latest--schema

dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object's (key, value) pairs dict(iterable) -> new dictionary initialized as if via: d = {} for k, v in iterable: d[k] = v dict(**kwargs) -> new dictionary initialized with the name=value pairs in the keyword argument list. For example: dict(one=1, two=2)

Optional. Whether to disable LangSmith API-key authentication for requests originating the Studio.

Defaults to False, meaning that if a particular header is set, the server will verify the x-api-key header value is a valid API key for the deployment's workspace. If True, all requests will go through your custom authentication logic, regardless of origin of the request.

Configuration for OpenAPI security definitions and requirements.

Useful for specifying global or path-level authentication and authorization flows (e.g., OAuth2, API key headers, etc.).

Required. Path to an instance of the Auth() class that implements custom authentication.

Optional. List of header keys to use for caching.

Optional. Maximum size of the cache.

Optional. Time-to-live in seconds for cached items.

Path-specific security overrides.

• Keys that are HTTP methods (e.g., "GET", "POST"),
• Values are lists of security definitions (just like security) for that method.

Global security requirements across all endpoints.

Each element in the list maps a security scheme (e.g. "OAuth2") to a list of scopes (e.g. ["read", "write"]).

Describe each security scheme recognized by your OpenAPI spec.

Keys are scheme names (e.g. "OAuth2", "ApiKeyAuth") and values are their definitions.

Import path to an async context manager that yields a BaseCheckpointSaver instance.

The referenced object should be an @asynccontextmanager-decorated function so that the server can properly manage the checkpointer's lifecycle (e.g. opening and closing connections).

Optional. Defines the serde configuration.

If provided, the checkpointer will apply serde settings according to the configuration. If omitted, no serde behavior is configured.

This configuration requires server version 0.5 or later to take effect.

Optional. Defines the TTL (time-to-live) behavior configuration.

If provided, the checkpointer will apply TTL settings according to the configuration. If omitted, no TTL behavior is configured.

Optional. List of allowed python modules to de-serialize custom objects from JSON.

If provided, only the specified modules will be allowed to be deserialized. If omitted, no modules are allowed, and the object returned will simply be a json object OR a deserialized langchain object.

Optional. List of allowed python modules to de-serialize custom objects from msgpack.

Known safe types (langgraph.checkpoint.serde.jsonplus.SAFE_MSGPACK_TYPES) are always allowed regardless of this setting. Use this to allowlist your custom Pydantic models, dataclasses, and other user-defined types.

If True (default), unregistered types will log a warning but still be deserialized. If None, only known safe types will be deserialized; unregistered types will be blocked.

{... ["my_agent.models", "MyState"], ] } }

{... } }

Optional. Whether to allow pickling as a fallback for deserialization.

If True, pickling will be allowed as a fallback for deserialization. If False, pickling will not be allowed as a fallback for deserialization. Defaults to True if not configured.

Default TTL (time-to-live) in minutes for checkpointed data.

Action taken when a thread exceeds its TTL.

Interval in minutes between sweep iterations. If omitted, a default interval will be used (typically ~ 5 minutes).

Maximum number of threads to process per sweep iteration. Defaults to 1000.

Optional. A description of the graph's purpose and functionality.

This description is surfaced in the API and can help users understand what the graph does.

Required. Import path to the graph object.

Optional. Import path to a custom Starlette/FastAPI application to mount.

Optional. Defines how headers are treated for a run's configuration.

You can include or exclude headers as configurable values to condition your agent's behavior or permissions on a request's headers.

Optional. Defines CORS restrictions. If omitted, no special rules are set and cross-origin behavior depends on default server settings.

Optional. If True, /a2a routes are removed, disabling default support to expose the deployment as an agent-to-agent (A2A) server.

Default is False.

Optional. If True, /assistants routes are removed from the server.

Default is False (meaning /assistants is enabled).

Optional. If True, /mcp routes are removed, disabling default support to expose the deployment as an MCP server.

Default is False.

Optional. Remove meta endpoints.

Default is False.

Optional. If True, /runs routes are removed.

Default is False.

Optional. If True, /store routes are removed, disabling direct store interactions via HTTP.

Default is False.

Optional. If True, /threads routes are removed.

Default is False.

Optional. If True, /ui routes are removed, disabling the UI server.

Default is False.

Optional. If True, webhooks are disabled. Runs created with an associated webhook will still be executed, but the webhook event will not be sent.

Default is False.

Optional. If True, authentication is enabled for custom routes, not just the routes that are protected by default. (Routes protected by default include /assistants, /threads, and /runs).

Default is False. This flag only affects authentication behavior if app is provided and contains custom routes.

Optional. Defines which headers are excluded from logging.

Optional. Defines the order in which to apply server customizations.

Optional. URL prefix to prepend to all the routes.

Headers to exclude. Applied before the 'includes' checks.

Headers to include (if not also matched against an 'excludes' pattern).

Optional. If True, cross-origin requests can include credentials (cookies, auth headers).

Default False to avoid accidentally exposing secured endpoints to untrusted sites.

Optional. HTTP headers that can be used in cross-origin requests (e.g. ["Content-Type", "Authorization"]).

Optional. HTTP methods permitted for cross-origin requests (e.g. ["GET", "POST"]).

Default might be ["GET", "POST", "OPTIONS"] depending on your server framework.

Optional. A regex pattern for matching allowed origins, used if you have dynamic subdomains.

Optional. List of allowed origins (e.g., "https://example.com").

Default is often an empty list (no external origins). Use "*" only if you trust all origins, as that bypasses most restrictions.

Optional. List of headers that browsers are allowed to read from the response in cross-origin contexts.

Optional. How many seconds the browser may cache preflight responses.

Default might be 600 (10 minutes). Larger values reduce preflight requests but can cause stale configurations.

Optional. Defines the vector-based semantic search configuration.

• Generate embeddings according to index.embed
• Enforce the embedding dimension given by index.dims
• Embed only specified JSON fields (if any) from index.fields

If omitted, no vector index is initialized.

Optional. Defines the TTL (time-to-live) behavior configuration.

If provided, the store will apply TTL settings according to the configuration. If omitted, no TTL behavior is configured.

Required. Dimensionality of the embedding vectors you will store.

Must match the output dimension of your selected embedding model or custom embed function. If mismatched, you will likely encounter shape/size errors when inserting or querying vectors.

Required. Identifier or reference to the embedding model or a custom embedding function.

• "my_custom_embed" if it's a known alias in your system

Optional. List of JSON fields to extract before generating embeddings.

Defaults to ["$"], which means the entire JSON object is embedded as one piece of text. If you provide multiple fields (e.g. ["title", "content"]), each is extracted and embedded separately, often saving token usage if you only care about certain parts of the data.

Optional. Default TTL (time-to-live) in minutes for new items.

If provided, all new items will have this TTL unless explicitly overridden. If omitted, items will have no TTL by default.

Default behavior for refreshing TTLs on read operations (GET and SEARCH).

If True, TTLs will be refreshed on read operations (get/search) by default. This can be overridden per-operation by explicitly setting refresh_ttl. Defaults to True if not configured.

Optional. Interval in minutes between TTL sweep iterations.

If provided, the store will periodically delete expired items based on the TTL. If omitted, no automatic sweeping will occur.

Required prefix for environment variables referenced in header templates.

Acts as an allowlist boundary to prevent leaking arbitrary environment variables. Defaults to "LG_WEBHOOK_" when omitted.

Static headers to include with webhook requests.

Values may contain templates of the form "${{ env.VAR }}". On startup, these are resolved via the process environment after verifying VAR starts with env_prefix. Mixed literals and multiple templates are allowed.

dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object's (key, value) pairs dict(iterable) -> new dictionary initialized as if via: d = {} for k, v in iterable: d[k] = v dict(**kwargs) -> new dictionary initialized with the name=value pairs in the keyword argument list. For example: dict(one=1, two=2)

Hostname allowlist. Supports exact hosts and wildcard subdomains.

Use entries like "hooks.example.com" or "*.mycorp.com". The wildcard only matches subdomains ("foo.mycorp.com"), not the apex ("mycorp.com"). When empty or omitted, any public host is allowed (subject to SSRF IP checks).

Explicit port allowlist for absolute URLs.

If set, requests must use one of these ports. Defaults are respected when a port is not present in the URL (443 for https, 80 for http).

Disallow relative URLs (internal loopback calls) when true.

Maximum permitted URL length in characters; longer inputs are rejected early.

Enforce HTTPS scheme for absolute URLs; reject <http://> when true.