[Feature] GovernancePlugin for Google ADK — policy enforcement and zero-trust identity

[imran-siddique]

Summary

Proposing a GovernancePlugin (BasePlugin subclass) for Google ADK that enforces policy before tool execution, powered by the Agent Governance Toolkit (AGT) — v3.2.0 Public Preview, 9,500+ tests, 5 SDK languages.

Problem

ADK agents executing tools in production need enforceable governance — policy checks before tool calls, agent identity verification, and audit logging — without requiring developers to implement these controls from scratch.

Proposed Solution

A GovernancePlugin that hooks into ADK's plugin lifecycle:

• Pre-tool policy enforcement — Evaluate YAML/OPA policies before any tool execution
• Zero-trust agent identity — IATP-based identity verification for multi-agent ADK deployments
• Audit trail — Automatic logging of all tool calls with policy evaluation context
• Human-in-the-loop gates — Configurable approval workflows for sensitive tool operations

Example Usage

`python
from google.adk.agents import Agent
from agt.integrations.adk import GovernancePlugin

agent = Agent(
model="gemini-2.0-flash",
tools=[...],
plugins=[GovernancePlugin(policy="adk-policy.yaml")]
)
`

AGT already has an integration example for Google ADK in the repository.

References

• AGT Repository

Would appreciate feedback on alignment with ADK's plugin architecture and lifecycle hooks.

[klateefa]

@imran-siddique Thanks for the update. The request is currently being reviewed, and I will let you know if anything further is needed. Thank you for understanding.