Skip to content

[pull] main from google:main#402

Merged
pull[bot] merged 14 commits into
CrazyForks:mainfrom
google:main
Jul 7, 2026
Merged

[pull] main from google:main#402
pull[bot] merged 14 commits into
CrazyForks:mainfrom
google:main

Conversation

@pull

@pull pull Bot commented Jul 7, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

GWeale and others added 14 commits July 6, 2026 15:34
The agent-engine branch of get_gcp_resource() emitted the resource id under
a non-standard "cloud.resource.id" key, so the Agent Engine dashboard's
cloud.resource_id filter matched no rows and every panel read 0. Use the
OTel CLOUD_RESOURCE_ID constant ("cloud.resource_id").

Close #6247

Co-authored-by: George Weale <gweale@google.com>
PiperOrigin-RevId: 943528352
SequentialAgent, LoopAgent, and ParallelAgent were deprecated in favor of
Workflow, but Workflow is not a BaseAgent and cannot be used as an LlmAgent
sub_agent, so "use Workflow instead" is incomplete for the sub-agent
composition pattern. Keep recommending Workflow for orchestration, but state
the sub-agent limitation directly in the deprecation message.

Relates to #5872.

Co-authored-by: George Weale <gweale@google.com>
PiperOrigin-RevId: 943529799
The Runner already dispatches run_after_run_callback on the BaseNode
(_run_node_async) path; add an end-to-end regression test that a plugin's
after_run_callback fires once on a Workflow root.

Close #5282

Co-authored-by: George Weale <gweale@google.com>
PiperOrigin-RevId: 943530150
Co-authored-by: Xuan Yang <xygoogle@google.com>
PiperOrigin-RevId: 943533056
Merge #6305

**Please ensure you have read the [contribution guide](https://github.com/google/adk-python/blob/main/CONTRIBUTING.md) before creating a pull request.**

### Link to Issue or Description of Change

**2. Or, if no issue exists, describe the change:**

**Problem:**
The with-persona evaluator prompt template in
`src/google/adk/evaluation/simulation/per_turn_user_simulator_quality_prompts.py`
misspells "existing" as "exsisting" in its "Definition of Conversation History"
section. This text is part of the prompt sent to the model at evaluation time,
so it is model-facing rather than an internal comment. The sibling non-persona
template in the same file already uses the correct spelling in the identical
sentence, so the two templates are inconsistent.

**Solution:**
Correct the single word `exsisting` -> `existing` on that line. This makes the
two templates consistent and fixes the model-facing text. No code path changes.

### Testing Plan

This is a small typo fix in a prompt string, so no behavioral tests are added.
The existing module test suite still passes and linting is clean:

- `pre-commit run --files src/google/adk/evaluation/simulation/per_turn_user_simulator_quality_prompts.py` -> all Passed/Skipped.
- `pytest tests/unittests/evaluation/simulation/test_per_turn_user_simulation_quality_prompts.py -q` -> 6 passed.

**Unit Tests:**

- [ ] I have added or updated unit tests for my change. (N/A: typo-only fix in a prompt string literal; the module's tests mock the templates and do not snapshot the prompt text.)
- [x] All unit tests pass locally.

### Checklist

- [x] I have read the [CONTRIBUTING.md](https://github.com/google/adk-python/blob/main/CONTRIBUTING.md) document.
- [x] I have performed a self-review of my own code.
- [x] New and existing unit tests pass locally with my changes.

COPYBARA_INTEGRATE_REVIEW=#6305 from anxkhn:docs/simulator-prompt-typo 34dc49f
PiperOrigin-RevId: 943534249
Add a runnable sample under contributing/samples/managed_agent/basic showing how
to use ManagedAgent (backed by the Managed Agents API) with the server-side
google_search tool, mirroring the live integration test flow. The sample
exposes a root_agent in agent.py and ships a README covering the required
enterprise/ADC setup and example prompts (including a multi-turn follow-up that
reuses the recovered remote sandbox).

Co-authored-by: Haran Rajkumar <haranrk@google.com>
PiperOrigin-RevId: 943536117
Updates the class description of GoogleSearchTool to refer generically to 'Gemini models' rather than 'Gemini 2 models', as it applies to the broader family.

Closes #12345

Co-authored-by: Haran Rajkumar <haranrk@google.com>
PiperOrigin-RevId: 943537157
This resolves a token conflict where actions/checkout persisted the default
GITHUB_TOKEN, causing subsequent git push operations by create-pull-request
(which uses RELEASE_PAT) to fail with a 400 Bad Request.

Co-authored-by: Yifan Wang <wanyif@google.com>
PiperOrigin-RevId: 943541293
This resolves a "Duplicate header: Authorization" error (HTTP 400) when
create-pull-request runs. actions/checkout@v6 persists credentials by default,
which conflicts with the token used by create-pull-request.

Co-authored-by: Yifan Wang <wanyif@google.com>
PiperOrigin-RevId: 943548154
Merge #6227

When the ADK web server is on loopback and no explicit allow-origins list is configured, require that the Origin header also resolves to a loopback host to prevent DNS-rebinding attacks.

PiperOrigin-RevId: 943548404
Add a runnable sample under contributing/samples/managed_agent/code_execution
showing how to use ManagedAgent with the server-side code execution tool. Since
ManagedAgent has no code_executor field, code execution is enabled by passing the
raw types.Tool(code_execution=types.ToolCodeExecution()) config in tools. The
sample exposes a root_agent in agent.py and ships a README plus a matching
single-turn live integration test that verifies a code-executed prime-sum
computation.

Co-authored-by: Haran Rajkumar <haranrk@google.com>
PiperOrigin-RevId: 943548907
Merge #5526

## Security Fix: XSS via Jinja2 Template Injection (CWE-79)

### Vulnerability
`contributing/samples/gepa/rater_lib.py` instantiates `jinja2.Environment()` **without** `autoescape=True`. The companion template `rubric_validation_template.txt` renders `{{user_input}}` and `{{model_response}}` without escaping.

### Impact
Since ADK is Google's official framework for building AI agents, developers copy/adapt this sample code into production web applications. Unescaped user-controlled input in Jinja2 templates enables:

- **Cross-Site Scripting (XSS)** — Arbitrary JavaScript execution in browsers
- **Session Hijacking** — Steal cookies/tokens if rendered in web context
- **Phishing** — Inject fake login forms

### Proof of Concept
```python
# user_input: <script>alert("XSS")</script>
# Renders as: <main_prompt><script>alert("XSS")</script></main_prompt>

# model_response: <img src=x onerror=alert("XSS from model")>
# Renders as: <responses><img src=x onerror=alert("XSS from model")></responses>
```

### Changes
1. **rater_lib.py:170** — `jinja2.Environment()` → `jinja2.Environment(autoescape=True)`
2. **rubric_validation_template.txt:158** — `{{user_input}}` → `{{user_input|e}}`
3. **rubric_validation_template.txt:163** — `{{model_response}}` → `{{model_response|e}}`

Defense in depth: `autoescape=True` provides baseline protection, explicit `|e` filters ensure escaping even if autoescape is later disabled.

### References
- CWE-79: Cross-site Scripting (XSS)
- OWASP A7:2017 — Cross-site Scripting
- Jinja2 docs: https://jinja.palletsprojects.com/en/3.1.x/api/#autoescaping

Co-authored-by: Shangjie Chen <deanchen@google.com>
COPYBARA_INTEGRATE_REVIEW=#5526 from k4w-wak:fix/jinja2-xss-autoescape b5b6d3e
PiperOrigin-RevId: 943549514
Merge #5818

Closes #3046

## Summary

`AuthHandler.generate_auth_uri()` currently hardcodes `prompt=consent` when building OAuth authorization URLs.

That makes app-level OAuth configuration less flexible than the underlying providers allow. Flows that need `prompt=none` (or another prompt mode) cannot express that through `OAuth2Auth`, even though the rest of the OAuth request metadata is already configurable.

This change adds an optional `prompt` field to `OAuth2Auth`, preserves `consent` as the default, and uses the configured value when generating the authorization URL.

## Changes

- `src/google/adk/auth/auth_credential.py`
  - Add optional `prompt` field to `OAuth2Auth`.
- `src/google/adk/auth/auth_handler.py`
  - Use `auth_credential.oauth2.prompt or "consent"` when populating OAuth authorization params.
- `tests/unittests/auth/test_auth_handler.py`
  - Extend the OAuth session test double to surface `prompt` in generated auth URIs.
  - Assert the default OAuth flow still includes `prompt=consent`.
  - Add coverage for a custom `prompt="none"` override.

## Test plan

- [x] `python3.12 -m py_compile src/google/adk/auth/auth_credential.py src/google/adk/auth/auth_handler.py tests/unittests/auth/test_auth_handler.py`
- [ ] `PYTHONPATH=src .venv/bin/python -m pytest tests/unittests/auth/test_auth_handler.py -q`
  - Blocked locally while bootstrapping a minimal ad hoc venv: importing `google.adk` for this test path pulls additional runtime dependencies (`google.genai`, `opentelemetry.semconv`, and friends). I stopped after confirming the touched files compile cleanly rather than trying to recreate the repo's full `uv sync --all-extras` environment by hand.
- [ ] Reviewer / CI confirmation that the existing auth handler unit suite passes in the standard repo environment.

Co-authored-by: George Weale <gweale@google.com>
COPYBARA_INTEGRATE_REVIEW=#5818 from RaghunandanKumar:fix/oauth-prompt-configurable 727e2e5
PiperOrigin-RevId: 943553106
- Remove redundant self-transfer check in LlmAgentWrapper, relying on the unified check in transfer_utils.

Co-authored-by: Shangjie Chen <deanchen@google.com>
PiperOrigin-RevId: 943630479
@pull pull Bot locked and limited conversation to collaborators Jul 7, 2026
@pull pull Bot added the ⤵️ pull label Jul 7, 2026
@pull pull Bot merged commit 34b953e into CrazyForks:main Jul 7, 2026
1 of 16 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants