Create a store for LangChain serializable objects from a bytes store.
Reads from this store are deserialized with
langchain_core.load.loads, which instantiates Python objects from
the stored payload. The same threat model applies: a payload can
carry constructor kwargs (custom base_url, headers, model name,
etc.) that get applied during __init__, so the bytes are
effectively executable configuration rather than plain data.
Never back this store with anything an attacker can write to — for example a shared cache that other tenants can populate, an S3 bucket without strict write controls, or a Redis instance reused across trust boundaries. A single tampered value will instantiate attacker-controlled classes the next time the store is read.
If you cannot guarantee the store is write-restricted to your own
process, use create_kv_docstore instead — it pins
allowed_objects=[Document] so a tampered value can at worst
produce a Document, never a chat model or LLM with a redirected
endpoint.
A bytes store to use as the underlying store.
A function to encode keys; if None uses identity function.
