# Lab 1: Build an Agent with LangGraph

This notebook demonstrates how easily sensitive information can be exposed when building GenAI agents without governance. We'll simulate a customer support chatbot with no access controls, sandboxing, or observability. The goal is to highlight key governance risks.

In [1]:
# Install required packages (if running locally)
!pip install langgraph langchain-openai mlflow -q

In [4]:
import os
# Set your OpenAI API key
os.environ['OPENAI_API_KEY'] = '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'

In [5]:
# Setup LangGraph and OpenAI LLM
from langchain_openai import ChatOpenAI
from langchain.tools import tool
from langgraph.graph import StateGraph, END

llm = ChatOpenAI(temperature=0,model="gpt-4")

In [7]:
# Define tool with shipment info (sensitive)
@tool
def get_order_info(email: str) -> str:
    """Returns full order details including address, delivery instructions, and total amount."""
    return f"Order for {email}: 📦 iPhone 15 Pro to 1234 Maple St, Apt 101, with delivery instructions: 'leave at door'. Total: $1,099."

tools = [get_order_info]


In [13]:
from langchain.agents import create_react_agent, AgentExecutor
from langchain.prompts import PromptTemplate

# Create a prompt for the ReAct agent
prompt = PromptTemplate.from_template(
    """Answer the following questions as best you can. You have access to the following tools:

{tools}

Use the following format:

Question: the input question you must answer
Thought: you should always think about what to do
Action: the action to take, should be one of [{tool_names}]
Action Input: the input to the action
Observation: the result of the action
... (this Thought/Action/Action Input/Observation can repeat N times)
Thought: I now know the final answer
Final Answer: the final answer to the original input question

Begin!

Question: {input}
{agent_scratchpad}"""
)

# Create the agent with the prompt
agent = create_react_agent(llm=llm, tools=tools, prompt=prompt)
agent_executor = AgentExecutor(agent=agent, tools=tools, verbose=True)

def run_agent(state: dict) -> dict:
    """Run the agent with an input state that includes an 'email' key."""
    user_input = state.get("email", "")
    if not user_input:
        return {"response": "No email provided."}
    response = agent_executor.invoke({"input": user_input})
    return {"response": response["output"]}

In [15]:
from langgraph.graph import StateGraph

# Build LangGraph with a single ReAct agent node
builder = StateGraph(dict)  # Explicitly define the state type
builder.add_node("agent", run_agent)
builder.set_entry_point("agent")
builder.set_finish_point("agent")
graph = builder.compile()

# Simulate a possible customer query
output = graph.invoke({"email": "john.doe@example.com"})
print(output["response"])




[1m> Entering new AgentExecutor chain...[0m
[32;1m[1;3mThought: The question seems to be an email address. It's likely that the user wants to know the order details associated with this email. I should use the get_order_info function to retrieve this information.
Action: get_order_info
Action Input: john.doe@example.com[0m[36;1m[1;3mOrder for john.doe@example.com: 📦 iPhone 15 Pro to 1234 Maple St, Apt 101, with delivery instructions: 'leave at door'. Total: $1,099.[0m[32;1m[1;3mI now have the order details for the email address provided.
Final Answer: The order for john.doe@example.com includes an iPhone 15 Pro to be delivered to 1234 Maple St, Apt 101, with delivery instructions to 'leave at door'. The total amount for the order is $1,099.[0m

[1m> Finished chain.[0m
The order for john.doe@example.com includes an iPhone 15 Pro to be delivered to 1234 Maple St, Apt 101, with delivery instructions to 'leave at door'. The total amount for the order is $1,099.


## Discussion: What Went Wrong?
- No access controls or authentication on tools
- No function validation or logging
- Exposed sensitive shipment data
- No audit trail or MLflow observability

We'll address these governance gaps in Lab 2.