The 3-line output sanitiser I add to every LangGraph agent now
▲ 1 r/LangChain+1 crossposts

The 3-line output sanitiser I add to every LangGraph agent now

I was testing a LangGraph agent with file access tools and realized — if someone asks

it to read .env, it outputs every API key in plain text.

Looked into it. OWASP ranked Sensitive Information Disclosure #2 on their LLM Top 10

(2025). LangChain itself had a CVE last year (CVE-2025-68664) for env var exfiltration.

My fix — 3 lines that scan every agent response before it reaches the user:

import re

SECRETS = re.compile(r'(sk-|AKIA|ghp_)\S+')

def sanitize(text): return SECRETS.sub('[REDACTED]', text)

Catches OpenAI (sk-/sk-proj-), AWS (AKIA), and GitHub (ghp_) key patterns.

Not exhaustive — production needs Stripe, Slack, Anthropic patterns too — but

it's a starting point most tutorials skip entirely.

Made a 30-second video walkthrough: https://www.youtube.com/@CodeAgents_ai

What output sanitization patterns are you using in your agents? Curious if anyone

has a more comprehensive approach.

u/Low_Edge7695 — 1 day ago
▲ 1 r/LocalLLM+1 crossposts

GPT-5.6 Sol is out — but only ~20 government-approved companies can use it

OpenAI announced GPT-5.6 Sol on June 26. Three tiers: Sol (flagship), Terra (mid), Luna (cheapest).

Sol scores 88.8% on Terminal-Bench 2.1 — slightly ahead of Claude Mythos at 88.0%. Ultra mode hits 91.9%.

Pricing: Sol $5/$30, Terra $2.50/$15, Luna $1/$6 per 1M tokens.

The catch: ~20 companies got access, each individually approved by the US government (White House ONCD + OSTP). No public waitlist. No self-service enrollment.

Same restriction they put on Anthropic's Fable 5 three weeks ago.

OpenAI says broader availability "in coming weeks."

More info here:

Youtube

Sources:

- openai.com/index/previewing-gpt-5-6-sol/

- techcrunch.com/2026/06/26/openai-limits-gpt-5-6-rollout-after-government-request/

What's your take — is government-gated access becoming the norm for frontier models?

u/Low_Edge7695 — 8 days ago

Kimi K2.7 Code: 1T MoE, $0.95/M tokens, MIT license, beats Opus 4.8 on MCP tool-calling

Moonshot AI released Kimi K2.7 Code on June 12 — a coding-focused open-weight model.

Key specs:

- 1 trillion params (MoE, 32B active, 384 experts)

- 256K context window

- Modified MIT license — weights on Hugging Face

- $0.95/M input, $4.00/M output via Kimi API

- Works with Claude Code, Cursor, OpenCode, OpenRouter

Benchmarks (vendor-reported, independent pending):

- MCP Mark Verified: 81.1% (Opus 4.8: 76.4%)

- Kimi Code Bench v2: 62.0 (Opus: 67.4, GPT-5.5: 69.0)

- 30% fewer reasoning tokens than K2.6

Not a Fable 5 replacement (Fable scored 80% on SWE-Bench Pro). But at 10x less cost with open weights — different value proposition entirely. Especially now that Fable is banned.

Anyone self-hosting this yet? Curious about real-world latency on consumer hardware.

reddit.com
u/Low_Edge7695 — 20 days ago

Kimi K2.7 Code: 1T MoE, $0.95/M tokens, MIT license, beats Opus 4.8 on MCP tool-calling

Moonshot AI released Kimi K2.7 Code on June 12 — a coding-focused open-weight model.

Key specs:

- 1 trillion params (MoE, 32B active, 384 experts)

- 256K context window

- Modified MIT license — weights on Hugging Face

- $0.95/M input, $4.00/M output via Kimi API

- Works with Claude Code, Cursor, OpenCode, OpenRouter

Benchmarks (vendor-reported, independent pending):

- MCP Mark Verified: 81.1% (Opus 4.8: 76.4%)

- Kimi Code Bench v2: 62.0 (Opus: 67.4, GPT-5.5: 69.0)

- 30% fewer reasoning tokens than K2.6

Not a Fable 5 replacement (Fable scored 80% on SWE-Bench Pro). But at 10x less cost with open weights — different value proposition entirely. Especially now that Fable is banned.

HuggingFace: huggingface.co/moonshotai

Anyone self-hosting this yet? Curious about real-world latency on consumer hardware.

u/Low_Edge7695 — 20 days ago

Microsoft's MAI-Code-1-Flash: 5B params, 51% on SWE-Bench Pro, free on OpenRouter

Microsoft just released MAI-Code-1-Flash — a 5B parameter coding model built for fast, efficient developer assistance.

Numbers that caught my eye:

- 51.2% on SWE-Bench Pro (Claude Haiku 4.5 scores 35.2%)

- 71.6% on SWE-Bench Verified (Haiku: 66.6%)

- Average token usage: 28K vs Haiku's 29.8K on Pro

It's already rolling out in VS Code via GitHub Copilot, and it's available for free on OpenRouter and Fireworks AI.

I plugged it into my agent setup with one line:

```python

model="microsoft/mai-code-1-flash"

reddit.com
u/Low_Edge7695 — 29 days ago
▲ 4 r/LocalLLM+1 crossposts

My agent emailed my boss at 3 AM — the 2-line human-in-the-loop guard that prevents dangerous tool calls

My ReAct agent has access to tools: web_search, calculate, send_email, delete_file.

It decided to call send_email. On its own. At 3 AM. Nobody asked it to.

The problem: agents pick tools the same way they pick words. There's no built-in concept of "this action is irreversible and I should ask first."

The fix — classify tools as safe vs dangerous:

DANGEROUS_TOOLS = {"send_email", "delete_file", "update_db"}

def conditional_edge(state):

last_message = state["messages"][-1]

if last_message.tool_calls:

tool_name = last_message.tool_calls[0]["name"]

if tool_name in DANGEROUS_TOOLS:

return "human_approval"

return "tool"

return END

Safe tools (search, calculate, read) → execute automatically.

Dangerous tools (email, delete, write) → route to a human approval node.

This is the pattern Anthropic recommends: "Use human-in-the-loop approval for destructive operations. Implement strict per-user authorization."

The key insight: your agent doesn't need fewer tools. It needs to know which tools require permission before executing.

How do you handle dangerous tool calls in your agents? Hard block, soft confirmation, or something else?

reddit.com
u/Low_Edge7695 — 1 month ago

Your RAG is hallucinating because of garbage retrieval — here's the 3-line fix (with real scores)

My RAG agent hallucinated. Not because the LLM was bad — because the retrieval was feeding it noise.

Query: "What are Python decorators?"

What my retriever returned (before fix):

| Rank | Score | Content | Relevant? |

|---|---|---|---|

| 1 | +5.80 | Decorator definition | Yes |

| 2 | +1.40 | Acknowledgments page | No |

| 3 | +1.13 | u/staticmethod example | Yes |

| 4 | -4.69 | Class exercises | No |

| 5 | -11.0 | Monty Python reference | No |

The LLM received all 5 chunks. It hallucinated because it trusted the noise.

The fix — cross-encoder re-ranking (3 lines):

scores = cross_encoder.score(pairs)

ranked = sorted(zip(scores, candidates), reverse=True)

filtered = [doc for score, doc in ranked if score > 1.5]

After fix: only chunks with score > 1.5 reach the LLM.

Overall results (10 queries): avg relevance went from -0.28 to +3.80. 80% win rate.

Model: cross-encoder/ms-marco-MiniLM-L-6-v2 (free, local, HuggingFace).

If your chatbot hallucinates, check your retrieval before blaming the LLM. What threshold are you using for your re-ranker?

reddit.com
u/Low_Edge7695 — 1 month ago

The 1-line annotation that gives your LangGraph agent conversation memory

Hit a frustrating bug: my ReAct agent answered questions correctly in isolation, but couldn't handle follow-ups.

"What's 15 * 127?" → "1905" ✓

"Add 10 to that" → "I don't know what you're referring to" ✗

The agent was losing context between messages. Spent two days debugging.

The fix is one annotation:

messages: Annotated[list, add_messages]

Without it, LangGraph's default behavior REPLACES the messages field on every state update. Your agent only sees the latest message — no history.

With `add_messages` as the reducer, every new message gets APPENDED to the existing list. The agent sees the full conversation.

One line. Two days to figure out. The docs mention it casually in one sentence.

Repo (line 30): https://github.com/dunjeonmaster07/react-agent/blob/main/src/agent.py

Anyone else hit state management gotchas in LangGraph? Curious what other defaults surprised you.

reddit.com
u/Low_Edge7695 — 2 months ago
▲ 17 r/LangChain+2 crossposts

The 4-line function that fixed my agent's wrong answers (conditional edge in LangGraph)

My ReAct agent gave wrong answers for a week. It would call a tool, get a result, and immediately answer without checking if the result made sense.

The fix was a conditional edge — 4 lines:

    def conditional_edge(state: MessageState):
        last_message = state["messages"][-1]
        if last_message.tool_calls:
            return "tool"
        return END

Without it: LLM → tool → answer (one shot, no self-correction)

With it: LLM → tool → check → loop back if needed → answer

Full repo (67 lines total): https://github.com/dunjeonmaster07/react-agent

What other simple patterns made a big difference in your agent's reliability?

u/Low_Edge7695 — 2 months ago