mirror of
https://github.com/googleapis/genai-toolbox.git
synced 2026-02-05 04:35:14 -05:00
da48d6b355605eec43dfedbb47bf8a7ff4868520
1367 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Harsh Jha
|
da48d6b355 |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
694feef94b |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
5f243b3d86 |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
afdaf288e6 |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
939e367a55 |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
9e061aeb03 |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
37b42a7384 |
Apply suggestion from @gemini-code-assist[bot]
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Harsh Jha
|
95a5ac6f58 |
Revise title and description in index.md
Updated title and description for clarity and accuracy. |
||
|
Harsh Jha
|
14156336d4 | feat: JS toolbox-core SDK Doc migration | ||
|
Harsh Jha
|
2cadf1bf07 | feat: Js SDK documentation added | ||
|
Anmol Shukla
|
4928f0be8f | Merge branch 'main' into sdk-docs-migrate | ||
|
Shobhit Singh
|
a4506009b9 |
feat(bigquery): Make credentials scope configurable (#2210)
## Description
This change addresses the ask where the user may want to use custom
scopes. For instance, the default scope (bigquery) falls short from
running sql that utilizes integration with other google products, such
as Drive, Vertex AI, Cloud Run etc. With this change the user would be
able to configure custom scopes depending on their use case.
The custom scopes can be configured in the tools.yaml file, e.g.:
```yaml
sources:
bigquery-source:
kind: "bigquery"
project: ${BIGQUERY_PROJECT}
location: ${BIGQUERY_LOCATION:}
useClientOAuth: ${BIGQUERY_USE_CLIENT_OAUTH:false}
scopes:
- "https://www.googleapis.com/auth/bigquery"
- "https://www.googleapis.com/auth/drive"
```
and if the [bigquery prebuilt
config](https://github.com/googleapis/genai-toolbox/blob/main/internal/prebuiltconfigs/tools/bigquery.yaml)
is being used, then it can be set in the environment variable as well:
```shell
$ export BIGQUERY_SCOPES="https://www.googleapis.com/auth/bigquery,https://www.googleapis.com/auth/drive"
```
## PR Checklist
> Thank you for opening a Pull Request! Before submitting your PR, there
are a
> few things you can do to make sure it goes smoothly:
- [ ] Make sure you reviewed
[CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md)
- [x] Make sure to open an issue as a
[bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose)
before writing your code! That way we can discuss the change, evaluate
designs, and agree on the general idea
- [x] Ensure the tests and linter pass
- [x] Code coverage does not decrease (if any source code was changed)
- [x] Appropriate docs were updated (if necessary)
- [ ] Make sure to add `!` if this involve a breaking change
🛠️ Fixes #1942
|
||
|
Wenxin Du
|
17b70ccaa7 |
feat(tools/postgressql): Add Parameter embeddedBy config support (#2151)
Add parameter `embeddedBy` field to support vector embedding & semantic search. Major change in `internal/util/parameters/parameters.go` This PR only adds vector formatter for the postgressql tool. Other tools requiring vector formatting may not work with embeddedBy. Second part of the Semantic Search support. First part: https://github.com/googleapis/genai-toolbox/pull/2121 |
||
|
dependabot[bot]
|
001d634de1 |
chore(deps): bump qs, body-parser and express in /docs/en/getting-started/quickstart/js/genkit (#2263)
Bumps [qs](https://github.com/ljharb/qs), [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Wenxin Du
|
268700bdbf |
fix(tools/looker): Looker client OAuth nil pointer error (#2231)
The original implementation initializes auth session using direct struct creation `&rtl.AuthSession` which does not have a source field initialized, causing nil pointer error when the sdk is trying to access this source field. This is fixed by using the`NewAuthSession()` constructor which automatically initializes a source field. Fix: https://github.com/googleapis/genai-toolbox/issues/2230 --------- Co-authored-by: Dr. Strangelove <drstrangelove@google.com> |
||
|
Dr. Strangelove
|
eb793398cd |
feat(tools/looker): add ability to set destination folder with make_look and make_dashboard. (#2245)
## Description When running with a service account, the user has no personal folder id. This allows a destination folder to be specified as part of the call to make_dashboard and make_look. If a folder is not specified the user's personal folder will be used. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #2225 --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> |
||
|
Siddharth Ravi
|
cf0fc515b5 |
feat: add tool to list store procedure (#2156)
Adds the following tools for Postgres: (1) list_stored_procedure: Retrieves stored procedure metadata returning schema name, procedure name, procedure owner, language, definition, and description, filtered by optional role name (procedure owner), schema name, and limit (default 20). <img width="3808" height="1181" alt="image" src="https://github.com/user-attachments/assets/43513a04-95ce-478f-a59f-3e5dafdb6b23" /> <img width="2654" height="1288" alt="image" src="https://github.com/user-attachments/assets/84aca162-3779-4daa-ae2f-61620560589f" /> > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #1738 |
||
|
Wenxin Du
|
9c62f313ff |
feat: Add embeddingModel support (#2121)
First part of the implementation to support semantic search in tools. Second part: https://github.com/googleapis/genai-toolbox/pull/2151 |
||
|
Averi Kitsch
|
731a32e536 |
feat: update CSQL MySQL prebuilt tools to use IAM (#2202)
## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> |
||
|
Divyansh
|
53885e6c0d |
docs: Updating dataplex docs to include new syntax for semantic search (#2165)
## Description Dataplex.md is currently misaligned with the Dataplex backend, leading to failed search queries. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x ] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Averi Kitsch <akitsch@google.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
dependabot[bot]
|
b4346dcb8f |
chore(deps): bump qs from 6.14.0 to 6.14.1 in /docs/en/getting-started/quickstart/js/adk (#2250)
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Yuan Teoh
|
0f27f956c7 |
refactor(sources/bigquery): move source implementation in Invoke() function to Source (#2242)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
f9df2635c6 |
refactor(sources/neo4j): move source implementation in Invoke() function to Source (#2241)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
c1b87e209f |
refactor: move source implementation in Invoke() function to Source (#2240)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * alloydb-pg * cloudsql-pg * postgres This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
55eb958c2a |
refactor: move source implementation in Invoke() function to Source (#2238)
Move source-related queries from `Invoke()` function into Source. The following sources were updated in this PR: * mssql * cloudsql-mssql * mysql * cloudsql-mysql This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
20447746e1 |
refactor: move source implementation in Invoke() function to Source (#2237)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * spanner * sqlite * tidb * trino * valkey * yugabytedb This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
83670dbe34 |
refactor: move source implementation in Invoke() function to Source (#2236)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * mindsdb * oceanbase * oracle * redis * singlestore * cloudmonitoring This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation * reduce oracle integration test coverage to 20%. There's no code change or test reduction in this PR. It might be because the Invoke() function was dedupe, hence the total line covered is reduced. |
||
|
Yuan Teoh
|
df2f6a9f0b |
refactor: move source implementation in Invoke() function to Source (#2234)
Move source-related queries from `Invoke()` function into Source. The following sources are updated in this PR: * couchbase * dgraph * elasticsearch * firebird This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation |
||
|
Yuan Teoh
|
2fa9cdb522 |
refactor(sources/cloudsqladmin): move source implementation in Invoke() function to Source (#2233)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation Along with these updates, this PR also resolve some comments from Gemini: * update `fmt.Printf()` to logging as a Debug log and remove the training `\n` within the log * move `regexp.MustCompile` to the top so that it's compiled once at the package level and reused. It is a relatively expensive operation to be called on every invocation. * `fetchInstanceData()` to return the `*sqladmin.DatabaseInstance` struct directly instead of converting to map and use map lookups. More typesafe and efficient. Did not move `cloudsqlpgupgradeprecheck` tool since that invocation is very specific towards cloudsql for postgres |
||
|
Yuan Teoh
|
285cdcd69a |
refactor: move source implementation in Invoke() function to Source (#2229)
Move source-related queries from `Invoke()` function into Source. The following sources were updated in this PR: * bigtable * cassandra * clickhouse * cloud gemini data analytics This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation This PR also fix the following gemini review recommendations: * Bigtable `resultRow.GetByName()` to throw an error and return false * Clickhouselistdatabases and Clickhouselisttables to reuse the `RunSQL()` function |
||
|
Mend Renovate
|
38d127a354 |
chore(deps): update dependency langchain to v1.2.3 [security] (#2248)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [langchain](https://redirect.github.com/langchain-ai/langchainjs/tree/main/libs/langchain/) ([source](https://redirect.github.com/langchain-ai/langchainjs)) | [`1.0.2` → `1.2.3`](https://renovatebot.com/diffs/npm/langchain/1.0.2/1.2.3) |  |  | ### GitHub Vulnerability Alerts #### [CVE-2025-68665](https://redirect.github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6) ## Context A serialization injection vulnerability exists in LangChain JS's `toJSON()` method (and subsequently when string-ifying objects using `JSON.stringify()`. The method did not escape objects with `'lc'` keys when serializing free-form data in kwargs. The `'lc'` key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. ### Attack surface The core vulnerability was in `Serializable.toJSON()`: this method failed to escape user-controlled objects containing `'lc'` keys within kwargs (e.g., `additional_kwargs`, `metadata`, `response_metadata`). When this unescaped data was later deserialized via `load()`, the injected structures were treated as legitimate LangChain objects rather than plain user data. This escaping bug enabled several attack vectors: 1. **Injection via user data**: Malicious LangChain object structures could be injected through user-controlled fields like `metadata`, `additional_kwargs`, or `response_metadata` 2. **Secret extraction**: Injected secret structures could extract environment variables when `secretsFromEnv` was enabled (which had no explicit default, effectively defaulting to `true` behavior) 3. **Class instantiation via import maps**: Injected constructor structures could instantiate any class available in the provided import maps with attacker-controlled parameters **Note on import maps:** Classes must be explicitly included in import maps to be instantiatable. The core import map includes standard types (messages, prompts, documents), and users can extend this via `importMap` and `optionalImportsMap` options. This architecture naturally limits the attack surface—an `allowedObjects` parameter is not necessary because users control which classes are available through the import maps they provide. **Security hardening:** This patch fixes the escaping bug in `toJSON()` and introduces new restrictive defaults in `load()`: `secretsFromEnv` now explicitly defaults to `false`, and a `maxDepth` parameter protects against DoS via deeply nested structures. JSDoc security warnings have been added to all import map options. ## Who is affected? Applications are vulnerable if they: 1. **Serialize untrusted data via `JSON.stringify()` on Serializable objects, then deserialize with `load()`** — Trusting your own serialization output makes you vulnerable if user-controlled data (e.g., from LLM responses, metadata fields, or user inputs) contains `'lc'` key structures. 2. **Deserialize untrusted data with `load()`** — Directly deserializing untrusted data that may contain injected `'lc'` structures. 3. **Use LangGraph checkpoints** — Checkpoint serialization/deserialization paths may be affected. The most common attack vector is through **LLM response fields** like `additional_kwargs` or `response_metadata`, which can be controlled via prompt injection and then serialized/deserialized in streaming operations. ## Impact Attackers who control serialized data can extract environment variable secrets by injecting `{"lc": 1, "type": "secret", "id": ["ENV_VAR"]}` to load environment variables during deserialization (when `secretsFromEnv: true`). They can also instantiate classes with controlled parameters by injecting constructor structures to instantiate any class within the provided import maps with attacker-controlled parameters, potentially triggering side effects such as network calls or file operations. Key severity factors: - Affects the serialization path—applications trusting their own serialization output are vulnerable - Enables secret extraction when combined with `secretsFromEnv: true` - LLM responses in `additional_kwargs` can be controlled via prompt injection ## Exploit example ```typescript import { load } from "@​langchain/core/load"; // Attacker injects secret structure into user-controlled data const attackerPayload = JSON.stringify({ user_data: { lc: 1, type: "secret", id: ["OPENAI_API_KEY"], }, }); process.env.OPENAI_API_KEY = "sk-secret-key-12345"; // With secretsFromEnv: true, the secret is extracted const deserialized = await load(attackerPayload, { secretsFromEnv: true }); console.log(deserialized.user_data); // "sk-secret-key-12345" - SECRET LEAKED! ``` ## Security hardening changes This patch introduces the following changes to `load()`: 1. **`secretsFromEnv` default changed to `false`**: Disables automatic secret loading from environment variables. Secrets not found in `secretsMap` now throw an error instead of being loaded from `process.env`. This fail-safe behavior ensures missing secrets are caught immediately rather than silently continuing with `null`. 2. **New `maxDepth` parameter** (defaults to `50`): Protects against denial-of-service attacks via deeply nested JSON structures that could cause stack overflow. 3. **Escape mechanism in `toJSON()`**: User-controlled objects containing `'lc'` keys are now wrapped in `{"__lc_escaped__": {...}}` during serialization and unwrapped as plain data during deserialization. 4. **JSDoc security warnings**: All import map options (`importMap`, `optionalImportsMap`, `optionalImportEntrypoints`) now include security warnings about never populating them from user input. ## Migration guide ### No changes needed for most users If you're deserializing standard LangChain types (messages, documents, prompts) using the core import map, your code will work without changes: ```typescript import { load } from "@​langchain/core/load"; // Works with default settings const obj = await load(serializedData); ``` ### For secrets from environment `secretsFromEnv` now defaults to `false`, and missing secrets throw an error. If you need to load secrets: ```typescript import { load } from "@​langchain/core/load"; // Provide secrets explicitly (recommended) const obj = await load(serializedData, { secretsMap: { OPENAI_API_KEY: process.env.OPENAI_API_KEY }, }); // Or explicitly opt-in to load from env (only use with trusted data) const obj = await load(serializedData, { secretsFromEnv: true }); ``` > **Warning:** Only enable `secretsFromEnv` if you trust the serialized data. Untrusted data could extract any environment variable. > **Note:** If a secret reference is encountered but not found in `secretsMap` (and `secretsFromEnv` is `false` or the secret is not in the environment), an error is thrown. This fail-safe behavior ensures you're aware of missing secrets rather than silently receiving `null` values. ### For deeply nested structures If you have legitimate deeply nested data that exceeds the default depth limit of 50: ```typescript import { load } from "@​langchain/core/load"; const obj = await load(serializedData, { maxDepth: 100 }); ``` ### For custom import maps If you provide custom import maps, ensure they only contain trusted modules: ```typescript import { load } from "@​langchain/core/load"; import * as myModule from "./my-trusted-module"; // GOOD - explicitly include only trusted modules const obj = await load(serializedData, { importMap: { my_module: myModule }, }); // BAD - never populate from user input const obj = await load(serializedData, { importMap: userProvidedImports, // DANGEROUS! }); ``` --- ### Release Notes <details> <summary>langchain-ai/langchainjs (langchain)</summary> ### [`v1.2.3`](https://redirect.github.com/langchain-ai/langchainjs/releases/tag/%40langchain/anthropic%401.2.3) ##### Patch Changes - Updated dependencies \[[`0bade90`]( |
||
|
dependabot[bot]
|
3d140a657e |
chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /docs/en/getting-started/quickstart/go/adkgo (#2249)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0714d3e126 |
chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /docs/en/getting-started/quickstart/go/openAI (#2247)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0baffff3b5 |
chore(deps): bump @langchain/core and @langchain/google-genai in /docs/en/getting-started/quickstart/js/langchain (#2232)
Bumps [@langchain/core](https://github.com/langchain-ai/langchainjs) to 1.1.8 and updates ancestor dependency [@langchain/google-genai](https://github.com/langchain-ai/langchainjs). These dependencies need to be updated together. Updates `@langchain/core` from 1.1.0 to 1.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/langchain-ai/langchainjs/releases"><code>@langchain/core</code>'s releases</a>.</em></p> <blockquote> <h2><code>@langchain/core</code><a href="https://github.com/1"><code>@1</code></a>.1.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/langchain-ai/langchainjs/pull/9707">#9707</a> <a href=" |
||
|
Mend Renovate
|
f87ed05aac |
chore(deps): update pip (#2215)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [google-adk](https://redirect.github.com/google/adk-python) ([changelog](https://redirect.github.com/google/adk-python/blob/main/CHANGELOG.md)) | `==1.19.0` → `==1.21.0` |  |  | | [google-genai](https://redirect.github.com/googleapis/python-genai) | `==1.52.0` → `==1.56.0` |  |  | | [langchain](https://redirect.github.com/langchain-ai/langchain) ([source](https://redirect.github.com/langchain-ai/langchain/tree/HEAD/libs/langchain), [changelog](https://redirect.github.com/langchain-ai/langchain/releases?q=tag%3A%22langchain%3D%3D1%22)) | `==1.1.0` → `==1.2.0` |  |  | | [langchain-google-vertexai](https://redirect.github.com/langchain-ai/langchain-google) ([source](https://redirect.github.com/langchain-ai/langchain-google/tree/HEAD/libs/vertexai), [changelog](https://redirect.github.com/langchain-ai/langchain-google/releases?q=%22vertexai%22)) | `==3.1.0` → `==3.2.0` |  |  | | [langgraph](https://redirect.github.com/langchain-ai/langgraph) ([source](https://redirect.github.com/langchain-ai/langgraph/tree/HEAD/libs/langgraph), [changelog](https://redirect.github.com/langchain-ai/langgraph/releases)) | `==1.0.4` → `==1.0.5` |  |  | | [llama-index](https://redirect.github.com/run-llama/llama_index) | `==0.14.10` → `==0.14.12` |  |  | | llama-index-llms-google-genai | `==0.7.3` → `==0.8.3` |  |  | | [pytest](https://redirect.github.com/pytest-dev/pytest) ([changelog](https://docs.pytest.org/en/stable/changelog.html)) | `==9.0.1` → `==9.0.2` |  |  | | [toolbox-core](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python) ([changelog](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python/blob/main/packages/toolbox-core/CHANGELOG.md)) | `==0.5.3` → `==0.5.4` |  |  | | [toolbox-langchain](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python) ([changelog](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python/blob/main/packages/toolbox-langchain/CHANGELOG.md)) | `==0.5.3` → `==0.5.4` |  |  | | [toolbox-llamaindex](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python) ([changelog](https://redirect.github.com/googleapis/mcp-toolbox-sdk-python/blob/main/packages/toolbox-llamaindex/CHANGELOG.md)) | `==0.5.3` → `==0.5.4` |  |  | --- ### Release Notes <details> <summary>google/adk-python (google-adk)</summary> ### [`v1.21.0`](https://redirect.github.com/google/adk-python/blob/HEAD/CHANGELOG.md#1210-2025-12-11) [Compare Source](https://redirect.github.com/google/adk-python/compare/v1.20.0...v1.21.0) ##### Features - **\[Interactions API Support]** - The newly released Gemini [Interactions API](https://ai.google.dev/gemini-api/docs/interactions) is supported in ADK now. To use it: ```Python Agent( model=Gemini( model="gemini-3-pro-preview", use_interactions_api=True, ), name="...", description="...", instruction="...", ) ``` see [samples](https://redirect.github.com/google/adk-python/tree/main/contributing/samples/interactions_api) for details - **\[Services]** - Add `add_session_to_memory` to `CallbackContext` and `ToolContext` to explicitly save the current session to memory ([7b356dd]( |
||
|
dependabot[bot]
|
a35f64ef7d |
chore(deps): bump jws from 4.0.0 to 4.0.1 in /docs/en/getting-started/quickstart/js/adk (#2143)
Bumps [jws](https://github.com/brianloveswords/node-jws) from 4.0.0 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/brianloveswords/node-jws/releases">jws's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 2.0.1, addressing a compatibility issue for Node >= 25.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's changelog</a>.</em></p> <blockquote> <h2>[4.0.1]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 2.0.1, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.2.3]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.0.0]</h2> <h3>Changed</h3> <ul> <li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an <code>algorithm</code> parameter, and <code>jws.createVerify</code> requires an <code>algorithm</code> option. The <code>"alg"</code> field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by <code>jwt.verify</code>. See <a href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a> for details.</li> </ul> <h2><a href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a> - 2015-01-30</h2> <h3>Changed</h3> <ul> <li> <p><strong>BREAKING</strong>: Default payload encoding changed from <code>binary</code> to <code>utf8</code>. <code>utf8</code> is a is a more sensible default than <code>binary</code> because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (<!-- raw HTML omitted -->[6b6de48]<!-- raw HTML omitted -->)</p> </li> <li> <p>Code reorganization, thanks [<a href="https://github.com/fearphage"><code>@fearphage</code></a>]! (<!-- raw HTML omitted --><a href="https://github.com/brianloveswords/node-jws/commit/7880050">7880050</a><!-- raw HTML omitted -->)</p> </li> </ul> <h3>Added</h3> <ul> <li>Option in all relevant methods for <code>encoding</code>. For those few users that might be depending on a <code>binary</code> encoding of the messages, this is for them. (<!-- raw HTML omitted -->[6b6de48]<!-- raw HTML omitted -->)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mend Renovate
|
980600f31b |
chore(deps): update github actions (#2096)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](
|
||
|
dependabot[bot]
|
f4c22b3e27 |
chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /docs/en/getting-started/quickstart/go/genkit (#1999)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mend Renovate
|
c2df6223e6 |
chore(deps): update github actions (major) (#1905)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/cache](https://redirect.github.com/actions/cache) | action | major | `v4` -> `v5` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v5.0.1` -> `v6.0.1` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v5` -> `v6` | | [golangci/golangci-lint-action](https://redirect.github.com/golangci/golangci-lint-action) | action | major | `v8.0.0` -> `v9.2.0` | --- ### Release Notes <details> <summary>actions/cache (actions/cache)</summary> ### [`v5`](https://redirect.github.com/actions/cache/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/cache/compare/v4...v5) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v6.0.1`](https://redirect.github.com/actions/checkout/compare/v6.0.0...v6.0.1) [Compare Source](https://redirect.github.com/actions/checkout/compare/v6.0.0...v6.0.1) ### [`v6.0.0`](https://redirect.github.com/actions/checkout/compare/v5.0.1...v6.0.0) [Compare Source](https://redirect.github.com/actions/checkout/compare/v5.0.1...v6.0.0) </details> <details> <summary>golangci/golangci-lint-action (golangci/golangci-lint-action)</summary> ### [`v9.2.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v9.2.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v9.1.0...v9.2.0) <!-- Release notes generated using configuration in .github/release.yml at v9.2.0 --> #### What's Changed ##### Changes - feat: add version-file option by [@​ldez](https://redirect.github.com/ldez) in [#​1320](https://redirect.github.com/golangci/golangci-lint-action/pull/1320) - chore: move samples into fixtures by [@​ldez](https://redirect.github.com/ldez) in [#​1321](https://redirect.github.com/golangci/golangci-lint-action/pull/1321) ##### Dependencies - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1317](https://redirect.github.com/golangci/golangci-lint-action/pull/1317) - build(deps): bump actions/checkout from 5 to 6 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1318](https://redirect.github.com/golangci/golangci-lint-action/pull/1318) - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1323](https://redirect.github.com/golangci/golangci-lint-action/pull/1323) - build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1324](https://redirect.github.com/golangci/golangci-lint-action/pull/1324) **Full Changelog**: <https://github.com/golangci/golangci-lint-action/compare/v9.1.0...v9.2.0> ### [`v9.1.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v9.1.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v9.0.0...v9.1.0) <!-- Release notes generated using configuration in .github/release.yml at v9.1.0 --> #### What's Changed ##### Changes - feat: automatic module directories by [@​ldez](https://redirect.github.com/ldez) in [#​1315](https://redirect.github.com/golangci/golangci-lint-action/pull/1315) ##### Documentation - docs: organize options by [@​ldez](https://redirect.github.com/ldez) in [#​1314](https://redirect.github.com/golangci/golangci-lint-action/pull/1314) ##### Dependencies - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1307](https://redirect.github.com/golangci/golangci-lint-action/pull/1307) - build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1309](https://redirect.github.com/golangci/golangci-lint-action/pull/1309) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1310](https://redirect.github.com/golangci/golangci-lint-action/pull/1310) - build(deps): bump the dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1311](https://redirect.github.com/golangci/golangci-lint-action/pull/1311) **Full Changelog**: <https://github.com/golangci/golangci-lint-action/compare/v9.0.0...v9.1.0> ### [`v9.0.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v9.0.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0) In the scope of this release, we change Nodejs runtime from node20 to node24 (<https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/>). #### What's Changed ##### Changes - feat: add install-only option by [@​ldez](https://redirect.github.com/ldez) in [#​1305](https://redirect.github.com/golangci/golangci-lint-action/pull/1305) - feat: support Module Plugin System by [@​ldez](https://redirect.github.com/ldez) in [#​1306](https://redirect.github.com/golangci/golangci-lint-action/pull/1306) **Full Changelog**: <https://github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/genai-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQyLjQyLjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
Xie Yanbo
|
4d6f70b55e |
docs: clarify versioning in README (#2177)
Update the README.md to explicitly define MAJOR, MINOR, and PATCH increments for post-1.0.0 versioning, enhancing clarity and readability. ## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> |
||
|
manuka rahul
|
c088d4ed42 |
ci: add link checker workflow (#2189)
This workflow prevents the links that are broken or 404 errors by checking the documentation links during development and before merging into the main code base. This ensures all project documentation (Readme , contribution files) remains current and functional , proactively addressing technical debt. Please note this is a resubmission of a previous [PR](https://github.com/googleapis/genai-toolbox/pull/1756) that was closed due to merge conflicts --------- Co-authored-by: Twisha Bansal <58483338+twishabansal@users.noreply.github.com> |
||
|
Yuan Teoh
|
0202709efc |
refactor(sources/alloydbadmin, sources/alloydbpg): move source implementation in Invoke() function to Source (#2226)
Move source-related queries from `Invoke()` function into Source. This is an effort to generalizing tools to work with any Source that implements a specific interface. This will provide a better segregation of the roles for Tools vs Source. Tool's role will be limited to the following: * Resolve any pre-implementation steps or parameters (e.g. template parameters) * Retrieving Source * Calling the source's implementation Along with these updates, this PR also resolve some comments from Gemini: * update `fmt.Printf()` to logging as a Debug log -- within `GetOperations()` * update `fmt.Printf()` during failure to retrieve user agent into throwing an error. UserAgent are expected to be retrieved successfully during source initialization. Failure to retrieve will indicate a server error. |
||
|
Niraj Nandre
|
9695fc5eeb |
docs: Add Antigravity connection steps for Looker (#2192)
## Description This PR adds a new section to the `looker_mcp.md` document that explains how to connect Looker to Antigravity. The new **"Connect with Antigravity"** section provides two methods for connecting: - **MCP Store:** A straightforward method using the built-in MCP Store in Antigravity. - **Custom config:** For connecting to a custom MCP server by adding a configuration to the mcp_config.json file. These changes will help users easily connect Looker to Antigravity. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change Co-authored-by: Averi Kitsch <akitsch@google.com> |
||
|
Srividya Reddy
|
5447c94ca8 |
test(source/postgres): fix list_database_stats integration test (#2235)
## Description The list_database_stats test fails intermittently when run in parallel on shared instances. Specifically, the "filter by tablespace" and "sort by size" test cases fail because they encounter unexpected databases in the pg_default tablespace created by concurrent test runs. This PR narrows the scope of these test cases by filtering for specific database names. This ensures assertions remain isolated to the current test run regardless of other databases present in the shared environment. ``` go test -tags=integration tests/postgres/postgres_integration_test.go ok command-line-arguments 14.455s ``` > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [x] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<1738> |
||
|
Sri Varshitha
|
7053fbb195 |
fix(tools/alloydb-wait-for-operation): Fix connection message generation (#2228)
## Description This PR fixes issues in the `alloydb-wait-for-operation` tool where the connection message was not being generated correctly upon operation completion. ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [x] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [x] Ensure the tests and linter pass - [x] Code coverage does not decrease (if any source code was changed) - [x] Appropriate docs were updated (if necessary) - [x] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> |
||
|
manuka rahul
|
5a09d38056 |
docs: fix broken links (#2223)
Fix broken links |
||
|
Yuan Teoh
|
967a72da11 |
refactor: decouple Source from Tool (#2204)
This PR update the linking mechanism between Source and Tool.
Tools are directly linked to their Source, either by pointing to the
Source's functions or by assigning values from the source during Tool's
initialization. However, the existing approach means that any
modification to the Source after Tool's initialization might not be
reflected. To address this limitation, each tool should only store a
name reference to the Source, rather than direct link or assigned
values.
Tools will provide interface for `compatibleSource`. This will be used
to determine if a Source is compatible with the Tool.
```
type compatibleSource interface{
Client() http.Client
ProjectID() string
}
```
During `Invoke()`, the tool will run the following operations:
* retrieve Source from the `resourceManager` with source's named defined
in Tool's config
* validate Source via `compatibleSource interface{}`
* run the remaining `Invoke()` function. Fields that are needed is
retrieved directly from the source.
With this update, resource manager is also added as input to other
Tool's function that require access to source (e.g.
`RequiresClientAuthorization()`).
|
||
|
Yuan Teoh
|
7daa4111f4 | fix: add import for cloudgda source (#2217) | ||
|
Averi Kitsch
|
18885f6433 |
ci: update renovate to use dep groups (#2142)
## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> |
||
|
Mend Renovate
|
21d676ed58 |
chore(deps): update module github.com/redis/go-redis/v9 to v9.17.2 (#1994)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/redis/go-redis/v9](https://redirect.github.com/redis/go-redis) | `v9.16.0` -> `v9.17.2` |  |  | --- ### Release Notes <details> <summary>redis/go-redis (github.com/redis/go-redis/v9)</summary> ### [`v9.17.2`](https://redirect.github.com/redis/go-redis/releases/tag/v9.17.2): 9.17.2 [Compare Source](https://redirect.github.com/redis/go-redis/compare/v9.17.1...v9.17.2) #### 🐛 Bug Fixes - **Connection Pool**: Fixed critical race condition in turn management that could cause connection leaks when dial goroutines complete after request timeout ([#​3626](https://redirect.github.com/redis/go-redis/pull/3626)) by [@​cyningsun](https://redirect.github.com/cyningsun) - **Context Timeout**: Improved context timeout calculation to use minimum of remaining time and DialTimeout, preventing goroutines from waiting longer than necessary ([#​3626](https://redirect.github.com/redis/go-redis/pull/3626)) by [@​cyningsun](https://redirect.github.com/cyningsun) #### 🧰 Maintenance - chore(deps): bump rojopolis/spellcheck-github-actions from 0.54.0 to 0.55.0 ([#​3627](https://redirect.github.com/redis/go-redis/pull/3627)) #### Contributors We'd like to thank all the contributors who worked on this release! [@​cyningsun](https://redirect.github.com/cyningsun) and [@​ndyakov](https://redirect.github.com/ndyakov) ### [`v9.17.1`](https://redirect.github.com/redis/go-redis/releases/tag/v9.17.1): 9.17.1 [Compare Source](https://redirect.github.com/redis/go-redis/compare/v9.17.0...v9.17.1) #### 🐛 Bug Fixes - add wait to keyless commands list ([#​3615](https://redirect.github.com/redis/go-redis/pull/3615)) by [@​marcoferrer](https://redirect.github.com/marcoferrer) - fix(time): remove cached time optimization ([#​3611](https://redirect.github.com/redis/go-redis/pull/3611)) by [@​ndyakov](https://redirect.github.com/ndyakov) #### 🧰 Maintenance - chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 ([#​3609](https://redirect.github.com/redis/go-redis/pull/3609)) - chore(deps): bump actions/checkout from 5 to 6 ([#​3610](https://redirect.github.com/redis/go-redis/pull/3610)) - chore(script): fix help call in tag.sh ([#​3606](https://redirect.github.com/redis/go-redis/pull/3606)) by [@​ndyakov](https://redirect.github.com/ndyakov) #### Contributors We'd like to thank all the contributors who worked on this release! [@​marcoferrer](https://redirect.github.com/marcoferrer) and [@​ndyakov](https://redirect.github.com/ndyakov) ### [`v9.17.0`](https://redirect.github.com/redis/go-redis/releases/tag/v9.17.0): 9.17.0 [Compare Source](https://redirect.github.com/redis/go-redis/compare/v9.16.0...v9.17.0) #### 🚀 Highlights ##### Redis 8.4 Support Added support for Redis 8.4, including new commands and features ([#​3572](https://redirect.github.com/redis/go-redis/pull/3572)) ##### Typed Errors Introduced typed errors for better error handling using `errors.As` instead of string checks. Errors can now be wrapped and set to commands in hooks without breaking library functionality ([#​3602](https://redirect.github.com/redis/go-redis/pull/3602)) ##### New Commands - **CAS/CAD Commands**: Added support for Compare-And-Set/Compare-And-Delete operations with conditional matching (`IFEQ`, `IFNE`, `IFDEQ`, `IFDNE`) ([#​3583](https://redirect.github.com/redis/go-redis/pull/3583), [#​3595](https://redirect.github.com/redis/go-redis/pull/3595)) - **MSETEX**: Atomically set multiple key-value pairs with expiration options and conditional modes ([#​3580](https://redirect.github.com/redis/go-redis/pull/3580)) - **XReadGroup CLAIM**: Consume both incoming and idle pending entries from streams in a single call ([#​3578](https://redirect.github.com/redis/go-redis/pull/3578)) - **ACL Commands**: Added `ACLGenPass`, `ACLUsers`, and `ACLWhoAmI` ([#​3576](https://redirect.github.com/redis/go-redis/pull/3576)) - **SLOWLOG Commands**: Added `SLOWLOG LEN` and `SLOWLOG RESET` ([#​3585](https://redirect.github.com/redis/go-redis/pull/3585)) - **LATENCY Commands**: Added `LATENCY LATEST` and `LATENCY RESET` ([#​3584](https://redirect.github.com/redis/go-redis/pull/3584)) ##### Search & Vector Improvements - **Hybrid Search**: Added **EXPERIMENTAL** support for the new `FT.HYBRID` command ([#​3573](https://redirect.github.com/redis/go-redis/pull/3573)) - **Vector Range**: Added `VRANGE` command for vector sets ([#​3543](https://redirect.github.com/redis/go-redis/pull/3543)) - **FT.INFO Enhancements**: Added vector-specific attributes in FT.INFO response ([#​3596](https://redirect.github.com/redis/go-redis/pull/3596)) ##### Connection Pool Improvements - **Improved Connection Success Rate**: Implemented FIFO queue-based fairness and context pattern for connection creation to prevent premature cancellation under high concurrency ([#​3518](https://redirect.github.com/redis/go-redis/pull/3518)) - **Connection State Machine**: Resolved race conditions and improved pool performance with proper state tracking ([#​3559](https://redirect.github.com/redis/go-redis/pull/3559)) - **Pool Performance**: Significant performance improvements with faster semaphores, lockless hook manager, and reduced allocations (47-67% faster Get/Put operations) ([#​3565](https://redirect.github.com/redis/go-redis/pull/3565)) ##### Metrics & Observability - **Canceled Metric Attribute**: Added 'canceled' metrics attribute to distinguish context cancellation errors from other errors ([#​3566](https://redirect.github.com/redis/go-redis/pull/3566)) #### ✨ New Features - Typed errors with wrapping support ([#​3602](https://redirect.github.com/redis/go-redis/pull/3602)) by [@​ndyakov](https://redirect.github.com/ndyakov) - CAS/CAD commands (marked as experimental) ([#​3583](https://redirect.github.com/redis/go-redis/pull/3583), [#​3595](https://redirect.github.com/redis/go-redis/pull/3595)) by [@​ndyakov](https://redirect.github.com/ndyakov), [@​htemelski-redis](https://redirect.github.com/htemelski-redis) - MSETEX command support ([#​3580](https://redirect.github.com/redis/go-redis/pull/3580)) by [@​ofekshenawa](https://redirect.github.com/ofekshenawa) - XReadGroup CLAIM argument ([#​3578](https://redirect.github.com/redis/go-redis/pull/3578)) by [@​ofekshenawa](https://redirect.github.com/ofekshenawa) - ACL commands: GenPass, Users, WhoAmI ([#​3576](https://redirect.github.com/redis/go-redis/pull/3576)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - SLOWLOG commands: LEN, RESET ([#​3585](https://redirect.github.com/redis/go-redis/pull/3585)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - LATENCY commands: LATEST, RESET ([#​3584](https://redirect.github.com/redis/go-redis/pull/3584)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - Hybrid search command (FT.HYBRID) ([#​3573](https://redirect.github.com/redis/go-redis/pull/3573)) by [@​htemelski-redis](https://redirect.github.com/htemelski-redis) - Vector range command (VRANGE) ([#​3543](https://redirect.github.com/redis/go-redis/pull/3543)) by [@​cxljs](https://redirect.github.com/cxljs) - Vector-specific attributes in FT.INFO ([#​3596](https://redirect.github.com/redis/go-redis/pull/3596)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Improved connection pool success rate with FIFO queue ([#​3518](https://redirect.github.com/redis/go-redis/pull/3518)) by [@​cyningsun](https://redirect.github.com/cyningsun) - Canceled metrics attribute for context errors ([#​3566](https://redirect.github.com/redis/go-redis/pull/3566)) by [@​pvragov](https://redirect.github.com/pvragov) #### 🐛 Bug Fixes - Fixed Failover Client MaintNotificationsConfig ([#​3600](https://redirect.github.com/redis/go-redis/pull/3600)) by [@​ajax16384](https://redirect.github.com/ajax16384) - Fixed ACLGenPass function to use the bit parameter ([#​3597](https://redirect.github.com/redis/go-redis/pull/3597)) by [@​destinyoooo](https://redirect.github.com/destinyoooo) - Return error instead of panic from commands ([#​3568](https://redirect.github.com/redis/go-redis/pull/3568)) by [@​dragneelfps](https://redirect.github.com/dragneelfps) - Safety harness in `joinErrors` to prevent panic ([#​3577](https://redirect.github.com/redis/go-redis/pull/3577)) by [@​manisharma](https://redirect.github.com/manisharma) #### ⚡ Performance - Connection state machine with race condition fixes ([#​3559](https://redirect.github.com/redis/go-redis/pull/3559)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Pool performance improvements: 47-67% faster Get/Put, 33% less memory, 50% fewer allocations ([#​3565](https://redirect.github.com/redis/go-redis/pull/3565)) by [@​ndyakov](https://redirect.github.com/ndyakov) #### 🧪 Testing & Infrastructure - Updated to Redis 8.4.0 image ([#​3603](https://redirect.github.com/redis/go-redis/pull/3603)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Added Redis 8.4-RC1-pre to CI ([#​3572](https://redirect.github.com/redis/go-redis/pull/3572)) by [@​ndyakov](https://redirect.github.com/ndyakov) - Refactored tests for idiomatic Go ([#​3561](https://redirect.github.com/redis/go-redis/pull/3561), [#​3562](https://redirect.github.com/redis/go-redis/pull/3562), [#​3563](https://redirect.github.com/redis/go-redis/pull/3563)) by [@​12ya](https://redirect.github.com/12ya) #### 👥 Contributors We'd like to thank all the contributors who worked on this release! [@​12ya](https://redirect.github.com/12ya), [@​ajax16384](https://redirect.github.com/ajax16384), [@​cxljs](https://redirect.github.com/cxljs), [@​cyningsun](https://redirect.github.com/cyningsun), [@​destinyoooo](https://redirect.github.com/destinyoooo), [@​dragneelfps](https://redirect.github.com/dragneelfps), [@​htemelski-redis](https://redirect.github.com/htemelski-redis), [@​manisharma](https://redirect.github.com/manisharma), [@​ndyakov](https://redirect.github.com/ndyakov), [@​ofekshenawa](https://redirect.github.com/ofekshenawa), [@​pvragov](https://redirect.github.com/pvragov) *** **Full Changelog**: <https://github.com/redis/go-redis/compare/v9.16.0...v9.17.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/genai-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Averi Kitsch <akitsch@google.com> |