Merge branch 'main' into fix/trajectory-eval-skip-summarization

Author: Koushik-Salammagari

src/google/adk/agents/config_agent_utils.py

@@ -80,6 +80,31 @@ def _resolve_agent_class(agent_class: str) -> type[BaseAgent]:
   )
 
 
+_BLOCKED_YAML_KEYS = frozenset({"args"})
+_ENFORCE_DENYLIST = False
+
+
+def _set_enforce_denylist(value: bool) -> None:
+  global _ENFORCE_DENYLIST
+  _ENFORCE_DENYLIST = value
+
+
+def _check_config_for_blocked_keys(node: Any, filename: str) -> None:
+  """Recursively check if the configuration contains any blocked keys."""
+  if isinstance(node, dict):
+    for key, value in node.items():
+      if key in _BLOCKED_YAML_KEYS:
+        raise ValueError(
+            f"Blocked key {key!r} found in {filename!r}. "
+            f"The '{key}' field is not allowed in agent configurations "
+            "because it can execute arbitrary code."
+        )
+      _check_config_for_blocked_keys(value, filename)
+  elif isinstance(node, list):
+    for item in node:
+      _check_config_for_blocked_keys(item, filename)
+
+
 def _load_config_from_path(config_path: str) -> AgentConfig:
   """Load an agent's configuration from a YAML file.
 
@@ -100,6 +125,9 @@ def _load_config_from_path(config_path: str) -> AgentConfig:
   with open(config_path, "r", encoding="utf-8") as f:
     config_data = yaml.safe_load(f)
 
+  if _ENFORCE_DENYLIST:
+    _check_config_for_blocked_keys(config_data, config_path)
+
   return AgentConfig.model_validate(config_data)
 
 

src/google/adk/cli/fast_api.py

@@ -148,6 +148,12 @@ def get_fast_api_app(
     The configured FastAPI application instance.
   """
 
+  # Enable denylist enforcement for config loads if web UI is enabled.
+  if web:
+    from ..agents import config_agent_utils
+
+    config_agent_utils._set_enforce_denylist(True)
+
   # Set up eval managers.
   if eval_storage_uri:
     gcs_eval_managers = evals.create_gcs_eval_managers_from_uri(

src/google/adk/tools/load_mcp_resource_tool.py

@@ -29,8 +29,7 @@
 from .base_tool import BaseTool
 
 if TYPE_CHECKING:
-  from mcp_toolset import McpToolset
-
+  from .mcp_tool.mcp_toolset import McpToolset
   from .tool_context import ToolContext
 
 logger = logging.getLogger("google_adk." + __name__)
@@ -39,7 +38,7 @@
 class LoadMcpResourceTool(BaseTool):
   """A tool that loads the MCP resources and adds them to the session."""
 
-  def __init__(self, mcp_toolset: McpToolset):
+  def __init__(self, mcp_toolset: McpToolset) -> None:
     super().__init__(
         name="load_mcp_resource",
         description="""Loads resources from the MCP server.

src/google/adk/tools/mcp_tool/__init__.py

@@ -17,17 +17,19 @@
 try:
   from .conversion_utils import adk_to_mcp_tool_type
   from .conversion_utils import gemini_to_json_schema
-  from .mcp_session_manager import SseConnectionParams
-  from .mcp_session_manager import StdioConnectionParams
-  from .mcp_session_manager import StreamableHTTPConnectionParams
-  from .mcp_tool import MCPTool
-  from .mcp_tool import McpTool
-  from .mcp_toolset import MCPToolset
-  from .mcp_toolset import McpToolset
+  from .mcp_session_manager import MCPSessionManager as MCPSessionManager
+  from .mcp_session_manager import SseConnectionParams as SseConnectionParams
+  from .mcp_session_manager import StdioConnectionParams as StdioConnectionParams
+  from .mcp_session_manager import StreamableHTTPConnectionParams as StreamableHTTPConnectionParams
+  from .mcp_tool import MCPTool as MCPTool
+  from .mcp_tool import McpTool as McpTool
+  from .mcp_toolset import MCPToolset as MCPToolset
+  from .mcp_toolset import McpToolset as McpToolset
 
   __all__.extend([
       'adk_to_mcp_tool_type',
       'gemini_to_json_schema',
+      'MCPSessionManager',
       'McpTool',
       'MCPTool',
       'McpToolset',