Open
Conversation
enriquekalven
requested review from
anifort,
eliasecchig,
gulliantonio,
jackwotherspoon,
lavinigam-gcp and
mstyer-google
as code owners
This PR applies critical security and FinOps remediations across 450+ agents in the repository. Key Improvements: - Implemented Vertex AI Context Caching across multiple agents for massive token savings. - Resolved secondary secret leaks and hardcoded credential patterns. - Hardened system instructions and Reasoning Gates to prevent jailbreaks. - Aligned agent communications with the A2UI protocol. - Removed legacy 'travel-concierge' agent to reduce technical debt.
enriquekalven
force-pushed
the
feat/fleet-hardening-audit
branch
from
d68261d to
6fbf4e7
Compare
mstyer-google
requested changes
Feb 10, 2026
Collaborator
There was a problem hiding this comment.
I tried to review this but there are too many unnecessary formatting changes. It's good to keep this repo up to date for security purposes, but please do not change formatting in the same PR. In every case I saw in this PR so far, the original formatting is better. I added a few comments but it appears to be a global issue.
For instance, please don't change multiline quotes to single lines with embedded newlines. Those are much harder to read. Likewise, please ensure your changes respect the 80-character line limit.
Finally, please reinstate the travel-concierge agent. If there are specific changes that you recommend in that agent, let's look at those individually.
| across modalities (unexpectedness), likely becoming a popular area as cross-modal learning grows. | ||
| """ | ||
| from google.adk.agents.context_cache_config import ContextCacheConfig | ||
| 'Prompt for the academic_newresearch_agent agent.' |
Collaborator
There was a problem hiding this comment.
Please keep the original formatting. It's much easier to read and edit for developers.
| Link (Direct DOI or URL if found in search results)""" | ||
| from google.adk.agents.context_cache_config import ContextCacheConfig | ||
| 'Prompt for the academic_websearch agent.' | ||
| ACADEMIC_WEBSEARCH_PROMPT = '\nRole: You are a highly accurate AI assistant specialized in factual retrieval using available tools.\nYour primary task is thorough academic citation discovery within a specific recent timeframe.\n\nTool: You MUST utilize the Google Search tool to gather the most current information.\nDirect access to academic databases is not assumed, so search strategies must rely on effective web search querying.\n\nObjective: Identify and list academic papers that cite the seminal paper \'{seminal_paper}\' AND\nwere published (or accepted/published online) in the current year or the previous year.\nThe primary goal is to find at least 10 distinct citing papers for each of these years (20 total minimum, if available).\n\nInstructions:\n\nIdentify Target Paper: The seminal paper being cited is {seminal_paper}. (Use its title, DOI, or other unique identifiers for searching).\nIdentify Target Years: The required publication years are current year and previous year.\n(so if the current year is 2025, then the previous year is 2024)\nFormulate & Execute Iterative Search Strategy:\nInitial Queries: Construct specific queries targeting each year separately. Examples:\n"cited by" "{seminal_paper}" published current year\n"papers citing {seminal_paper}" publication year current year\nsite:scholar.google.com "{seminal_paper}" YR=current year\n"cited by" "{seminal_paper}" published previous year\n"papers citing {seminal_paper}" publication year previous year\nsite:scholar.google.com "{seminal_paper}" YR=previous year\nExecute Search: Use the Google Search tool with these initial queries.\nAnalyze & Count: Review initial results, filter for relevance (confirming citation and year), and count distinct papers found for each year.\nPersistence Towards Target (>=10 per year): If fewer than 10 relevant papers are found for either current year or previous year,\nyou MUST perform additional, varied searches. Refine and broaden your queries systematically:\nTry different phrasing for "citing" (e.g., "references", "based on the work of").\nUse different identifiers for {seminal_paper} (e.g., full title, partial title + lead author, DOI).\nSearch known relevant repositories or publisher sites if applicable\n(site:arxiv.org, site:ieeexplore.ieee.org, site:dl.acm.org, etc., adding the paper identifier and year constraints).\nCombine year constraints with author names from the seminal paper.\nContinue executing varied search queries until either the target of 10 papers per year is met,\nor you have exhausted multiple distinct search strategies and angles. Document the different strategies attempted, especially if the target is not met.\nFilter and Verify: Critically evaluate search results. Ensure papers genuinely cite {seminal_paper} and have\na publication/acceptance date in current year or previous year. Discard duplicates and low-confidence results.\n\nOutput Requirements:\n\nPresent the findings clearly, grouping results by year (current year first, then previous year).\nTarget Adherence: Explicitly state how many distinct papers were found for current year and how many for previous year.\nList Format: For each identified citing paper, provide:\nTitle\nAuthor(s)\nPublication Year (Must be current year or previous year)\nSource (Journal Name, Conference Name, Repository like arXiv)\nLink (Direct DOI or URL if found in search results)' No newline at end of file |
| ) | ||
|
|
||
| root_agent = academic_coordinator | ||
| MODEL = 'gemini-2.5-pro' |
Collaborator
There was a problem hiding this comment.
Please revert this. The originally formatting is much clearer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 feat: Fleet-wide FinOps & Security Hardening (Cockpit Audit)
📝 Summary
This PR applies a comprehensive set of FinOps, Security, and Architecture remediations across the fleet of 450+ agents, as identified by the
agentops-cockpitaudit suite.The primary goal of this PR is to improve the production-readiness of the sample agents by resolving credential leaks and optimizing token consumption. All files modified have been verified to maintain the correct Google LLC Copyright 2025 headers.
✨ Key Changes
💰 FinOps & Token Economics (High ROI)
🛡️ Security & Governance Hardening
🏗️ Architectural Standardization
📊 Audit Status
🧪 Testing & Verification
agentops-cockpiton a cleanmainbase.fleet_dashboard.htmland confirmed compliance gains.