Compare link: google/adk-python@v1.27.3...v1.27.4
1. Summary of the change
Doc file: docs/visual-builder/index.md
Current state:
Next steps
Using the Visual Builder development Assistant, try building a new agent using
this prompt:
Proposed Change:
Security and deployment
The Visual Builder relies on API endpoints to save agent configuration files directly to your project directory. For security reasons, these builder endpoints are only enabled when running the ADK Web user interface (e.g., using adk web). In headless or production deployments (such as when using adk deploy cloud_run), the Builder endpoints are automatically disabled to prevent unauthorized file writes.
Additionally, to further restrict arbitrary file writes, file uploads via the Visual Builder are strictly limited to .yaml and .yml extensions.
Next steps
Using the Visual Builder development Assistant, try building a new agent using
this prompt:
Reasoning:
The FastAPI server has been updated to conditionally register the /builder/* endpoints only when the web UI is enabled, specifically preventing unauthorized file writes in production/headless deployments (like cloud_run). Additionally, uploads are now strictly limited to YAML files. These security constraints are important behaviors to document for users of the Visual Builder.
Reference: src/google/adk/cli/fast_api.py
Compare link: google/adk-python@v1.27.3...v1.27.4
1. Summary of the change
Doc file: docs/visual-builder/index.md
Current state:
Proposed Change:
Reasoning:
The FastAPI server has been updated to conditionally register the
/builder/*endpoints only when the web UI is enabled, specifically preventing unauthorized file writes in production/headless deployments (likecloud_run). Additionally, uploads are now strictly limited to YAML files. These security constraints are important behaviors to document for users of the Visual Builder.Reference: src/google/adk/cli/fast_api.py