Classroom Glossary Public page

Week 2: LangChain Architecture and the Templating Pipeline

LangChain is a Python framework for composing LLM calls into agentic workflows. The prompt-template layer is where Jinja2 fires. This week you trace a prompt end-to-end through LangChain Expression Language and identify the exact templating step.

Reading

  • LangChain official docs, the "Prompt templates" section. Free.
  • OWASP ASI Top 10 (current release), the items applicable to multi-step workflows. Free.
  • AI-101 Module on agentic-system architecture (your cohort archive).
  • Stuttard and Pinto, WAHH, Chapter 8 on SSTI (revisit; this is where the LangChain template layer maps).

Lecture

Roughly three hours across two sessions. Key arc:

  • LangChain architecture in five components: prompt templates, models, output parsers, tools, agents.
  • LangChain Expression Language (LCEL). The pipe-composition pattern.
  • Where Jinja2 lives in the prompt-template layer.
  • The model-API HTTP request as the trace anchor.
  • Reading the LangChain source on the projector. The PromptTemplate base class.

Lab pack

Lab Pack 2 traces a prompt through the LangChain Expression Language and produces the architecture diagram. See Lab Pack 2.

Tools you will use

  • A clean Python virtualenv with the cohort-pinned LangChain.
  • Burp Suite Community to intercept the model-API HTTP call.
  • Optional: academy pcap analyzer for the alternative trace path.

OWASP LLM and ASI anchor

The Module 2 architecture diagram classifies each LangChain component by its OWASP LLM and ASI risk category. The prompt-template layer carries LLM01 (Prompt Injection); the tool-calling boundary carries multiple ASI items including ASI04 (Tool Misuse) and ASI07 (Excessive Agency).

Reflection prompts

  1. Where in LCEL does a prompt template get rendered? Before the LLM call or after?
  2. What does LangChain expose as a configuration knob for template rendering? Is Jinja2 the default?
  3. If you wanted to add a strict-mode template renderer that refused dangerous expressions, where would you splice it in?

What is next

Module 3 picks up Jinja2 SSTI as the bug class. You reproduce a generic Jinja2 SSTI in Flask to anchor what the LangChain-specific reproduction in Module 4 will land on.