How do I use InjectShield with LangGraph?

Question

Accepted Answer

LangGraph's explicit graph model makes prompt-injection defense cleaner than legacy LangChain agents because every edge between nodes is a defined point you can intercept. The recommended pattern is a dedicated `injection_check` node placed on every edge that carries untrusted text into the model. Three nodes earn a check: (1) the **user-input edge** entering your first LLM node — InjectShield's `context: "user"`; (2) every **tool-result edge** from a tool node back into an LLM node — `context: "tool_output"`; (3) every **retriever-result edge** from a RAG node — `context: "document"`. Implementation: ```python from langgraph.graph import StateGraph def injection_check(state): v = shield.classify(state["pending_text"], context=state["channel"]) if v.verdict == "injection": return {"blocked": True, "categories": v.categories} return state graph.add_node("shield", injection_check) graph.add_conditional_edges("shield", lambda s: "block" if s.get("blocked") else "continue", ...) ``` For long-running agents, also add a **session-level multi-turn check** node that runs every K turns, passing the full conversation state to `shield.classify_session()` — InjectShield maintains a rolling risk score that catches slow-drip context poisoning (OWASP LLM01 multi-turn sub-pattern). Pair with LangGraph's built-in `interrupt_before` for human-in-the-loop on positive verdicts. The InjectShield + LangGraph cookbook at injectshield.dev/docs/langgraph ships a reference graph with these three nodes plus tool-call allowlisting.