AxioRankDocs
Integrations

Google ADK

Guard a Google ADK tool or plain callable with AxioRank before it runs.

Google's Agent Development Kit (ADK) takes tools as plain Python callables (Agent(tools=[my_fn])) or wrapped in FunctionTool, deriving the tool schema from the callable's name, docstring, and signature. guard_tool accepts either form and scores the arguments through AxioRank before the tool executes; guard_tools does the same for a whole toolbelt. The wrapper preserves the name, docstring, and signature, so ADK's schema generation sees the original tool, and a guarded FunctionTool keeps its name, description, and declaration.

Install

The adapter is framework-free (it never imports google.adk; the FunctionTool path is structural), so the base SDK is enough and no ADK version is pinned:

pip install axiorank google-adk

Guard an agent's tools

from axiorank import AxioRank
from axiorank.integrations.adk import guard_tools
from google.adk.agents import Agent

axio = AxioRank(api_key="axr_live_...")

def transfer_funds(account: str, amount: float) -> str:
    """Move money between accounts."""
    ...

agent = Agent(
    name="treasurer",
    model="gemini-2.0-flash",
    instruction="Manage the treasury carefully.",
    tools=guard_tools([transfer_funds], axio, on_deny="return"),
)

Every execution now goes through your gateway first: allow runs the tool, deny blocks it, and a require_approval policy holds it for a human verdict before the agent continues. An existing FunctionTool works the same way; pass it to guard_tool and it is guarded in place:

from axiorank.integrations.adk import guard_tool
from google.adk.tools import FunctionTool

tool = guard_tool(FunctionTool(transfer_funds), axio, on_deny="return")

Async tools work too; pass async_client=AsyncAxioRank(...) instead of client. ADK's injected tool_context argument is framework plumbing, so the adapter excludes it from the scored arguments.

Recover or fail

on_deny="return" returns a short, model-readable refusal that ADK hands back to the model as the tool result, so the agent can re-plan. The default, on_deny="raise", raises AxioRankDeniedError and stops the step instead.

Inspect what tools return

Pass inspect_results=True to also score the OUTPUT of untrusted-source tools (web fetches, file reads, email) for indirect prompt injection before the agent ingests it.

Next steps

AutoGen / AG2

Guard an AutoGen or AG2 tool function with AxioRank before registering it.

Google Gemini

Guard the function-calling loop you run with the Gemini SDK, so every dispatch is scored before it executes.

On this page

InstallGuard an agent's toolsInspect what tools returnNext steps