Prerequisites
/
Install
/
Configure
/
Test
Agent Integration Guide

LangChain Memory Adapter

Plug ThreatRecall into LangChain as a drop-in memory retriever. Works with LangChain.js, LangChain Python, and any framework built on top of them — including CrewAI.

Time: ~10 minutes
Works with: LangChain JS/Python, CrewAI
Package: @threatrecall/langchain-adapter

What you'll need

  • Node.js 18+ (or Python 3.9+ for the Python version)
  • LangChain installed (npm install langchain or pip install langchain)
  • A ThreatRecall API key from your dashboard

Step-by-step setup

Step 1
Install the adapter package

Install the ThreatRecall LangChain adapter in your project.

npm (Node.js) 
npm install @threatrecall/langchain-adapter
The adapter is installed and available to import in your project.
Step 2
Create a MemoryRetriever instance

Configure the retriever with your API key and workspace URL. Drop this into any LangChain chain.

File: memory.js (or memory.py for Python) 
const { ThreatRecallMemoryRetriever } = require('@threatrecall/langchain-adapter');

const retriever = new ThreatRecallMemoryRetriever({
  apiKey: process.env.THREATRECALL_API_KEY,
  workspaceUrl: process.env.THREATRECALL_URL || 'https://app.threatrecall.ai',
  topK: 5,          // return top 5 results per query
  minConfidence: 0.3, // skip low-confidence results
});
The retriever is configured. It will query ThreatRecall's knowledge graph on every search call.
Step 3
Add it to your LangChain chain

Wire the retriever into a LangChain agent. The agent will call ThreatRecall automatically when it needs CTI context.

File: agent.js 
const { ChatOpenAI } = require('langchain/chat_models');
const { RetrieverQAChain } = require('langchain/chains');
const { PromptTemplate } = require('langchain/prompts');

const model = new ChatOpenAI({ temperature: 0 });
const chain = RetrieverQAChain.fromLLMAndRetriever(
  model,
  retriever,
  {
    prompt: PromptTemplate.fromTemplate(
      `Use ThreatRecall to answer the user's question. Context: {context}`
    ),
  }
);

// Run a query — the agent will retrieve relevant CTI from ThreatRecall
const result = await chain.call({
  query: "Show me all threat actors known to exploit CVE-2021-44228"
});

console.log(result.text);
Your LangChain agent now retrieves relevant CTI from ThreatRecall on every query. The agent sees the full context of actors, CVEs, and relationships.
Step 4
Test your setup

Run a query that should return results from your ThreatRecall workspace.

Terminal 
# Set your API key first
# Linux/macOS:
export THREATRECALL_API_KEY="your_key_here"

# Run your agent script
node agent.js
If your workspace has relevant data, you should see a response that includes ThreatRecall results. If empty, add some entities to your workspace first.

Python / CrewAI

The adapter also works with LangChain Python. If you're using CrewAI, you can pass the retriever as the memory component:

File: agent.py (Python) 
from threatrecall_langchain import ThreatRecallMemoryRetriever

retriever = ThreatRecallMemoryRetriever(
    api_key="your_api_key",
    workspace_url="https://app.threatrecall.ai",
    top_k=5,
)

For CrewAI, pass this retriever to your agent's memory parameter. See the CrewAI guide for the full example.

Troubleshooting

Problem: "Module not found" error
Fix: Make sure you're in the correct project directory and that node_modules/@threatrecall/langchain-adapter exists. Run npm install in your project root.
Problem: Empty results returned
Fix: Your workspace may not have relevant data. Try searching for a very broad term like "malware" or "threat actor" to confirm the connection is working.
Problem: "API key required" error
Fix: Set the THREATRECALL_API_KEY environment variable before running your script. Do not hard-code the key in your source code — use process.env.THREATRECALL_API_KEY.