feat(google-adk-agents): add @temporalio/google-adk-agents package#2120
feat(google-adk-agents): add @temporalio/google-adk-agents package#2120xumaple wants to merge 7 commits into
Conversation
Initial preliminary draft of the Google ADK agent integration: plugin, model/MCP/tool workflow-side proxies, worker-side activities, test doubles, and E2E tests. Builds, typechecks, and passes the test suite; cleanup (lint, ava migration, packaging metadata, docs) to follow. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![semgrep-managed-scans[bot]](https://avatars.githubusercontent.com/u/56493103?s=60&v=4){kind=small}
| @@ -2857,6 +3812,11 @@ packages: | |||
| resolution: {integrity: sha512-w+5mJ3GuFL+NjVtJlvydShqE1eN3h3PbI7/5LAsYJP/2qtuMXjfL2LpHSRqo4b4eSF5K/DH1JXKUAHSB2UW50g==} | |||
| engines: {node: '>= 0.4'} | |||
|
|
|||
| esbuild@0.21.5: | |||
There was a problem hiding this comment.
High severity vulnerability may affect your project—review required:
Line 3815 lists a dependency (esbuild) with a known High severity vulnerability.
ℹ️ Why this matters
Affected versions of esbuild are vulnerable to Download of Code Without Integrity Check / Untrusted Search Path. esbuild's Deno distribution module (lib/deno/mod.ts) contains an import.meta.main CLI entrypoint that calls install() directly when the module is run as a script (deno run https://deno.land/x/esbuild@vX/mod.js). This download path has no SHA-256 integrity verification: if NPM_CONFIG_REGISTRY resolves to an attacker-controlled registry, the fetched binary is executed immediately, yielding arbitrary code execution without any API call in user code.
References: GHSA
To resolve this comment:
Check if you invoke the esbuild Deno module directly as a CLI tool (e.g. deno run https://deno.land/x/esbuild@vX/mod.js) and the NPM_CONFIG_REGISTRY environment variable resolves the binary download to an untrusted registry.
- If you're affected, upgrade this dependency to at least version 0.28.1 at pnpm-lock.yaml.
- If you're not affected, comment
/fp we don't use this [condition]
💬 Ignore this finding
To ignore this, reply with:
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
You can view more details on this finding in the Semgrep AppSec Platform here.
| terser: | ||
| optional: true | ||
|
|
||
| vitest@1.6.1: |
There was a problem hiding this comment.
Critical severity vulnerability may affect your project—review required:
Line 6802 lists a dependency (vitest) with a known Critical severity vulnerability.
ℹ️ Why this matters
Affected versions of vitest are vulnerable to Missing Authorization. When the Vitest UI server is listening, the deprecated isFileServingAllowed check is applied without normalizing the URL before filesystem operations, allowing path traversal that lets an attacker read, write, and execute arbitrary files outside the project directory.
References: GHSA
To resolve this comment:
Check if you run the Vitest UI on Windows, or you expose the Vitest UI server to the network with the --api.host flag or api.host config option.
- If you're affected, upgrade this dependency to at least version 3.2.6 at pnpm-lock.yaml.
- If you're not affected, comment
/fp we don't use this [condition]
💬 Ignore this finding
To ignore this, reply with:
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
You can view more details on this finding in the Semgrep AppSec Platform here.
…ng, code fixes Convert tests vitest→ava, add eslint override, extend tsconfig base + references, fill package.json metadata, fix README/comment inaccuracies, warn on streaming without streamingTopic + adaptive-heartbeat the streaming activity, and register in CODEOWNERS + root README.
…ions Rename TemporalLlm->TemporalModel and TemporalMcpToolset->TemporalMcpToolSet (with their *Options) to match the Python contrib, and trim the public barrel to the constructs users actually touch -- demoting the activity-boundary wire types and the internal tool classes (TemporalMcpTool, ActivityTool) to internal. Replace the bespoke TemporalActivityOptions with the SDK's ActivityOptions, nested as `activity?:` consistently across the model, MCP, and activity-tool options. Reduce @experimental to the public entry points and conform the package to the repo prettier config.
… contrib Raise a non-retryable GoogleAdkStreamingTopicRequired error when streaming is requested without a streamingTopic, instead of silently falling back to a non-streaming call. Default the model and tool Activity start-to-close timeout to 1 minute, and derive the default Activity summary from the ADK `adk_agent_name` label. Adds E2E coverage for the streaming-without-topic failure and the agent-name summary default.
… tool-not-found - readStatus now also reads err.response?.status, so wrapped HTTP errors are classified by their real status instead of defaulting to retryable. - Nest the streaming Activity's finally block so stopHeartbeat() always runs even if the stream's async-dispose throws (was leaking the heartbeat timer). - MCP tool-not-found is now non-retryable; a tool absent from the server won't appear on a retry.
Condense plugin.ts's webpack-sandbox shim documentation down to the non-obvious WHY (why a data: URI shim rather than alias->false, the node: scheme strip, the determinism guarantee), cutting restatement and enumeration. Remove two code-restating one-line comments. No code changes.
…ehavior Rename TemporalLlm->TemporalModel and TemporalMcpToolset->TemporalMcpToolSet in the docs, note that streamingTopic is required for SSE streaming (requesting it without a topic throws GoogleAdkStreamingTopicRequired), and reflect the nested activity options shape.
xumaple
force-pushed
the
maplexu/google-adk-agents-contrib
branch
from
76ffc67 to
adb04ef
Compare
| engines: {node: ^18.0.0 || >=20.0.0} | ||
| hasBin: true | ||
|
|
||
| vite@5.4.21: |
There was a problem hiding this comment.
High severity vulnerability may affect your project—review required:
Line 6771 lists a dependency (vite) with a known High severity vulnerability.
ℹ️ Why this matters
Affected versions of vite and vite-plus are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor / Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Vite's server.fs.deny blocklist—which protects sensitive files such as .env and certificate files from being served—can be bypassed on Windows using alternate path representations (NTFS Alternate Data Stream syntax like /.env::$DATA?raw, or 8.3 short filenames), allowing an attacker to read otherwise-denied files when the dev server is exposed to the network.
References: GHSA
To resolve this comment:
Check if you expose the Vite dev server or vite-plus to the network by configuring a non-loopback address using the --host CLI flag on Windows.
- If you're affected, upgrade this dependency to at least version 6.4.3 at pnpm-lock.yaml.
- If you're not affected, comment
/fp we don't use this [condition]
💬 Ignore this finding
To ignore this, reply with:
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
You can view more details on this finding in the Semgrep AppSec Platform here.
1 participant
Adds
@temporalio/google-adk-agents, a contrib plugin that runs Google Agent Development Kit (@google/adk) agents as durable Temporal Workflows. The agent graph runs inside the Workflow and replays deterministically; the non-deterministic boundaries — every model call and every MCP tool call — are routed out to Activities, so the whole run gets Temporal's retries, timeouts, heartbeating, and crash-safe replay. For users it's a one-line change: wrap the agent's model inTemporalLlmand register the plugin.