Skip to content

fix: Make EUC request args JSON-serializable#6007

Open
doughayden wants to merge 1 commit into
google:mainfrom
doughayden:fix/euc-request-args-json-serializable
Open

fix: Make EUC request args JSON-serializable#6007
doughayden wants to merge 1 commit into
google:mainfrom
doughayden:fix/euc-request-args-json-serializable

Conversation

@doughayden
Copy link
Copy Markdown
Contributor

@doughayden doughayden commented Jun 7, 2026

Link to Issue or Description of Change

Problem:

build_auth_request_event dumps AuthToolArguments with the default mode="python", leaving the auth scheme's type field as a live SecuritySchemeType enum inside the adk_request_credential FunctionCall args. The in-memory Event.content is therefore not JSON-serializable: any consumer that json.dumps it before it round-trips the session DB raises TypeError: Object of type SecuritySchemeType is not JSON serializable. Memory ingestion (VertexAiMemoryBankService) is a concrete trigger. It stays hidden in most flows because the session DB launders enums to strings on write and the auth preprocessor re-validates from either form.

Solution:

Dump with mode="json", which coerces the enum to its "oauth2" string while preserving by_alias/exclude_none. Parse-back is unaffected: pydantic validation already accepts the string form, exactly what DB-read events carry. One line plus a regression test.

Testing Plan

Unit Tests:

  • I have added or updated unit tests for my change.
  • All unit tests pass locally.

Added test_function_request_euc_args_are_json_serializable in tests/unittests/flows/llm_flows/test_functions_request_euc.py: runs the EUC flow and asserts the adk_request_credential args are JSON-serializable and the auth scheme type is the string "oauth2". Fails before the change, passes after.

$ pytest tests/unittests/flows/llm_flows/test_functions_request_euc.py -q
4 passed, 24 warnings in 1.39s

Manual End-to-End (E2E) Tests:

The inline repro in the linked issue is the manual check: json.dumps on the args dict raises TypeError before the change and passes after. Verified against google-adk 2.2.0 (== current main).

Checklist

  • I have read the CONTRIBUTING.md document.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.
  • I have manually tested my changes end-to-end.
  • Any dependent changes have been merged and published in downstream modules.

Additional context

Sibling model_dump(exclude_none=True, by_alias=True) call sites in the same file (the tool-confirmation args near functions.py:368/:371 and the event-actions dump near :1241) follow the same python-mode pattern and may carry the same hazard if their models contain enums. I scoped this PR to the confirmed, reproducible auth path; happy to fold the siblings in if you'd prefer consistency across the file.

@doughayden
fix: Make EUC request args JSON-serializable
4dbff29 
build_auth_request_event dumped AuthToolArguments with the default
mode="python", leaving auth_scheme.type as a live SecuritySchemeType
enum in the adk_request_credential FunctionCall args. Any consumer that
json.dumps the in-memory event before it round-trips the session DB
raises TypeError; memory ingestion is a concrete trigger. Use
mode="json" to coerce the enum to its string value. Parse-back is
unaffected: pydantic validation accepts the string form, exactly what
DB-read events already carry.
@adk-bot adk-bot added the core [Component] This issue is related to the core interface and implementation label Jun 7, 2026
@adk-bot
Copy link
Copy Markdown
Collaborator

adk-bot commented Jun 7, 2026

I have completed a thorough, read-only architectural and QA compliance analysis of PR #6007 (addressing the serialization crash reported in Issue #6006).

The Contributor License Agreement (CLA) verification for contributor @doughayden returned SUCCESS, satisfying the mandatory compliance gateway.

I have generated a detailed PR Analysis Report artifact, which you can read directly.

💡 Key Findings & Highlights

  1. Root Cause Resolved: The PR effectively prevents TypeError: Object of type SecuritySchemeType is not JSON serializable exceptions by switching the dump mode from 'python' to 'json' inside functions.py.
  2. Quality Tests: The added regression test test_function_request_euc_args_are_json_serializable is clean, robust, and correctly tests the standard runner serialization boundary.
  3. Open Architectural Question / Sibling Vulnerabilities:
    While the change fixes the immediate issue in the LLM flow EUC auth request path, we identified sibling call sites using .model_dump(exclude_none=True, by_alias=True) without explicit mode='json'. If models serialized in these paths grow to include nested enums, they will suffer from the identical serialization crash:
    • LLM Tool Confirmation: functions.py:L368-L373
    • Workflow HITL Auth: _workflow_hitl_utils.py:L172-L175

Recommended Next Step

  • Approve and Merge PR fix: Make EUC request args JSON-serializable #6007.
  • (Optional) Request the author or file a follow-up commit to proactively modernize the sibling call sites identified above to systematically immunize the codebase from future latent enum serialization bugs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core [Component] This issue is related to the core interface and implementation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

adk_request_credential FunctionCall args contain non-JSON-serializable SecuritySchemeType enum

2 participants

@doughayden @adk-bot