Merge branch 'main' into fix/eval-skip-agent-only-invocations

Author: rohityan

src/google/adk/artifacts/file_artifact_service.py

@@ -138,13 +138,39 @@ def _is_user_scoped(session_id: Optional[str], filename: str) -> bool:
   return session_id is None or _file_has_user_namespace(filename)
 
 
+def _validate_path_segment(value: str, field_name: str) -> None:
+  """Rejects values that could alter the constructed filesystem path.
+
+  Args:
+    value: The caller-supplied identifier (e.g. user_id or session_id).
+    field_name: Human-readable name used in the error message.
+
+  Raises:
+    InputValidationError: If the value contains path separators, traversal
+      segments, or null bytes.
+  """
+  if not value:
+    raise InputValidationError(f"{field_name} must not be empty.")
+  if "\x00" in value:
+    raise InputValidationError(f"{field_name} must not contain null bytes.")
+  if "/" in value or "\\" in value:
+    raise InputValidationError(
+        f"{field_name} {value!r} must not contain path separators."
+    )
+  if value in (".", "..") or ".." in value.split("/"):
+    raise InputValidationError(
+        f"{field_name} {value!r} must not contain traversal segments."
+    )
+
+
 def _user_artifacts_dir(base_root: Path) -> Path:
   """Returns the path that stores user-scoped artifacts."""
   return base_root / "artifacts"
 
 
 def _session_artifacts_dir(base_root: Path, session_id: str) -> Path:
   """Returns the path that stores session-scoped artifacts."""
+  _validate_path_segment(session_id, "session_id")
   return base_root / "sessions" / session_id / "artifacts"
 
 
@@ -220,6 +246,7 @@ def __init__(self, root_dir: Path | str):
 
   def _base_root(self, user_id: str, /) -> Path:
     """Returns the artifacts root directory for a user."""
+    _validate_path_segment(user_id, "user_id")
     return self.root_dir / "users" / user_id
 
   def _scope_root(

src/google/adk/cli/cli_deploy.py

@@ -808,6 +808,24 @@ def to_cloud_run(
     shutil.rmtree(temp_folder)
 
 
+def _print_agent_engine_url(resource_name: str) -> None:
+  """Prints the Google Cloud Console URL for the deployed agent."""
+  parts = resource_name.split('/')
+  if len(parts) >= 6 and parts[0] == 'projects' and parts[2] == 'locations':
+    project_id = parts[1]
+    region = parts[3]
+    engine_id = parts[5]
+
+    url = (
+        'https://console.cloud.google.com/agent-platform/runtimes'
+        f'/locations/{region}/agent-engines/{engine_id}/playground'
+        f'?project={project_id}'
+    )
+    click.secho(
+        f'\n🎉 View your deployed agent here:\n{url}\n', fg='cyan', bold=True
+    )
+
+
 def to_agent_engine(
     *,
     agent_folder: str,
@@ -1150,11 +1168,13 @@ def to_agent_engine(
           f'✅ Created agent engine: {agent_engine.api_resource.name}',
           fg='green',
       )
+      _print_agent_engine_url(agent_engine.api_resource.name)
     else:
       if project and region and not agent_engine_id.startswith('projects/'):
         agent_engine_id = f'projects/{project}/locations/{region}/reasoningEngines/{agent_engine_id}'
       client.agent_engines.update(name=agent_engine_id, config=agent_config)
       click.secho(f'✅ Updated agent engine: {agent_engine_id}', fg='green')
+      _print_agent_engine_url(agent_engine_id)
   finally:
     click.echo(f'Cleaning up the temp folder: {temp_folder}')
     shutil.rmtree(agent_src_path)

src/google/adk/integrations/agent_registry/agent_registry.py

@@ -36,6 +36,7 @@
 from google.adk.agents.remote_a2a_agent import RemoteA2aAgent
 from google.adk.auth.auth_credential import AuthCredential
 from google.adk.auth.auth_schemes import AuthScheme
+from google.adk.integrations.agent_identity.gcp_auth_provider_scheme import GcpAuthProviderScheme
 from google.adk.telemetry.tracing import GCP_MCP_SERVER_DESTINATION_ID
 from google.adk.tools.base_tool import BaseTool
 from google.adk.tools.mcp_tool.mcp_session_manager import SseConnectionParams
@@ -292,8 +293,24 @@ def get_mcp_toolset(
       mcp_server_name: str,
       auth_scheme: AuthScheme | None = None,
       auth_credential: AuthCredential | None = None,
+      *,
+      continue_uri: str | None = None,
   ) -> McpToolset:
-    """Constructs an McpToolset instance from a registered MCP Server."""
+    """Constructs an McpToolset from a registered MCP Server.
+
+    If `auth_scheme` is omitted, it is automatically resolved from the server's
+    IAM bindings via `GcpAuthProviderScheme`.
+
+    Args:
+      mcp_server_name: Resource name of the MCP Server.
+      auth_scheme: Optional auth scheme. Resolved via bindings if omitted.
+      auth_credential: Optional auth credential.
+      continue_uri: Optional continue URI to override what is in the auth
+        provider.
+
+    Returns:
+      An McpToolset for the MCP server.
+    """
     server_details = self.get_mcp_server(mcp_server_name)
     name = self._clean_name(server_details.get("displayName", mcp_server_name))
     mcp_server_id = server_details.get("mcpServerId")
@@ -313,6 +330,23 @@ def get_mcp_toolset(
       )
 
     headers = self._get_auth_headers() if _is_google_api(endpoint_uri) else None
+    if mcp_server_id and not auth_scheme:
+      try:
+        bindings_data = self._make_request("bindings")
+        for b in bindings_data.get("bindings", []):
+          target_id = b.get("target", {}).get("identifier", "")
+          if target_id.endswith(mcp_server_id):
+            auth_provider = b.get("authProviderBinding", {}).get("authProvider")
+            if auth_provider:
+              auth_scheme = GcpAuthProviderScheme(
+                  name=auth_provider, continue_uri=continue_uri
+              )
+              break
+      except Exception as e:
+        logger.warning(
+            f"Failed to fetch bindings for MCP Server {mcp_server_name}: {e}"
+        )
+
     connection_params = StreamableHTTPConnectionParams(
         url=endpoint_uri,
         headers=headers,

tests/unittests/artifacts/test_artifact_service.py

@@ -744,6 +744,69 @@ async def test_file_save_artifact_rejects_out_of_scope_paths(
     )
 
 
+@pytest.mark.asyncio
+@pytest.mark.parametrize(
+    "user_id",
+    [
+        "../escape",
+        "../../etc",
+        "foo/../../bar",
+        "valid/../..",
+        "..",
+        ".",
+        "has/slash",
+        "back\\slash",
+        "null\x00byte",
+        "",
+    ],
+)
+async def test_file_save_artifact_rejects_traversal_in_user_id(
+    tmp_path, user_id
+):
+  """FileArtifactService rejects user_id values that escape root_dir."""
+  artifact_service = FileArtifactService(root_dir=tmp_path / "artifacts")
+  part = types.Part(text="content")
+  with pytest.raises(InputValidationError):
+    await artifact_service.save_artifact(
+        app_name="myapp",
+        user_id=user_id,
+        session_id="sess123",
+        filename="safe.txt",
+        artifact=part,
+    )
+
+
+@pytest.mark.asyncio
+@pytest.mark.parametrize(
+    "session_id",
+    [
+        "../escape",
+        "../../tmp",
+        "foo/../../bar",
+        "..",
+        ".",
+        "has/slash",
+        "back\\slash",
+        "null\x00byte",
+        "",
+    ],
+)
+async def test_file_save_artifact_rejects_traversal_in_session_id(
+    tmp_path, session_id
+):
+  """FileArtifactService rejects session_id values that escape root_dir."""
+  artifact_service = FileArtifactService(root_dir=tmp_path / "artifacts")
+  part = types.Part(text="content")
+  with pytest.raises(InputValidationError):
+    await artifact_service.save_artifact(
+        app_name="myapp",
+        user_id="user123",
+        session_id=session_id,
+        filename="safe.txt",
+        artifact=part,
+    )
+
+
 @pytest.mark.asyncio
 async def test_file_save_artifact_rejects_absolute_path_within_scope(tmp_path):
   """Absolute filenames are rejected even when they point inside the scope."""

tests/unittests/cli/utils/test_cli_deploy.py

@@ -240,6 +240,20 @@ def test_agent_engine_app_template_compiles_with_windows_paths() -> None:
   compile(rendered, "<agent_engine_app.py>", "exec")
 
 
+def test_print_agent_engine_url() -> None:
+  """It should print the correct URL for a fully-qualified resource name."""
+  with mock.patch("click.secho") as mocked_secho:
+    cli_deploy._print_agent_engine_url(
+        "projects/my-project/locations/us-central1/reasoningEngines/123456"
+    )
+    mocked_secho.assert_called_once()
+    call_args = mocked_secho.call_args[0][0]
+    assert "my-project" in call_args
+    assert "us-central1" in call_args
+    assert "123456" in call_args
+    assert "playground" in call_args
+
+
 @pytest.mark.parametrize("include_requirements", [True, False])
 def test_to_agent_engine_happy_path(
     monkeypatch: pytest.MonkeyPatch,

tests/unittests/integrations/agent_registry/test_agent_registry.py

@@ -637,3 +637,48 @@ def test_get_model_name_raises_value_error_if_no_uri(
     mock_get_endpoint.return_value = {}
     with pytest.raises(ValueError, match="Connection URI not found"):
       registry.get_model_name("test-endpoint")
+
+  @patch.object(AgentRegistry, "_make_request")
+  def test_get_mcp_toolset_with_binding(self, mock_make_request, registry):
+    def side_effect(*args, **kwargs):
+      if args[0] == "test-mcp":
+        return {
+            "displayName": "TestPrefix",
+            "mcpServerId": "server-456",
+            "interfaces": [{
+                "url": "https://mcp.com",
+                "protocolBinding": "JSONRPC",
+            }],
+        }
+      if args[0] == "bindings":
+        return {
+            "bindings": [{
+                "target": {
+                    "identifier": (
+                        "urn:mcp:projects-123:projects:123:locations:l:mcpServers:server-456"
+                    )
+                },
+                "authProviderBinding": {
+                    "authProvider": (
+                        "projects/123/locations/l/authProviders/ap-789"
+                    )
+                },
+            }]
+        }
+      return {}
+
+    mock_make_request.side_effect = side_effect
+
+    registry._credentials.token = "token"
+    registry._credentials.refresh = MagicMock()
+
+    toolset = registry.get_mcp_toolset(
+        "test-mcp", continue_uri="https://override.com/continue"
+    )
+    assert isinstance(toolset, McpToolset)
+    assert toolset._auth_scheme is not None
+    assert (
+        toolset._auth_scheme.name
+        == "projects/123/locations/l/authProviders/ap-789"
+    )
+    assert toolset._auth_scheme.continue_uri == "https://override.com/continue"