multi-Agent Programming
 Author-email: Prasad Chalasani <pchalasani@gmail.com>
 License: MIT

{langroid-0.53.15.dist-info → langroid-0.53.16.dist-info}/RECORD

@@ -125,7 +125,7 @@ langroid/utils/output/citations.py,sha256=9W0slQQgzRGLS7hU51mm5UWao5cS_xr8AVosVe
 langroid/utils/output/printing.py,sha256=yzPJZN-8_jyOJmI9N_oLwEDfjMwVgk3IDiwnZ4eK_AE,2962
 langroid/utils/output/status.py,sha256=rzbE7mDJcgNNvdtylCseQcPGCGghtJvVq3lB-OPJ49E,1049
 langroid/vector_store/__init__.py,sha256=8ktJUVsVUoc7FMmkUFpFBZu7VMWUqQY9zpm4kEJ8yTs,1537
-langroid/vector_store/base.py,sha256=uIRz3ZVmqxzuq2V71Kpys_6-j460gGjHXQIAJWJLI78,14675
+langroid/vector_store/base.py,sha256=jbLH0bH_1tioX1nCA5vzaKZij4kx6xiLd5TbmqLjF8g,15058
 langroid/vector_store/chromadb.py,sha256=p9mEqJwO2BrL2jSSXfa23kCPlPOwWpF3xJYd5zoWw_c,8661
 langroid/vector_store/lancedb.py,sha256=Qd20gKjWozPWfW5-D66J6U8dSrJo1yl-maj6s1lbf1c,14688
 langroid/vector_store/meilisearch.py,sha256=6frB7GFWeWmeKzRfLZIvzRjllniZ1cYj3HmhHQICXLs,11663
@@ -133,7 +133,7 @@ langroid/vector_store/pineconedb.py,sha256=otxXZNaBKb9f_H75HTaU3lMHiaR2NUp5MqwLZ
 langroid/vector_store/postgres.py,sha256=wHPtIi2qM4fhO4pMQr95pz1ZCe7dTb2hxl4VYspGZoA,16104
 langroid/vector_store/qdrantdb.py,sha256=O6dSBoDZ0jzfeVBd7LLvsXu083xs2fxXtPa9gGX3JX4,18443
 langroid/vector_store/weaviatedb.py,sha256=Yn8pg139gOy3zkaPfoTbMXEEBCiLiYa1MU5d_3UA1K4,11847
-langroid-0.53.15.dist-info/METADATA,sha256=893X5dUY-L85Q0rKwS2Ex6fIH3L_W3TZ0NFqCeMbz4Q,64946
-langroid-0.53.15.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-langroid-0.53.15.dist-info/licenses/LICENSE,sha256=EgVbvA6VSYgUlvC3RvPKehSg7MFaxWDsFuzLOsPPfJg,1065
-langroid-0.53.15.dist-info/RECORD,,
+langroid-0.53.16.dist-info/METADATA,sha256=hGXx5kkmGfUFp2QEBTeGNGhaegoHB5z4Pwdi5WELxa0,64946
+langroid-0.53.16.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+langroid-0.53.16.dist-info/licenses/LICENSE,sha256=EgVbvA6VSYgUlvC3RvPKehSg7MFaxWDsFuzLOsPPfJg,1065
+langroid-0.53.16.dist-info/RECORD,,