Skip to content

Add Google ADK sample agent A365 observability wiring (PoC)#326

Open
evanmitchellgithub wants to merge 6 commits into
mainfrom
users/evanmitchell/google-adk-observability
Open

Add Google ADK sample agent A365 observability wiring (PoC)#326
evanmitchellgithub wants to merge 6 commits into
mainfrom
users/evanmitchell/google-adk-observability

Conversation

@evanmitchellgithub

@evanmitchellgithub evanmitchellgithub commented Jun 19, 2026

Copy link
Copy Markdown

Span remap + token caching + Cloud Run deploy scaffolding for routing Google ADK agent telemetry through the Agent 365 observability pipeline.

@evanmitchellmicrosoft
Add Google ADK sample agent A365 observability wiring (PoC)
2adcd72 
Span remap + token caching + Cloud Run deploy scaffolding for routing Google ADK agent telemetry through the Agent 365 observability pipeline.
@github-actions

github-actions Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 34 package(s) with unknown licenses.
See the Details below.

License Issues

python/google-adk/sample-agent/requirements.txt

PackageVersionLicenseIssue Type
Authlib1.7.2NullUnknown License
PyJWT2.13.0NullUnknown License
PyYAML6.0.3NullUnknown License
aiohttp3.14.1NullUnknown License
fastapi0.136.3NullUnknown License
google-adk2.2.0NullUnknown License
google-genai2.8.0NullUnknown License
googleapis-common-protos1.75.0NullUnknown License
grpcio1.81.0NullUnknown License
httptools0.8.0NullUnknown License
idna3.18NullUnknown License
importlib_metadata8.7.1NullUnknown License
joserfc1.7.1NullUnknown License
mcp1.27.2NullUnknown License
microsoft-agents-a365-notifications1.0.0NullUnknown License
microsoft-agents-a365-observability-core1.0.0NullUnknown License
microsoft-agents-a365-runtime1.0.0NullUnknown License
microsoft-agents-a365-tooling1.0.0NullUnknown License
microsoft-agents-activity1.1.0.dev1NullUnknown License
microsoft-agents-authentication-msal1.1.0.dev1NullUnknown License
microsoft-agents-hosting-aiohttp1.1.0.dev1NullUnknown License
microsoft-agents-hosting-core1.1.0.dev1NullUnknown License
pyOpenSSL26.2.0NullUnknown License
pyasn1_modules0.4.2NullUnknown License
pydantic2.14.0a1NullUnknown License
pydantic_core2.47.0NullUnknown License
python-multipart0.0.32NullUnknown License
rpds-py2026.5.1NullUnknown License
starlette1.3.1NullUnknown License
typing_extensions4.15.0NullUnknown License
uvicorn0.49.0NullUnknown License
wrapt2.2.1NullUnknown License
zipp4.1.0NullUnknown License
msal1.38.0rc1NullUnknown License
Denied Licenses: GPL-3.0-only, AGPL-3.0-only

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/pydantic-settings 2.14.1 UnknownUnknown
pip/Authlib 1.7.2 UnknownUnknown
pip/PyJWT 2.13.0 UnknownUnknown
pip/PyYAML 6.0.3 UnknownUnknown
pip/aiohappyeyeballs 2.6.2 UnknownUnknown
pip/aiohttp 3.14.1 UnknownUnknown
pip/aiosignal 1.4.0 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1029 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ -1Found no human activity in the last 30 changesets
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ 11 out of the last 5 releases have a total of 1 signed artifacts.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Packaging🟢 10packaging workflow detected
pip/aiosqlite 0.22.1 UnknownUnknown
pip/annotated-doc 0.0.4 UnknownUnknown
pip/annotated-types 0.7.0 UnknownUnknown
pip/anyio 4.13.0 UnknownUnknown
pip/attrs 26.1.0 UnknownUnknown
pip/azure-core 1.41.0 UnknownUnknown
pip/certifi 2026.5.20 🟢 5.9
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 9license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/cffi 2.0.0 UnknownUnknown
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/click 8.4.1 UnknownUnknown
pip/colorama 0.4.6 UnknownUnknown
pip/cryptography 48.0.1 UnknownUnknown
pip/distro 1.9.0 🟢 3.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/fastapi 0.136.3 UnknownUnknown
pip/frozenlist 1.8.0 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 3Found 5/13 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Signed-Releases🟢 64 out of the last 5 releases have a total of 4 signed artifacts.
pip/google-adk 2.2.0 UnknownUnknown
pip/google-auth 2.53.0 🟢 7.3
Details
CheckScoreReason
Maintained⚠️ 0project is archived
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
pip/google-genai 2.8.0 UnknownUnknown
pip/googleapis-common-protos 1.75.0 UnknownUnknown
pip/graphviz 0.21 UnknownUnknown
pip/grpcio 1.81.0 UnknownUnknown
pip/h11 0.16.0 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 5Found 9/18 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/httpcore 1.0.9 UnknownUnknown
pip/httptools 0.8.0 UnknownUnknown
pip/httpx 0.28.1 UnknownUnknown
pip/httpx-sse 0.4.3 UnknownUnknown
pip/idna 3.18 UnknownUnknown
pip/importlib_metadata 8.7.1 UnknownUnknown
pip/isodate 0.7.2 UnknownUnknown
pip/joserfc 1.7.1 UnknownUnknown
pip/jsonschema 4.26.0 UnknownUnknown
pip/jsonschema-specifications 2025.9.1 UnknownUnknown
pip/mcp 1.27.2 UnknownUnknown
pip/microsoft-agents-a365-notifications 1.0.0 UnknownUnknown
pip/microsoft-agents-a365-observability-core 1.0.0 UnknownUnknown
pip/microsoft-agents-a365-runtime 1.0.0 UnknownUnknown
pip/microsoft-agents-a365-tooling 1.0.0 UnknownUnknown
pip/microsoft-agents-activity 1.1.0.dev1 UnknownUnknown
pip/microsoft-agents-authentication-msal 1.1.0.dev1 UnknownUnknown
pip/microsoft-agents-hosting-aiohttp 1.1.0.dev1 UnknownUnknown
pip/microsoft-agents-hosting-core 1.1.0.dev1 UnknownUnknown
pip/msal 1.38.0rc1 🟢 7.2
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1023 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 9license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
pip/multidict 6.7.1 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 4Found 7/15 approved changesets -- score normalized to 4
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
pip/opentelemetry-api 1.38.0 UnknownUnknown
pip/opentelemetry-exporter-otlp 1.38.0 UnknownUnknown
pip/opentelemetry-exporter-otlp-proto-common 1.38.0 UnknownUnknown
pip/opentelemetry-exporter-otlp-proto-grpc 1.38.0 UnknownUnknown
pip/opentelemetry-exporter-otlp-proto-http 1.38.0 UnknownUnknown
pip/opentelemetry-proto 1.38.0 UnknownUnknown
pip/opentelemetry-sdk 1.38.0 UnknownUnknown
pip/opentelemetry-semantic-conventions 0.59b0 UnknownUnknown
pip/packaging 26.2 UnknownUnknown
pip/propcache 0.5.2 UnknownUnknown
pip/protobuf 6.33.6 UnknownUnknown
pip/pyOpenSSL 26.2.0 UnknownUnknown
pip/pyasn1 0.6.3 UnknownUnknown
pip/pyasn1_modules 0.4.2 UnknownUnknown
pip/pycparser 3.0 UnknownUnknown
pip/pydantic 2.14.0a1 UnknownUnknown
pip/pydantic_core 2.47.0 UnknownUnknown
pip/python-dotenv 1.2.2 UnknownUnknown
pip/python-multipart 0.0.32 UnknownUnknown
pip/referencing 0.37.0 UnknownUnknown
pip/requests 2.34.2 UnknownUnknown
pip/rpds-py 2026.5.1 UnknownUnknown
pip/sniffio 1.3.1 UnknownUnknown
pip/sse-starlette 3.4.4 UnknownUnknown
pip/starlette 1.3.1 UnknownUnknown
pip/tenacity 9.1.4 🟢 5.7
Details
CheckScoreReason
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/typing-inspection 0.4.2 UnknownUnknown
pip/typing_extensions 4.15.0 UnknownUnknown
pip/tzdata 2026.2 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 7Found 18/23 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1013 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/tzlocal 5.3.1 UnknownUnknown
pip/urllib3 2.7.0 UnknownUnknown
pip/uvicorn 0.49.0 UnknownUnknown
pip/watchdog 6.0.0 🟢 4.7
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 9Found 18/20 approved changesets -- score normalized to 9
Maintained🟢 64 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
pip/watchfiles 1.2.0 🟢 4
Details
CheckScoreReason
Maintained🟢 57 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 9/26 approved changesets -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/websockets 15.0.1 UnknownUnknown
pip/wrapt 2.2.1 UnknownUnknown
pip/yarl 1.24.2 🟢 6.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 2/7 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases🟢 43 out of the last 5 releases have a total of 3 signed artifacts.
pip/zipp 4.1.0 UnknownUnknown

Scanned Files

  • python/google-adk/sample-agent/requirements.txt

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 19, 2026
View reviewed changes
Comment thread python/google-adk/sample-agent/debug_probe.py Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 19, 2026
View reviewed changes
Comment thread python/google-adk/sample-agent/debug_probe.py Fixed
@evanmitchellmicrosoft
Remove temporary OTLP egress diagnostics and bump vulnerable deps
e08b7b5 
- Delete debug_probe.py (insecure TLS probe flagged by CodeQL)

- Strip /debug/otlp-probe route and forced DEBUG logger from main.py

- Strip _probe_export_transport TLS diagnostic from token_cache.py

- Bump cryptography 48.0.0 -> 49.0.0 (OpenSSL wheel advisory)

- Bump starlette 1.2.1 -> 1.3.1 (request.form DoS advisory)
@evanmitchellmicrosoft
Pin cryptography==48.0.1 (fixes GHSA-537c-gmf6-5ccf, stays <49 for py…
bc5ac06 
…openssl)
@evanmitchellgithub

evanmitchellgithub commented Jun 19, 2026

Copy link
Copy Markdown
Author

@microsoft-github-policy-service agree company="Microsoft"

@evanmitchellgithub evanmitchellgithub marked this pull request as ready for review June 19, 2026 12:31
@evanmitchellgithub evanmitchellgithub requested a review from a team as a code owner June 19, 2026 12:31
Copilot AI review requested due to automatic review settings June 19, 2026 12:31
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Not ready to approve

A new Python file is missing the required license header, and the new process-wide token cache needs thread-safety for background exporter access.

Pull request overview

This PR extends the python/google-adk/sample-agent to route Google ADK/OpenTelemetry telemetry through the Agent 365 observability pipeline by adding a span operation-name remap, wiring exporter authentication via a per-turn token cache, and providing Cloud Run deployment scaffolding for a PoC setup.

Changes:

  • Add a process-wide agentic token cache + resolver to authenticate A365 span export.
  • Remap Google GenAI/ADK inference spans to an A365-accepted operation name (chat) during export.
  • Add Cloud Run deployment helper files (Procfile, .gcloudignore, .python-version, PowerShell deploy script) and pinned runtime dependencies.
File summaries
File Description
python/google-adk/sample-agent/token_cache.py Adds per-(tenant,agent) token caching and a resolver for A365 exporter auth.
python/google-adk/sample-agent/observability_remap.py Registers a span enricher that remaps ADK/GenAI inference spans to chat.
python/google-adk/sample-agent/main.py Wires token resolver + remap registration into observability configure().
python/google-adk/sample-agent/agent.py Adds richer baggage dimensions and caches an observability-scoped token per authenticated turn.
python/google-adk/sample-agent/requirements.txt Introduces pinned dependencies for Cloud Run/pip buildpack deployment.
python/google-adk/sample-agent/Procfile Configures Cloud Run buildpack start command (python main.py).
python/google-adk/sample-agent/deploy-cloudrun.ps1 Adds Cloud Run deployment automation and env-var injection.
python/google-adk/sample-agent/.gcloudignore Adds allowlist-based source upload rules for Cloud Run source deploys.
python/google-adk/sample-agent/.python-version Pins the Python runtime version used by buildpacks/pyenv tooling.
python/google-adk/sample-agent/_freeze.py Adds a helper script for generating requirements.txt from a local environment.

Copilot's findings

  • Files reviewed: 10/10 changed files
  • Comments generated: 4

Note

Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.

Comment thread python/google-adk/sample-agent/token_cache.py Outdated
Comment thread python/google-adk/sample-agent/token_cache.py
Comment thread python/google-adk/sample-agent/token_cache.py Outdated
Comment thread python/google-adk/sample-agent/_freeze.py Outdated
@evanmitchellgithub evanmitchellgithub marked this pull request as draft June 19, 2026 12:43
@evanmitchellmicrosoft
Address review: thread-safe token cache with TTL eviction; add licens…
e629b13 
…e header to _freeze.py

- token_cache.py: guard cache reads/writes with a process-wide threading.Lock (request path vs BatchSpanProcessor export thread); store (token, expiry) with expiry parsed from JWT exp claim and evict expired entries on read.
- _freeze.py: add Microsoft copyright + MIT license header.
@evanmitchellmicrosoft
Remove _freeze.py dev-only requirements generator from sample
f5770ed 
Local pip-freeze helper not needed by sample consumers; requirements.txt is the committed contract.
@evanmitchellgithub evanmitchellgithub marked this pull request as ready for review June 19, 2026 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
+2 more reviewers
@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments
@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments
Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@evanmitchellgithub @github-advanced-security @evanmitchellmicrosoft