Validate and sanitize tool output by applying deterministic sanitization (e.g., PII redaction), structured output validation using schemas and retry mechanisms, and safety filtering through middleware to prevent harmful or malformed responses from reaching the LLM.
LangChain provides built-in middleware and custom hooks to intercept and sanitize tool results before they are sent back to the LLM. This is the most structured approach for compliance and safety tasks.
For custom validation, you can create middleware that runs after a tool executes. This allows you to inspect, modify, or block tool outputs before they are added to the conversation state.
The most reliable way to ensure tool output is safe and usable is to enforce a strict schema. Use the LLM's native structured output capabilities (e.g., JSON mode or tool calling) to guarantee that the tool’s response conforms to a predictable format.
When a tool returns malformed output that fails validation, implement a fallback using LangChain's RetryOutputParser or a custom retry loop. This allows the system to clean the output or ask for a retry rather than crashing the agent loop.
Tools can return excessively long outputs that exceed the LLM's context window. To prevent crashes and reduce costs, you should either truncate the output or implement summarizing middleware that compresses the tool result before passing it back.
Tool outputs must be sanitized to prevent injection attacks. The official LangChain documentation warns against the use of eval() on untrusted output, which can lead to Remote Code Execution (RCE) vulnerabilities. Always use safe parsers and validate the structure of the output instead of directly executing it.
While we are validating output, it is also important to ensure the tool receives the correct input. Define a Pydantic args_schema for the tool. This not only validates the LLM-generated arguments but also sanitizes them before they reach your business logic.