mirror of
https://github.com/googleapis/genai-toolbox.git
synced 2026-01-08 15:14:00 -05:00
slo-docs
1345 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Yuan Teoh
|
114c7e84d7 | docs: add issue and pr triaging and SLO | ||
|
Averi Kitsch
|
731a32e536 |
feat: update CSQL MySQL prebuilt tools to use IAM (#2202)
## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> |
||
|
Divyansh
|
53885e6c0d |
docs: Updating dataplex docs to include new syntax for semantic search (#2165)
## Description Dataplex.md is currently misaligned with the Dataplex backend, leading to failed search queries. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x ] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Averi Kitsch <akitsch@google.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
dependabot[bot]
|
b4346dcb8f |
chore(deps): bump qs from 6.14.0 to 6.14.1 in /docs/en/getting-started/quickstart/js/adk (#2250)
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Yuan Teoh
|
0f27f956c7 |
refactor(sources/bigquery): move source implementation in Invoke() function to Source (#2242)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
f9df2635c6 |
refactor(sources/neo4j): move source implementation in Invoke() function to Source (#2241)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
c1b87e209f |
refactor: move source implementation in Invoke() function to Source (#2240)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * alloydb-pg * cloudsql-pg * postgres This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
55eb958c2a |
refactor: move source implementation in Invoke() function to Source (#2238)
Move source-related queries from `Invoke()` function into Source. The following sources were updated in this PR: * mssql * cloudsql-mssql * mysql * cloudsql-mysql This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
20447746e1 |
refactor: move source implementation in Invoke() function to Source (#2237)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * spanner * sqlite * tidb * trino * valkey * yugabytedb This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
83670dbe34 |
refactor: move source implementation in Invoke() function to Source (#2236)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * mindsdb * oceanbase * oracle * redis * singlestore * cloudmonitoring This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation * reduce oracle integration test coverage to 20%. There's no code change or test reduction in this PR. It might be because the Invoke() function was dedupe, hence the total line covered is reduced. |
||
|
Yuan Teoh
|
df2f6a9f0b |
refactor: move source implementation in Invoke() function to Source (#2234)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * couchbase * dgraph * elasticsearch * firebird This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
2fa9cdb522 |
refactor(sources/cloudsqladmin): move source implementation in Invoke() function to Source (#2233)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation Along with these updates, this PR also resolve some comments from Gemini: * update `fmt.Printf()` to logging as a Debug log and remove the training `\n` within the log * move `regexp.MustCompile` to the top so that it's compiled once at the package level and reused. It is a relatively expensive operation to be called on every invocation. * `fetchInstanceData()` to return the `*sqladmin.DatabaseInstance` struct directly instead of converting to map and use map lookups. More typesafe and efficient. Did not move `cloudsqlpgupgradeprecheck` tool since that invocation is very specific towards cloudsql for postgres |
||
|
Yuan Teoh
|
285cdcd69a |
refactor: move source implementation in Invoke() function to Source (#2229)
Move source-related queries from `Invoke()` function into Source. The following sources were updated in this PR: * bigtable * cassandra * clickhouse * cloud gemini data analytics This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation This PR also fix the following gemini review recommendations: * Bigtable `resultRow.GetByName()` to throw an error and return false * Clickhouselistdatabases and Clickhouselisttables to reuse the `RunSQL()` function |
||
|
Mend Renovate
|
38d127a354 |
chore(deps): update dependency langchain to v1.2.3 [security] (#2248)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [langchain](https://redirect.github.com/langchain-ai/langchainjs/tree/main/libs/langchain/) ([source](https://redirect.github.com/langchain-ai/langchainjs)) | [`1.0.2` → `1.2.3`](https://renovatebot.com/diffs/npm/langchain/1.0.2/1.2.3) |  |  | ### GitHub Vulnerability Alerts #### [CVE-2025-68665](https://redirect.github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6) ## Context A serialization injection vulnerability exists in LangChain JS's `toJSON()` method (and subsequently when string-ifying objects using `JSON.stringify()`. The method did not escape objects with `'lc'` keys when serializing free-form data in kwargs. The `'lc'` key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. ### Attack surface The core vulnerability was in `Serializable.toJSON()`: this method failed to escape user-controlled objects containing `'lc'` keys within kwargs (e.g., `additional_kwargs`, `metadata`, `response_metadata`). When this unescaped data was later deserialized via `load()`, the injected structures were treated as legitimate LangChain objects rather than plain user data. This escaping bug enabled several attack vectors: 1. **Injection via user data**: Malicious LangChain object structures could be injected through user-controlled fields like `metadata`, `additional_kwargs`, or `response_metadata` 2. **Secret extraction**: Injected secret structures could extract environment variables when `secretsFromEnv` was enabled (which had no explicit default, effectively defaulting to `true` behavior) 3. **Class instantiation via import maps**: Injected constructor structures could instantiate any class available in the provided import maps with attacker-controlled parameters **Note on import maps:** Classes must be explicitly included in import maps to be instantiatable. The core import map includes standard types (messages, prompts, documents), and users can extend this via `importMap` and `optionalImportsMap` options. This architecture naturally limits the attack surface—an `allowedObjects` parameter is not necessary because users control which classes are available through the import maps they provide. **Security hardening:** This patch fixes the escaping bug in `toJSON()` and introduces new restrictive defaults in `load()`: `secretsFromEnv` now explicitly defaults to `false`, and a `maxDepth` parameter protects against DoS via deeply nested structures. JSDoc security warnings have been added to all import map options. ## Who is affected? Applications are vulnerable if they: 1. **Serialize untrusted data via `JSON.stringify()` on Serializable objects, then deserialize with `load()`** — Trusting your own serialization output makes you vulnerable if user-controlled data (e.g., from LLM responses, metadata fields, or user inputs) contains `'lc'` key structures. 2. **Deserialize untrusted data with `load()`** — Directly deserializing untrusted data that may contain injected `'lc'` structures. 3. **Use LangGraph checkpoints** — Checkpoint serialization/deserialization paths may be affected. The most common attack vector is through **LLM response fields** like `additional_kwargs` or `response_metadata`, which can be controlled via prompt injection and then serialized/deserialized in streaming operations. ## Impact Attackers who control serialized data can extract environment variable secrets by injecting `{"lc": 1, "type": "secret", "id": ["ENV_VAR"]}` to load environment variables during deserialization (when `secretsFromEnv: true`). They can also instantiate classes with controlled parameters by injecting constructor structures to instantiate any class within the provided import maps with attacker-controlled parameters, potentially triggering side effects such as network calls or file operations. Key severity factors: - Affects the serialization path—applications trusting their own serialization output are vulnerable - Enables secret extraction when combined with `secretsFromEnv: true` - LLM responses in `additional_kwargs` can be controlled via prompt injection ## Exploit example ```typescript import { load } from "@​langchain/core/load"; // Attacker injects secret structure into user-controlled data const attackerPayload = JSON.stringify({ user_data: { lc: 1, type: "secret", id: ["OPENAI_API_KEY"], }, }); process.env.OPENAI_API_KEY = "sk-secret-key-12345"; // With secretsFromEnv: true, the secret is extracted const deserialized = await load(attackerPayload, { secretsFromEnv: true }); console.log(deserialized.user_data); // "sk-secret-key-12345" - SECRET LEAKED! ``` ## Security hardening changes This patch introduces the following changes to `load()`: 1. **`secretsFromEnv` default changed to `false`**: Disables automatic secret loading from environment variables. Secrets not found in `secretsMap` now throw an error instead of being loaded from `process.env`. This fail-safe behavior ensures missing secrets are caught immediately rather than silently continuing with `null`. 2. **New `maxDepth` parameter** (defaults to `50`): Protects against denial-of-service attacks via deeply nested JSON structures that could cause stack overflow. 3. **Escape mechanism in `toJSON()`**: User-controlled objects containing `'lc'` keys are now wrapped in `{"__lc_escaped__": {...}}` during serialization and unwrapped as plain data during deserialization. 4. **JSDoc security warnings**: All import map options (`importMap`, `optionalImportsMap`, `optionalImportEntrypoints`) now include security warnings about never populating them from user input. ## Migration guide ### No changes needed for most users If you're deserializing standard LangChain types (messages, documents, prompts) using the core import map, your code will work without changes: ```typescript import { load } from "@​langchain/core/load"; // Works with default settings const obj = await load(serializedData); ``` ### For secrets from environment `secretsFromEnv` now defaults to `false`, and missing secrets throw an error. If you need to load secrets: ```typescript import { load } from "@​langchain/core/load"; // Provide secrets explicitly (recommended) const obj = await load(serializedData, { secretsMap: { OPENAI_API_KEY: process.env.OPENAI_API_KEY }, }); // Or explicitly opt-in to load from env (only use with trusted data) const obj = await load(serializedData, { secretsFromEnv: true }); ``` > **Warning:** Only enable `secretsFromEnv` if you trust the serialized data. Untrusted data could extract any environment variable. > **Note:** If a secret reference is encountered but not found in `secretsMap` (and `secretsFromEnv` is `false` or the secret is not in the environment), an error is thrown. This fail-safe behavior ensures you're aware of missing secrets rather than silently receiving `null` values. ### For deeply nested structures If you have legitimate deeply nested data that exceeds the default depth limit of 50: ```typescript import { load } from "@​langchain/core/load"; const obj = await load(serializedData, { maxDepth: 100 }); ``` ### For custom import maps If you provide custom import maps, ensure they only contain trusted modules: ```typescript import { load } from "@​langchain/core/load"; import * as myModule from "./my-trusted-module"; // GOOD - explicitly include only trusted modules const obj = await load(serializedData, { importMap: { my_module: myModule }, }); // BAD - never populate from user input const obj = await load(serializedData, { importMap: userProvidedImports, // DANGEROUS! }); ``` --- ### Release Notes <details> <summary>langchain-ai/langchainjs (langchain)</summary> ### [`v1.2.3`](https://redirect.github.com/langchain-ai/langchainjs/releases/tag/%40langchain/anthropic%401.2.3) ##### Patch Changes - Updated dependencies \[[`0bade90`]( |
||
|
dependabot[bot]
|
3d140a657e |
chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /docs/en/getting-started/quickstart/go/adkgo (#2249)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0714d3e126 |
chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /docs/en/getting-started/quickstart/go/openAI (#2247)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0baffff3b5 |
chore(deps): bump @langchain/core and @langchain/google-genai in /docs/en/getting-started/quickstart/js/langchain (#2232)
Bumps [@langchain/core](https://github.com/langchain-ai/langchainjs) to 1.1.8 and updates ancestor dependency [@langchain/google-genai](https://github.com/langchain-ai/langchainjs). These dependencies need to be updated together. Updates `@langchain/core` from 1.1.0 to 1.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases"><code>@langchain/core</code>'s releases</a>.</em></p> <blockquote> <h2><code>@langchain/core</code><a href="https://github.com/1"><code>@1</code></a>.1.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/9707">#9707</a> <a href=" |
||
|
Mend Renovate
|
f87ed05aac |
chore(deps): update pip (#2215)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [google-adk](https://redirect.github.com/google/adk-python) ([changelog](https://redirect.github.com/google/adk-python/blob/main/CHANGELOG.md)) | `==1.19.0` → `==1.21.0` |  |  | | [google-genai](https://redirect.github.com/googleapis/python-genai) | `==1.52.0` → `==1.56.0` |  |  | | [langchain](https://redirect.github.com/langchain-ai/langchain) ([source](https://redirect.github.com/langchain-ai/langchain/tree/HEAD/libs/langchain), [changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain%3D%3D1%22)) | `==1.1.0` → `==1.2.0` |  |  | | [langchain-google-vertexai](https://redirect.github.com/langchain-ai/langchain-google) ([source](https://redirect.github.com/langchain-ai/langchain-google/tree/HEAD/libs/vertexai), [changelog](https://redirect.github.com/langchain-ai/langchain-google/releases?q=%22vertexai%22)) | `==3.1.0` → `==3.2.0` |  |  | | [langgraph](https://redirect.github.com/langchain-ai/langgraph) ([source](https://redirect.github.com/langchain-ai/langgraph/tree/HEAD/libs/langgraph), [changelog](https://redirect.github.com/langchain-ai/langgraph/releases)) | `==1.0.4` → `==1.0.5` |  |  | | [llama-index](https://redirect.github.com/run-llama/llama_index) | `==0.14.10` → `==0.14.12` |  |  | | llama-index-llms-google-genai | `==0.7.3` → `==0.8.3` |  |  | | [pytest](https://redirect.github.com/pytest-dev/pytest) ([changelog](https://docs.pytest.org/en/stable/changelog.html)) | `==9.0.1` → `==9.0.2` |  |  | | [toolbox-core](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python) ([changelog](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python/blob/main/packages/toolbox-core/CHANGELOG.md)) | `==0.5.3` → `==0.5.4` |  |  | | [toolbox-langchain](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python) ([changelog](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python/blob/main/packages/toolbox-langchain/CHANGELOG.md)) | `==0.5.3` → `==0.5.4` |  |  | | [toolbox-llamaindex](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python) ([changelog](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python/blob/main/packages/toolbox-llamaindex/CHANGELOG.md)) | `==0.5.3` → `==0.5.4` |  |  | --- ### Release Notes <details> <summary>google/adk-python (google-adk)</summary> ### [`v1.21.0`](https://redirect.github.com/google/adk-python/blob/HEAD/CHANGELOG.md#1210-2025-12-11) [Compare Source](https://redirect.github.com/google/adk-python/compare/v1.20.0...v1.21.0) ##### Features - **\[Interactions API Support]** - The newly released Gemini [Interactions API](https://ai.google.dev/gemini-api/docs/interactions) is supported in ADK now. To use it: ```Python Agent( model=Gemini( model="gemini-3-pro-preview", use_interactions_api=True, ), name="...", description="...", instruction="...", ) ``` see [samples](https://redirect.github.com/google/adk-python/tree/main/contributing/samples/interactions_api) for details - **\[Services]** - Add `add_session_to_memory` to `CallbackContext` and `ToolContext` to explicitly save the current session to memory ([7b356dd]( |
||
|
dependabot[bot]
|
a35f64ef7d |
chore(deps): bump jws from 4.0.0 to 4.0.1 in /docs/en/getting-started/quickstart/js/adk (#2143)
Bumps [jws](https://github.com/brianloveswords/node-jws) from 4.0.0 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/brianloveswords/node-jws/releases">jws's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 2.0.1, addressing a compatibility issue for Node >= 25.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's changelog</a>.</em></p> <blockquote> <h2>[4.0.1]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 2.0.1, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.2.3]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.0.0]</h2> <h3>Changed</h3> <ul> <li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an <code>algorithm</code> parameter, and <code>jws.createVerify</code> requires an <code>algorithm</code> option. The <code>"alg"</code> field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by <code>jwt.verify</code>. See <a href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a> for details.</li> </ul> <h2><a href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a> - 2015-01-30</h2> <h3>Changed</h3> <ul> <li> <p><strong>BREAKING</strong>: Default payload encoding changed from <code>binary</code> to <code>utf8</code>. <code>utf8</code> is a is a more sensible default than <code>binary</code> because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (<!-- raw HTML omitted -->[6b6de48]<!-- raw HTML omitted -->)</p> </li> <li> <p>Code reorganization, thanks [<a href="https://github.com/fearphage"><code>@fearphage</code></a>]! (<!-- raw HTML omitted --><a href="https://github.com/brianloveswords/node-jws/commit/7880050">7880050</a><!-- raw HTML omitted -->)</p> </li> </ul> <h3>Added</h3> <ul> <li>Option in all relevant methods for <code>encoding</code>. For those few users that might be depending on a <code>binary</code> encoding of the messages, this is for them. (<!-- raw HTML omitted -->[6b6de48]<!-- raw HTML omitted -->)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mend Renovate
|
980600f31b |
chore(deps): update github actions (#2096)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](
|
||
|
dependabot[bot]
|
f4c22b3e27 |
chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /docs/en/getting-started/quickstart/go/genkit (#1999)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mend Renovate
|
c2df6223e6 |
chore(deps): update github actions (major) (#1905)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/cache](https://redirect.github.com/actions/cache) | action | major | `v4` -> `v5` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v5.0.1` -> `v6.0.1` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v5` -> `v6` | | [golangci/golangci-lint-action](https://redirect.github.com/golangci/golangci-lint-action) | action | major | `v8.0.0` -> `v9.2.0` | --- ### Release Notes <details> <summary>actions/cache (actions/cache)</summary> ### [`v5`](https://redirect.github.com/actions/cache/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/cache/compare/v4...v5) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v6.0.1`](https://redirect.github.com/actions/checkout/compare/v6.0.0...v6.0.1) [Compare Source](https://redirect.github.com/actions/checkout/compare/v6.0.0...v6.0.1) ### [`v6.0.0`](https://redirect.github.com/actions/checkout/compare/v5.0.1...v6.0.0) [Compare Source](https://redirect.github.com/actions/checkout/compare/v5.0.1...v6.0.0) </details> <details> <summary>golangci/golangci-lint-action (golangci/golangci-lint-action)</summary> ### [`v9.2.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v9.2.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v9.1.0...v9.2.0) <!-- Release notes generated using configuration in .github/release.yml at v9.2.0 --> #### What's Changed ##### Changes - feat: add version-file option by [@​ldez](https://redirect.github.com/ldez) in [#​1320](https://redirect.github.com/golangci/golangci-lint-action/pull/1320) - chore: move samples into fixtures by [@​ldez](https://redirect.github.com/ldez) in [#​1321](https://redirect.github.com/golangci/golangci-lint-action/pull/1321) ##### Dependencies - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1317](https://redirect.github.com/golangci/golangci-lint-action/pull/1317) - build(deps): bump actions/checkout from 5 to 6 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1318](https://redirect.github.com/golangci/golangci-lint-action/pull/1318) - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1323](https://redirect.github.com/golangci/golangci-lint-action/pull/1323) - build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1324](https://redirect.github.com/golangci/golangci-lint-action/pull/1324) **Full Changelog**: <https://github.com/golangci/golangci-lint-action/compare/v9.1.0...v9.2.0> ### [`v9.1.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v9.1.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v9.0.0...v9.1.0) <!-- Release notes generated using configuration in .github/release.yml at v9.1.0 --> #### What's Changed ##### Changes - feat: automatic module directories by [@​ldez](https://redirect.github.com/ldez) in [#​1315](https://redirect.github.com/golangci/golangci-lint-action/pull/1315) ##### Documentation - docs: organize options by [@​ldez](https://redirect.github.com/ldez) in [#​1314](https://redirect.github.com/golangci/golangci-lint-action/pull/1314) ##### Dependencies - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1307](https://redirect.github.com/golangci/golangci-lint-action/pull/1307) - build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1309](https://redirect.github.com/golangci/golangci-lint-action/pull/1309) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1310](https://redirect.github.com/golangci/golangci-lint-action/pull/1310) - build(deps): bump the dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1311](https://redirect.github.com/golangci/golangci-lint-action/pull/1311) **Full Changelog**: <https://github.com/golangci/golangci-lint-action/compare/v9.0.0...v9.1.0> ### [`v9.0.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v9.0.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0) In the scope of this release, we change Nodejs runtime from node20 to node24 (<https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/>). #### What's Changed ##### Changes - feat: add install-only option by [@​ldez](https://redirect.github.com/ldez) in [#​1305](https://redirect.github.com/golangci/golangci-lint-action/pull/1305) - feat: support Module Plugin System by [@​ldez](https://redirect.github.com/ldez) in [#​1306](https://redirect.github.com/golangci/golangci-lint-action/pull/1306) **Full Changelog**: <https://github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/genai-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQyLjQyLjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
Xie Yanbo
|
4d6f70b55e |
docs: clarify versioning in README (#2177)
Update the README.md to explicitly define MAJOR, MINOR, and PATCH increments for post-1.0.0 versioning, enhancing clarity and readability. ## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
manuka rahul
|
c088d4ed42 |
ci: add link checker workflow (#2189)
This workflow prevents the links that are broken or 404 errors by checking the documentation links during development and before merging into the main code base. This ensures all project documentation (Readme , contribution files) remains current and functional , proactively addressing technical debt. Please note this is a resubmission of a previous [PR](https://github.com/googleapis/genai-toolbox/pull/1756) that was closed due to merge conflicts --------- Co-authored-by: Twisha Bansal <58483338+twishabansal@users.noreply.github.com> |
||
|
Yuan Teoh
|
0202709efc |
refactor(sources/alloydbadmin, sources/alloydbpg): move source implementation in Invoke() function to Source (#2226)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation Along with these updates, this PR also resolve some comments from Gemini: * update `fmt.Printf()` to logging as a Debug log -- within `GetOperations()` * update `fmt.Printf()` during failure to retrieve user agent into throwing an error. UserAgent are expected to be retrieved successfully during source initialization. Failure to retrieve will indicate a server error. |
||
|
Niraj Nandre
|
9695fc5eeb |
docs: Add Antigravity connection steps for Looker (#2192)
## Description This PR adds a new section to the `looker_mcp.md` document that explains how to connect Looker to Antigravity. The new **"Connect with Antigravity"** section provides two methods for connecting: - **MCP Store:** A straightforward method using the built-in MCP Store in Antigravity. - **Custom config:** For connecting to a custom MCP server by adding a configuration to the mcp_config.json file. These changes will help users easily connect Looker to Antigravity. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change Co-authored-by: Averi Kitsch <akitsch@google.com> |
||
|
Srividya Reddy
|
5447c94ca8 |
test(source/postgres): fix list_database_stats integration test (#2235)
## Description The list_database_stats test fails intermittently when run in parallel on shared instances. Specifically, the "filter by tablespace" and "sort by size" test cases fail because they encounter unexpected databases in the pg_default tablespace created by concurrent test runs. This PR narrows the scope of these test cases by filtering for specific database names. This ensures assertions remain isolated to the current test run regardless of other databases present in the shared environment. ``` go test -tags=integration tests/postgres/postgres_integration_test.go ok command-line-arguments 14.455s ``` > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<1738> |
||
|
Sri Varshitha
|
7053fbb195 |
fix(tools/alloydb-wait-for-operation): Fix connection message generation (#2228)
## Description This PR fixes issues in the `alloydb-wait-for-operation` tool where the connection message was not being generated correctly upon operation completion. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> |
||
|
manuka rahul
|
5a09d38056 |
docs: fix broken links (#2223)
Fix broken links |
||
|
Yuan Teoh
|
967a72da11 |
refactor: decouple Source from Tool (#2204)
This PR update the linking mechanism between Source and Tool.
Tools are directly linked to their Source, either by pointing to the
Source's functions or by assigning values from the source during Tool's
initialization. However, the existing approach means that any
modification to the Source after Tool's initialization might not be
reflected. To address this limitation, each tool should only store a
name reference to the Source, rather than direct link or assigned
values.
Tools will provide interface for `compatibleSource`. This will be used
to determine if a Source is compatible with the Tool.
```
type compatibleSource interface{
Client() http.Client
ProjectID() string
}
```
During `Invoke()`, the tool will run the following operations:
* retrieve Source from the `resourceManager` with source's named defined
in Tool's config
* validate Source via `compatibleSource interface{}`
* run the remaining `Invoke()` function. Fields that are needed is
retrieved directly from the source.
With this update, resource manager is also added as input to other
Tool's function that require access to source (e.g.
`RequiresClientAuthorization()`).
|
||
|
Yuan Teoh
|
7daa4111f4 | fix: add import for cloudgda source (#2217) | ||
|
Averi Kitsch
|
18885f6433 |
ci: update renovate to use dep groups (#2142)
## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> |
||
|
Mend Renovate
|
21d676ed58 |
chore(deps): update module github.com/redis/go-redis/v9 to v9.17.2 (#1994)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/redis/go-redis/v9](https://redirect.github.com/redis/go-redis) | `v9.16.0` -> `v9.17.2` |  |  | --- ### Release Notes <details> <summary>redis/go-redis (github.com/redis/go-redis/v9)</summary> ### [`v9.17.2`](https://redirect.github.com/redis/go-redis/releases/tag/v9.17.2): 9.17.2 [Compare Source](https://redirect.github.com/redis/go-redis/compare/v9.17.1...v9.17.2) #### 🐛 Bug Fixes - **Connection Pool**: Fixed critical race condition in turn management that could cause connection leaks when dial goroutines complete after request timeout ([#​3626](https://redirect.github.com/redis/go-redis/pull/3626)) by [@​cyningsun](https://redirect.github.com/cyningsun) - **Context Timeout**: Improved context timeout calculation to use minimum of remaining time and DialTimeout, preventing goroutines from waiting longer than necessary ([#​3626](https://redirect.github.com/redis/go-redis/pull/3626)) by [@​cyningsun](https://redirect.github.com/cyningsun) #### 🧰 Maintenance - chore(deps): bump rojopolis/spellcheck-github-actions from 0.54.0 to 0.55.0 ([#​3627](https://redirect.github.com/redis/go-redis/pull/3627)) #### Contributors We'd like to thank all the contributors who worked on this release! [@​cyningsun](https://redirect.github.com/cyningsun) and [@​ndyakov](https://redirect.github.com/ndyakov) ### [`v9.17.1`](https://redirect.github.com/redis/go-redis/releases/tag/v9.17.1): 9.17.1 [Compare Source](https://redirect.github.com/redis/go-redis/compare/v9.17.0...v9.17.1) #### 🐛 Bug Fixes - add wait to keyless commands list ([#​3615](https://redirect.github.com/redis/go-redis/pull/3615)) by [@​marcoferrer](https://redirect.github.com/marcoferrer) - fix(time): remove cached time optimization ([#​3611](https://redirect.github.com/redis/go-redis/pull/3611)) by [@​ndyakov](https://redirect.github.com/ndyakov) #### 🧰 Maintenance - chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 ([#​3609](https://redirect.github.com/redis/go-redis/pull/3609)) - chore(deps): bump actions/checkout from 5 to 6 ([#​3610](https://redirect.github.com/redis/go-redis/pull/3610)) - chore(script): fix help call in tag.sh ([#​3606](https://redirect.github.com/redis/go-redis/pull/3606)) by [@​ndyakov](https://redirect.github.com/ndyakov) #### Contributors We'd like to thank all the contributors who worked on this release! [@​marcoferrer](https://redirect.github.com/marcoferrer) and [@​ndyakov](https://redirect.github.com/ndyakov) ### [`v9.17.0`](https://redirect.github.com/redis/go-redis/releases/tag/v9.17.0): 9.17.0 [Compare Source](https://redirect.github.com/redis/go-redis/compare/v9.16.0...v9.17.0) #### 🚀 Highlights ##### Redis 8.4 Support Added support for Redis 8.4, including new commands and features ([#​3572](https://redirect.github.com/redis/go-redis/pull/3572)) ##### Typed Errors Introduced typed errors for better error handling using `errors.As` instead of string checks. Errors can now be wrapped and set to commands in hooks without breaking library functionality ([#​3602](https://redirect.github.com/redis/go-redis/pull/3602)) ##### New Commands - **CAS/CAD Commands**: Added support for Compare-And-Set/Compare-And-Delete operations with conditional matching (`IFEQ`, `IFNE`, `IFDEQ`, `IFDNE`) ([#​3583](https://redirect.github.com/redis/go-redis/pull/3583), [#​3595](https://redirect.github.com/redis/go-redis/pull/3595)) - **MSETEX**: Atomically set multiple key-value pairs with expiration options and conditional modes ([#​3580](https://redirect.github.com/redis/go-redis/pull/3580)) - **XReadGroup CLAIM**: Consume both incoming and idle pending entries from streams in a single call ([#​3578](https://redirect.github.com/redis/go-redis/pull/3578)) - **ACL Commands**: Added `ACLGenPass`, `ACLUsers`, and `ACLWhoAmI` ([#​3576](https://redirect.github.com/redis/go-redis/pull/3576)) - **SLOWLOG Commands**: Added `SLOWLOG LEN` and `SLOWLOG RESET` ([#​3585](https://redirect.github.com/redis/go-redis/pull/3585)) - **LATENCY Commands**: Added `LATENCY LATEST` and `LATENCY RESET` ([#​3584](https://redirect.github.com/redis/go-redis/pull/3584)) ##### Search & Vector Improvements - **Hybrid Search**: Added **EXPERIMENTAL** support for the new `FT.HYBRID` command ([#​3573](https://redirect.github.com/redis/go-redis/pull/3573)) - **Vector Range**: Added `VRANGE` command for vector sets ([#​3543](https://redirect.github.com/redis/go-redis/pull/3543)) - **FT.INFO Enhancements**: Added vector-specific attributes in FT.INFO response ([#​3596](https://redirect.github.com/redis/go-redis/pull/3596)) ##### Connection Pool Improvements - **Improved Connection Success Rate**: Implemented FIFO queue-based fairness and context pattern for connection creation to prevent premature cancellation under high concurrency ([#​3518](https://redirect.github.com/redis/go-redis/pull/3518)) - **Connection State Machine**: Resolved race conditions and improved pool performance with proper state tracking ([#​3559](https://redirect.github.com/redis/go-redis/pull/3559)) - **Pool Performance**: Significant performance improvements with faster semaphores, lockless hook manager, and reduced allocations (47-67% faster Get/Put operations) ([#​3565](https://redirect.github.com/redis/go-redis/pull/3565)) ##### Metrics & Observability - **Canceled Metric Attribute**: Added 'canceled' metrics attribute to distinguish context cancellation errors from other errors ([#​3566](https://redirect.github.com/redis/go-redis/pull/3566)) #### ✨ New Features - Typed errors with wrapping support ([#​3602](https://redirect.github.com/redis/go-redis/pull/3602)) by [@​ndyakov](https://redirect.github.com/ndyakov) - CAS/CAD commands (marked as experimental) ([#​3583](https://redirect.github.com/redis/go-redis/pull/3583), [#​3595](https://redirect.github.com/redis/go-redis/pull/3595)) by [@​ndyakov](https://redirect.github.com/ndyakov), [@​htemelski-redis](https://redirect.github.com/htemelski-redis) - MSETEX command support ([#​3580](https://redirect.github.com/redis/go-redis/pull/3580)) by [@​ofekshenawa](https://redirect.github.com/ofekshenawa) - XReadGroup CLAIM argument ([#​3578](https://redirect.github.com/redis/go-redis/pull/3578)) by [@​ofekshenawa](https://redirect.github.com/ofekshenawa) - ACL commands: GenPass, Users, WhoAmI ([#​3576](https://redirect.github.com/redis/go-redis/pull/3576)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - SLOWLOG commands: LEN, RESET ([#​3585](https://redirect.github.com/redis/go-redis/pull/3585)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - LATENCY commands: LATEST, RESET ([#​3584](https://redirect.github.com/redis/go-redis/pull/3584)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - Hybrid search command (FT.HYBRID) ([#​3573](https://redirect.github.com/redis/go-redis/pull/3573)) by [@​htemelski-redis](https://redirect.github.com/htemelski-redis) - Vector range command (VRANGE) ([#​3543](https://redirect.github.com/redis/go-redis/pull/3543)) by [@​cxljs](https://redirect.github.com/cxljs) - Vector-specific attributes in FT.INFO ([#​3596](https://redirect.github.com/redis/go-redis/pull/3596)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Improved connection pool success rate with FIFO queue ([#​3518](https://redirect.github.com/redis/go-redis/pull/3518)) by [@​cyningsun](https://redirect.github.com/cyningsun) - Canceled metrics attribute for context errors ([#​3566](https://redirect.github.com/redis/go-redis/pull/3566)) by [@​pvragov](https://redirect.github.com/pvragov) #### 🐛 Bug Fixes - Fixed Failover Client MaintNotificationsConfig ([#​3600](https://redirect.github.com/redis/go-redis/pull/3600)) by [@​ajax16384](https://redirect.github.com/ajax16384) - Fixed ACLGenPass function to use the bit parameter ([#​3597](https://redirect.github.com/redis/go-redis/pull/3597)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - Return error instead of panic from commands ([#​3568](https://redirect.github.com/redis/go-redis/pull/3568)) by [@​dragneelfps](https://redirect.github.com/dragneelfps) - Safety harness in `joinErrors` to prevent panic ([#​3577](https://redirect.github.com/redis/go-redis/pull/3577)) by [@​manisharma](https://redirect.github.com/manisharma) #### ⚡ Performance - Connection state machine with race condition fixes ([#​3559](https://redirect.github.com/redis/go-redis/pull/3559)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Pool performance improvements: 47-67% faster Get/Put, 33% less memory, 50% fewer allocations ([#​3565](https://redirect.github.com/redis/go-redis/pull/3565)) by [@​ndyakov](https://redirect.github.com/ndyakov) #### 🧪 Testing & Infrastructure - Updated to Redis 8.4.0 image ([#​3603](https://redirect.github.com/redis/go-redis/pull/3603)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Added Redis 8.4-RC1-pre to CI ([#​3572](https://redirect.github.com/redis/go-redis/pull/3572)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Refactored tests for idiomatic Go ([#​3561](https://redirect.github.com/redis/go-redis/pull/3561), [#​3562](https://redirect.github.com/redis/go-redis/pull/3562), [#​3563](https://redirect.github.com/redis/go-redis/pull/3563)) by [@​12ya](https://redirect.github.com/12ya) #### 👥 Contributors We'd like to thank all the contributors who worked on this release! [@​12ya](https://redirect.github.com/12ya), [@​ajax16384](https://redirect.github.com/ajax16384), [@​cxljs](https://redirect.github.com/cxljs), [@​cyningsun](https://redirect.github.com/cyningsun), [@​destinyoooo](https://redirect.github.com/destinyoooo), [@​dragneelfps](https://redirect.github.com/dragneelfps), [@​htemelski-redis](https://redirect.github.com/htemelski-redis), [@​manisharma](https://redirect.github.com/manisharma), [@​ndyakov](https://redirect.github.com/ndyakov), [@​ofekshenawa](https://redirect.github.com/ofekshenawa), [@​pvragov](https://redirect.github.com/pvragov) *** **Full Changelog**: <https://github.com/redis/go-redis/compare/v9.16.0...v9.17.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/genai-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Averi Kitsch <akitsch@google.com> |
||
|
Mend Renovate
|
1c353a3c8e |
chore(deps): update module github.com/elastic/elastic-transport-go/v8 to v8.8.0 (#1989)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/elastic/elastic-transport-go/v8](https://redirect.github.com/elastic/elastic-transport-go) | `v8.7.0` -> `v8.8.0` |  |  | --- ### Release Notes <details> <summary>elastic/elastic-transport-go (github.com/elastic/elastic-transport-go/v8)</summary> ### [`v8.8.0`](https://redirect.github.com/elastic/elastic-transport-go/releases/tag/v8.8.0) [Compare Source](https://redirect.github.com/elastic/elastic-transport-go/compare/v8.7.0...v8.8.0) ##### Features - add a Close method to transport ([#​36](https://redirect.github.com/elastic/elastic-transport-go/issues/36)) ([b2d94de]( |
||
|
Mend Renovate
|
a02ca45ba3 |
chore(deps): update module github.com/godror/godror to v0.49.6 (#2199)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/godror/godror](https://redirect.github.com/godror/godror) | `v0.49.4` -> `v0.49.6` |  |  | --- ### Release Notes <details> <summary>godror/godror (github.com/godror/godror)</summary> ### [`v0.49.6`](https://redirect.github.com/godror/godror/blob/HEAD/CHANGELOG.md#v0496) [Compare Source](https://redirect.github.com/godror/godror/compare/v0.49.5...v0.49.6) ##### Added - \*bool == nil -> NULL in DB. ### [`v0.49.5`](https://redirect.github.com/godror/godror/blob/HEAD/CHANGELOG.md#v0495) [Compare Source](https://redirect.github.com/godror/godror/compare/v0.49.4...v0.49.5) - ODPI-C v5.6.4 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/genai-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
Yuan Teoh
|
8217d1424d |
chore: dedup userAgentRoundTripper into util (#2198)
Dedup userAgentRoundTripper into util where userAgent related code are placed. |
||
|
release-please[bot]
|
f520b4ed8a |
chore(main): release 0.24.0 (#2162)
🤖 I have created a release *beep* *boop* --- ## [0.24.0](https://github.com/googleapis/genai-toolbox/compare/v0.23.0...v0.24.0) (2025-12-19) ### Features * **sources/cloud-gemini-data-analytics:** Add the Gemini Data Analytics (GDA) integration for DB NL2SQL conversion to Toolbox ([#2181](https://github.com/googleapis/genai-toolbox/issues/2181)) ([v0.24.0 |
||
|
Yuan Teoh
|
80315a0ebd |
chore: release 0.24.0 (#2201)
Release-As: 0.24.0 |
||
|
dishaprakash
|
5788605818 |
feat: Support combining prebuilt and custom tool configurations (#2188)
## Description This PR updates the CLI to allow the --prebuilt flag to be used simultaneously with custom tool flags (--tools-file, --tools-files, or --tools-folder). This enables users to extend a standard prebuilt environment with their own custom tools and configurations. ### Key changes - Sequential Loading: Load prebuilt configurations first, then accumulate any specified custom configurations before merging. - Smart Defaults: Updated logic to only default to tools.yaml if no configuration flags are provided. - Legacy Auth Compatibility: Implemented an additive merge strategy for authentication. Legacy authSources from custom files are merged into the modern authServices map used by prebuilt tools. - Strict Validation: To prevent ambiguity, the server will throw an explicit error if a legacy authSource name conflicts with an existing authService name (e.g., from a prebuilt config). ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes https://github.com/googleapis/genai-toolbox/issues/1220 --------- Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
gRedHeadphone
|
0641da0353 |
feat(tools/mysql-get-query-plan): tool impl + docs + tests (#2123)
## Description Tool mysql-get-query-plan implementation, along with tests and docs. Tool used to get information about how MySQL executes a SQL statement (EXPLAIN). ## PR Checklist - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #1692 --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Averi Kitsch <akitsch@google.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
Yuan Teoh
|
c9b775d38e |
tests: add if exists to spanner drop table sql (#2200)
Update `DROP TABLE %table_name` to `DROP TABLE IF EXISTS %tablename`. The drop table statement often fail to run. This halts the process and causes context timeout, and eventually failing the integration tests. |
||
|
Wenxin Du
|
8ea39ec32f |
feat(sources/oracle): Add Oracle OCI and Wallet support (#1945)
Previously we used go-ora (a pure Go Oracle driver) because our release pipeline did not support cross-compilation with CGO. Now that it's fixed, we want to add support for Oracle OCI driver for advanced features including digital wallet etc. Users will be able to configure a source to use OCI by specifying a `UseOCI: true` field. The source defaults to use the pure Go driver otherwise. Oracle Wallet: - OCI users should use the `tnsAdmin` to set the wallet location - Non-OCI users can should use the `walletLocation` field. fix: https://github.com/googleapis/genai-toolbox/issues/1779 |
||
|
Juexin Wang
|
aa270b2630 |
feat: add the Gemini Data Analytics (GDA) integration for DB NL2SQL conversion to Toolbox (#2181)
## Description This PR is to add the Gemini Data Analytics (GDA) integration for DB NL2SQL conversion to Toolbox. It allows the user to convert a natural language query to SQL statement based on their database instance. See the doc section for details. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #2180 --------- Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
Dr. Strangelove
|
e1bd98ef5b |
chore: fix "unused paramter" lint in vscode (#2119)
## Description Remove warning about unused parameter in vscode ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change |
||
|
Yuan Teoh
|
fa148c60a7 |
docs: update contributing.md integration test code reference to v0.23.0 tag (#2197)
Update links to point towards files within v0.23.0 version. There are some updates done within the function since the previous link was generated. |
||
|
Yuan Teoh
|
6e87349431 |
docs: telemetry docs to provide endpoint without scheme or path (#2179)
## Description According to the OTEL ([docs](https://pkg.go.dev/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp#WithEndpoint)), `WithEndpoint()` sets the target endpoint (host and port) the Exporter will connect to. The provided endpoint should resemble "example.com:4318" (no scheme or path). And it requires the endpoint to be secure using `https://`. To provide an insecure endpoint with `http://`, user will need to set `OTEL_EXPORTER_OTLP_INSECURE=true`. This PR update the docs to reflect this. 🛠️ Fixes #1539 |
||
|
Srividya Reddy
|
3fe4e2b671 |
test(source/postgres): fix list_database_stats integration test (#2196)
## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution The list_database_stats test is flaky when run in parallel on the same shared instance. It fails with the error: failed to create test_user1: ERROR: role "test_user1" already exists. This test is updates to create a random role and database name to avoid conflicts with other simultaneously running tests. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<1738> |
||
|
dependabot[bot]
|
271f39d4b9 |
chore(deps): bump jws from 4.0.0 to 4.0.1 in /docs/en/getting-started/quickstart/js/langchain (#2118)
Bumps [jws](https://github.com/brianloveswords/node-jws) from 4.0.0 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/brianloveswords/node-jws/releases">jws's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 2.0.1, addressing a compatibility issue for Node >= 25.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's changelog</a>.</em></p> <blockquote> <h2>[4.0.1]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 2.0.1, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.2.3]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.0.0]</h2> <h3>Changed</h3> <ul> <li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an <code>algorithm</code> parameter, and <code>jws.createVerify</code> requires an <code>algorithm</code> option. The <code>"alg"</code> field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by <code>jwt.verify</code>. See <a href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a> for details.</li> </ul> <h2><a href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a> - 2015-01-30</h2> <h3>Changed</h3> <ul> <li> <p><strong>BREAKING</strong>: Default payload encoding changed from <code>binary</code> to <code>utf8</code>. <code>utf8</code> is a is a more sensible default than <code>binary</code> because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (<!-- raw HTML omitted -->[6b6de48]<!-- raw HTML omitted -->)</p> </li> <li> <p>Code reorganization, thanks [<a href="https://github.com/fearphage"><code>@fearphage</code></a>]! (<!-- raw HTML omitted --><a href="https://github.com/brianloveswords/node-jws/commit/7880050">7880050</a><!-- raw HTML omitted -->)</p> </li> </ul> <h3>Added</h3> <ul> <li>Option in all relevant methods for <code>encoding</code>. For those few users that might be depending on a <code>binary</code> encoding of the messages, this is for them. (<!-- raw HTML omitted -->[6b6de48]<!-- raw HTML omitted -->)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Dr. Strangelove
|
97b0e7d3ac |
ci: Improved integration tests for looker (#2187)
## Description Improved integration tests for looker ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change |
||
|
ishatilwani1301
|
914b3eefda |
fix(spanner): move list graphs validation to runtime (#2154)
This pull request resolves the issue by changing the validation logic
for the spanner-list-graphs tool to prevent server crashes on PostgreSQL
dialects.
The spanner-list-graphs tool currently supports only the GoogleSQL
dialect. Previously, this check was enforced during initialization,
causing the entire server to crash on startup when connected to a
PostgreSQL-dialect database.
**Changes Implemented**
- The modification is in
internal/tools/spanner/spannerlistgraphs/spannerlistgraphs.go.
- Removed the dialect validation from the Initialize method (startup).
- Added the dialect validation to the Invoke method (runtime).
This change ensures the tool initializes successfully regardless of the
dialect, allowing the server to start. It now returns a graceful error
message only if a user explicitly attempts to execute the tool on an
unsupported dialect.
**Validation Process**
Validated changes by running the toolbox locally against a Spanner
instance using the PostgreSQL dialect.
CLI Configuration: Ran the server using the standard Spanner prebuilt
set: go run . --prebuilt spanner --ui
Testing: Confirmed the logic by testing two scenarios
1. PostgreSQL Dialect (Graceful Failure)
Set SPANNER_DIALECT="postgresql".
Result: The server started successfully without crashing (fixing the
bug). When running the spanner-list-graphs tool in the UI, it returned a
clear error message: "operation not supported: The 'spanner-list-graphs'
tool is only available for GoogleSQL dialect databases."
<img width="2171" height="462" alt="Screenshot 2025-12-10 11 24 53 PM"
src="https://github.com/user-attachments/assets/c57e64e4-ddce-42a2-998d-b291d77b7d1d"
/>
<img width="2233" height="971" alt="Screenshot 2025-12-10 11 22 53 PM"
src="https://github.com/user-attachments/assets/8e510a72-4598-4d55-a175-bf9e2f85489d"
/>
<img width="2233" height="971" alt="Screenshot 2025-12-10 11 23 26 PM"
src="https://github.com/user-attachments/assets/a904a45f-25be-42ef-9d5a-a7975cc03a44"
/>
2. GoogleSQL Dialect (Success)
Set SPANNER_DIALECT="googlesql".
Result: The tool executed successfully and returned the graph schema (or
empty results), confirming that normal functionality is preserved.
<img width="2171" height="572" alt="Screenshot 2025-12-10 11 26 59 PM"
src="https://github.com/user-attachments/assets/d9c6c677-cb38-4343-be39-d542439685c4"
/>
<img width="2250" height="938" alt="Screenshot 2025-12-10 11 27 32 PM"
src="https://github.com/user-attachments/assets/6e8f3628-8079-4c99-993a-7ada02a124b0"
/>
<img width="2250" height="938" alt="Screenshot 2025-12-10 11 27 45 PM"
src="https://github.com/user-attachments/assets/a3091228-d73a-44a0-acd2-e7fb463de4e2"
/>
🛠️ Fixes #2136
Co-authored-by: Averi Kitsch <akitsch@google.com>
|