Skip to content

feat(adk): support custom CA for non-openai model providers#1799

Merged
EItanya merged 3 commits intokagent-dev:mainfrom
supreme-gg-gg:feat/tls-for-all
May 5, 2026
Merged

feat(adk): support custom CA for non-openai model providers#1799
EItanya merged 3 commits intokagent-dev:mainfrom
supreme-gg-gg:feat/tls-for-all

Conversation

@supreme-gg-gg
Copy link
Copy Markdown
Contributor

@supreme-gg-gg supreme-gg-gg commented May 4, 2026
edited
Loading

Currently, only OpenAI BYO models support custom CA. This PR extends the existing API to all non-Vertex-AI model providers (Claude API, Gemini API, Bedrock, Ollama) for both python and go runtimes. This reuses most of existing plumbings and refactors some TLS related code. It also adds a GeminiLm wrapper class in order to support custom CA and custom headers (close #1714 as well).

@supreme-gg-gg
go changes
5616026 
Signed-off-by: Jet Chiang <pokyuen.jetchiang-ext@solo.io>
@supreme-gg-gg
python model changes
cf1745a 
Signed-off-by: Jet Chiang <pokyuen.jetchiang-ext@solo.io>
@github-actions github-actions Bot added the enhancement New feature or request label May 4, 2026
@supreme-gg-gg supreme-gg-gg marked this pull request as ready for review May 5, 2026 15:05
Copilot AI review requested due to automatic review settings May 5, 2026 15:05
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends non-Vertex provider transport configuration so custom CA handling (and Gemini custom headers) flow through both the Python ADK runtime and the Go ADK runtime. It refactors shared TLS plumbing, adds a dedicated Gemini wrapper on the Python side, and updates tests around the new transport behavior.

Changes:

  • Added shared Python TLS transport helpers and applied them to OpenAI, Anthropic, Ollama, Bedrock, SAP AI Core, and a new Gemini wrapper.
  • Switched Python model creation for gemini to return KAgentGeminiLlm, enabling custom headers/TLS options instead of returning the raw model name.
  • Updated Go Gemini and SAP AI Core model creation to use shared HTTP client construction for TLS/header support.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
python/packages/kagent-adk/tests/unittests/models/test_tls_integration.py Updates TLS integration tests and adds Gemini transport assertions.
python/packages/kagent-adk/tests/unittests/models/test_openai.py Adjusts OpenAI TLS mocks to patch the shared SSL helper.
python/packages/kagent-adk/src/kagent/adk/types.py Refactors shared transport kwarg handling and routes Gemini configs to the new wrapper.
python/packages/kagent-adk/src/kagent/adk/models/_ssl.py Introduces a reusable TLS mixin for model wrappers.
python/packages/kagent-adk/src/kagent/adk/models/_sap_ai_core.py Reuses shared TLS client creation for SAP AI Core requests and token fetches.
python/packages/kagent-adk/src/kagent/adk/models/_openai.py Replaces OpenAI-specific TLS code with the shared mixin.
python/packages/kagent-adk/src/kagent/adk/models/_ollama.py Adds TLS support to the Ollama wrapper and factory.
python/packages/kagent-adk/src/kagent/adk/models/_gemini.py Adds a new Gemini wrapper with custom headers and TLS-aware HTTP options.
python/packages/kagent-adk/src/kagent/adk/models/_bedrock.py Threads TLS settings into Bedrock client creation.
python/packages/kagent-adk/src/kagent/adk/models/_anthropic.py Adds TLS-aware HTTP client creation for Anthropic.
python/packages/kagent-adk/src/kagent/adk/models/__init__.py Exports the new Gemini wrapper.
go/adk/pkg/models/sapaicore.go Switches SAP AI Core to shared HTTP client construction.
go/adk/pkg/agent/agent.go Wires shared transport config into Gemini and SAP AI Core model creation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread python/packages/kagent-adk/src/kagent/adk/types.py
Comment thread python/packages/kagent-adk/src/kagent/adk/models/_sap_ai_core.py Outdated
Comment thread go/adk/pkg/models/sapaicore.go Outdated
Comment thread go/adk/pkg/models/sapaicore.go Outdated
Comment thread go/adk/pkg/agent/agent.go
Comment thread go/adk/pkg/agent/agent.go Outdated
Comment thread python/packages/kagent-adk/src/kagent/adk/models/_gemini.py
Comment thread go/adk/pkg/agent/agent.go
@github-actions github-actions Bot added enhancement New feature or request and removed enhancement New feature or request labels May 5, 2026
@supreme-gg-gg
cleanup and review feedback
3efdaf1 
Signed-off-by: Jet Chiang <pokyuen.jetchiang-ext@solo.io>
@EItanya EItanya merged commit 2dfdc93 into kagent-dev:main May 5, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@EItanya EItanya EItanya approved these changes

@peterj peterj Awaiting requested review from peterj peterj is a code owner

@yuval-k yuval-k Awaiting requested review from yuval-k yuval-k is a code owner

@iplay88keys iplay88keys Awaiting requested review from iplay88keys iplay88keys is a code owner

@jmhbh jmhbh Awaiting requested review from jmhbh jmhbh is a code owner

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Support custom headers for Gemini provider (needed for priority paygo)

3 participants

@supreme-gg-gg @EItanya