Skip to content

LangChain

PAIG integration via LangChain is designed to be nearly touch-free. This is facilitated through the use of PAIG Shield library, which transparently intercepts calls within LangChain, enforcing policies on the original prompt as well as whenever prompts are altered, whether due to Chains or Retrieval Augmented Generation (RAG). The objective is to ensure that policy adherence is seamlessly maintained across all interactions within the application, irrespective of prompt modifications.

Here are the Quick Start options for trying out the integrations with LangChain.

  1. Google Colab Notebook: You can experiment with the LangChain integration using a Google Colab notebook. This option only requires a Google account. Google Colab provides a free Jupyter notebook environment where you can run the PAIG SecureChat application.

  2. Sample Application: You can download the sample application and run it in your local environment. This option requires Python to be installed locally.

For both options, you'll need to create a PAIG Shield Application in PAIG and download the corresponding configuration file.

Adding AI Application in PAIG

As a first step, you need to add your AI Application in PAIG and we will use that application to integrate PAIG. If you already added the Application to the PAIG, then you can skip this step.

To create a new application, go to Paig Navigator > AI Application and click the CREATE APPLICATION button on the right top. This will open a dialog box where you can enter the details of the application.

 

How to add AI Application

Generate AI application API Key

The AI Application API key needs to be exported as "PAIG_APP_API_KEY" to initialize the Privacera Shield library. This API key can be generated from the PAIG portal.

Navigate to Paig Navigator -> AI Applications, and select the application for which you want to generate the api key. In the API KEYS tab, click the GENERATE API KEY button in the top-right corner to generate an API key. Provide a Name and Description, along with a Expiry, or select the Max Validity (1 year) checkbox to set default expiry.

Once you generate the API key you can view it clicking on eye icon. Make sure to copy and store the key securely.

AI Application API key

API Key Generation

Once the Api Key is generated, it will not be displayed again. Ensure you copy and securely store it immediately after generation.

Set the PAIG API Key

To initialize the PAIG Shield library in your AI application, export the PAIG_APP_API_KEY as an environment variable.

Bash
export PAIG_APP_API_KEY=<API_KEY>

Alternative Method: Pass API Key in Code

If you prefer not to use environment variables, you can directly pass the API key when initializing the library:

Python
paig_shield_client.setup(frameworks=["langchain"], application_config_api_key="<API_KEY>")
For a complete code example showing where to place this, locate the setup() method in the provided sample code section below.

Precedence Rule

If the PAIG_APP_API_KEY is set both as an environment variable and in the code, the key specified in the code will take priority.

Using Google Colab Notebook

After you have generated the API key, you can go to Open In ColabGoogle Colab NoteBook

Pre-requisite

  1. You need to authorize the Google Colab to access GitHub

Using Python Sample Application

The following are the prerequisites for trying out with LangChain

  • LangChain needs python 3.11 and above

Sample Code

If you like to try first and then understand the code later, then here is a sample application you can try it out quickly. The explanation of the code is provided here.

Supported versions

Library Versions
Python 3.11+
langchain-community 0.0.17
langchain-openai 0.0.5
langchain 0.1.5

You can download sample_langchain_integration.py and requirements.txt for OpenAI

sample_langchain_integration.py
import os
import paig_client
from paig_client import client as paig_shield_client
from langchain_openai import OpenAI
from langchain.prompts import PromptTemplate
from langchain.chains import LLMChain

api_key = os.getenv("OPENAI_API_KEY")  # (1)

# Initialize PAIG Shield
# Set the PAIG_APP_API_KEY environment variable or set it here in the setup method
paig_shield_client.setup(frameworks=["langchain"])

llm = OpenAI(openai_api_key=api_key)
template = """Question: {question}

Answer: Let's think step by step."""
prompt = PromptTemplate(template=template, input_variables=["question"])

# Let's assume the user is "testuser"
user = "testuser"
prompt_text = "Who was the first President of USA and where did they live?"
print(f"Prompt: {prompt_text}")
print()

llm_chain = LLMChain(prompt=prompt, llm=llm)
try:
    with paig_shield_client.create_shield_context(username=user):
        response = llm_chain.invoke(prompt_text)
        print(f"LLM Response: {response.get('text')}")
except paig_client.exception.AccessControlException as e:
    # If access is denied, then this exception will be thrown. You can handle it accordingly.
    print(f"AccessControlException: {e}")
requirements.txt
1
2
3
4
langchain-community==0.0.17
langchain-openai==0.0.5
langchain==0.1.5
paig_client

Open AI Key

For OpenAI, you need to set the OPENAI_API_KEY environment variable or set it in the code.

To export OPENAI_API_KEY as an environment variable use the below command:

Bash
export OPENAI_API_KEY="<your-openai-api-key>"

sample_langchain_integration.py
import os

import paig_client
from paig_client import client as paig_shield_client
from langchain.llms.bedrock import Bedrock
from langchain.prompts import PromptTemplate
from langchain.chains import LLMChain

# Initialize PAIG Shield 
# Set the PAIG_APP_API_KEY environment variable or set it here in the setup method
paig_shield_client.setup(frameworks=["langchain"])

model_name = "amazon.titan-tg1-large"
region = "us-west-2"
llm = Bedrock(model_id=model_name, region_name=region)

template = """Question: {question}

Answer: Let's think step by step."""
prompt = PromptTemplate(template=template, input_variables=["question"])

# Let's assume the user is "testuser"
user = "testuser"
prompt_text = "Who was the first President of USA and where did they live?"
llm_chain = LLMChain(prompt=prompt, llm=llm)
try:
    with paig_shield_client.create_shield_context(username=user):
        response = llm_chain.run(prompt_text)
        print(f"LLM Response: {response}")
except paig_client.exception.AccessControlException as e:
    # If access is denied, then this exception will be thrown. You can handle it accordingly.
    print(f"AccessControlException: {e}")

Dependent python package

Make sure you have installed the dependent python packages like boto3 and langchain

AWS IAM role access to Bedrock

Make sure you are running on AWS infrastructure which has access to Bedrock


It is recommended to use Python's virtual environment to run the sample application. The following steps show how to create a virtual environment and run the sample application. Create a folder where where you want to run the sample. E.g.

Bash
mkdir -p ~/paig-sample
cd ~/paig-sample

Create a virtual environment and activate it

Bash
python3 -m venv venv
source venv/bin/activate

Install the required python packages

Bash
pip3 install -r requirements.txt

Run the sample application

Bash
python3 sample_langchain_integration.py

Check the PAIG Lens Access Audits Now go to PAIG Lens Access Audits to check the prompts and responses for the testuser.

Code Breakup and explanation

In your AI Application you need to initialize PAIG Shield library. Once it is initialized, it will automatically embed itself within the LangChain framework and intercept all requests made by user as well as the iterations betweens agents and chains. The following code snippet shows how to initialize the PAIG Library.

Configure the API Key

Export or Pass the generated API KEY from the portal as an environment variable: PAIG_APP_API_KEY=<API_KEY> or Pass in the code(application_config_api_key=<API_KEY>) in setup method.

Install paig_client

PAIG Shield library needs to be first installed. This can be done by running the following command:

Bash
pip install paig_client

Importing the PAIG Libraries

Add the following imports to your application

Python
import paig_client
from paig_client import client as paig_shield_client

Initializing the PAIG Library

Call the setup method to initialize the PAIG Shield library.

Python
paig_shield_client.setup(frameworks=["langchain"])

Setting PAIG Shield Context

Before calling Langchain, the PAIG Shield context needs to be set. This is primarily to set the user context

Prompt User

If it is a chatbot application or an application where the user is prompted for input, then you need to pass the username of the user to the create_shield_context method. PAIG Shield will use this username to check access for the user. If it is a batch application, then you can pass the username for the service account, which could be any unique name e.g. document_summarizer. The policies will be checked against this username.

Python
1
2
3
4
5
6
7
try:
    with paig_shield_client.create_shield_context(username=user):
        response = llm_chain.invoke(prompt_text)
        print(f"LLM Response: {response.get('text')}")
except paig_client.exception.AccessControlException as e:
    # If access is denied, then this exception will be thrown. You can handle it accordingly.
    print(f"AccessControlException: {e}")

What Next?