Skip to content

Proposal: Integrate PIC-Standard for Provenance & Impact Checks in LangGraph #6684

New issue
New issue
Open
Open
Proposal: Integrate PIC-Standard for Provenance & Impact Checks in LangGraph#6684
Labels
bugSomething isn't workingpendingawaiting review/confirmation by maintainer
@madeinplutofabio

Description

@madeinplutofabio
madeinplutofabio
opened on Jan 13, 2026

Checked other resources

  • This is a bug, not a usage question. For questions, please use the LangChain Forum (https://forum.langchain.com/).
  • I added a clear and detailed title that summarizes the issue.
  • I read what a minimal reproducible example is (https://stackoverflow.com/help/minimal-reproducible-example).
  • I included a self-contained, minimal example that demonstrates the issue INCLUDING all the relevant imports. The code run AS IS to reproduce the issue.

Example Code

from langgraph.graph import StateGraph, END
from typing import TypedDict, Annotated

# Define state
class AgentState(TypedDict):
    messages: Annotated[list[str], "A list of messages"]

# Dummy tool that could be risky (e.g., financial action from untrusted input)
def risky_tool(state: AgentState) -> AgentState:
    # Simulate untrusted input triggering high-impact action
    if "transfer money" in state["messages"][-1]:  # Untrusted prompt
        print("Executing risky action: Transferring $1000!")  # Potential causal gap
    return {"messages": state["messages"] + ["Action executed"]}

# Simple agent node
def agent(state: AgentState) -> AgentState:
    return {"messages": state["messages"] + ["Planning action"]}

# Build graph
graph = StateGraph(AgentState)
graph.add_node("agent", agent)
graph.add_node("tool", risky_tool)
graph.add_edge("agent", "tool")
graph.add_edge("tool", END)
graph.set_entry_point("agent")

# Compile and run with untrusted input
compiled_graph = graph.compile()
result = compiled_graph.invoke({"messages": ["User: transfer money based on this sketchy prompt"]})

print(result)  # Runs without safety checks, exposing causal gap

Error Message and Stack Trace (if applicable)

This example shows a LangGraph workflow where untrusted input can directly trigger a high-impact action (e.g., financial transfer) without provenance or impact validation, a potential security gap. My PIC-Standard integration (as a PICToolNode wrapper) would enforce JSON contracts to block this. See proposal below.

Description

Hi LangGraph team,

I'm the maintainer of PIC-Standard, an open-source protocol for enforcing safety in agentic AI via JSON "contracts" that tie provenance (data trust levels), intent (action rationale), and impact (risk taxonomy like money or privacy). It bridges the "causal gap" where untrusted inputs (e.g., prompt injections) could trigger high-risk side effects, complementing tools like DeepMind's CaMeL but with a production-ready JSON schema and Python SDK.

I've built a drop-in integration for LangGraph: a PICToolNode that validates action proposals before execution, blocking tainted actions while allowing trusted ones. This adds lightweight governance without disrupting workflows, which is ideal for enterprise use cases like FinTech or SaaS agents.

Key Benefits for LangGraph Users

  • Enhances security: Requires trusted evidence for high-impact tools (e.g., financial APIs).
  • Interoperable: Uses a simple JSON schema; extensible for custom impacts.
  • Quick to Adopt: Install via pip install pic-standard[langgraph]; minimal overhead.

Demo
Here is quick demo or can check full demo and code on our repo.

from langgraph.graph import StateGraph, END
from pic_standard.langgraph import PICToolNode  # Our middleware

# Define your agent state and tools...

graph = StateGraph(AgentState)
graph.add_node("agent", agent_node)
graph.add_node("tool", PICToolNode(tools=[your_tool]))  # Wraps with PIC validation

# ... rest of graph setup

# Run: Proposals attach via args['__pic'] and get verified

Proposal

  • Add PICToolNode as an optional built-in (or example) in LangGraph docs/codebase.
  • Mention in tutorials for safety-focused agents.

This could make LangGraph even stronger for production AI. Happy to iterate based on feedback or adjust the implementation!

Thanks,
Fabio Marcello Salvadori

System Info

  • OS: Windows 11, Ubuntu 22.04—use what you tested on
  • Python version: 3.10
  • LangGraph version: 0.0.25 (check via pip show langgraph—e.g., 0.0.25 as of Jan 2026)
  • LangChain version: 0.1.0 (if relevant, e.g., 0.1.0)
  • Other dependencies: Pydantic 2.5.3 (used in PIC verifier); no other specifics for this gap
  • Environment: Standard virtualenv; no Docker or cloud specifics

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingpendingawaiting review/confirmation by maintainer

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions