[FEAT] Tamper-evident callback hook for agent tool calls — EU AI Act Article 12 compliance

[arian-gogani]

Problem

ADK currently provides callbacks (before_tool_callback, after_tool_callback) for tool execution. These are excellent for instrumentation, but the evidence they produce lives in operator-controlled infrastructure — logs, databases, observability tools.

For regulated industries (finance, healthcare, government) deploying ADK agents, the audit requirement is stronger: independently verifiable records that an auditor can check without trusting the operator's infrastructure. EU AI Act Article 12 enforcement begins August 2, 2026.

Proposed integration pattern

The existing after_tool_callback hook is the right interception point:

from google.adk.agents import Agent
from google.adk.tools.tool_context import ToolContext
from nobulex import Agent as NobulexAgent

nobulex = NobulexAgent('my-adk-agent')

def compliance_after_tool(
    tool, args: dict, tool_context: ToolContext, tool_response
):
    receipt = nobulex.sign_receipt(
        action_type=tool.name,
        scope=str(args)
    )
    # Ed25519 signed, hash-chained, independently verifiable
    # Auditor verifies offline with only the public key
    tool_context.state['last_receipt_ref'] = receipt.action_ref
    return tool_response  # unmodified

agent = Agent(
    name='compliance_agent',
    model='gemini-2.0-flash',
    tools=[...],
    after_tool_callback=compliance_after_tool
)

What this provides

• Tamper-evident: every tool call is signed; modify any receipt and verification fails
• Hash-chained: the full action history is linked — any gap or modification is detectable
• Independently verifiable: auditor needs only the agent's public key, no ADK or operator dependency
• EU AI Act Article 12: export the chain as a regulator-facing evidence package

Request

1. Confirm that after_tool_callback is the intended integration surface for post-execution audit layers
2. Consider a contrib/compliance/ example showing this pattern for regulated deployments

pip install nobulex — live on PyPI, cross-validated test vectors, LangChain/CrewAI integrations already shipping. Happy to contribute the ADK example.

[adk-bot]

I will read the instructions for the adk-issue-analyze skill, as it directly corresponds to the /adk-issue-analyze request you've made. This ensures we follow the exact guidelines for analyzing issues in the ADK repository.I will now fetch the details of GitHub issue #5998 using the dedicated fetch_github_issue tool.I will perform a search in the codebase using grep_search to find occurrences of after_tool_callback or before_tool_callback and understand how they are currently designed and integrated within the ADK library.I will search for run_after_tool_callback or where the after_tool_callback is invoked to see how the execution flow works inside the plugin / callback system of the ADK repository.I will view the run_after_tool_callback method definition in plugin_manager.py to analyze how post-tool-execution callbacks are run.I will view lines 100 to 194 of plugin_manager.py to see how callback return values are processed and if modifications are supported.I will view the beginning of plugin_manager.py to find the implementation of the _run_callbacks internal helper.I will view lines 251 to 372 of plugin_manager.py to locate the _run_callbacks helper and understand the hook execution flow.I will view functions.py to see how run_after_tool_callback is called during tool execution.I will view lines 611 to 640 of functions.py to see what happens after executing the tool callbacks.I will view lines 825 to 855 of functions.py to see the second location of run_after_tool_callback (possibly in live stream mode or a different flow path).I will search for class ToolContext to find its definition and inspect its attributes, specifically its state field and capability to capture and propagate state updates.I will search for class ToolContext using a case-sensitive grep search specifically inside the src/google/adk directory to locate its definition file.I will locate the definition file for ToolContext using find_by_name in the src folder.I will view tool_context.py to check the API of ToolContext and check how state is managed there.I will find the definition of Context to see how state is managed there.I will view context.py next to see the definition of Context.I will search for the definition of the state property inside context.py to confirm how it works.I will view lines 260 to 290 of context.py to inspect the state property implementation.I will query GitHub using the gh CLI to check for any existing pull requests related to issue #5998.I will search for any other pull requests matching "nobulex" to ensure we didn't miss anything that doesn't explicitly link the issue number yet.I will list the directories and files within the contributing/samples path using the list_dir tool to see where new integration or compliance examples are typically located.I will list the contents of the contributing/samples/integrations directory to evaluate if it is the correct place for a Nobulex or compliance integration sample.# GitHub Issue #5998 Analysis: [FEAT] Tamper-evident callback hook for agent tool calls — EU AI Act Article 12 compliance

Executive Summary

1. What is broken? No core functionality is broken. This is a feature / integration request to verify that the after_tool_callback is the intended design pattern for independent audit layers (such as cryptographic, tamper-evident signing using libraries like nobulex) and to suggest adding an illustrative sample in the repository showing how to run such compliance tasks.
2. Is there a linked PR that fixes this issue? None.
3. Recommendation: Should Fix (Medium/Low Priority). Confirming that after_tool_callback is indeed the correct integration surface and accepting a high-quality example contribution under contributing/samples/integrations/ (specifically targeted at EU AI Act / independent auditing compliance) is low risk and provides high value for enterprise adoption.

Detailed Analysis

1. Root Cause Analysis ("What is broken?")

While there is no bug in the ADK library, developers deploying ADK agents in highly regulated environments (such as finance, healthcare, or government) require a concrete pattern to record and sign tool activities for EU AI Act compliance.

The ADK framework's callback and plugin manager systems are robustly architected to handle this exact pattern:

• Callback Signature and Hook Retrieval: The PluginManager defines run_after_tool_callback at plugin_manager.py#L206-L221, passing the active BaseTool, the tool_args, the ToolContext, and the result.
• Integrations and Interception: Post-tool execution intercepts are run in the normal flow in functions.py#L591-L620 and in the streaming/dynamic tool execution flow in functions.py#L840-L858.
• State Mutation and Tracking: The user’s proposed pattern mutates tool_context.state['last_receipt_ref'] = receipt.action_ref. This is fully supported, as documented in the Context.state definition: context.py#L266-L275. State modifications return as delta actions and are seamlessly integrated forward.

2. Existing Pull Requests ("Is there a linked PR that fixes this issue?")

• Linked PR: None
• PR URL: N/A
• Analysis: We searched for any existing PR matching 5998 or mentioning nobulex, and no current pull requests are open or merged.

3. Recommendation

• Recommendation: Should Fix (Medium/Low Priority)
• Rationale:
  • Confirmation of Pattern: We should officially confirm to the user that after_tool_callback is indeed the intended engineering boundary for intercepting, modifying, auditing, or signing tool-execution results.
  • Contribution Placement: We should encourage the user to contribute a code example showing the cryptographic verification pattern. Rather than adding it to contrib/compliance/, it aligns best with existing repository conventions under the integrations samples folder, e.g., contributing/samples/integrations/compliance_nobulex/ alongside existing tool/library integrations.
  • Impact and Complexity: Zero risk of side-effects on the ADK core architecture as it requires absolutely no framework modifications—only adding a self-contained sample.

---

Summary of Actions Completed

1. Identified and parsed the issue number 5998 from the provided user request.
2. Retrieved and evaluated the details of the issue using fetch_github_issue.
3. Conducted a codebase trace using grep_search and view_file to confirm hook implementation details in:
   • plugin_manager.py
   • functions.py
   • context.py
4. Checked for any existing pull requests matching the issue details or the third-party library name using the gh CLI.
5. Formulated audit confirmation and structural placement recommendations matching the adk-architecture standards.

[adk-bot]

🚨 Automated Spam Detection Alert 🚨
@maintainers, a suspected spam comment was detected in this thread.

Reason:

The issue description promotes a third-party package 'nobulex' with installation instructions ('pip install nobulex'), which constitutes promotional content for a 3rd-party product/service.