chore: merge main into branch and resolve conflicts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: jsonbailey

.github/actions/build/action.yml

@@ -4,21 +4,10 @@ inputs:
   workspace_path:
     description: 'Path to the package to build.'
     required: true
-outputs:
-  package-hashes:
-    description: "base64-encoded sha256 hashes of distribution files"
-    value: ${{ steps.package-hashes.outputs.package-hashes }}
 
 runs:
   using: composite
   steps:
     - name: Build distribution files
       shell: bash
       run: make -C ${{ inputs.workspace_path }} build
-
-    - name: Hash build files for provenance
-      id: package-hashes
-      shell: bash
-      working-directory: ${{ inputs.workspace_path }}/dist
-      run: |
-        echo "package-hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT"

.github/workflows/release-please.yml

@@ -58,13 +58,10 @@ jobs:
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -75,6 +72,11 @@ jobs:
         with:
           workspace_path: packages/sdk/server-ai
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/sdk/server-ai/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -92,13 +94,10 @@ jobs:
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-langchain-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -109,6 +108,11 @@ jobs:
         with:
           workspace_path: packages/ai-providers/server-ai-langchain
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/ai-providers/server-ai-langchain/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -140,57 +144,28 @@ jobs:
           workspace_path: ${{ inputs.workspace_path }}
 
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
-        if: ${{ inputs.dry_run != true }}
+        if: ${{ format('{0}', inputs.dry_run) != 'true' }}
         name: 'Get PyPI token'
         with:
           aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
           ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN'
 
       - name: Publish to PyPI
-        if: ${{ inputs.dry_run != true }}
+        if: ${{ format('{0}', inputs.dry_run) != 'true' }}
         uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
         with:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: ${{ inputs.workspace_path }}/dist/
 
-  release-server-ai-provenance:
-    needs: ['release-please', 'release-server-ai']
-    if: ${{ needs.release-please.outputs.package-server-ai-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-tag-name }}
-
-  release-server-ai-langchain-provenance:
-    needs: ['release-please', 'release-server-ai-langchain']
-    if: ${{ needs.release-please.outputs.package-server-ai-langchain-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai-langchain.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-langchain-tag-name }}
-
   release-server-ai-openai:
     runs-on: ubuntu-latest
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-openai-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -201,6 +176,11 @@ jobs:
         with:
           workspace_path: packages/ai-providers/server-ai-openai
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/ai-providers/server-ai-openai/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -213,31 +193,15 @@ jobs:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: packages/ai-providers/server-ai-openai/dist/
 
-  release-server-ai-openai-provenance:
-    needs: ['release-please', 'release-server-ai-openai']
-    if: ${{ needs.release-please.outputs.package-server-ai-openai-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai-openai.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-openai-tag-name }}
-
   release-server-ai-optimization:
     runs-on: ubuntu-latest
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-optimization-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -248,6 +212,11 @@ jobs:
         with:
           workspace_path: packages/optimization
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/optimization/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -259,16 +228,3 @@ jobs:
         with:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: packages/optimization/dist/
-
-  release-server-ai-optimization-provenance:
-    needs: ['release-please', 'release-server-ai-optimization']
-    if: ${{ needs.release-please.outputs.package-server-ai-optimization-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai-optimization.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-optimization-tag-name }}

.release-please-manifest.json

@@ -1,5 +1,6 @@
 {
-  "packages/sdk/server-ai": "0.16.1",
-  "packages/ai-providers/server-ai-langchain": "0.3.2",
-  "packages/ai-providers/server-ai-openai": "0.2.1"
+  "packages/sdk/server-ai": "0.17.0",
+  "packages/ai-providers/server-ai-langchain": "0.4.0",
+  "packages/ai-providers/server-ai-openai": "0.3.0",
+  "packages/optimization": "0.1.0"
 }

packages/ai-providers/server-ai-langchain/CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+All notable changes to the LaunchDarkly Python AI LangChain provider package will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org).
+
+## [0.4.0](https://github.com/launchdarkly/python-server-sdk-ai/compare/launchdarkly-server-sdk-ai-langchain-0.3.2...launchdarkly-server-sdk-ai-langchain-0.4.0) (2026-04-02)
+
+
+### ⚠ BREAKING CHANGES
+
+* Bump minimum LangChain version to 1.0.0
+* Restructure provider factory and support additional create methods ([#102](https://github.com/launchdarkly/python-server-sdk-ai/issues/102))
+* Extract shared utilities to langchain_helper
+
+### Features
+
+* Add LangGraphAgentGraphRunner ([56ce0fd](https://github.com/launchdarkly/python-server-sdk-ai/commit/56ce0fd63b4301b58f33c17c55c4ecd47e9f8559))
+* Extract shared utilities to langchain_helper ([453c71c](https://github.com/launchdarkly/python-server-sdk-ai/commit/453c71c84adcc6b8a3e316a98907dcb511bc9d41))
+* Add get_ai_usage_from_response to langchain_helper ([4fab18f](https://github.com/launchdarkly/python-server-sdk-ai/commit/4fab18fa62375b6c97cb12a89225805c81ca4ee8))
+* Add get_tool_calls_from_response and sum_token_usage_from_messages to langchain_helper ([4fab18f](https://github.com/launchdarkly/python-server-sdk-ai/commit/4fab18fa62375b6c97cb12a89225805c81ca4ee8))
+* Drop support for python 3.9 ([#114](https://github.com/launchdarkly/python-server-sdk-ai/issues/114)) ([dc592c5](https://github.com/launchdarkly/python-server-sdk-ai/commit/dc592c5a2e2bf3bf679af14a9aa63e81678a69ab))
+
+
+### Bug Fixes
+
+* Use time.perf_counter_ns() for sub-millisecond precision in duration calculations ([4fab18f](https://github.com/launchdarkly/python-server-sdk-ai/commit/4fab18fa62375b6c97cb12a89225805c81ca4ee8))
+
 ## [0.3.2](https://github.com/launchdarkly/python-server-sdk-ai/compare/launchdarkly-server-sdk-ai-langchain-0.3.1...launchdarkly-server-sdk-ai-langchain-0.3.2) (2026-03-16)
 
 

packages/ai-providers/server-ai-langchain/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "launchdarkly-server-sdk-ai-langchain"
-version = "0.3.2"
+version = "0.4.0"
 description = "LaunchDarkly AI SDK LangChain Provider"
 authors = [{name = "LaunchDarkly", email = "dev@launchdarkly.com"}]
 license = {text = "Apache-2.0"}
@@ -19,11 +19,14 @@ classifiers = [
     "Topic :: Software Development :: Libraries",
 ]
 dependencies = [
-    "launchdarkly-server-sdk-ai>=0.16.0",
+    "launchdarkly-server-sdk-ai>=0.17.0",
     "langchain-core>=1.0.0",
     "langchain>=1.0.0",
 ]
 
+[project.optional-dependencies]
+graph = ["langgraph>=1.0.0"]
+
 [project.urls]
 Homepage = "https://docs.launchdarkly.com/sdk/ai/python"
 Repository = "https://github.com/launchdarkly/python-server-sdk-ai"
@@ -36,6 +39,7 @@ dev = [
     "mypy==1.18.2",
     "pycodestyle>=2.11.0",
     "isort>=5.12.0",
+    "langgraph>=1.0.0",
 ]
 
 [build-system]

packages/ai-providers/server-ai-langchain/src/ldai_langchain/langchain_agent_runner.py

@@ -1,16 +1,22 @@
-"""LangChain agent runner for LaunchDarkly AI SDK."""
-
 from typing import Any
 
 from ldai import log
 from ldai.providers import AgentResult, AgentRunner
 from ldai.providers.types import LDAIMetrics
 
-from ldai_langchain.langchain_helper import sum_token_usage_from_messages
+from ldai_langchain.langchain_helper import (
+    extract_last_message_content,
+    sum_token_usage_from_messages,
+)
 
 
 class LangChainAgentRunner(AgentRunner):
     """
+    CAUTION:
+    This feature is experimental and should NOT be considered ready for production use.
+    It may change or be removed without notice and is not subject to backwards
+    compatibility guarantees.
+
     AgentRunner implementation for LangChain.
 
     Wraps a compiled LangChain agent graph (from ``langchain.agents.create_agent``)
@@ -37,11 +43,7 @@ async def run(self, input: Any) -> AgentResult:
                 "messages": [{"role": "user", "content": str(input)}]
             })
             messages = result.get("messages", [])
-            output = ""
-            if messages:
-                last = messages[-1]
-                if hasattr(last, 'content') and isinstance(last.content, str):
-                    output = last.content
+            output = extract_last_message_content(messages)
             return AgentResult(
                 output=output,
                 raw=result,

packages/ai-providers/server-ai-langchain/src/ldai_langchain/langchain_helper.py

@@ -153,6 +153,38 @@ def _resolve_tools_for_langchain(
     ]
 
 
+def build_tools(ai_config: AIConfigKind, tool_registry: ToolRegistry) -> List[Any]:
+    """
+    Return callables from the registry for each tool defined in the AI config.
+
+    Tools not found in the registry are skipped with a warning. The returned
+    callables can be passed directly to bind_tools or langchain.agents.create_agent.
+    Functions should have type-annotated parameters so LangChain can infer the schema.
+
+    :param ai_config: The LaunchDarkly AI configuration
+    :param tool_registry: Registry mapping tool names to callable implementations
+    :return: List of callables ready to pass to bind_tools or create_agent
+    """
+    config_dict = ai_config.to_dict()
+    model_dict = config_dict.get('model') or {}
+    parameters = dict(model_dict.get('parameters') or {})
+    tool_definitions = parameters.pop('tools', []) or []
+
+    tools = []
+    for td in tool_definitions:
+        if not isinstance(td, dict):
+            continue
+        name = td.get('name')
+        if not name:
+            continue
+        fn = tool_registry.get(name)
+        if fn is None:
+            log.warning(f"Tool '{name}' is defined in the AI config but was not found in the tool registry; skipping.")
+            continue
+        tools.append(fn)
+    return tools
+
+
 def build_structured_tools(ai_config: AIConfigKind, tool_registry: ToolRegistry) -> List[Any]:
     """
     Build a list of LangChain StructuredTool instances from LD tool definitions and a registry.