PyPI - firstops - Versions diffs - 0.2.0__tar.gz → 0.3.0__tar.gz - Mend

firstops 0.2.0tar.gz → 0.3.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

firstops-0.3.0/.github/CODEOWNERS ADDED Viewed

@@ -0,0 +1,5 @@
+# Ownership of the release machinery. Changes to these paths should be
+# reviewed by a maintainer (auto-requests review on PRs touching them).
+/.github/         @anshal21
+/pyproject.toml   @anshal21
+/Makefile         @anshal21

firstops-0.3.0/Makefile ADDED Viewed

@@ -0,0 +1,61 @@
+# FirstOps SDK — dev + release tasks.
+#
+# Release:  make release VERSION=0.2.1
+#   -> bumps pyproject version, runs tests, commits, tags v0.2.1, pushes the
+#      tag, and the GitHub `publish.yml` workflow builds + publishes to PyPI.
+#
+# PyPI versions are immutable: every release needs a NEW version. This target
+# keeps the pyproject version and the git tag in lockstep so they can't drift.
+.PHONY: help install test build clean release
+PYTHON ?= python3
+VENV   ?= .venv
+PY      = $(VENV)/bin/python
+help:
+	@echo "make install                 create venv + install package and dev deps"
+	@echo "make test                    run the test suite"
+	@echo "make build                   build wheel + sdist into dist/"
+	@echo "make clean                   remove build artifacts"
+	@echo "make release VERSION=X.Y.Z   bump version, test, tag, and publish to PyPI"
+$(VENV):
+	$(PYTHON) -m venv $(VENV)
+install: $(VENV)
+	$(PY) -m pip install --upgrade pip
+	$(PY) -m pip install -e ".[dev]" build
+test:
+	$(PY) -m pytest -q
+build: clean
+	$(PY) -m build
+clean:
+	rm -rf dist build src/*.egg-info *.egg-info
+release:
+	@if [ -z "$(VERSION)" ]; then \
+		echo "Usage: make release VERSION=X.Y.Z"; exit 1; fi
+	@echo "$(VERSION)" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+([abrc][0-9]+|\.post[0-9]+|\.dev[0-9]+)?$$' \
+		|| { echo "VERSION must look like 1.2.3 (got '$(VERSION)')"; exit 1; }
+	@if [ -n "$$(git status --porcelain)" ]; then \
+		echo "Working tree not clean — commit or stash your changes first."; \
+		echo "(A release commit should contain ONLY the version bump.)"; exit 1; fi
+	@if git rev-parse "v$(VERSION)" >/dev/null 2>&1; then \
+		echo "Tag v$(VERSION) already exists. Pick a new version (PyPI is immutable)."; exit 1; fi
+	@echo ">> bumping pyproject.toml -> $(VERSION)"
+	@$(PY) -c "import re,pathlib; p=pathlib.Path('pyproject.toml'); s=p.read_text(); s,n=re.subn(r'(?m)^version = \".*\"','version = \"$(VERSION)\"',s,count=1); assert n==1,'version line not found'; p.write_text(s)"
+	@echo ">> running tests"
+	@$(PY) -m pytest -q
+	@echo ">> committing + tagging v$(VERSION)"
+	@git add pyproject.toml
+	@git commit -m "Release v$(VERSION)"
+	@git tag -a "v$(VERSION)" -m "firstops v$(VERSION)"
+	@echo ">> pushing branch + tag (triggers the PyPI publish workflow)"
+	@git push
+	@git push origin "v$(VERSION)"
+	@echo ">> released v$(VERSION). Watch the publish run:"
+	@echo "   gh run watch \$$(gh run list --workflow=publish.yml -L1 --json databaseId -q '.[0].databaseId') --exit-status"

{firstops-0.2.0 → firstops-0.3.0}/PKG-INFO RENAMED Viewed

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: firstops
-Version: 0.2.0
-Summary: Govern MCP, tool calls, and LLM traffic for AI agents — across LangGraph, Claude Agent SDK, and OpenAI Agents.
+Version: 0.3.0
+Summary: Govern MCP, tool calls, and LLM traffic for AI agents — across LangGraph, Claude Agent SDK, OpenAI Agents, and Google ADK.
 Project-URL: Homepage, https://firstops.dev
 Project-URL: Documentation, https://github.com/firstops-dev/firstops-python
 Project-URL: Repository, https://github.com/firstops-dev/firstops-python
@@ -9,7 +9,7 @@ Project-URL: Issues, https://github.com/firstops-dev/firstops-python/issues
 Author-email: FirstOps <dev@firstops.dev>
 License-Expression: MIT
 License-File: LICENSE
-Keywords: agent,claude,dpop,governance,guardrails,langchain,langgraph,llm,mcp,openai-agents,security
+Keywords: agent,claude,dpop,google-adk,governance,guardrails,langchain,langgraph,llm,mcp,openai-agents,security
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: MIT License
@@ -23,8 +23,11 @@ Classifier: Topic :: Software Development :: Libraries
 Requires-Python: >=3.10
 Requires-Dist: cryptography>=42.0
 Requires-Dist: httpx>=0.27
+Provides-Extra: adk
+Requires-Dist: google-adk[extensions]; extra == 'adk'
 Provides-Extra: all
 Requires-Dist: claude-agent-sdk; extra == 'all'
+Requires-Dist: google-adk[extensions]; extra == 'all'
 Requires-Dist: langchain-mcp-adapters; extra == 'all'
 Requires-Dist: langchain-openai; extra == 'all'
 Requires-Dist: langchain>=1.0; extra == 'all'
@@ -46,14 +49,20 @@ Description-Content-Type: text/markdown
 # FirstOps Python SDK
-Govern what your AI agents do. FirstOps applies identity, policy enforcement, credential brokering, and audit to every **LLM call**, **tool call**, and **MCP call** your agent makes — across LangGraph, the Claude Agent SDK, and the OpenAI Agents SDK, or any custom loop.
+Govern what your AI agents do. FirstOps applies identity, policy enforcement, credential brokering, and audit to every **LLM call**, **tool call**, and **MCP call** your agent makes — across LangGraph, the Claude Agent SDK, the OpenAI Agents SDK, and Google ADK, or any custom loop.
+## Install
 ```bash
-pip install "firstops[langgraph]"   # or [claude], [openai], [all]
+pip install "firstops[langgraph]"   # LangGraph + LangChain
+pip install "firstops[claude]"      # Claude Agent SDK
+pip install "firstops[openai]"      # OpenAI Agents SDK
+pip install "firstops[adk]"         # Google ADK
+pip install "firstops[all]"         # all of the above
+pip install firstops                # core only (management client / custom loops)
 ```
-- **Python 3.10+**
-- Core deps: `cryptography`, `httpx`. Your agent framework comes in via the extra you pick.
+Python 3.10+. Core deps are just `cryptography` and `httpx` — your agent framework comes in via the extra you pick.
 ---
@@ -116,6 +125,16 @@ guard = firstops_tool_input_guardrail(fo)
 def send_email(to: str, body: str) -> str: ...
 ```
+**Google ADK** — one `before_tool_callback` governs every tool (block + rewrite args):
+```python
+from google.adk.agents import LlmAgent
+from firstops.integrations.google_adk import firstops_before_tool_callback
+agent = LlmAgent(name="assistant", model=..., tools=[...],
+                 before_tool_callback=firstops_before_tool_callback(fo))
+```
 **Any framework / custom loop** — the base API:
 ```python
@@ -134,6 +153,17 @@ mcp = MultiServerMCPClient({"notion": {"url": firstops.mcp_url("<connection-id>"
 tools = await mcp.get_tools()
 ```
+## Examples
+Runnable agents in [`examples/`](examples/) — each governs the LLM and tool calls; the `*_mcp` variants add a Notion MCP server:
+- LangGraph — [`langgraph_basic.py`](examples/langgraph_basic.py), [`langgraph_notion_mcp.py`](examples/langgraph_notion_mcp.py)
+- Claude Agent SDK — [`claude_sdk_basic.py`](examples/claude_sdk_basic.py), [`claude_sdk_mcp.py`](examples/claude_sdk_mcp.py)
+- OpenAI Agents SDK — [`openai_agents_basic.py`](examples/openai_agents_basic.py), [`openai_agents_mcp.py`](examples/openai_agents_mcp.py)
+- Google ADK — [`google_adk_basic.py`](examples/google_adk_basic.py)
+See [`examples/README.md`](examples/README.md) for the env vars to run them.
 ## Management client
 Provision agents and connections from your backend:
@@ -152,8 +182,10 @@ admin.connections.register(principal_id=agent.id, name="slack", upstream_url="ht
 ## Documentation
-- Guides: <https://firstops.dev/docs>
-- Repository: <https://github.com/firstops-dev/firstops-python>
+- [Docs home](https://firstops.dev/docs)
+- Guides: [LangChain / LangGraph](https://firstops.dev/docs/guides/langchain) · [Claude Agent SDK](https://firstops.dev/docs/guides/claude-sdk) · [OpenAI Agents SDK](https://firstops.dev/docs/guides/openai-agents) · [Google ADK](https://firstops.dev/docs/guides/google-adk)
+- Concepts: [Identity](https://firstops.dev/docs/concepts/identity) · [Enforcement](https://firstops.dev/docs/concepts/enforcement) · [Connections](https://firstops.dev/docs/concepts/connections)
+- [Repository](https://github.com/firstops-dev/firstops-python)
 ## License

{firstops-0.2.0 → firstops-0.3.0}/README.md RENAMED Viewed

@@ -1,13 +1,19 @@
 # FirstOps Python SDK
-Govern what your AI agents do. FirstOps applies identity, policy enforcement, credential brokering, and audit to every **LLM call**, **tool call**, and **MCP call** your agent makes — across LangGraph, the Claude Agent SDK, and the OpenAI Agents SDK, or any custom loop.
+Govern what your AI agents do. FirstOps applies identity, policy enforcement, credential brokering, and audit to every **LLM call**, **tool call**, and **MCP call** your agent makes — across LangGraph, the Claude Agent SDK, the OpenAI Agents SDK, and Google ADK, or any custom loop.
+## Install
 ```bash
-pip install "firstops[langgraph]"   # or [claude], [openai], [all]
+pip install "firstops[langgraph]"   # LangGraph + LangChain
+pip install "firstops[claude]"      # Claude Agent SDK
+pip install "firstops[openai]"      # OpenAI Agents SDK
+pip install "firstops[adk]"         # Google ADK
+pip install "firstops[all]"         # all of the above
+pip install firstops                # core only (management client / custom loops)
 ```
-- **Python 3.10+**
-- Core deps: `cryptography`, `httpx`. Your agent framework comes in via the extra you pick.
+Python 3.10+. Core deps are just `cryptography` and `httpx` — your agent framework comes in via the extra you pick.
 ---
@@ -70,6 +76,16 @@ guard = firstops_tool_input_guardrail(fo)
 def send_email(to: str, body: str) -> str: ...
 ```
+**Google ADK** — one `before_tool_callback` governs every tool (block + rewrite args):
+```python
+from google.adk.agents import LlmAgent
+from firstops.integrations.google_adk import firstops_before_tool_callback
+agent = LlmAgent(name="assistant", model=..., tools=[...],
+                 before_tool_callback=firstops_before_tool_callback(fo))
+```
 **Any framework / custom loop** — the base API:
 ```python
@@ -88,6 +104,17 @@ mcp = MultiServerMCPClient({"notion": {"url": firstops.mcp_url("<connection-id>"
 tools = await mcp.get_tools()
 ```
+## Examples
+Runnable agents in [`examples/`](examples/) — each governs the LLM and tool calls; the `*_mcp` variants add a Notion MCP server:
+- LangGraph — [`langgraph_basic.py`](examples/langgraph_basic.py), [`langgraph_notion_mcp.py`](examples/langgraph_notion_mcp.py)
+- Claude Agent SDK — [`claude_sdk_basic.py`](examples/claude_sdk_basic.py), [`claude_sdk_mcp.py`](examples/claude_sdk_mcp.py)
+- OpenAI Agents SDK — [`openai_agents_basic.py`](examples/openai_agents_basic.py), [`openai_agents_mcp.py`](examples/openai_agents_mcp.py)
+- Google ADK — [`google_adk_basic.py`](examples/google_adk_basic.py)
+See [`examples/README.md`](examples/README.md) for the env vars to run them.
 ## Management client
 Provision agents and connections from your backend:
@@ -106,8 +133,10 @@ admin.connections.register(principal_id=agent.id, name="slack", upstream_url="ht
 ## Documentation
-- Guides: <https://firstops.dev/docs>
-- Repository: <https://github.com/firstops-dev/firstops-python>
+- [Docs home](https://firstops.dev/docs)
+- Guides: [LangChain / LangGraph](https://firstops.dev/docs/guides/langchain) · [Claude Agent SDK](https://firstops.dev/docs/guides/claude-sdk) · [OpenAI Agents SDK](https://firstops.dev/docs/guides/openai-agents) · [Google ADK](https://firstops.dev/docs/guides/google-adk)
+- Concepts: [Identity](https://firstops.dev/docs/concepts/identity) · [Enforcement](https://firstops.dev/docs/concepts/enforcement) · [Connections](https://firstops.dev/docs/concepts/connections)
+- [Repository](https://github.com/firstops-dev/firstops-python)
 ## License

firstops-0.3.0/examples/google_adk_basic.py ADDED Viewed

@@ -0,0 +1,73 @@
+"""Google ADK agent governed by FirstOps.
+One `before_tool_callback` governs every tool call (block + rewrite args). The
+LLM runs through the sidecar chain-link via LiteLLM pointed at OpenAI.
+Run with the env vars in README.md (needs OPENAI_API_KEY).
+"""
+import asyncio
+import os
+import firstops
+from firstops.integrations.google_adk import firstops_before_tool_callback
+from google.adk.agents import LlmAgent
+from google.adk.models.lite_llm import LiteLlm
+from google.adk.runners import InMemoryRunner
+from google.genai import types
+from _shared import load_config, trace
+APP = "firstops-demo"
+def get_weather(city: str) -> dict:
+    """Get the current weather for a city."""
+    print(f"   [TOOL get_weather] city={city}")
+    return {"weather": f"21C and sunny in {city}"}
+def send_email(to: str, body: str) -> dict:
+    """Send an email to a recipient."""
+    print(f"   [TOOL send_email] to={to} body={body!r}")
+    return {"status": "sent"}
+async def main():
+    cfg = load_config()
+    fo = firstops.init(
+        cfg["agent_id"], cfg["key_pem"], gateway_url=cfg["gateway"], port=cfg["port"]
+    )
+    trace(fo)
+    try:
+        agent = LlmAgent(
+            name="assistant",
+            model=LiteLlm(
+                model="openai/gpt-4o-mini",
+                api_base=firstops.llm_base_url("openai"),  # -> sidecar chain-link
+                api_key=os.environ["OPENAI_API_KEY"],
+            ),
+            instruction="You are a helpful assistant.",
+            tools=[get_weather, send_email],
+            before_tool_callback=firstops_before_tool_callback(fo),  # governs tools
+        )
+        runner = InMemoryRunner(agent=agent, app_name=APP)
+        session = await runner.session_service.create_session(app_name=APP, user_id="u1")
+        msg = types.Content(
+            role="user",
+            parts=[types.Part(text="Check the weather in Paris, then email it to alice@example.com.")],
+        )
+        print("\n>>> running Google ADK agent\n")
+        async for event in runner.run_async(
+            user_id="u1", session_id=session.id, new_message=msg
+        ):
+            if event.content and event.content.parts:
+                for part in event.content.parts:
+                    if getattr(part, "text", None) and part.text.strip():
+                        print(f"   [ADK] {part.text.strip()[:160]}")
+    finally:
+        firstops.shutdown()
+if __name__ == "__main__":
+    asyncio.run(main())

{firstops-0.2.0 → firstops-0.3.0}/pyproject.toml RENAMED Viewed

@@ -4,8 +4,8 @@ build-backend = "hatchling.build"
 [project]
 name = "firstops"
-version = "0.2.0"
-description = "Govern MCP, tool calls, and LLM traffic for AI agents — across LangGraph, Claude Agent SDK, and OpenAI Agents."
+version = "0.3.0"
+description = "Govern MCP, tool calls, and LLM traffic for AI agents — across LangGraph, Claude Agent SDK, OpenAI Agents, and Google ADK."
 readme = "README.md"
 requires-python = ">=3.10"
 license = "MIT"
@@ -26,7 +26,7 @@ classifiers = [
 ]
 keywords = [
     "mcp", "dpop", "agent", "security", "governance", "llm",
-    "langgraph", "langchain", "openai-agents", "claude", "guardrails",
+    "langgraph", "langchain", "openai-agents", "claude", "google-adk", "guardrails",
 ]
 dependencies = [
     "cryptography>=42.0",
@@ -54,6 +54,9 @@ claude = [
 openai = [
     "openai-agents",
 ]
+adk = [
+    "google-adk[extensions]",
+]
 all = [
     "langchain>=1.0",
     "langgraph",
@@ -61,6 +64,7 @@ all = [
     "langchain-mcp-adapters",
     "claude-agent-sdk",
     "openai-agents",
+    "google-adk[extensions]",
 ]
 dev = [
     "pytest>=8.0",

{firstops-0.2.0 → firstops-0.3.0}/src/firstops/integrations/_common.py RENAMED Viewed

@@ -22,6 +22,7 @@ ACTION_MODIFY = "modify"
 HARNESS_LANGGRAPH = "langgraph"
 HARNESS_CLAUDE = "claude-agent-sdk"
 HARNESS_OPENAI_AGENTS = "openai-agents"
+HARNESS_GOOGLE_ADK = "google-adk"
 def _json_safe(value: Any) -> Any:

firstops-0.3.0/src/firstops/integrations/google_adk.py ADDED Viewed

@@ -0,0 +1,55 @@
+"""Google ADK adapter — `before_tool_callback` governs every tool call.
+ADK's agent-level `before_tool_callback` can both **block** a tool (return a
+result, which short-circuits the call) and **rewrite its args** (mutate the args
+dict in place) — so FirstOps gets block and scrub on Google ADK.
+Usage::
+    from google.adk.agents import LlmAgent
+    from firstops.integrations.google_adk import firstops_before_tool_callback
+    agent = LlmAgent(
+        name="assistant",
+        model=...,
+        tools=[...],
+        before_tool_callback=firstops_before_tool_callback(fo),
+    )
+The callback is a plain function (ADK invokes it as
+``callback(tool=, args=, tool_context=)``), so this adapter needs no ADK import.
+"""
+from __future__ import annotations
+from typing import Any
+from firstops import _runtime
+from firstops.integrations._common import (
+    ACTION_DENY,
+    ACTION_MODIFY,
+    HARNESS_GOOGLE_ADK,
+    decide,
+)
+def firstops_before_tool_callback(fo=None):
+    """Return a ``before_tool_callback`` that governs every tool call."""
+    rt = fo if fo is not None else _runtime.runtime()
+    def _before_tool(tool, args, tool_context) -> dict[str, Any] | None:
+        tool_name = getattr(tool, "name", "") or ""
+        action, payload = decide(
+            rt, tool_name, args, can_apply_modify=True, harness=HARNESS_GOOGLE_ADK
+        )
+        if action == ACTION_DENY:
+            # A non-None return short-circuits the tool; this becomes the result
+            # the model sees.
+            return {"status": "denied", "error": f"blocked by FirstOps policy: {payload}"}
+        if action == ACTION_MODIFY and isinstance(payload, dict) and isinstance(args, dict):
+            # Rewrite the call's args in place (full replacement with scrubbed input).
+            args.clear()
+            args.update(payload)
+        return None
+    return _before_tool

{firstops-0.2.0 → firstops-0.3.0}/src/firstops/proxy.py RENAMED Viewed

@@ -44,6 +44,14 @@ _LLM_STRIP_HEADERS = frozenset(
     }
 )
+# Response headers we must not forward back to the client: hop-by-hop, plus the
+# ones BaseHTTPRequestHandler sets itself (Server/Date) — forwarding the
+# upstream's copies duplicates them, which strict clients (aiohttp/litellm)
+# reject with "Duplicate 'Server' header".
+_RESP_STRIP_HEADERS = frozenset(
+    {"transfer-encoding", "connection", "server", "date"}
+)
 # Hard cap on a forwarded request body (defensive against a huge Content-Length).
 _MAX_BODY_BYTES = 100 * 1024 * 1024
@@ -210,6 +218,12 @@ def _make_handler(identity: Identity, local_port: int, enforcement, llm_upstream
     client = httpx.Client(timeout=httpx.Timeout(120.0, connect=10.0))
     class ProxyHandler(BaseHTTPRequestHandler):
+        # HTTP/1.1 so strict clients (litellm/aiohttp, Node MCP) get clean
+        # keep-alive framing. Non-streaming responses carry an exact
+        # Content-Length (see _forward); streaming responses close the
+        # connection explicitly.
+        protocol_version = "HTTP/1.1"
         def do_POST(self):
             self._dispatch("POST")
@@ -264,6 +278,7 @@ def _make_handler(identity: Identity, local_port: int, enforcement, llm_upstream
             if denial is not None:
                 self.send_response(403)
                 self.send_header("Content-Type", "application/json")
+                self.send_header("Content-Length", str(len(denial)))
                 self.end_headers()
                 self.wfile.write(denial)
                 return
@@ -364,20 +379,39 @@ def _make_handler(identity: Identity, local_port: int, enforcement, llm_upstream
                     method, url, headers=headers, content=body,
                     timeout=httpx.Timeout(120.0, connect=10.0),
                 ) as resp:
+                    is_stream = "text/event-stream" in resp.headers.get("content-type", "")
+                    if is_stream:
+                        # Streaming (SSE): pass bytes through raw with flushing so
+                        # events arrive live. No Content-Length, so close the
+                        # connection to delimit the body under HTTP/1.1.
+                        self.close_connection = True
+                        self.send_response(resp.status_code)
+                        for k, v in resp.headers.items():
+                            if k.lower() not in _RESP_STRIP_HEADERS:
+                                self.send_header(k, v)
+                        self.send_header("Connection", "close")
+                        self.end_headers()
+                        for chunk in resp.iter_raw():
+                            self.wfile.write(chunk)
+                            self.wfile.flush()
+                        return
+                    # Non-streaming: buffer the DECODED body and send it with an
+                    # exact Content-Length, dropping Content-Encoding/Length from
+                    # upstream. This gives a cleanly-framed response that ANY
+                    # client reads correctly (httpx, aiohttp, Node) — a
+                    # close-delimited gzipped body trips stricter clients.
+                    payload = resp.read()  # httpx auto-decompresses
                     self.send_response(resp.status_code)
                     for k, v in resp.headers.items():
-                        if k.lower() not in ("transfer-encoding", "connection"):
+                        if k.lower() not in _RESP_STRIP_HEADERS and k.lower() not in (
+                            "content-encoding", "content-length",
+                        ):
                             self.send_header(k, v)
+                    self.send_header("Content-Length", str(len(payload)))
                     self.end_headers()
-                    # Forward the body RAW: httpx auto-decompresses iter_bytes()/
-                    # read(), but we keep the upstream Content-Encoding/Length
-                    # headers, so we must pass the original (possibly gzipped)
-                    # bytes through untouched or the client's decode fails.
-                    # Flush per chunk so SSE/streaming responses arrive live.
-                    for chunk in resp.iter_raw():
-                        self.wfile.write(chunk)
-                        self.wfile.flush()
+                    self.wfile.write(payload)
             except httpx.HTTPError as e:
                 logger.error("upstream request failed: %s", e)
                 self.send_error(502, "upstream request failed")
@@ -386,10 +420,12 @@ def _make_handler(identity: Identity, local_port: int, enforcement, llm_upstream
             """Stream an SSE response, rewriting gateway URLs to localhost."""
             try:
                 with httpx.stream("GET", url, headers=headers, timeout=None) as resp:
+                    self.close_connection = True  # SSE: no length, close-delimited
                     self.send_response(resp.status_code)
                     for k, v in resp.headers.items():
-                        if k.lower() not in ("transfer-encoding", "connection"):
+                        if k.lower() not in _RESP_STRIP_HEADERS:
                             self.send_header(k, v)
+                    self.send_header("Connection", "close")
                     self.end_headers()
                     gateway_msg_url = gateway + "/mcp/sse/message"

{firstops-0.2.0 → firstops-0.3.0}/tests/test_integrations.py RENAMED Viewed

@@ -181,3 +181,50 @@ from firstops.integrations import langgraph
 def test_langgraph_middleware_requires_langchain():
     with pytest.raises(RuntimeError, match="langchain"):
         langgraph.FirstOpsMiddleware(_rt(Decision(action="allow")))
+# ---- Google ADK adapter ----------------------------------------------------
+from firstops.integrations import google_adk
+class _AdkTool:
+    def __init__(self, name):
+        self.name = name
+def test_adk_allow_returns_none_and_stamps_harness():
+    rt = _rt(Decision(action="allow"))
+    cb = google_adk.firstops_before_tool_callback(rt)
+    args = {"city": "Paris"}
+    assert cb(tool=_AdkTool("get_weather"), args=args, tool_context=None) is None
+    assert args == {"city": "Paris"}  # unchanged
+    ev = rt.enforcement.events[0]
+    assert ev.tool_name == "get_weather"
+    assert ev.metadata == {"harness": "google-adk"}
+def test_adk_deny_short_circuits_with_result_dict():
+    rt = _rt(Decision(action="deny", reason="destructive"))
+    out = google_adk.firstops_before_tool_callback(rt)(
+        tool=_AdkTool("run_shell"), args={"cmd": "x"}, tool_context=None
+    )
+    assert out is not None  # non-None return blocks the tool
+    assert out["status"] == "denied"
+    assert "destructive" in out["error"]
+def test_adk_modify_rewrites_args_in_place():
+    rt = _rt(_modify({"to": "[REDACTED]"}))
+    args = {"to": "secret@example.com"}
+    out = google_adk.firstops_before_tool_callback(rt)(
+        tool=_AdkTool("send_email"), args=args, tool_context=None
+    )
+    assert out is None  # proceed
+    assert args == {"to": "[REDACTED]"}  # rewritten in place
+def test_adk_adapter_needs_no_framework():
+    # The callback is a plain function — constructing it must not require ADK.
+    cb = google_adk.firstops_before_tool_callback(_rt(Decision(action="allow")))
+    assert callable(cb)