Merge branch 'main' into fix-2729-none-inferences

Author: ShaharKatz

contributing/samples/spanner/agent.py

@@ -18,6 +18,7 @@
 from google.adk.auth.auth_credential import AuthCredentialTypes
 from google.adk.tools.google_tool import GoogleTool
 from google.adk.tools.spanner.settings import Capabilities
+from google.adk.tools.spanner.settings import QueryResultMode
 from google.adk.tools.spanner.settings import SpannerToolSettings
 from google.adk.tools.spanner.spanner_credentials import SpannerCredentialsConfig
 from google.adk.tools.spanner.spanner_toolset import SpannerToolset
@@ -34,7 +35,10 @@
 
 
 # Define Spanner tool config with read capability set to allowed.
-tool_settings = SpannerToolSettings(capabilities=[Capabilities.DATA_READ])
+tool_settings = SpannerToolSettings(
+    capabilities=[Capabilities.DATA_READ],
+    query_result_mode=QueryResultMode.DICT_LIST,
+)
 
 if CREDENTIALS_TYPE == AuthCredentialTypes.OAUTH2:
   # Initialize the tools to do interactive OAuth

src/google/adk/agents/remote_a2a_agent.py

@@ -31,7 +31,8 @@
 from a2a.client.card_resolver import A2ACardResolver
 from a2a.client.client import ClientConfig as A2AClientConfig
 from a2a.client.client_factory import ClientFactory as A2AClientFactory
-from a2a.client.errors import A2AClientError
+from a2a.client.errors import A2AClientHTTPError
+from a2a.client.middleware import ClientCallContext
 from a2a.types import AgentCard
 from a2a.types import Message as A2AMessage
 from a2a.types import Part as A2APart
@@ -533,6 +534,7 @@ async def _run_async_impl(
       async for a2a_response in self._a2a_client.send_message(
           request=a2a_request,
           request_metadata=request_metadata,
+          context=ClientCallContext(state=ctx.session.state),
       ):
         logger.debug(build_a2a_response_log(a2a_response))
 
@@ -558,6 +560,24 @@ async def _run_async_impl(
 
         yield event
 
+    except A2AClientHTTPError as e:
+      error_message = f"A2A request failed: {e}"
+      logger.error(error_message)
+      yield Event(
+          author=self.name,
+          error_message=error_message,
+          invocation_id=ctx.invocation_id,
+          branch=ctx.branch,
+          custom_metadata={
+              A2A_METADATA_PREFIX
+              + "request": a2a_request.model_dump(
+                  exclude_none=True, by_alias=True
+              ),
+              A2A_METADATA_PREFIX + "error": error_message,
+              A2A_METADATA_PREFIX + "status_code": str(e.status_code),
+          },
+      )
+
     except Exception as e:
       error_message = f"A2A request failed: {e}"
       logger.error(error_message)

src/google/adk/runners.py

@@ -412,7 +412,11 @@ async def _run_with_trace(
           message = self._format_session_not_found_message(session_id)
           raise ValueError(message)
         if not invocation_id and not new_message:
-          raise ValueError('Both invocation_id and new_message are None.')
+          raise ValueError(
+              'Running an agent requires either a new_message or an '
+              'invocation_id to resume a previous invocation. '
+              f'Session: {session_id}, User: {user_id}'
+          )
 
         if invocation_id:
           if (

src/google/adk/tools/openapi_tool/openapi_spec_parser/openapi_toolset.py

@@ -16,6 +16,7 @@
 
 import json
 import logging
+import ssl
 from typing import Any
 from typing import Dict
 from typing import Final
@@ -68,6 +69,7 @@ def __init__(
       auth_scheme: Optional[AuthScheme] = None,
       auth_credential: Optional[AuthCredential] = None,
       tool_filter: Optional[Union[ToolPredicate, List[str]]] = None,
+      ssl_verify: Optional[Union[bool, str, ssl.SSLContext]] = None,
   ):
     """Initializes the OpenAPIToolset.
 
@@ -102,10 +104,19 @@ def __init__(
         ``google.adk.tools.openapi_tool.auth.auth_helpers``
       tool_filter: The filter used to filter the tools in the toolset. It can be
         either a tool predicate or a list of tool names of the tools to expose.
+      ssl_verify: SSL certificate verification option for all tools. Can be:
+        - None: Use default verification (True)
+        - True: Verify SSL certificates using system CA
+        - False: Disable SSL verification (insecure, not recommended)
+        - str: Path to a CA bundle file or directory for custom CA
+        - ssl.SSLContext: Custom SSL context for advanced configuration
+        This is useful for enterprise environments where requests go through
+        a TLS-intercepting proxy with a custom CA certificate.
     """
     super().__init__(tool_filter=tool_filter)
     if not spec_dict:
       spec_dict = self._load_spec(spec_str, spec_str_type)
+    self._ssl_verify = ssl_verify
     self._tools: Final[List[RestApiTool]] = list(self._parse(spec_dict))
     if auth_scheme or auth_credential:
       self._configure_auth_all(auth_scheme, auth_credential)
@@ -121,6 +132,26 @@ def _configure_auth_all(
       if auth_credential:
         tool.configure_auth_credential(auth_credential)
 
+  def configure_ssl_verify_all(
+      self, ssl_verify: Optional[Union[bool, str, ssl.SSLContext]] = None
+  ):
+    """Configure SSL certificate verification for all tools.
+
+    This is useful for enterprise environments where requests go through a
+    TLS-intercepting proxy with a custom CA certificate.
+
+    Args:
+        ssl_verify: SSL certificate verification option. Can be:
+          - None: Use default verification (True)
+          - True: Verify SSL certificates using system CA
+          - False: Disable SSL verification (insecure, not recommended)
+          - str: Path to a CA bundle file or directory for custom CA
+          - ssl.SSLContext: Custom SSL context for advanced configuration
+    """
+    self._ssl_verify = ssl_verify
+    for tool in self._tools:
+      tool.configure_ssl_verify(ssl_verify)
+
   @override
   async def get_tools(
       self, readonly_context: Optional[ReadonlyContext] = None
@@ -154,7 +185,7 @@ def _parse(self, openapi_spec_dict: Dict[str, Any]) -> List[RestApiTool]:
 
     tools = []
     for o in operations:
-      tool = RestApiTool.from_parsed_operation(o)
+      tool = RestApiTool.from_parsed_operation(o, ssl_verify=self._ssl_verify)
       logger.info("Parsed tool: %s", tool.name)
       tools.append(tool)
     return tools

src/google/adk/tools/openapi_tool/openapi_spec_parser/rest_api_tool.py

@@ -14,6 +14,7 @@
 
 from __future__ import annotations
 
+import ssl
 from typing import Any
 from typing import Dict
 from typing import List
@@ -88,6 +89,7 @@ def __init__(
       auth_scheme: Optional[Union[AuthScheme, str]] = None,
       auth_credential: Optional[Union[AuthCredential, str]] = None,
       should_parse_operation=True,
+      ssl_verify: Optional[Union[bool, str, ssl.SSLContext]] = None,
   ):
     """Initializes the RestApiTool with the given parameters.
 
@@ -114,6 +116,12 @@ def __init__(
           (https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#security-scheme-object)
         auth_credential: The authentication credential of the tool.
         should_parse_operation: Whether to parse the operation.
+        ssl_verify: SSL certificate verification option. Can be:
+          - None: Use default verification
+          - True: Verify SSL certificates using system CA
+          - False: Disable SSL verification (insecure, not recommended)
+          - str: Path to a CA bundle file or directory for custom CA
+          - ssl.SSLContext: Custom SSL context for advanced configuration
     """
     # Gemini restrict the length of function name to be less than 64 characters
     self.name = name[:60]
@@ -136,15 +144,21 @@ def __init__(
     # Private properties
     self.credential_exchanger = AutoAuthCredentialExchanger()
     self._default_headers: Dict[str, str] = {}
+    self._ssl_verify = ssl_verify
     if should_parse_operation:
       self._operation_parser = OperationParser(self.operation)
 
   @classmethod
-  def from_parsed_operation(cls, parsed: ParsedOperation) -> "RestApiTool":
+  def from_parsed_operation(
+      cls,
+      parsed: ParsedOperation,
+      ssl_verify: Optional[Union[bool, str, ssl.SSLContext]] = None,
+  ) -> "RestApiTool":
     """Initializes the RestApiTool from a ParsedOperation object.
 
     Args:
         parsed: A ParsedOperation object.
+        ssl_verify: SSL certificate verification option.
 
     Returns:
         A RestApiTool object.
@@ -163,6 +177,7 @@ def from_parsed_operation(cls, parsed: ParsedOperation) -> "RestApiTool":
         operation=parsed.operation,
         auth_scheme=parsed.auth_scheme,
         auth_credential=parsed.auth_credential,
+        ssl_verify=ssl_verify,
     )
     generated._operation_parser = operation_parser
     return generated
@@ -218,6 +233,24 @@ def configure_auth_credential(
       auth_credential = AuthCredential.model_validate_json(auth_credential)
     self.auth_credential = auth_credential
 
+  def configure_ssl_verify(
+      self, ssl_verify: Optional[Union[bool, str, ssl.SSLContext]] = None
+  ):
+    """Configures SSL certificate verification for the API call.
+
+    This is useful for enterprise environments where requests go through a
+    TLS-intercepting proxy with a custom CA certificate.
+
+    Args:
+        ssl_verify: SSL certificate verification option. Can be:
+          - None: Use default verification (True)
+          - True: Verify SSL certificates using system CA
+          - False: Disable SSL verification (insecure, not recommended)
+          - str: Path to a CA bundle file or directory for custom CA
+          - ssl.SSLContext: Custom SSL context for advanced configuration
+    """
+    self._ssl_verify = ssl_verify
+
   def set_default_headers(self, headers: Dict[str, str]):
     """Sets default headers that are merged into every request."""
     self._default_headers = headers
@@ -415,6 +448,8 @@ async def call(
 
     # Got all parameters. Call the API.
     request_params = self._prepare_request_params(api_params, api_args)
+    if self._ssl_verify is not None:
+      request_params["verify"] = self._ssl_verify
     response = requests.request(**request_params)
 
     # Parse API response