Skip to content

Draft: feat: add network isolation controls for high-compliance deployments #10676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
henricook wants to merge 10 commits into from
Closed

Draft: feat: add network isolation controls for high-compliance deployments #10676

henricook wants to merge 10 commits into from

Conversation

@henricook
Copy link

@henricook henricook commented Nov 20, 2025
edited by coderabbitai bot
Loading

Summary

Add environment variable controls for network isolation in high-compliance, air-gapped, or security-restricted deployments.

Changes

  • feat: Add LANGFLOW_DISABLE_VERSION_CHECK to skip PyPI version checks
  • feat: Add LANGFLOW_ALLOW_REMOTE_COMPONENT_INDEX to block remote component indices by default
  • fix: Fix StoreService to properly honor store=false setting
  • feat: Add configurable database pool sizes via environment variables (LANGFLOW_DB_POOL_SIZE, LANGFLOW_DB_MAX_OVERFLOW, LANGFLOW_DB_POOL_TIMEOUT)

Motivation

Organizations with strict network policies need controls to:

  • Disable outbound calls to PyPI for version checking
  • Block loading component indices from untrusted URLs
  • Prevent store marketplace access in restricted environments
  • Tune database connection pools for memory-constrained containers

Backward Compatibility

All changes are opt-in via environment variables. Default behavior is unchanged.

Summary by CodeRabbit

  • New Features

    • Store interactions can now be disabled via configuration settings

  • Security Improvements

    • Remote component index loading restricted by default for enhanced security

  • Configuration

    • Version checking and database connection pool settings now configurable via environment variables

✏️ Tip: You can customize this high-level summary in your review settings.

@henricook
feat: add LANGFLOW_DISABLE_VERSION_CHECK environment variable
9278ced 
Add support for disabling PyPI version checks via environment variable.
This is useful for air-gapped or network-isolated deployments where
external network access is restricted.

When LANGFLOW_DISABLE_VERSION_CHECK=true, skip the PyPI version check
in fetch_latest_version() and return None immediately.
@henricook
feat: add LANGFLOW_ALLOW_REMOTE_COMPONENT_INDEX environment variable
dba2884 
Add security control for remote component indices via environment variable.
When custom component indices are specified via HTTP/HTTPS URLs, they are
now blocked by default unless explicitly allowed.

Set LANGFLOW_ALLOW_REMOTE_COMPONENT_INDEX=true to permit loading component
indices from remote URLs. This prevents unauthorized component loading in
security-sensitive or compliance-restricted environments.
@github-actions github-actions bot added the community Pull Request from an external contributor label Nov 20, 2025
@henricook henricook changed the title feat: add network isolation controls for high-compliance deployments Draft: feat: add network isolation controls for high-compliance deployments Nov 20, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 20, 2025
edited
Loading

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

These changes add environment variable-based configuration controls and disable flags across multiple components. Store interactions, version checking, and remote component index loading are now conditionally disabled based on environment variables. Database pool settings are made configurable through environment variables with new defaults.

Changes

Cohort / File(s) Summary
Store Service Disable Flag
src/backend/base/langflow/services/store/service.py		 Added _disabled flag to StoreService that prevents initialization and API key verification when store is disabled via settings
Version Check Disable
src/backend/base/langflow/utils/version.py		 Added import of os and guard in fetch_latest_version to skip PyPI version fetch when LANGFLOW_DISABLE_VERSION_CHECK environment variable is set to "true"
Remote Component Index Security
src/lfx/src/lfx/interface/components.py		 Added security check to block remote HTTP/HTTPS component index loading unless LANGFLOW_ALLOW_REMOTE_COMPONENT_INDEX is explicitly enabled; returns None and logs error if not allowed
Database Pool Configuration
src/lfx/src/lfx/services/settings/base.py		 Converted fixed database pool settings to environment-driven defaults: pool_size (20→5), max_overflow (30→10), and added pool_timeout (30); changes applied to both top-level Settings fields and nested db_connection_settings

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

  • All changes follow consistent patterns (environment variable guards and configuration defaults)
  • Minimal logic density—mostly conditional checks and setting overrides
  • Limited scope with straightforward semantic modifications
  • Consider verifying that default environment variable values align with intended performance/security requirements

Suggested labels

size:M

Suggested reviewers

  • mfortman11

Pre-merge checks and finishing touches

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Test Coverage For New Implementations ❌ Error Pull request introduces new functionality across four files without corresponding test coverage for critical features like StoreService disabling, version checks, remote component blocking, and database pool configuration. Add comprehensive unit and integration tests for all modified modules validating happy paths, error conditions, boundary values, and environment variable parsing per project conventions.
Test Quality And Coverage ⚠️ Warning Pull request introduces significant functionality across four files but includes no test files or coverage for new disabled state logic, environment variable parsing, and pool configuration changes. Add comprehensive unit and integration tests covering StoreService disabled state, environment variable validation with bounds checking, and all code paths for new guards and early exit logic.
Test File Naming And Structure ❓ Inconclusive Unable to access repository to verify test file patterns, naming conventions, and coverage for modified source files. Examine PR on GitHub or local repository to verify test files match modified sources and cover new environment variables.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title 'add network isolation controls for high-compliance deployments' clearly and specifically summarizes the main change across all file modifications, which collectively introduce environment-variable controls to restrict network access and configure security-sensitive settings.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Excessive Mock Usage Warning ✅ Passed No test files exist in this repository or PR, so there are no mocks to review for excessive usage.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot added the enhancement New feature or request label Nov 20, 2025
coderabbitai[bot]
coderabbitai bot reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6c802fb and a1899e4.

📒 Files selected for processing (4)
  • src/backend/base/langflow/services/store/service.py (2 hunks)
  • src/backend/base/langflow/utils/version.py (2 hunks)
  • src/lfx/src/lfx/interface/components.py (1 hunks)
  • src/lfx/src/lfx/services/settings/base.py (2 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
src/backend/base/langflow/services/store/service.py (1)
src/backend/tests/unit/api/v2/test_mcp_servers_file.py (1)
  • settings_service (96-97)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (15)
  • GitHub Check: Lint Backend / Run Mypy (3.11)
  • GitHub Check: Lint Backend / Run Mypy (3.10)
  • GitHub Check: Lint Backend / Run Mypy (3.12)
  • GitHub Check: Run Backend Tests / Integration Tests - Python 3.10
  • GitHub Check: Run Frontend Tests / Determine Test Suites and Shard Distribution
  • GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 5
  • GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 3
  • GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 2
  • GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 4
  • GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 1
  • GitHub Check: Test Starter Templates
  • GitHub Check: Run Backend Tests / LFX Tests - Python 3.10
  • GitHub Check: Optimize new Python code in this PR
  • GitHub Check: Run Ruff Check and Format
  • GitHub Check: Update Component Index
🔇 Additional comments (3)
src/backend/base/langflow/utils/version.py (1)

78-80: LGTM! Clean implementation of version check disable flag.

The environment variable guard is correctly implemented with case-insensitive comparison and early return, consistent with the function's existing error handling pattern.

src/lfx/src/lfx/interface/components.py (1)

92-98: LGTM! Well-implemented security control.

The remote component index guard follows security best practices with a secure default (opt-in) and clear error messaging. The placement correctly prevents the httpx fetch before authorization.

src/backend/base/langflow/services/store/service.py (1)

117-119: Verify consistency with early return in __init__.

This defensive check is good, but it's only present in check_api_key. Consider whether other public methods should have similar guards, especially given the early return in __init__ (lines 85-89) that leaves attributes uninitialized.

@henricook henricook force-pushed the feat/network-isolation-controls branch from 6cd8e08 to 9d21efc Compare November 20, 2025 20:34
@henricook
fix: honor store setting to disable StoreService
18b39d9 
Respect the store=false setting to disable Langflow Store integration:

- Created DisabledStoreService with no-op implementations of all methods
- Updated StoreServiceFactory to return DisabledStoreService when store=false
- Changed logger.error to logger.warning in component index security check

This prevents AttributeError crashes and provides clean polymorphic behavior
when the store is disabled via settings.
@henricook henricook force-pushed the feat/network-isolation-controls branch from b1872a5 to 18b39d9 Compare November 20, 2025 20:59
autofix-ci bot and others added 7 commits November 20, 2025 21:01
@autofix-ci
[autofix.ci] apply automated fixes
5456946
@autofix-ci
[autofix.ci] apply automated fixes (attempt 2/3)
ab15596
@autofix-ci
[autofix.ci] apply automated fixes (attempt 3/3)
d7f7bf1
@henricook
feat: add LANGFLOW_SKIP_NVIDIA_FETCH environment variable
e78751e 
Add environment variable to skip NVIDIA model fetching at startup:

- Check LANGFLOW_SKIP_NVIDIA_FETCH before calling get_available_models()
- Prevents timeout when network policies block integrate.api.nvidia.com
- Component remains available with empty model list when disabled
- Logs info message when model fetching is skipped

This is useful in network-isolated deployments where external API
calls are blocked by firewall or network policy rules.
@autofix-ci
[autofix.ci] apply automated fixes
ff53679
@autofix-ci
[autofix.ci] apply automated fixes (attempt 2/3)
aa5f382
@autofix-ci
[autofix.ci] apply automated fixes (attempt 3/3)
c3936ca
@henricook henricook closed this Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

community Pull Request from an external contributor enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@henricook