Wrap a deny.sh vault entry as a LangChain v1 tool. The credential resolves inside the tool boundary; only a narrowed DTO reaches the model. Fail-closed leak sweep.
Project description
deny-sh-langchain
Wrap a deny.sh vault entry as a LangChain v1 tool (Python). The credential resolves inside the tool boundary; only a narrowed DTO reaches the model. Fail-closed leak sweep.
pip install deny-sh-langchain langchain langchain-openai
Usage
import os
from pydantic import BaseModel
from langchain.agents import create_agent
from langchain_openai import ChatOpenAI
from deny_sh_langchain import deny_vault_tool
import requests
class InvoiceArgs(BaseModel):
id: str
def lookup(stripe_key: str, args: dict) -> dict:
r = requests.get(
f"https://api.stripe.com/v1/invoices/{args['id']}",
headers={"Authorization": f"Bearer {stripe_key}"},
)
body = r.json()
# narrowed DTO -- never the raw key, never the raw upstream body
return {"id": body.get("id"), "amount_due": body.get("amount_due"), "status": body.get("status")}
invoice_tool = deny_vault_tool(
label="stripe-prod", # or: id="item_abc"
password=os.environ["VAULT_PW"], # server env, never the prompt
name="get_invoice",
description="Look up a Stripe invoice by id",
args_schema=InvoiceArgs,
use=lookup,
)
agent = create_agent(model=ChatOpenAI(model="gpt-4o"), tools=[invoice_tool])
The Stripe key is resolved + consumed entirely inside lookup. The agent and
the model provider see only the input args and the narrowed return. The key
never enters the model's context window.
Multi-tenant
Pass a per-tenant client_options={"api_key": ...} and password. One tenant
cannot decrypt another's vault entry; the boundary is cryptographic.
Config
| Field | Required | Notes |
|---|---|---|
label / id |
one of | vault entry label, or a stable item id |
password |
yes | vault wrap password |
name, description, args_schema |
yes | standard LangChain tool fields (args_schema is a pydantic model) |
use(secret, args) |
yes | privileged work; return a narrowed DTO |
client_options |
no | forwarded to deny_sh.vault_get (api_key, base_url, ...) |
leak_sweep |
no | default True; fail-closed scan of the returned DTO |
Apache-2.0. Part of deny-sh-integrations.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file deny_sh_langchain-0.1.0.tar.gz.
File metadata
- Download URL: deny_sh_langchain-0.1.0.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d24af1c48dee9d22c3015caf37cdcd72627e4c869a53603e1d78acbeaa734b0
|
|
| MD5 |
27a85ef4238a1fbfd03dd5b3e57bff12
|
|
| BLAKE2b-256 |
a9ee2d9d0eb23720d06d7b13e96f02eef9ea008b31e28e6b0b45a722aff2939e
|
File details
Details for the file deny_sh_langchain-0.1.0-py3-none-any.whl.
File metadata
- Download URL: deny_sh_langchain-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c368906f22319a008c89a0969be305029c0616425e9b61a51684b88cf0445dcd
|
|
| MD5 |
d5081d9044627c610222f722f84451d1
|
|
| BLAKE2b-256 |
b29ce16b5a56f09adbca4dbc71bf43308861474154101f1ca5604052b82ca86f
|
