Remove backward compatibility - always use propagate_headers configuration

Co-authored-by: g3force <779094+g3force@users.noreply.github.com>

Author: Copilot

adk/README.md

@@ -73,7 +73,7 @@ The JSON configuration for `AGENT_TOOLS` should follow this structure:
   "tool_name": {
     "url": "https://mcp-tool-endpoint:8000/mcp",
     "timeout": 30,  // Optional: connect timeout in seconds (default: 30)
-    "propagate_headers": ["X-API-Key", "Authorization"]  // Optional: list of headers to propagate
+    "propagate_headers": ["X-API-Key", "Authorization"]  // Optional: list of headers to propagate (default: [])
   }
 }
 ```
@@ -86,7 +86,7 @@ You can configure which HTTP headers are passed from the incoming A2A request to
 - **Per-server configuration**: Each MCP server can receive different headers
 - **Security**: Headers are only sent to servers explicitly configured to receive them
 - **Case-insensitive matching**: Header names are matched case-insensitively
-- **Backward compatibility**: When `propagate_headers` is not specified, the legacy behavior is used (only `X-External-Token` is passed)
+- **Default behavior**: When `propagate_headers` is not specified or is empty, no headers are passed
 
 **Example configuration:**
 ```json5
@@ -101,7 +101,7 @@ You can configure which HTTP headers are passed from the incoming A2A request to
   },
   "public_tool": {
     "url": "https://public-mcp.example.com/mcp"
-    // No propagate_headers - only X-External-Token will be passed (legacy behavior)
+    // No propagate_headers - no headers will be passed
   }
 }
 ```
@@ -188,24 +188,11 @@ Based on the configuration above:
 - `weather_api` MCP server will receive `X-API-Key` and `X-User-Location` headers
 - `database_tool` MCP server will receive only the `Authorization` header
 
-### Backward Compatibility
-
-For backward compatibility, if `propagate_headers` is not specified in the configuration, the SDK will use legacy behavior: only the `X-External-Token` header is passed to the MCP server.
-
-```json5
-{
-  "legacy_tool": {
-    "url": "https://legacy-mcp.example.com/mcp"
-    // No propagate_headers - only X-External-Token will be passed
-  }
-}
-```
-
 **Limitations**: Header propagation is only supported for MCP servers. Propagation to sub-agents is not currently supported due to ADK limitations in passing custom HTTP headers in A2A requests.
 
 ### Security Considerations
 
-- Tokens are stored in ADK session state (separate from memory state that the LLM can access)
-- Tokens are not directly accessible to agent code through normal session state queries
-- Tokens persist for the session duration and are managed by ADK's session lifecycle
+- Headers are stored in ADK session state (separate from memory state that the LLM can access)
+- Headers are not directly accessible to agent code through normal session state queries
+- Headers persist for the session duration and are managed by ADK's session lifecycle
 - This is a simple authentication mechanism; for production use, consider implementing more sophisticated authentication and authorization schemes

adk/agenticlayer/agent.py

@@ -18,33 +18,11 @@
 from httpx_retries import Retry, RetryTransport
 
 from agenticlayer.config import InteractionType, McpTool, SubAgent
-from agenticlayer.constants import EXTERNAL_TOKEN_SESSION_KEY, HTTP_HEADERS_SESSION_KEY
+from agenticlayer.constants import HTTP_HEADERS_SESSION_KEY
 
 logger = logging.getLogger(__name__)
 
 
-def _get_mcp_headers_from_session(readonly_context: ReadonlyContext) -> dict[str, str]:
-    """Header provider function for MCP tools that retrieves token from ADK session.
-
-    This function is called by the ADK when MCP tools are invoked. It reads the
-    external token from the session state where it was stored during request
-    processing by TokenCapturingA2aAgentExecutor.
-
-    Args:
-        readonly_context: The ADK ReadonlyContext providing access to the session
-
-    Returns:
-        A dictionary of headers to include in MCP tool requests.
-        If a token is stored in the session, includes it in the headers.
-    """
-    # Access the session state directly from the readonly context
-    if readonly_context and readonly_context.state:
-        external_token = readonly_context.state.get(EXTERNAL_TOKEN_SESSION_KEY)
-        if external_token:
-            return {"X-External-Token": external_token}
-    return {}
-
-
 def _create_header_provider(propagate_headers: list[str]) -> Callable[[ReadonlyContext], dict[str, str]]:
     """Create a header provider function for a specific MCP server.
 
@@ -185,13 +163,8 @@ def load_tools(self, mcp_tools: list[McpTool]) -> list[ToolUnion]:
         for tool in mcp_tools:
             logger.info(f"Loading tool {tool.model_dump_json()}")
 
-            # Use configured header provider if propagate_headers is specified,
-            # otherwise fall back to legacy behavior (x-external-token only)
-            if tool.propagate_headers is not None:
-                header_provider = _create_header_provider(tool.propagate_headers)
-            else:
-                # Backward compatibility: use legacy provider that only sends x-external-token
-                header_provider = _get_mcp_headers_from_session
+            # Create header provider with configured headers
+            header_provider = _create_header_provider(tool.propagate_headers)
 
             tools.append(
                 McpToolset(

adk/agenticlayer/config.py

@@ -24,7 +24,7 @@ class McpTool(BaseModel):
     name: str
     url: AnyHttpUrl
     timeout: int = 30
-    propagate_headers: list[str] | None = None
+    propagate_headers: list[str] = []
 
 
 def parse_sub_agents(sub_agents_config: str) -> list[SubAgent]:

adk/tests/test_agent_integration.py

@@ -407,9 +407,16 @@ async def handler_with_header_capture(request: httpx.Request) -> httpx.Response:
             # Route MCP requests through our custom handler
             respx_mock.route(host="test-mcp-token.local").mock(side_effect=handler_with_header_capture)
 
-            # When: Create agent with MCP tool and send request with X-External-Token header
+            # When: Create agent with MCP tool configured to propagate X-External-Token and send request with header
             test_agent = agent_factory("test_agent")
-            tools = [McpTool(name="verifier", url=AnyHttpUrl(f"{mcp_server_url}/mcp"), timeout=30)]
+            tools = [
+                McpTool(
+                    name="verifier",
+                    url=AnyHttpUrl(f"{mcp_server_url}/mcp"),
+                    timeout=30,
+                    propagate_headers=["X-External-Token"],
+                )
+            ]
             external_token = "secret-api-token-12345"  # nosec B105
 
             async with app_factory(test_agent, tools=tools) as app:
@@ -673,90 +680,6 @@ async def handler2(request: httpx.Request) -> httpx.Response:
                 assert "x-server1-token" not in headers_lower
                 assert "x-common-header" not in headers_lower
 
-    @pytest.mark.asyncio
-    async def test_backward_compatibility_no_propagate_headers(
-        self,
-        app_factory: Any,
-        agent_factory: Any,
-        llm_controller: LLMMockController,
-        respx_mock: respx.MockRouter,
-    ) -> None:
-        """Test backward compatibility: when propagate_headers is not set, X-External-Token is still passed."""
-
-        # Given: Mock LLM to call 'echo' tool
-        llm_controller.respond_with_tool_call(
-            pattern="",
-            tool_name="echo",
-            tool_args={"message": "test"},
-            final_message="Echo completed!",
-        )
-
-        # Given: MCP server
-        mcp = FastMCP("BackwardCompatVerifier")
-        received_headers: list[dict[str, str]] = []
-
-        @mcp.tool()
-        def echo(message: str) -> str:
-            """Echo a message."""
-            return f"Echoed: {message}"
-
-        mcp_server_url = "http://test-backward-compat.local"
-        mcp_app = mcp.http_app(path="/mcp")
-
-        async with LifespanManager(mcp_app) as mcp_manager:
-            # Create a custom handler that captures headers
-            async def handler_with_header_capture(request: httpx.Request) -> httpx.Response:
-                received_headers.append(dict(request.headers))
-                transport = httpx.ASGITransport(app=mcp_manager.app)
-                async with httpx.AsyncClient(transport=transport, base_url=mcp_server_url) as client:
-                    return await client.request(
-                        method=request.method,
-                        url=str(request.url),
-                        headers=request.headers,
-                        content=request.content,
-                    )
-
-            respx_mock.route(host="test-backward-compat.local").mock(side_effect=handler_with_header_capture)
-
-            # When: Create agent with MCP tool WITHOUT propagate_headers config
-            test_agent = agent_factory("test_agent")
-            tools = [
-                McpTool(
-                    name="verifier",
-                    url=AnyHttpUrl(f"{mcp_server_url}/mcp"),
-                    timeout=30,
-                    # No propagate_headers specified - should use legacy behavior
-                )
-            ]
-            external_token = "legacy-token-12345"  # nosec B105
-
-            async with app_factory(test_agent, tools=tools) as app:
-                client = TestClient(app)
-                response = client.post(
-                    "",
-                    json=create_send_message_request("Test message"),
-                    headers={
-                        "X-External-Token": external_token,
-                        "X-Other-Header": "should-not-be-sent",
-                    },
-                )
-
-            # Then: Verify response is successful
-            assert response.status_code == 200
-            result = verify_jsonrpc_response(response.json())
-            assert result["status"]["state"] == "completed", "Task should complete successfully"
-
-            # Then: Verify X-External-Token was passed (legacy behavior)
-            assert len(received_headers) > 0, "MCP server should have received requests"
-            tool_call_headers = [h for h in received_headers if "x-external-token" in h or "X-External-Token" in h]
-            assert len(tool_call_headers) > 0, "At least one request should have X-External-Token header"
-
-            for headers in tool_call_headers:
-                headers_lower = {k.lower(): v for k, v in headers.items()}
-                assert headers_lower.get("x-external-token") == external_token
-                # Other headers should NOT be passed
-                assert "x-other-header" not in headers_lower
-
     @pytest.mark.asyncio
     async def test_explicitly_empty_propagate_headers_sends_no_headers(
         self,