| TB1 |
User/Framework API |
Where user-provided code and configuration enters the framework |
Graph execution logic, channel semantics, default configs,
validation of graph structure, tool injection merge order (system values
overwrite LLM values) |
User node implementations, tool behavior, model selection, prompt
construction, state schema design |
| TB2 |
Checkpoint Storage |
Where serialized data enters/leaves the persistence layer |
Serialization format, allowlists for deserialization (47 safe types,
1 safe method), encryption (if configured), serde event hooks |
Database access controls, who can write to the checkpoint tables,
storage infrastructure security |
| TB3 |
Remote API |
Where data crosses the network to/from LangGraph Server |
Outbound config sanitization (_sanitize_config), SDK
HTTP transport, API key handling, RESERVED_HEADERS |
Remote server behavior, response content integrity, network security
(TLS), server-provided Location redirect targets |
| TB4 |
CLI Config/Docker |
Where developer config drives container image generation |
Dockerfile template structure, config schema validation (including
WebhookUrlPolicy), list-based subprocess args, build command content
validation |
langgraph.json file content, Docker daemon security,
host filesystem |
| TB5 |
SDK Encryption Handlers |
Where developer-authored encryption handlers process sensitive
data |
Handler signature validation (async, 2-param for encrypt/decrypt),
duplicate registration prevention, EncryptionContext construction |
Handler implementation correctness, key management, actual
encrypt/decrypt behavior, server-side execution environment |