Merge branch 'main' into fix/506-parameter-defaults

Author: Deeven-Seru

.github/workflows/lint-toolbox-adk.yaml

@@ -0,0 +1,84 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: adk
+on:
+  pull_request:
+    paths:
+      - 'packages/toolbox-adk/**'
+      - '!packages/toolbox-adk/**/*.md'
+  pull_request_target:
+    types: [labeled]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  lint:
+    if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}"
+    name: lint
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+    defaults:
+      run:
+        working-directory: ./packages/toolbox-adk
+    permissions:
+      contents: 'read'
+      issues: 'write'
+      pull-requests: 'write'
+    steps:
+      - name: Remove PR Label
+        if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}"
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            try {
+              await github.rest.issues.removeLabel({
+                name: 'tests: run',
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.payload.pull_request.number
+              });
+            } catch (e) {
+              console.log('Failed to remove label. Another job may have already removed it!');
+            }
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: "3.13"
+
+      - name: Install library requirements
+        run: pip install -r requirements.txt
+
+      - name: Install test requirements
+        run: pip install .[test]
+
+      - name: Run linters
+        run: |
+          black --check .
+          isort --check .
+
+      - name: Run type-check
+        env:
+          MYPYPATH: './src'
+        run: mypy --install-types --non-interactive --cache-dir=.mypy_cache/ -p toolbox_adk

packages/toolbox-adk/src/toolbox_adk/client.py

@@ -79,9 +79,7 @@ def _configure_auth(self, creds: CredentialConfig) -> None:
 
         elif creds.type == CredentialType.WORKLOAD_IDENTITY:
             if not creds.target_audience:
-                raise ValueError(
-                    "target_audience is required for WORKLOAD_IDENTITY"
-                )
+                raise ValueError("target_audience is required for WORKLOAD_IDENTITY")
 
             # Create an async capable token getter
             self._core_client_headers["Authorization"] = self._create_adc_token_getter(
@@ -112,13 +110,15 @@ def get_user_token() -> str:
                     return ""
                 return f"Bearer {token}"
 
-            header_name = getattr(creds, "header_name", "Authorization") or "Authorization"
+            header_name = (
+                getattr(creds, "header_name", "Authorization") or "Authorization"
+            )
             self._core_client_headers[header_name] = get_user_token
 
         elif creds.type == CredentialType.API_KEY:
             if not creds.api_key or not creds.header_name:
                 raise ValueError("api_key and header_name are required for API_KEY")
-            
+
             self._core_client_headers[creds.header_name] = creds.api_key
 
     def _create_adc_token_getter(self, audience: str) -> Callable[[], str]:
@@ -157,7 +157,9 @@ def get_token() -> str:
     def credential_config(self) -> Optional[CredentialConfig]:
         return self._credentials
 
-    async def load_toolset(self, toolset_name: str, **kwargs: Any) -> Any:
+    async def load_toolset(
+        self, toolset_name: Optional[str] = None, **kwargs: Any
+    ) -> Any:
         return await self._client.load_toolset(toolset_name, **kwargs)
 
     async def load_tool(self, tool_name: str, **kwargs: Any) -> Any:

packages/toolbox-adk/src/toolbox_adk/credentials.py

@@ -16,9 +16,9 @@
 from enum import Enum
 from typing import Any, Dict, List, Optional
 
-from google.auth import credentials as google_creds
 from google.adk.auth.auth_credential import AuthCredential, AuthCredentialTypes
 from google.adk.auth.auth_tool import AuthConfig, AuthScheme
+from google.auth import credentials as google_creds
 
 
 class CredentialType(Enum):
@@ -173,9 +173,9 @@ def from_adk_credentials(
         ):
             # Extract client_id, client_secret, and scopes from the credential object.
             return CredentialStrategy.user_identity(
-                client_id=auth_credential.oauth2.client_id,
-                client_secret=auth_credential.oauth2.client_secret,
-                scopes=auth_credential.oauth2.scopes,
+                client_id=auth_credential.oauth2.client_id or "",
+                client_secret=auth_credential.oauth2.client_secret or "",
+                scopes=getattr(auth_credential.oauth2, "scopes", []),
             )
 
         # Handle HTTP Bearer
@@ -192,28 +192,28 @@ def from_adk_credentials(
                 return CredentialStrategy.manual_token(
                     token=auth_credential.http.credentials.token, scheme="Bearer"
                 )
-            
-            raise ValueError(
-                f"Unsupported HTTP authentication scheme: {scheme_type}"
-            )
+
+            raise ValueError(f"Unsupported HTTP authentication scheme: {scheme_type}")
 
         if (
             auth_credential.auth_type == AuthCredentialTypes.API_KEY
             and auth_credential.api_key
         ):
             if not auth_scheme:
-                raise ValueError("API Key credentials require the auth_scheme definition.")
-            
+                raise ValueError(
+                    "API Key credentials require the auth_scheme definition."
+                )
+
             header_name = getattr(auth_scheme, "name", None)
             if not header_name:
                 raise ValueError("API Key scheme must define the header name.")
-            
+
             location = getattr(auth_scheme, "in_", "header") or "header"
             # Handle Enum (APIKeyIn.header) or string values
             location_str = str(location)
             if "." in location_str:
                 location_str = location_str.split(".")[-1]
-            
+
             if location_str.lower() != "header":
                 raise ValueError(
                     f"Unsupported API Key location: {location}. Only 'header' is supported."