Merge branch 'main' into feature/subagent-escalation

Author: rohityan

contributing/samples/agent_registry_agent/agent.py

@@ -18,6 +18,7 @@
 
 from google.adk.agents.llm_agent import LlmAgent
 from google.adk.integrations.agent_registry import AgentRegistry
+from google.adk.models.google_llm import Gemini
 
 # Project and location can be set via environment variables:
 # GOOGLE_CLOUD_PROJECT and GOOGLE_CLOUD_LOCATION
@@ -27,6 +28,8 @@
 # Initialize Agent Registry client
 registry = AgentRegistry(project_id=project_id, location=location)
 
+# List agents, MCP servers, and endpoints resource names from the registry.
+# They can be used to initialize the agent, toolset, and model below.
 print(f"Listing agents in {project_id}/{location}...")
 agents = registry.list_agents()
 for agent in agents.get("agents", []):
@@ -37,6 +40,11 @@
 for server in mcp_servers.get("mcpServers", []):
   print(f"- MCP Server: {server.get('displayName')} ({server.get('name')})")
 
+print(f"\nListing endpoints in {project_id}/{location}...")
+endpoints = registry.list_endpoints()
+for endpoint in endpoints.get("endpoints", []):
+  print(f"- Endpoint: {endpoint.get('displayName')} ({endpoint.get('name')})")
+
 # Example of using a specific agent or MCP server from the registry:
 # (Note: These names should be full resource names as returned by list methods)
 
@@ -52,8 +60,19 @@
     f"projects/{project_id}/locations/{location}/mcpServers/MCP_SERVER_NAME"
 )
 
+# 3. Getting a specific model endpoint configuration
+# This returns a string like:
+# "projects/adk12345/locations/us-central1/publishers/google/models/gemini-2.5-flash"
+# TODO: Replace ENDPOINT_NAME with your endpoint name
+model_name = registry.get_model_name(
+    f"projects/{project_id}/locations/{location}/endpoints/ENDPOINT_NAME"
+)
+
+# Initialize the model using the resolved model name from registry.
+gemini_model = Gemini(model=model_name)
+
 root_agent = LlmAgent(
-    model="gemini-2.5-flash",
+    model=gemini_model,
     name="discovery_agent",
     instruction=(
         "You have access to tools and sub-agents discovered via Registry."

contributing/samples/skills_agent/agent.py

@@ -54,9 +54,9 @@ async def run_async(self, *, args: dict, tool_context) -> str:
     return f"The timezone for {args['location']} is UTC+00:00."
 
 
-def get_current_humidity(location: str) -> str:
-  """Returns the current humidity for a given location."""
-  return f"The humidity in {location} is 45%."
+def get_wind_speed(location: str) -> str:
+  """Returns the current wind speed for a given location."""
+  return f"The wind speed in {location} is 10 mph."
 
 
 greeting_skill = models.Skill(
@@ -87,7 +87,7 @@ def get_current_humidity(location: str) -> str:
 # be used in production environments.
 my_skill_toolset = SkillToolset(
     skills=[greeting_skill, weather_skill],
-    additional_tools=[GetTimezoneTool(), get_current_humidity],
+    additional_tools=[GetTimezoneTool(), get_wind_speed],
     code_executor=UnsafeLocalCodeExecutor(),
 )
 

contributing/samples/skills_agent/skills/weather-skill/SKILL.md

@@ -1,8 +1,12 @@
 ---
 name: weather-skill
 description: A skill that provides weather information based on reference data.
+metadata:
+  adk_additional_tools:
+    - get_wind_speed
 ---
 
 Step 1: Check 'references/weather_info.md' for the current weather.
 Step 2: If humidity is requested, use run 'scripts/get_humidity.py' with the `location` argument.
-Step 3: Provide the update to the user.
+Step 3: If wind speed is requested, use the `get_wind_speed` tool.
+Step 4: Provide the update to the user.

contributing/samples/skills_agent/skills/weather_skill/SKILL.md

@@ -16,6 +16,7 @@
 
 from __future__ import annotations
 
+import copy
 from typing import Any
 from typing import Awaitable
 from typing import Callable
@@ -108,3 +109,16 @@ class A2aRemoteAgentConfig(BaseModel):
   )
 
   request_interceptors: Optional[list[RequestInterceptor]] = None
+
+  def __deepcopy__(self, memo):
+    cls = self.__class__
+    copied_values = {}
+    for k, v in self.__dict__.items():
+      if not k.startswith('_'):
+        if callable(v):
+          copied_values[k] = v
+        else:
+          copied_values[k] = copy.deepcopy(v, memo)
+    result = cls.model_construct(**copied_values)
+    memo[id(self)] = result
+    return result

src/google/adk/a2a/agent/config.py

@@ -38,6 +38,7 @@
 from typing_extensions import override
 
 from ...runners import Runner
+from ...sessions import base_session_service
 from ...utils.context_utils import Aclosing
 from ..agent.interceptors.new_integration_extension import _NEW_A2A_ADK_INTEGRATION_EXTENSION
 from ..converters.from_adk_event import create_error_status_event
@@ -287,6 +288,8 @@ async def _resolve_session(
         app_name=runner.app_name,
         user_id=user_id,
         session_id=session_id,
+        # Checking existence doesn't require event history.
+        config=base_session_service.GetSessionConfig(num_recent_events=0),
     )
     if session is None:
       session = await runner.session_service.create_session(

src/google/adk/a2a/executor/a2a_agent_executor_impl.py

@@ -73,6 +73,10 @@ class OAuth2Auth(BaseModelWithConfig):
   # tool or adk can generate the auth_uri with the state info thus client
   # can verify the state
   auth_uri: Optional[str] = None
+  # A unique value generated at the start of the OAuth flow to bind the user's
+  # session to the authorization request. This value is typically stored with
+  # user session and passed to backend for validation.
+  nonce: Optional[str] = None
   state: Optional[str] = None
   # tool or adk can decide the redirect_uri if they don't want client to decide
   redirect_uri: Optional[str] = None

src/google/adk/auth/auth_credential.py

@@ -1713,7 +1713,8 @@ def cli_api_server(
     default=False,
     help=(
         "Optional. Deploy ADK Web UI if set. (default: deploy ADK API server"
-        " only)"
+        " only). WARNING: The web UI is for development and testing only — do"
+        " not use in production."
     ),
 )
 @click.option(
@@ -2229,7 +2230,8 @@ def cli_deploy_agent_engine(
     default=False,
     help=(
         "Optional. Deploy ADK Web UI if set. (default: deploy ADK API server"
-        " only)"
+        " only). WARNING: The web UI is for development and testing only — do"
+        " not use in production."
     ),
 )
 @click.option(

src/google/adk/cli/cli_tools_click.py

@@ -27,6 +27,7 @@
 
 import click
 from fastapi import FastAPI
+from fastapi import HTTPException
 from fastapi import UploadFile
 from fastapi.responses import FileResponse
 from fastapi.responses import PlainTextResponse
@@ -293,6 +294,39 @@ def _has_parent_reference(path: str) -> bool:
 
     _ALLOWED_EXTENSIONS = frozenset({".yaml", ".yml"})
 
+    # --- YAML content security ---
+    # The `args` key in agent YAML configs (CodeConfig.args, ToolConfig.args)
+    # allows callers to pass arbitrary arguments to Python constructors and
+    # functions, which is an RCE vector when exposed through the builder UI.
+    # Block any upload that contains an `args` key anywhere in the document.
+    _BLOCKED_YAML_KEYS = frozenset({"args"})
+
+    def _check_yaml_for_blocked_keys(content: bytes, filename: str) -> None:
+      """Raise if the YAML document contains any blocked keys."""
+      import yaml
+
+      try:
+        docs = list(yaml.safe_load_all(content))
+      except yaml.YAMLError as exc:
+        raise ValueError(f"Invalid YAML in {filename!r}: {exc}") from exc
+
+      def _walk(node: Any) -> None:
+        if isinstance(node, dict):
+          for key, value in node.items():
+            if key in _BLOCKED_YAML_KEYS:
+              raise ValueError(
+                  f"Blocked key {key!r} found in {filename!r}. "
+                  f"The '{key}' field is not allowed in builder uploads "
+                  "because it can execute arbitrary code."
+              )
+            _walk(value)
+        elif isinstance(node, list):
+          for item in node:
+            _walk(item)
+
+      for doc in docs:
+        _walk(doc)
+
     def _parse_upload_filename(filename: Optional[str]) -> tuple[str, str]:
       if not filename:
         raise ValueError("Upload filename is missing.")
@@ -430,40 +464,14 @@ async def builder_build(
         files: list[UploadFile], tmp: Optional[bool] = False
     ) -> bool:
       try:
-        if tmp:
-          app_names = set()
-          uploads = []
-          for file in files:
-            app_name, rel_path = _parse_upload_filename(file.filename)
-            app_names.add(app_name)
-            uploads.append((rel_path, file))
-
-          if len(app_names) != 1:
-            logger.error(
-                "Exactly one app name is required, found: %s",
-                sorted(app_names),
-            )
-            return False
-
-          app_name = next(iter(app_names))
-          app_root = _get_app_root(app_name)
-          tmp_agent_root = _get_tmp_agent_root(app_root, app_name)
-          tmp_agent_root.mkdir(parents=True, exist_ok=True)
-
-          for rel_path, file in uploads:
-            destination_path = _resolve_under_dir(tmp_agent_root, rel_path)
-            destination_path.parent.mkdir(parents=True, exist_ok=True)
-            with destination_path.open("wb") as buffer:
-              shutil.copyfileobj(file.file, buffer)
-
-          return True
-
-        app_names = set()
-        uploads = []
+        # Phase 1: parse filenames and read content into memory.
+        app_names: set[str] = set()
+        uploads: list[tuple[str, bytes]] = []
         for file in files:
           app_name, rel_path = _parse_upload_filename(file.filename)
           app_names.add(app_name)
-          uploads.append((rel_path, file))
+          content = await file.read()
+          uploads.append((rel_path, content))
 
         if len(app_names) != 1:
           logger.error(
@@ -473,23 +481,40 @@ async def builder_build(
           return False
 
         app_name = next(iter(app_names))
+
+        # Phase 2: validate every file *before* writing anything to disk.
+        for rel_path, content in uploads:
+          _check_yaml_for_blocked_keys(content, f"{app_name}/{rel_path}")
+
+        # Phase 3: write validated files to disk.
+        if tmp:
+          app_root = _get_app_root(app_name)
+          tmp_agent_root = _get_tmp_agent_root(app_root, app_name)
+          tmp_agent_root.mkdir(parents=True, exist_ok=True)
+
+          for rel_path, content in uploads:
+            destination_path = _resolve_under_dir(tmp_agent_root, rel_path)
+            destination_path.parent.mkdir(parents=True, exist_ok=True)
+            destination_path.write_bytes(content)
+
+          return True
+
         app_root = _get_app_root(app_name)
         app_root.mkdir(parents=True, exist_ok=True)
 
         tmp_agent_root = _get_tmp_agent_root(app_root, app_name)
         if tmp_agent_root.is_dir():
           copy_dir_contents(tmp_agent_root, app_root)
 
-        for rel_path, file in uploads:
+        for rel_path, content in uploads:
           destination_path = _resolve_under_dir(app_root, rel_path)
           destination_path.parent.mkdir(parents=True, exist_ok=True)
-          with destination_path.open("wb") as buffer:
-            shutil.copyfileobj(file.file, buffer)
+          destination_path.write_bytes(content)
 
         return cleanup_tmp(app_name)
       except ValueError as exc:
         logger.exception("Error in builder_build: %s", exc)
-        return False
+        raise HTTPException(status_code=400, detail=str(exc))
       except OSError as exc:
         logger.exception("Error in builder_build: %s", exc)
         return False

src/google/adk/cli/fast_api.py

@@ -53,6 +53,7 @@ class FeatureName(str, Enum):
   TOOL_CONFIRMATION = "TOOL_CONFIRMATION"
   PLUGGABLE_AUTH = "PLUGGABLE_AUTH"
   SNAKE_CASE_SKILL_NAME = "SNAKE_CASE_SKILL_NAME"
+  IN_MEMORY_SESSION_SERVICE_LIGHT_COPY = "IN_MEMORY_SESSION_SERVICE_LIGHT_COPY"
 
 
 class FeatureStage(Enum):
@@ -166,6 +167,9 @@ class FeatureConfig:
     FeatureName.SNAKE_CASE_SKILL_NAME: FeatureConfig(
         FeatureStage.EXPERIMENTAL, default_on=False
     ),
+    FeatureName.IN_MEMORY_SESSION_SERVICE_LIGHT_COPY: FeatureConfig(
+        FeatureStage.WIP, default_on=False
+    ),
 }
 
 # Track which experimental features have already warned (warn only once)