google-adk-extras 0.2.6__tar.gz → 0.3.0__tar.gz

{google_adk_extras-0.2.6/src/google_adk_extras.egg-info → google_adk_extras-0.3.0}/PKG-INFO

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: google-adk-extras
-Version: 0.2.6
-Summary: Production-ready services, credentials, and FastAPI wiring for Google ADK
+Version: 0.3.0
+Summary: Production-ready services and FastAPI wiring for Google ADK
 Home-page: https://github.com/DeadMeme5441/google-adk-extras
 Author: DeadMeme5441
 Author-email: DeadMeme5441 <deadunderscorememe@gmail.com>
@@ -49,7 +49,7 @@ Dynamic: requires-python
 [![Docs](https://img.shields.io/badge/docs-site-brightgreen)](https://deadmeme5441.github.io/google-adk-extras/)
 [![Docs Build](https://github.com/DeadMeme5441/google-adk-extras/actions/workflows/docs.yml/badge.svg)](https://github.com/DeadMeme5441/google-adk-extras/actions/workflows/docs.yml)
 
-Production-ready extensions for Google ADK (Agent Development Kit). This library adds durable service backends (sessions, artifacts, memory), practical credential services (OAuth2/JWT/Basic), and clean FastAPI wiring so you can run ADK agents with real storage and auth.
+Production-ready extensions for Google ADK (Agent Development Kit). This library adds durable service backends (sessions, artifacts, memory) and clean FastAPI wiring (with optional streaming) so you can run ADK agents with real storage.
 
 What this is not: a fork of ADK. It builds on ADK’s core runtime, agents, tools and callbacks, and drops in where ADK expects services and a web server.
 
@@ -58,10 +58,9 @@ What this is not: a fork of ADK. It builds on ADK’s core runtime, agents, tool
 
 ADK provides the core primitives (Runner, Session/State, MemoryService, ArtifactService, CredentialService, Agents/Tools, callbacks, Dev UI, and deployment paths). See the official ADK docs for concepts and APIs.
 
-This package focuses on three gaps common in real apps:
+This package focuses on a few gaps common in real apps:
 - Durable storage backends beyond in‑memory defaults
-- Usable credential flows (Google/GitHub/Microsoft/X OAuth2, JWT, Basic)
-- FastAPI integration that accepts your credential service without hacks
+- FastAPI integration with optional streaming (SSE/WS)
 
 
 ## Features
@@ -69,8 +68,7 @@ This package focuses on three gaps common in real apps:
 - Session services: SQL (SQLite/Postgres/MySQL), MongoDB, Redis, YAML files
 - Artifact services: Local folder (versioned), S3‑compatible, SQL, MongoDB
 - Memory services: SQL, MongoDB, Redis, YAML files (term search over text parts)
-- Credential services: Google/GitHub/Microsoft/X (OAuth2), JWT, HTTP Basic
-- Enhanced FastAPI wiring that respects a provided credential service
+- Enhanced FastAPI wiring for ADK apps (with optional streaming)
 - Fluent builder (`AdkBuilder`) to assemble a FastAPI app or a Runner
  - A2A helpers for exposing/consuming agents (see below)
 
@@ -95,17 +93,18 @@ If you plan to use specific backends, also install their clients (examples):
 - MongoDB: `uv pip install pymongo`
 - Redis: `uv pip install redis`
 - S3: `uv pip install boto3`
-- JWT: `uv pip install PyJWT`
+  
+Note on credentials (0.3.0): Outbound credentials for tools remain ADK’s concern (use ADK’s BaseCredentialService). Inbound API authentication is now available as an optional FastAPI layer in this package (see Auth below). You can run fully open (no auth) or enable API Key, Basic, or JWT (including first‑party issuance backed by SQL).
 
 
 ## Quickstart (FastAPI)
 
-Use the fluent builder to wire services and credentials. Then run with uvicorn.
+Use the fluent builder to wire services. Then run with uvicorn.
 
 ```python
 # app.py
 from google_adk_extras import AdkBuilder
-from google_adk_extras.credentials import GoogleOAuth2CredentialService
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
 
 app = (
     AdkBuilder()
@@ -113,11 +112,7 @@ app = (
     .with_session_service("sqlite:///./sessions.db")      # or: mongodb://, redis://, yaml://
     .with_artifact_service("local://./artifacts")         # or: s3://bucket, mongodb://, sql://
     .with_memory_service("yaml://./memory")               # or: redis://, mongodb://, sql://
-    .with_credential_service(GoogleOAuth2CredentialService(
-        client_id="…apps.googleusercontent.com",
-        client_secret="…",
-        scopes=["openid", "email", "profile"],
-    ))
+    # credentials: rely on ADK defaults or pass an ADK BaseCredentialService if needed
     .with_web_ui(True)     # serve ADK’s dev UI if assets available
     .with_agent_reload(True)
     .build_fastapi_app()
@@ -133,6 +128,77 @@ uvicorn app:app --reload
 If you don’t keep agents on disk, register them programmatically and use a custom loader (see below).
 
 
+## Auth (optional)
+
+Auth is entirely optional. By default, all endpoints are open (no auth). To enable protection, pass `auth_config` into `get_enhanced_fast_api_app` via the builder or directly.
+
+Supported inbound methods:
+- API Key: `X-API-Key: <key>` header (or `?api_key=` query). Keys can be static via config, or issued/rotated via SQL‑backed endpoints.
+- HTTP Basic: `Authorization: Basic base64(user:pass)` for quick human/internal testing. Can validate against in‑memory map or the SQL users table.
+- Bearer JWT (validate): Accept JWTs from Google/Auth0/Okta/etc. via JWKS, or HS256 secret in dev. Enforces iss/aud/exp/nbf.
+- Bearer JWT (issue): First‑party issuer with HS256, tokens minted from `/auth/token`, users stored in SQL (SQLite/Postgres/MySQL).
+
+Minimal enablement (JWT validate only):
+
+```python
+from google_adk_extras.auth import AuthConfig, JwtValidatorConfig
+
+auth = AuthConfig(
+    enabled=True,
+    jwt_validator=JwtValidatorConfig(
+        jwks_url="https://accounts.google.com/.well-known/openid-configuration",  # example
+        issuer="https://accounts.google.com",
+        audience="your-api-audience",
+    ),
+)
+
+app = (
+    AdkBuilder()
+      .with_agents_dir("./agents")
+      .build_fastapi_app()
+)
+```
+
+First‑party issuer + validate (single shared HS256 secret) with SQL connector:
+
+```python
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
+
+issuer = JwtIssuerConfig(
+    enabled=True,
+    issuer="https://local-issuer",
+    audience="adk-api",
+    algorithm="HS256",
+    hs256_secret="topsecret",
+    database_url="sqlite:///./auth.db",  # also supports Postgres/MySQL
+)
+validator = JwtValidatorConfig(
+    issuer=issuer.issuer,
+    audience=issuer.audience,
+    hs256_secret=issuer.hs256_secret,
+)
+
+auth = AuthConfig(enabled=True, jwt_issuer=issuer, jwt_validator=validator)
+
+app = (
+    AdkBuilder()
+      .with_agents_dir("./agents")
+      .build_fastapi_app()
+)
+```
+
+Issuing and using tokens/keys at runtime:
+- Register user: `POST /auth/register?username=alice&password=wonder`
+- Token (password): `POST /auth/token?grant_type=password&username=alice&password=wonder`
+- Refresh: `POST /auth/refresh?user_id=<uid>&refresh_token=<jti>`
+- Create API key: `POST /auth/api-keys` (auth required) → returns `{ id, api_key }` (plaintext shown once)
+- List keys: `GET /auth/api-keys` (auth required)
+- Revoke key: `DELETE /auth/api-keys/{id}` (auth required)
+- Use API key: add `X-API-Key: <api_key>` to any protected route (keys currently allow full access)
+
+Protected routes include `/run`, `/run_sse`, all `/apps/...` session/artifact/eval endpoints, `/debug/*`, `/builder/*`, and optionally `/list-apps` and `/apps/{app}/metrics-info`.
+
+
 ## Quickstart (Runner)
 
 Create a Runner wired with your chosen backends. Use agent name (filesystem loader) or pass an agent instance.
@@ -251,24 +317,8 @@ app = (
 ```
 
 
-## Credential URI cheatsheet (optional)
-
-If you prefer URIs instead of constructing services:
-
-- Google OAuth2: `oauth2-google://client_id:secret@scopes=openid,email,profile`
-- GitHub OAuth2: `oauth2-github://client_id:secret@scopes=user,repo`
-- Microsoft OAuth2: `oauth2-microsoft://<tenant>/<client_id>:<secret>@scopes=User.Read`
-- X OAuth2: `oauth2-x://client_id:secret@scopes=tweet.read,users.read`
-- JWT: `jwt://<secret>@algorithm=HS256&issuer=my-app&audience=api.example.com&expiration_minutes=60`
-- Basic: `basic-auth://username:password@realm=My%20API`
-
-```python
-cred = (
-    AdkBuilder()
-    .with_credential_service_uri("jwt://secret@issuer=my-app")
-    ._create_credential_service()
-)
-```
+<!-- Credential URI helpers removed. Use ADK’s BaseCredentialService directly if needed,
+     and handle inbound API authentication at FastAPI level. -->
 
 
 ## Notes & limitations

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/README.md

@@ -6,7 +6,7 @@
 [![Docs](https://img.shields.io/badge/docs-site-brightgreen)](https://deadmeme5441.github.io/google-adk-extras/)
 [![Docs Build](https://github.com/DeadMeme5441/google-adk-extras/actions/workflows/docs.yml/badge.svg)](https://github.com/DeadMeme5441/google-adk-extras/actions/workflows/docs.yml)
 
-Production-ready extensions for Google ADK (Agent Development Kit). This library adds durable service backends (sessions, artifacts, memory), practical credential services (OAuth2/JWT/Basic), and clean FastAPI wiring so you can run ADK agents with real storage and auth.
+Production-ready extensions for Google ADK (Agent Development Kit). This library adds durable service backends (sessions, artifacts, memory) and clean FastAPI wiring (with optional streaming) so you can run ADK agents with real storage.
 
 What this is not: a fork of ADK. It builds on ADK’s core runtime, agents, tools and callbacks, and drops in where ADK expects services and a web server.
 
@@ -15,10 +15,9 @@ What this is not: a fork of ADK. It builds on ADK’s core runtime, agents, tool
 
 ADK provides the core primitives (Runner, Session/State, MemoryService, ArtifactService, CredentialService, Agents/Tools, callbacks, Dev UI, and deployment paths). See the official ADK docs for concepts and APIs.
 
-This package focuses on three gaps common in real apps:
+This package focuses on a few gaps common in real apps:
 - Durable storage backends beyond in‑memory defaults
-- Usable credential flows (Google/GitHub/Microsoft/X OAuth2, JWT, Basic)
-- FastAPI integration that accepts your credential service without hacks
+- FastAPI integration with optional streaming (SSE/WS)
 
 
 ## Features
@@ -26,8 +25,7 @@ This package focuses on three gaps common in real apps:
 - Session services: SQL (SQLite/Postgres/MySQL), MongoDB, Redis, YAML files
 - Artifact services: Local folder (versioned), S3‑compatible, SQL, MongoDB
 - Memory services: SQL, MongoDB, Redis, YAML files (term search over text parts)
-- Credential services: Google/GitHub/Microsoft/X (OAuth2), JWT, HTTP Basic
-- Enhanced FastAPI wiring that respects a provided credential service
+- Enhanced FastAPI wiring for ADK apps (with optional streaming)
 - Fluent builder (`AdkBuilder`) to assemble a FastAPI app or a Runner
  - A2A helpers for exposing/consuming agents (see below)
 
@@ -52,17 +50,18 @@ If you plan to use specific backends, also install their clients (examples):
 - MongoDB: `uv pip install pymongo`
 - Redis: `uv pip install redis`
 - S3: `uv pip install boto3`
-- JWT: `uv pip install PyJWT`
+  
+Note on credentials (0.3.0): Outbound credentials for tools remain ADK’s concern (use ADK’s BaseCredentialService). Inbound API authentication is now available as an optional FastAPI layer in this package (see Auth below). You can run fully open (no auth) or enable API Key, Basic, or JWT (including first‑party issuance backed by SQL).
 
 
 ## Quickstart (FastAPI)
 
-Use the fluent builder to wire services and credentials. Then run with uvicorn.
+Use the fluent builder to wire services. Then run with uvicorn.
 
 ```python
 # app.py
 from google_adk_extras import AdkBuilder
-from google_adk_extras.credentials import GoogleOAuth2CredentialService
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
 
 app = (
     AdkBuilder()
@@ -70,11 +69,7 @@ app = (
     .with_session_service("sqlite:///./sessions.db")      # or: mongodb://, redis://, yaml://
     .with_artifact_service("local://./artifacts")         # or: s3://bucket, mongodb://, sql://
     .with_memory_service("yaml://./memory")               # or: redis://, mongodb://, sql://
-    .with_credential_service(GoogleOAuth2CredentialService(
-        client_id="…apps.googleusercontent.com",
-        client_secret="…",
-        scopes=["openid", "email", "profile"],
-    ))
+    # credentials: rely on ADK defaults or pass an ADK BaseCredentialService if needed
     .with_web_ui(True)     # serve ADK’s dev UI if assets available
     .with_agent_reload(True)
     .build_fastapi_app()
@@ -90,6 +85,77 @@ uvicorn app:app --reload
 If you don’t keep agents on disk, register them programmatically and use a custom loader (see below).
 
 
+## Auth (optional)
+
+Auth is entirely optional. By default, all endpoints are open (no auth). To enable protection, pass `auth_config` into `get_enhanced_fast_api_app` via the builder or directly.
+
+Supported inbound methods:
+- API Key: `X-API-Key: <key>` header (or `?api_key=` query). Keys can be static via config, or issued/rotated via SQL‑backed endpoints.
+- HTTP Basic: `Authorization: Basic base64(user:pass)` for quick human/internal testing. Can validate against in‑memory map or the SQL users table.
+- Bearer JWT (validate): Accept JWTs from Google/Auth0/Okta/etc. via JWKS, or HS256 secret in dev. Enforces iss/aud/exp/nbf.
+- Bearer JWT (issue): First‑party issuer with HS256, tokens minted from `/auth/token`, users stored in SQL (SQLite/Postgres/MySQL).
+
+Minimal enablement (JWT validate only):
+
+```python
+from google_adk_extras.auth import AuthConfig, JwtValidatorConfig
+
+auth = AuthConfig(
+    enabled=True,
+    jwt_validator=JwtValidatorConfig(
+        jwks_url="https://accounts.google.com/.well-known/openid-configuration",  # example
+        issuer="https://accounts.google.com",
+        audience="your-api-audience",
+    ),
+)
+
+app = (
+    AdkBuilder()
+      .with_agents_dir("./agents")
+      .build_fastapi_app()
+)
+```
+
+First‑party issuer + validate (single shared HS256 secret) with SQL connector:
+
+```python
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
+
+issuer = JwtIssuerConfig(
+    enabled=True,
+    issuer="https://local-issuer",
+    audience="adk-api",
+    algorithm="HS256",
+    hs256_secret="topsecret",
+    database_url="sqlite:///./auth.db",  # also supports Postgres/MySQL
+)
+validator = JwtValidatorConfig(
+    issuer=issuer.issuer,
+    audience=issuer.audience,
+    hs256_secret=issuer.hs256_secret,
+)
+
+auth = AuthConfig(enabled=True, jwt_issuer=issuer, jwt_validator=validator)
+
+app = (
+    AdkBuilder()
+      .with_agents_dir("./agents")
+      .build_fastapi_app()
+)
+```
+
+Issuing and using tokens/keys at runtime:
+- Register user: `POST /auth/register?username=alice&password=wonder`
+- Token (password): `POST /auth/token?grant_type=password&username=alice&password=wonder`
+- Refresh: `POST /auth/refresh?user_id=<uid>&refresh_token=<jti>`
+- Create API key: `POST /auth/api-keys` (auth required) → returns `{ id, api_key }` (plaintext shown once)
+- List keys: `GET /auth/api-keys` (auth required)
+- Revoke key: `DELETE /auth/api-keys/{id}` (auth required)
+- Use API key: add `X-API-Key: <api_key>` to any protected route (keys currently allow full access)
+
+Protected routes include `/run`, `/run_sse`, all `/apps/...` session/artifact/eval endpoints, `/debug/*`, `/builder/*`, and optionally `/list-apps` and `/apps/{app}/metrics-info`.
+
+
 ## Quickstart (Runner)
 
 Create a Runner wired with your chosen backends. Use agent name (filesystem loader) or pass an agent instance.
@@ -208,24 +274,8 @@ app = (
 ```
 
 
-## Credential URI cheatsheet (optional)
-
-If you prefer URIs instead of constructing services:
-
-- Google OAuth2: `oauth2-google://client_id:secret@scopes=openid,email,profile`
-- GitHub OAuth2: `oauth2-github://client_id:secret@scopes=user,repo`
-- Microsoft OAuth2: `oauth2-microsoft://<tenant>/<client_id>:<secret>@scopes=User.Read`
-- X OAuth2: `oauth2-x://client_id:secret@scopes=tweet.read,users.read`
-- JWT: `jwt://<secret>@algorithm=HS256&issuer=my-app&audience=api.example.com&expiration_minutes=60`
-- Basic: `basic-auth://username:password@realm=My%20API`
-
-```python
-cred = (
-    AdkBuilder()
-    .with_credential_service_uri("jwt://secret@issuer=my-app")
-    ._create_credential_service()
-)
-```
+<!-- Credential URI helpers removed. Use ADK’s BaseCredentialService directly if needed,
+     and handle inbound API authentication at FastAPI level. -->
 
 
 ## Notes & limitations

google_adk_extras-0.3.0/docs/auth.md

@@ -0,0 +1,79 @@
+# Auth (Optional)
+
+Inbound API authentication is optional. If you don’t pass an `auth_config`, all routes are open (useful for local dev). When enabled, the middleware protects sensitive routes and enforces identity where appropriate.
+
+Supported methods:
+- API Key
+  - Send `X-API-Key: <token>` header or `?api_key=<token>` query.
+  - Keys can be static via config or issued/rotated via SQL‑backed endpoints.
+- HTTP Basic
+  - `Authorization: Basic base64(user:pass)`.
+  - Checks an in‑memory map or the SQL users table when configured.
+- Bearer JWT (validate)
+  - Validate JWTs from OIDC providers (Google, Auth0, Okta, etc.) via JWKS.
+  - Or use HS256 with a shared secret in dev.
+- Bearer JWT (issue)
+  - First‑party issuer backed by SQL; exposes `/auth/register`, `/auth/token`, `/auth/refresh`.
+
+## Quick examples
+
+### Enable JWT validate only
+```python
+from google_adk_extras import AdkBuilder
+from google_adk_extras.auth import AuthConfig, JwtValidatorConfig
+
+auth = AuthConfig(
+    enabled=True,
+    jwt_validator=JwtValidatorConfig(
+        jwks_url="https://YOUR_ISSUER/.well-known/jwks.json",
+        issuer="https://YOUR_ISSUER",
+        audience="your-api-audience",
+    ),
+)
+
+app = AdkBuilder().with_agents_dir("./agents").build_fastapi_app()
+```
+
+### First‑party issuer + validate (HS256) and SQL store
+```python
+from google_adk_extras import AdkBuilder
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
+
+issuer = JwtIssuerConfig(
+    enabled=True,
+    issuer="https://local-issuer",
+    audience="adk-api",
+    algorithm="HS256",
+    hs256_secret="topsecret",
+    database_url="sqlite:///./auth.db",
+)
+validator = JwtValidatorConfig(issuer=issuer.issuer, audience=issuer.audience, hs256_secret=issuer.hs256_secret)
+
+auth = AuthConfig(enabled=True, jwt_issuer=issuer, jwt_validator=validator)
+
+app = AdkBuilder().with_agents_dir("./agents").build_fastapi_app()
+```
+
+### API key management endpoints (SQL store)
+- `POST /auth/api-keys` → `{ id, api_key }` (plaintext shown once)
+- `GET /auth/api-keys` → list metadata
+- `DELETE /auth/api-keys/{id}` → revoke
+
+Use `X-API-Key: <api_key>` (or `?api_key=`) to access protected routes.
+
+## What’s protected
+- Always: `POST /run`, `POST /run_sse`, `GET/POST/DELETE /apps/...`, `/debug/*`, `/builder/*`.
+- Optional: `/list-apps` and `/apps/{app}/metrics-info` (toggled in `AuthConfig`).
+- Ownership: when the URL contains `/users/{user_id}/...`, the `sub` from the token must match `user_id` (API key bypass permitted).
+
+## Optional by design
+- No‑auth is the default. Enable auth only when you’re ready.
+- You can mix modes: e.g., JWT for users and API keys for automation.
+
+```python
+# Direct call if not using the builder
+from google_adk_extras.enhanced_fastapi import get_enhanced_fast_api_app
+from google_adk_extras.auth import AuthConfig
+app = get_enhanced_fast_api_app(..., auth_config=AuthConfig(enabled=True, api_keys=["test"]))
+```
+

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/docs/examples.md

@@ -6,6 +6,6 @@ These examples are kept small and runnable; see the `examples/` folder.
 - `examples/runner_basic.py` — runner without FastAPI.
 - `examples/custom_loader.py` — programmatic agents.
 - `examples/services/` — focused snippets per backend.
-- `examples/credentials/` — focused credential usage.
+  (credential service examples removed; rely on ADK defaults)
 
 Install extras to match what you run, e.g. `uv pip install google-adk-extras[sql,yaml,web]`.

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/docs/index.md

@@ -14,6 +14,11 @@ What this is not: a fork of ADK. It builds on top of google-adk.
 - `EnhancedAdkWebServer`
 - `EnhancedRunner` (thin wrapper)
 - `CustomAgentLoader` (programmatic agents)
-- Services via subpackages: `sessions`, `artifacts`, `memory`, `credentials`
+- Services via subpackages: `sessions`, `artifacts`, `memory` (optional inbound auth lives under `auth/`)
 
 See Quickstarts for copy‑paste examples.
+
+Additional guides:
+- [FastAPI Integration](fastapi.md)
+- [Streaming](streaming.md)
+- [Auth (Optional)](auth.md)

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/examples/README.md

@@ -2,7 +2,7 @@ Examples
 
 This folder contains small, runnable examples that mirror the documentation. They are intentionally minimal and designed to be copy–pasted into your app.
 
-- fastapi_app.py — Build a FastAPI app with durable services and optional credentials.
+- fastapi_app.py — Build a FastAPI app with durable services.
 - runner_basic.py — Build a Runner for programmatic use without FastAPI.
 - custom_loader.py — Register programmatic agents with `CustomAgentLoader`.
 - services/ — Focused snippets for sessions, artifacts, memory backends.

google_adk_extras-0.3.0/examples/adk_server_8015.py

@@ -0,0 +1,43 @@
+"""Spin up an ADK FastAPI server on 127.0.0.1:8015 with in-memory services.
+
+This script uses google_adk_extras.get_enhanced_fast_api_app with a simple
+programmatic agent loader. It is intended only to inspect the OpenAPI schema
+and enumerate endpoints exposed by the ADK web server.
+"""
+
+from typing import AsyncGenerator, Optional
+
+from fastapi import FastAPI
+
+from google.genai import types
+from google.adk.events.event import Event
+from google.adk.agents.base_agent import BaseAgent
+
+from google_adk_extras.custom_agent_loader import CustomAgentLoader
+from google_adk_extras.enhanced_fastapi import get_enhanced_fast_api_app
+
+
+class _DummyAgent(BaseAgent):
+    """Minimal agent; not used for OpenAPI generation, but loadable if needed."""
+
+    def __init__(self, name: str = "dummy"):
+        super().__init__(name)
+
+    async def run_async(self, ctx) -> AsyncGenerator[Event, None]:
+        # Emit a trivial final event; unlikely to be executed in this script.
+        content = types.Content(parts=[types.Part(text="ok")])
+        yield Event(author=self.name, content=content)
+
+
+def build_app() -> FastAPI:
+    loader = CustomAgentLoader()
+    app = get_enhanced_fast_api_app(
+        agent_loader=loader,
+        web=False,                 # no static UI
+        enable_streaming=False,    # focus on ADK core endpoints
+        allow_origins=["*"]
+    )
+    return app
+
+
+app = build_app()

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/mkdocs.yml

@@ -17,7 +17,6 @@ nav:
   - Streaming: streaming.md
   - Services:
       - Durable Services: services.md
-      - Credentials: credentials.md
   - Programmatic Agents: agent-loading.md
   - URIs & Configuration: uris.md
   - Examples: examples.md
@@ -50,7 +49,7 @@ plugins:
         Durable Services:
         - services.md: Sessions, artifacts, memory backends and trade-offs
         Credentials:
-        - credentials.md: OAuth2 (Google/GitHub/Microsoft/X), JWT, Basic Auth
+        # credentials docs removed; use ADK documentation for outbound creds
         Programmatic Agents:
         - agent-loading.md: Custom loaders and in-memory registrations
         Configuration:

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/pyproject.toml

@@ -1,7 +1,7 @@
 [project]
 name = "google-adk-extras"
-version = "0.2.6"
-description = "Production-ready services, credentials, and FastAPI wiring for Google ADK"
+version = "0.3.0"
+description = "Production-ready services and FastAPI wiring for Google ADK"
 readme = "README.md"
 requires-python = ">=3.10,<3.13"
 authors = [
@@ -38,6 +38,20 @@ all = [
     "google-adk-extras[sql,mongodb,redis,yaml,s3,jwt,web,docs]",
 ]
 
+[tool.ruff]
+line-length = 100
+target-version = "py312"
+
+[tool.ruff.lint]
+select = ["E", "F"]
+ignore = [
+  "F401",  # unused-import (common in optional backends)
+  "F841",  # unused-variable (tests and examples)
+  "F821",  # undefined-name (forward-ref type strings in optional extras)
+  "E402",  # module-import-not-at-top-of-file (test-only patterns)
+  "E501",  # line-too-long (permissive until we tighten rules)
+]
+
 [build-system]
 requires = ["setuptools>=45", "wheel"]
 build-backend = "setuptools.build_meta"

{google_adk_extras-0.2.6 → google_adk_extras-0.3.0}/src/google_adk_extras/__init__.py

@@ -1,4 +1,4 @@
-"""Production-ready services, credentials, and FastAPI wiring for Google ADK.
+"""Production-ready services and FastAPI wiring for Google ADK.
 
 Public API surface:
 - AdkBuilder
@@ -11,7 +11,7 @@ Service groups are exposed via subpackages:
 - google_adk_extras.sessions
 - google_adk_extras.artifacts
 - google_adk_extras.memory
-- google_adk_extras.credentials
+  (credential services are provided by ADK; no custom extras here)
 """
 
 from .adk_builder import AdkBuilder
@@ -28,4 +28,4 @@ __all__ = [
     "CustomAgentLoader",
 ]
 
-__version__ = "0.2.6"
+__version__ = "0.3.0"