google
diff --git a/‎.agents/skills/adk-unit-design/SKILL.md‎
Lines changed: 88 additions & 0 deletions b/‎.agents/skills/adk-unit-design/SKILL.md‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎.github/workflows/check-file-contents.yml‎
Lines changed: 0 additions & 150 deletions b/‎.github/workflows/check-file-contents.yml‎
Lines changed: 0 additions & 150 deletions
diff --git a/‎.github/workflows/continuous-integration.yml‎
Lines changed: 126 additions & 0 deletions b/‎.github/workflows/continuous-integration.yml‎
Lines changed: 126 additions & 0 deletions
@@ -0,0 +1,88 @@
+---
+name: adk-unit-design
+description: Creates or updates code unit design documents for source code documentation.
+---
+
+# ADK Code Unit Design
+
+This skill creates or updates a detailed software engineering design document for new or updated code file or specified code unit. The design document it generates is meant to explain the code to a developer who wants to modify or extend the code unit as part of the ADK development framework. Similar to a *unit test*, a *unit design* provides a generated software engineering design based on the *actual, implemented code* rather than any proposed code design or proposed software architecture.
+
+## Input
+
+- Code files containing new functionality
+- Names of new methods and classes (optional)
+- Code files for base classes or interfaces that the new functionality depends on (optional)
+- Code unit tests (optional)
+- Example code files (optional)
+
+## Analysis
+
+- Review specified code files for changes and named methods to determine:
+  - Purpose and intended use of the new or updated code units
+  - Any data flows handled by the new or updated code units
+  - Dependencies required by the new or updated code units
+  - Approaches for extending or customizing the code unit to add new capabilities
+  - Classes that depend on the new or updated code units
+  - Operational limitations of the new or updated code units
+
+## Output
+
+- Look for an existing design document in the `/docs/design/***` directory of this repository.
+  - If a design already exists, update the existing design incrementally and prioritize preserving the previous content as much as possible.
+  - If no design document exists, create a design file for the new code unit in the `/docs/design/***` directory of this repository, using the relative path of the code unit. For example, if the code unit is called `/topic/function/class.ext`, create a design document in the location `/docs/design/topic/function/class/index.md`.
+- Any links to local code files should be translated to URL links to the `google/adk-python` repository on GitHub. For example, if the local code unit path is `***/adk-python/topic/function/class.ext#L93`, the URL to the code file should be `https://github.com/google/adk-python/blob/main/topic/function/class.ext#L93`.
+
+### Design document structure and content
+
+Use the following structure and instructions to create the design document for the code unit:
+
+```
+# (name of code unit or code file) - Code Unit Design
+
+- 2-sentence summary of the code unit
+
+## Introduction
+
+- Paragraph(s) explaining:
+  - The purpose and application of the code unit, including intended use cases
+  - Developer problems solved by this code unit
+  - Agent capabilities enabled by this code unit
+
+## High-level architecture
+
+- Describe the software architecture of this code unit and how it fits into the larger ADK framework
+- Explain general execution flow of this code unit
+- Describe any data flows handled by the code unit including inputs and outputs
+- Explain any cross-class dependencies of the code unit, including upstream dependencies and downstream dependencies
+
+### Extension points
+
+- Describe how the code unit could be extended or customized to add new features or capabilities
+- Note specific parts of the code unit that are designed to be extended or customized, including:
+  - Abstract classes
+  - Interfaces
+  - Hooks
+  - Callbacks
+  - Configurable parameters
+  - Plugin architecture
+  - Other extension points
+
+### Extension constraints
+
+- Describe what parts of the code unit should not be modified, based on:
+  - architectural constraints
+  - implementation limitations
+  - cross-class dependencies
+  - other constraints
+
+## Limitations
+
+- Mention any limitations of the code unit, if known, such as:
+  - input constraints
+  - data structure constraints
+  - output constraints
+  - performance limitations
+  - memory limitations
+  - other limitations
+
+```
@@ -148,3 +148,129 @@ jobs:
             -n auto \
             --ignore=tests/unittests/artifacts/test_artifact_service.py \
             --ignore=tests/unittests/tools/google_api_tool/test_googleapi_to_openapi_converter.py
+
+  # 4. Custom file content compliance checks (PR only)
+  compliance-check:
+    name: File Content Compliance
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v6
+        with:
+          # Fetch full history (depth: 0) instead of shallow clone (depth: 2) to ensure
+          # git diff origin/${base_ref}...HEAD can reliably find the merge base,
+          # preventing fatal git errors on deep PRs or when the target branch has progressed.
+          fetch-depth: 0
+
+      - name: Check for logger pattern in all changed Python files
+        run: |
+          git fetch origin ${GITHUB_BASE_REF}
+          CHANGED_FILES=$(git diff --diff-filter=ACMR --name-only origin/${GITHUB_BASE_REF}...HEAD | grep -E '\.py$' || true)
+          if [ -n "$CHANGED_FILES" ]; then
+            echo "Changed Python files to check:"
+            echo "$CHANGED_FILES"
+            echo ""
+
+            # Check for 'logger = logging.getLogger(__name__)' in changed .py files.
+            set +e
+            FILES_WITH_FORBIDDEN_LOGGER=$(grep -lE 'logger = logging\.getLogger\(__name__\)' $CHANGED_FILES)
+            GREP_EXIT_CODE=$?
+            set -e
+
+            if [ $GREP_EXIT_CODE -eq 0 ]; then
+              echo "❌ Found forbidden use of 'logger = logging.getLogger(__name__)'. Please use 'logger = logging.getLogger('google_adk.' + __name__)' instead."
+              echo "The following files contain the forbidden pattern:"
+              echo "$FILES_WITH_FORBIDDEN_LOGGER"
+              exit 1
+            elif [ $GREP_EXIT_CODE -eq 1 ]; then
+              echo "✅ No instances of 'logger = logging.getLogger(__name__)' found in changed Python files."
+            fi
+          else
+            echo "✅ No relevant Python files found."
+          fi
+
+      - name: Check for import pattern in certain changed Python files
+        run: |
+          git fetch origin ${GITHUB_BASE_REF}
+          CHANGED_FILES=$(git diff --diff-filter=ACMR --name-only origin/${GITHUB_BASE_REF}...HEAD | grep -E '\.py$' | grep -v -E '__init__.py$|version.py$|tests/.*|contributing/samples/' || true)
+          if [ -n "$CHANGED_FILES" ]; then
+            echo "Changed Python files to check:"
+            echo "$CHANGED_FILES"
+            echo ""
+
+            # Use grep -L to find files that DO NOT contain the pattern.
+            FILES_MISSING_IMPORT=$(grep -L 'from __future__ import annotations' $CHANGED_FILES || true)
+
+            if [ -z "$FILES_MISSING_IMPORT" ]; then
+              echo "✅ All modified Python files include 'from __future__ import annotations'."
+              exit 0
+            else
+              echo "❌ The following files are missing 'from __future__ import annotations':"
+              echo "$FILES_MISSING_IMPORT"
+              echo "This import is required to allow forward references in type annotations without quotes."
+              exit 1
+            fi
+          else
+            echo "✅ No relevant Python files found."
+          fi
+
+      - name: Check for import from cli package in certain changed Python files
+        run: |
+          git fetch origin ${GITHUB_BASE_REF}
+          CHANGED_FILES=$(git diff --diff-filter=ACMR --name-only origin/${GITHUB_BASE_REF}...HEAD | grep -E '\.py$' | grep -v -E 'cli/.*|src/google/adk/tools/apihub_tool/apihub_toolset.py|tests/.*|contributing/samples/' || true)
+          if [ -n "$CHANGED_FILES" ]; then
+            echo "Changed Python files to check:"
+            echo "$CHANGED_FILES"
+            echo ""
+
+            set +e
+            FILES_WITH_FORBIDDEN_IMPORT=$(grep -lE '^from.*\bcli\b.*import.*$' $CHANGED_FILES)
+            GREP_EXIT_CODE=$?
+            set -e
+
+            if [[ $GREP_EXIT_CODE -eq 0 ]]; then
+              echo "❌ Do not import from the cli package outside of the cli package. If you need to reuse the code elsewhere, please move the code outside of the cli package."
+              echo "The following files contain the forbidden pattern:"
+              echo "$FILES_WITH_FORBIDDEN_IMPORT"
+              exit 1
+            else
+              echo "✅ No instances of importing from the cli package found in relevant changed Python files."
+            fi
+          else
+            echo "✅ No relevant Python files found."
+          fi
+
+      - name: Check for hardcoded googleapis.com endpoints
+        run: |
+          git fetch origin ${GITHUB_BASE_REF}
+          CHANGED_FILES=$(git diff --diff-filter=ACMR --name-only origin/${GITHUB_BASE_REF}...HEAD | grep -E '\.py$' || true)
+          if [ -n "$CHANGED_FILES" ]; then
+            echo "Checking for hardcoded endpoints in: $CHANGED_FILES"
+
+            # 1. Identify files containing any googleapis.com URL.
+            set +e
+            FILES_WITH_ENDPOINTS=$(grep -lE 'https?://[a-zA-Z0-9.-]+\.googleapis\.com' $CHANGED_FILES)
+
+            # 2. From those, identify files that are MISSING the required mTLS version.
+            if [ -n "$FILES_WITH_ENDPOINTS" ]; then
+              FILES_MISSING_MTLS=$(grep -L '.mtls.googleapis.com' $FILES_WITH_ENDPOINTS)
+            fi
+            set -e
+
+            if [ -n "$FILES_MISSING_MTLS" ]; then
+              echo "❌ Found hardcoded googleapis.com endpoints without mTLS support."
+              echo "The following files must define both standard and mTLS (.mtls.googleapis.com) endpoints"
+              echo "to support dynamic endpoint selection as required by security policy:"
+              echo "$FILES_MISSING_MTLS"
+              echo ""
+              echo "To fix this, please follow these steps:"
+              echo "1. Initialize an AuthorizedSession with your credentials."
+              echo "2. Use 'mtls.has_default_client_cert_source() from google-auth' to check for available client certificates."
+              echo "3. If certificates are present, use 'session.configure_mtls_channel()'."
+              echo "4. Dynamically select the '.mtls.' variant of the endpoint when mTLS is active."
+              exit 1
+            else
+              echo "✅ All hardcoded endpoints have corresponding mTLS definitions or no endpoints found."
+            fi
+          fi