fix: validate resumed tool calls against prior state#5545
fix: validate resumed tool calls against prior state#5545sneaXOR wants to merge 3 commits intogoogle:mainfrom
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
sneaXOR
force-pushed
the
fix-resume-tool-call-integrity
branch
from
4734578 to
b270591
Compare
adk-bot
added
the
core
|
Response from ADK Triaging Agent Hello @sneaXOR, thank you for your contribution! Before we can proceed with the review, it looks like the Contributor License Agreement (CLA) check has failed. Please sign the CLA to ensure we can merge this pull request. You can find more information and sign the agreement through the "Details" link in the "cla/google" check at the bottom of the page. Thanks! |
3 participants
Summary
FunctionCalldigest to tool-auth request events and verify it beforeauth_preprocessorresumes the original call.requested_tool_confirmations/requested_auth_configsmetadata.Context
Related to #5290/#5291. Those changes harden session-initialization/runtime event spoofing around HITL. This PR also covers persisted event tampering during resume and the sibling auth-resume path, where resumed tool calls were reconstructed from session event content without verifying that the tool name/args still matched prior ADK state.
Validation
.venv\Scripts\python.exe -m pyink --check <touched files>.venv\Scripts\python.exe -m pytest tests\unittests\flows\llm_flows\test_request_confirmation.py tests\unittests\auth\test_auth_preprocessor.py tests\unittests\runners\test_run_tool_confirmation.py tests\unittests\auth\test_toolset_auth.py -q(41 passed).venv\Scripts\python.exe -m pytest tests\unittests\auth tests\unittests\flows\llm_flows -q(562 passed)