Skip to content

Fixed InjectedToolArg filtering bypassed when filter_args provided#36064

Closed
Tim Ren (xr843) wants to merge 1 commit intolangchain-ai:masterfrom
xr843:fix/35831-injected-tool-arg-filter
Closed

Fixed InjectedToolArg filtering bypassed when filter_args provided#36064
Tim Ren (xr843) wants to merge 1 commit intolangchain-ai:masterfrom
xr843:fix/35831-injected-tool-arg-filter

Conversation

@xr843
Copy link
Copy Markdown

@xr843 Tim Ren (xr843) commented Mar 18, 2026

Summary

Fixes #35831

  • Bug: When filter_args is provided alongside include_injected=False in create_schema_from_function, the InjectedToolArg-annotated parameter filtering is skipped entirely. This causes parameters meant to be hidden from the LLM (e.g., API keys, internal state) to leak into the generated JSON schema.
  • Root cause: The injected-arg filtering block was nested inside the else branch of if filter_args:, so it only ran when filter_args was not provided.
  • Fix: Moved the InjectedToolArg filtering outside the if/else block so it always runs regardless of whether filter_args was provided. Also copies filter_args to a local list to avoid mutating the caller's sequence.

Security implications

This is a security-relevant fix. InjectedToolArg is commonly used to annotate sensitive parameters (API keys, tokens, internal state) that should never be exposed in the tool schema sent to an LLM. The bug caused these parameters to leak into the schema when filter_args was explicitly provided.

Test plan

  • Added regression test test_create_schema_injected_arg_filtered_with_filter_args that verifies:
    • InjectedToolArg-annotated parameters are excluded from the schema even when filter_args is provided
    • The caller's filter_args sequence is not mutated
  • Test passes locally

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

@xr843 @claude
Fixed InjectedToolArg filtering when filter_args is provided (#35831)
4d6bf3a 
The injected-arg filtering logic was nested inside the `else` branch of
`if filter_args:`, so providing filter_args alongside include_injected=False
caused InjectedToolArg-annotated parameters to leak into the generated
JSON schema. This moves the filtering outside the if/else so it always
runs, and copies filter_args to a local list to avoid mutating the
caller's sequence.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot added core `langchain-core` package issues & PRs size: S 50-199 LOC labels Mar 18, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 18, 2026

This PR has been automatically closed because you are not assigned to the linked issue.

External contributors must be assigned to an issue before opening a PR for it. Please:

  1. Comment on the linked issue to request assignment from a maintainer
  2. Once assigned, edit your PR description and the PR will be reopened automatically

@github-actions github-actions Bot closed this Mar 18, 2026
@xr843 Tim Ren (xr843) mentioned this pull request Mar 18, 2026
Open
29 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eyurtsev Eugene Yurtsev (eyurtsev) Awaiting requested review from eyurtsev eyurtsev is a code owner

Assignees

No one assigned

Labels

core `langchain-core` package issues & PRs external missing-issue-link new-contributor size: S 50-199 LOC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

core: create_schema_from_function ignores include_injected=False when filter_args is provided

1 participant

@xr843