Wrap any Google Agent Development Kit agent with cryptographic attestation. Zero dependencies. Every run() call produces a verifiable Witness Anchor.
Who this is for: Google ADK developers, GCP architects building agent pipelines, compliance teams evaluating agentic AI governance, and security engineers implementing agent accountability on Google infrastructure.
Available in SWT3 v0.5.5. The Google ADK adapter requires zero framework imports. It wraps any object with a run() method using duck typing. Python and TypeScript. Both synchronous and asynchronous execution supported.
The Google Agent Development Kit (ADK) is Google's open-source framework for building AI agents. ADK agents follow a run() method pattern where the agent receives input, reasons over it (potentially invoking tools and sub-agents), and returns a result.
Key characteristics:
model and name attributes that identify the underlying LLM and agent identityThe SWT3 ADK adapter wraps the agent's run() method transparently. Every execution produces a Witness Anchor containing:
| ADK Concept | SWT3 Procedure | What Is Captured |
|---|---|---|
Agent execution (run()) | AI-INF.1 | Model identifier, prompt hash (SHA-256 of input), response hash (SHA-256 of output), latency in milliseconds, provider set to google-adk |
| Agent identity | AI-ID.1 | Agent ID hash (SHA-256 truncated), HMAC-SHA256 signature when signing_key is configured |
| Model selection | AI-MDL.2 | Model version recorded in each anchor. Resolution chain: SWT3_MODEL_ID env var, then agent.model, then agent.name, then default |
| Guardrails | AI-GRD.1 | Guardrail status captured when configured: active flag, pass/fail status |
| Performance | (automatic) | Execution latency measured with microsecond precision via performance.now() |
The ADK adapter uses duck typing: it wraps any object that has a run() method. No Google ADK import is required in the SWT3 package. This means the adapter works with any version of ADK, custom agent implementations, or any object that follows the run() interface.
run() methodrun() executes unmodifiedThe adapter is async-aware: if run() returns a Promise, witnessing chains to completion automatically. Result serialization handles undefined, null, string, and JSON object types gracefully.
ADK does: The agent's run() method processes input through a reasoning loop, optionally invoking tools, and returns a result. The agent may use Gemini, Vertex AI, or any configured model.
SWT3 witnesses: Every run() invocation produces a Witness Anchor recording the model identifier, SHA-256 hashes of the input and output, execution latency, and provider (google-adk). The anchor is immutable and independently verifiable.
AI-INF.1 anchors provide a complete execution history for the ADK agent. Each anchor's timestamp, model identifier, and input/output hashes prove that a specific model processed a specific input at a specific time. Verify any anchor at sovereign.tenova.io/verify.
ADK does: Each agent has a name property that identifies it within the ADK framework. In multi-agent systems, names distinguish between agents.
SWT3 witnesses: When agent_id is configured, every witness call includes a SHA-256 hash of the agent identity. With signing_key, each attestation is HMAC-SHA256 signed, creating a cryptographic binding between the agent and its evidence chain.
AI-ID.1 anchors with a consistent agent ID hash prove that the same agent produced all attestations in a chain. Factor B = 1 (signed) confirms cryptographic identity binding. Compare the agent ID hash against the ADK agent's name to verify correspondence.
ADK does: ADK agents can implement guardrails that constrain agent behavior, filter inputs, or validate outputs before returning results.
SWT3 witnesses: When guardrail fields are populated, the anchor records whether guardrails were active and whether they passed. This creates independent evidence that safety controls were in place during agent execution.
AI-GRD.1 evidence in the InferenceRecord shows guardrailsActive = true and guardrailPassed = true/false. A pattern of guardrailsActive = false across anchors indicates that an agent was running without safety controls.
| Examiner Question | Where to Look |
|---|---|
| Which model did this ADK agent use? | AI-INF.1 anchor modelId field. Resolution: SWT3_MODEL_ID env var, then agent.model, then agent.name. |
| What input did the agent process? | AI-INF.1 anchor promptHash. SHA-256 of the stringified input. Compare against your input records. |
| Can you prove agent identity? | AI-ID.1 anchors. Consistent agent_id hash across all anchors. Factor B = 1 for cryptographic signing. |
| Were guardrails active? | guardrailsActive and guardrailPassed fields in the InferenceRecord. |
| How long did this agent take? | latencyMs field. Microsecond precision via performance.now(). |
| Is this evidence independent of Google's infrastructure? | Every SWT3 Witness Anchor is verifiable at sovereign.tenova.io/verify. SHA-256 fingerprints exist outside GCP. |
Full SDK documentation: sovereign.tenova.io/docs
Create a free account: sovereign.tenova.io/signup