docs: Adds warnings to cypher chain about credentials (langchain-ai#6827

)

docs/core_docs/docs/how_to/graph_prompting.ipynb

@@ -6,7 +6,20 @@
       "source": [
         "# How to improve results with prompting\n",
         "\n",
-        "In this guide we’ll go over prompting strategies to improve graph database query generation. We’ll largely focus on methods for getting relevant database-specific information in your prompt."
+        "In this guide we’ll go over prompting strategies to improve graph database query generation. We’ll largely focus on methods for getting relevant database-specific information in your prompt.\n",
+        "\n",
+        "```{=mdx}\n",
+        ":::warning\n",
+        "\n",
+        "The `GraphCypherQAChain` used in this guide will execute Cypher statements against the provided database.\n",
+        "For production, make sure that the database connection uses credentials that are narrowly-scoped to only include necessary permissions.\n",
+        "\n",
+        "Failure to do so may result in data corruption or loss, since the calling code\n",
+        "may attempt commands that would result in deletion, mutation of data\n",
+        "if appropriately prompted or reading sensitive data if such data is present in the database.\n",
+        "\n",
+        ":::\n",
+        "```"
       ]
     },
     {

docs/core_docs/docs/how_to/graph_semantic.ipynb

@@ -12,7 +12,20 @@
         "While that option provides excellent flexibility, the solution could be brittle and not consistently generating precise Cypher statements.\n",
         "Instead of generating Cypher statements, we can implement Cypher templates as tools in a semantic layer that an LLM agent can interact with.\n",
         "\n",
-        "![graph_semantic.png](../../static/img/graph_semantic.png)"
+        "![graph_semantic.png](../../static/img/graph_semantic.png)\n",
+        "\n",
+        "```{=mdx}\n",
+        ":::warning\n",
+        "\n",
+        "The code in this guide will execute Cypher statements against the provided database.\n",
+        "For production, make sure that the database connection uses credentials that are narrowly-scoped to only include necessary permissions.\n",
+        "\n",
+        "Failure to do so may result in data corruption or loss, since the calling code\n",
+        "may attempt commands that would result in deletion, mutation of data\n",
+        "if appropriately prompted or reading sensitive data if such data is present in the database.\n",
+        "\n",
+        ":::\n",
+        "```"
       ]
     },
     {

docs/core_docs/docs/tutorials/graph.ipynb

@@ -181,8 +181,20 @@
         "\n",
         "![graph_chain.webp](../../static/img/graph_chain.webp)\n",
         "\n",
+        "LangChain comes with a built-in chain for this workflow that is designed to work with Neo4j: `GraphCypherQAChain`.\n",
         "\n",
-        "LangChain comes with a built-in chain for this workflow that is designed to work with Neo4j: [GraphCypherQAChain](https://python.langchain.com/docs/use_cases/graph/graph_cypher_qa)"
+        "```{=mdx}\n",
+        ":::warning\n",
+        "\n",
+        "The `GraphCypherQAChain` used in this guide will execute Cypher statements against the provided database.\n",
+        "For production, make sure that the database connection uses credentials that are narrowly-scoped to only include necessary permissions.\n",
+        "\n",
+        "Failure to do so may result in data corruption or loss, since the calling code\n",
+        "may attempt commands that would result in deletion, mutation of data\n",
+        "if appropriately prompted or reading sensitive data if such data is present in the database.\n",
+        "\n",
+        ":::\n",
+        "```"
       ]
     },
     {

langchain/src/chains/graph_qa/cypher.ts

@@ -39,6 +39,8 @@ export interface FromLLMInput {
 }
 
 /**
+ * Chain for question-answering against a graph by generating Cypher statements.
+ *
  * @example
  * ```typescript
  * const chain = new GraphCypherQAChain({
@@ -47,6 +49,18 @@ export interface FromLLMInput {
  * });
  * const res = await chain.invoke("Who played in Pulp Fiction?");
  * ```
+ *
+ * @security
+ * This chain will execute Cypher statements against the provided database.
+ * Make sure that the database connection uses credentials
+ * that are narrowly-scoped to only include necessary permissions.
+ * Failure to do so may result in data corruption or loss, since the calling code
+ * may attempt commands that would result in deletion, mutation of data
+ * if appropriately prompted or reading sensitive data if such data is present in the database.
+ * The best way to guard against such negative outcomes is to (as appropriate) limit the
+ * permissions granted to the credentials used with this tool.
+ *
+ * See https://js.langchain.com/docs/security for more information.
  */
 export class GraphCypherQAChain extends BaseChain {
   // eslint-disable-next-line @typescript-eslint/no-explicit-any

libs/langchain-community/src/chains/graph_qa/cypher.ts

@@ -31,6 +31,8 @@ export interface FromLLMInput {
 }
 
 /**
+ * Chain for question-answering against a graph by generating Cypher statements.
+ *
  * @example
  * ```typescript
  * const chain = new GraphCypherQAChain({
@@ -39,6 +41,18 @@ export interface FromLLMInput {
  * });
  * const res = await chain.invoke("Who played in Pulp Fiction?");
  * ```
+ *
+ * @security
+ * This chain will execute Cypher statements against the provided database.
+ * Make sure that the database connection uses credentials
+ * that are narrowly-scoped to only include necessary permissions.
+ * Failure to do so may result in data corruption or loss, since the calling code
+ * may attempt commands that would result in deletion, mutation of data
+ * if appropriately prompted or reading sensitive data if such data is present in the database.
+ * The best way to guard against such negative outcomes is to (as appropriate) limit the
+ * permissions granted to the credentials used with this tool.
+ *
+ * See https://js.langchain.com/docs/security for more information.
  */
 export class GraphCypherQAChain extends BaseChain {
   private graph: Neo4jGraph;