merge + conflicts

Author: andrewklatzke

.github/actions/build/action.yml

@@ -4,21 +4,10 @@ inputs:
   workspace_path:
     description: 'Path to the package to build.'
     required: true
-outputs:
-  package-hashes:
-    description: "base64-encoded sha256 hashes of distribution files"
-    value: ${{ steps.package-hashes.outputs.package-hashes }}
 
 runs:
   using: composite
   steps:
     - name: Build distribution files
       shell: bash
       run: make -C ${{ inputs.workspace_path }} build
-
-    - name: Hash build files for provenance
-      id: package-hashes
-      shell: bash
-      working-directory: ${{ inputs.workspace_path }}/dist
-      run: |
-        echo "package-hashes=$(sha256sum * | base64 -w0)" >> "$GITHUB_OUTPUT"

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -39,7 +39,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -59,7 +59,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -81,7 +81,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -101,7 +101,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -123,7 +123,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -143,7 +143,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4
@@ -165,7 +165,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
       - uses: actions/checkout@v4

.github/workflows/release-please.yml

@@ -58,13 +58,10 @@ jobs:
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -75,6 +72,11 @@ jobs:
         with:
           workspace_path: packages/sdk/server-ai
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/sdk/server-ai/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -92,13 +94,10 @@ jobs:
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-langchain-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -109,6 +108,11 @@ jobs:
         with:
           workspace_path: packages/ai-providers/server-ai-langchain
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/ai-providers/server-ai-langchain/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -140,57 +144,28 @@ jobs:
           workspace_path: ${{ inputs.workspace_path }}
 
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
-        if: ${{ inputs.dry_run != true }}
+        if: ${{ format('{0}', inputs.dry_run) != 'true' }}
         name: 'Get PyPI token'
         with:
           aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
           ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN'
 
       - name: Publish to PyPI
-        if: ${{ inputs.dry_run != true }}
+        if: ${{ format('{0}', inputs.dry_run) != 'true' }}
         uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
         with:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: ${{ inputs.workspace_path }}/dist/
 
-  release-server-ai-provenance:
-    needs: ['release-please', 'release-server-ai']
-    if: ${{ needs.release-please.outputs.package-server-ai-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-tag-name }}
-
-  release-server-ai-langchain-provenance:
-    needs: ['release-please', 'release-server-ai-langchain']
-    if: ${{ needs.release-please.outputs.package-server-ai-langchain-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai-langchain.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-langchain-tag-name }}
-
   release-server-ai-openai:
     runs-on: ubuntu-latest
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-openai-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -201,6 +176,11 @@ jobs:
         with:
           workspace_path: packages/ai-providers/server-ai-openai
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/ai-providers/server-ai-openai/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -213,31 +193,15 @@ jobs:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: packages/ai-providers/server-ai-openai/dist/
 
-  release-server-ai-openai-provenance:
-    needs: ['release-please', 'release-server-ai-openai']
-    if: ${{ needs.release-please.outputs.package-server-ai-openai-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai-openai.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-openai-tag-name }}
-
   release-server-ai-optimization:
     runs-on: ubuntu-latest
     needs: ['release-please']
     permissions:
       id-token: write # Needed for OIDC to get release secrets from AWS.
+      attestations: write # Needed for actions/attest.
     if: ${{ needs.release-please.outputs.package-server-ai-optimization-released == 'true' }}
-    outputs:
-      package-hashes: ${{ steps.build.outputs.package-hashes }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - uses: ./.github/actions/ci
         with:
@@ -248,6 +212,11 @@ jobs:
         with:
           workspace_path: packages/optimization
 
+      - name: Attest build provenance
+        uses: actions/attest@v4
+        with:
+          subject-path: 'packages/optimization/dist/*'
+
       - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0
         name: 'Get PyPI token'
         with:
@@ -259,16 +228,3 @@ jobs:
         with:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: packages/optimization/dist/
-
-  release-server-ai-optimization-provenance:
-    needs: ['release-please', 'release-server-ai-optimization']
-    if: ${{ needs.release-please.outputs.package-server-ai-optimization-released == 'true' }}
-    permissions:
-      actions: read # Needed for detecting the GitHub Actions environment.
-      id-token: write # Needed for provenance signing.
-      contents: write # Needed for uploading assets to the release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
-    with:
-      base64-subjects: "${{ needs.release-server-ai-optimization.outputs.package-hashes }}"
-      upload-assets: true
-      upload-tag-name: ${{ needs.release-please.outputs.package-server-ai-optimization-tag-name }}

.github/workflows/stale.yml

@@ -1,9 +1,13 @@
-name: 'Close stale issues and PRs'
+name: "Close stale issues and PRs"
 on:
   workflow_dispatch:
   schedule:
     # Happen once per day at 1:30 AM
-    - cron: '30 1 * * *'
+    - cron: "30 1 * * *"
+
+permissions:
+  issues: write
+  pull-requests: write
 
 jobs:
   sdk-close-stale:

.release-please-manifest.json

@@ -1,5 +1,6 @@
 {
-  "packages/sdk/server-ai": "0.16.1",
-  "packages/ai-providers/server-ai-langchain": "0.3.2",
-  "packages/ai-providers/server-ai-openai": "0.2.1"
+  "packages/sdk/server-ai": "0.18.0",
+  "packages/ai-providers/server-ai-langchain": "0.5.0",
+  "packages/ai-providers/server-ai-openai": "0.4.0",
+  "packages/optimization": "0.1.0"
 }

README.md

@@ -7,6 +7,7 @@ This repository contains LaunchDarkly AI SDK packages for Python, including the
 | Package | PyPI | README |
 | ------- | ---- | ------ |
 | [launchdarkly-server-sdk-ai](packages/sdk/server-ai) | [![PyPI](https://img.shields.io/pypi/v/launchdarkly-server-sdk-ai.svg)](https://pypi.org/project/launchdarkly-server-sdk-ai/) | [README](packages/sdk/server-ai/README.md) |
+| [launchdarkly-server-sdk-ai-optimization](packages/optimization) | [![PyPI](https://img.shields.io/pypi/v/launchdarkly-server-sdk-ai-optimization.svg)](https://pypi.org/project/launchdarkly-server-sdk-ai-optimization/) | [README](packages/optimization/README.md) |
 
 | AI Provider Packages | PyPI | README |
 | -------------------- | ---- | ------ |

packages/ai-providers/server-ai-langchain/CHANGELOG.md

@@ -1,5 +1,50 @@
 # Changelog
 
+All notable changes to the LaunchDarkly Python AI LangChain provider package will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org).
+
+## [0.5.0](https://github.com/launchdarkly/python-server-sdk-ai/compare/launchdarkly-server-sdk-ai-langchain-0.4.1...launchdarkly-server-sdk-ai-langchain-0.5.0) (2026-04-21)
+
+
+### Features
+
+* Updated to use per-execution tracker lifecycle via `create_tracker()` instead of static tracker instances
+* Renamed graph metrics method from `track_latency()` to `track_duration()` for consistency
+* Moved graph_key configuration from graph tracker instantiation to node tracker initialization
+* Removed graph_key parameter from node-level tracker methods as it is now set during tracker creation
+
+### Dependencies
+
+* Updated for compatibility with `launchdarkly-server-sdk-ai` 0.18.0
+
+## [0.4.1](https://github.com/launchdarkly/python-server-sdk-ai/compare/launchdarkly-server-sdk-ai-langchain-0.4.0...launchdarkly-server-sdk-ai-langchain-0.4.1) (2026-04-07)
+
+
+### Bug Fixes
+
+* Fixes agent graph tool calls in fanned out graphs ([#123](https://github.com/launchdarkly/python-server-sdk-ai/issues/123)) ([c140410](https://github.com/launchdarkly/python-server-sdk-ai/commit/c14041090643d1261881343fdd70b4079997b773))
+
+## [0.4.0](https://github.com/launchdarkly/python-server-sdk-ai/compare/launchdarkly-server-sdk-ai-langchain-0.3.2...launchdarkly-server-sdk-ai-langchain-0.4.0) (2026-04-02)
+
+
+### ⚠ BREAKING CHANGES
+
+* Bump minimum LangChain version to 1.0.0
+* Restructure provider factory and support additional create methods ([#102](https://github.com/launchdarkly/python-server-sdk-ai/issues/102))
+* Extract shared utilities to langchain_helper
+
+### Features
+
+* Add LangGraphAgentGraphRunner ([56ce0fd](https://github.com/launchdarkly/python-server-sdk-ai/commit/56ce0fd63b4301b58f33c17c55c4ecd47e9f8559))
+* Extract shared utilities to langchain_helper ([453c71c](https://github.com/launchdarkly/python-server-sdk-ai/commit/453c71c84adcc6b8a3e316a98907dcb511bc9d41))
+* Add get_ai_usage_from_response to langchain_helper ([4fab18f](https://github.com/launchdarkly/python-server-sdk-ai/commit/4fab18fa62375b6c97cb12a89225805c81ca4ee8))
+* Add get_tool_calls_from_response and sum_token_usage_from_messages to langchain_helper ([4fab18f](https://github.com/launchdarkly/python-server-sdk-ai/commit/4fab18fa62375b6c97cb12a89225805c81ca4ee8))
+* Drop support for python 3.9 ([#114](https://github.com/launchdarkly/python-server-sdk-ai/issues/114)) ([dc592c5](https://github.com/launchdarkly/python-server-sdk-ai/commit/dc592c5a2e2bf3bf679af14a9aa63e81678a69ab))
+
+
+### Bug Fixes
+
+* Use time.perf_counter_ns() for sub-millisecond precision in duration calculations ([4fab18f](https://github.com/launchdarkly/python-server-sdk-ai/commit/4fab18fa62375b6c97cb12a89225805c81ca4ee8))
+
 ## [0.3.2](https://github.com/launchdarkly/python-server-sdk-ai/compare/launchdarkly-server-sdk-ai-langchain-0.3.1...launchdarkly-server-sdk-ai-langchain-0.3.2) (2026-03-16)
 
 

packages/ai-providers/server-ai-langchain/README.md

@@ -1,6 +1,9 @@
 # LaunchDarkly AI SDK - LangChain Provider
 
-[![PyPI](https://img.shields.io/pypi/v/launchdarkly-server-sdk-ai-langchain.svg)](https://pypi.org/project/launchdarkly-server-sdk-ai-langchain/)
+[![Actions Status](https://github.com/launchdarkly/python-server-sdk-ai/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/launchdarkly/python-server-sdk-ai/actions/workflows/ci.yml)
+
+[![PyPI](https://img.shields.io/pypi/v/launchdarkly-server-sdk-ai-langchain.svg?maxAge=2592000)](https://pypi.org/project/launchdarkly-server-sdk-ai-langchain/)
+[![PyPI](https://img.shields.io/pypi/pyversions/launchdarkly-server-sdk-ai-langchain.svg)](https://pypi.org/project/launchdarkly-server-sdk-ai-langchain/)
 
 > [!CAUTION]
 > This package is in pre-release and not subject to backwards compatibility
@@ -138,7 +141,7 @@ provider = await LangChainProvider.create(config)
 async def invoke():
     return await provider.invoke_model(messages)
 
-response = await config.tracker.track_metrics_of(
+response = await config.tracker.track_metrics_of_async(
     invoke,
     lambda r: r.metrics
 )