Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Response from ADK Triaging Agent

Hello @White-Mouse, thank you for submitting this pull request!

To help us review and process your contribution more efficiently, please address the following items in accordance with our contribution guidelines:

1. Contributor License Agreement (CLA): It looks like the CLA check has failed. Please make sure you (or your employer) have signed the Google CLA so we can proceed with the review.
2. Testing / Verification Plan: The Verification section in your PR description is currently empty. Please update this section with your testing plan or a summary of your test results (e.g., confirming unit tests under tests/unittests/sessions/migration/test_migration.py passed).
3. Associated Issue: If there is an existing GitHub issue related to this bug/fix, please link it in your PR description. If not, consider creating one or briefly describing the background context.

Thank you for your cooperation!

Hi @White-Mouse , Thank you for your contribution! We appreciate you taking the time to submit this pull request. Can you please fix the failing mypy-diff tests before we can proceed with the review.

Hi @White-Mouse, thanks for the update! I appreciate the effort to move towards a "Secure by Default" approach using a restricted unpickler.

To ensure this doesn't negatively impact existing users, I'd like to suggest the following improvements to the PR:

1. Prevent Data Loss by Expanding the Allowlist:
   The current restricted unpickler only allows EventActions. However, EventActions frequently contains nested ADK core types such as AuthConfig , ToolConfirmation, EventCompaction. Since EventCompaction also relies on google.genai.types.Content, we should include these classes (and their dependencies) in the allowlist. This ensures standard sessions migrate fully without falling back to an empty EventActions().

2. Add an Optional "Trust" Toggle:
   Since the state_delta field can store arbitrary Python objects (Any), some users may have custom classes in their legacy data. We should provide an optional configuration (e.g., allow_unsafe_unpickling: bool = False) that allows users to explicitly opt-in to the original unpickling behavior if they trust their source database.

With these two changes, we can achieve strong security for the majority of users while maintaining full functionality and flexibility. What do you think?

Thanks for the review. I updated the PR to address both points: the restricted allowlist now covers standard nested ADK action types (AuthConfig, ToolConfirmation, EventCompaction) plus the google.genai.types.Content / Part dependency classes used by compaction payloads, and migration now has an explicit allow_unsafe_unpickling=False trust toggle for users who need to migrate custom legacy objects from a trusted source database.

I also fixed the mypy-diff blocker by adding the missing return annotation and ran the updated migration tests, targeted mypy, pre-commit, and git diff --check locally. The new pull_request workflow runs for mypy/unit/pre-commit/check-file are currently in GitHub's action_required state for this fork PR, so they need maintainer approval before they will execute on the new commit.

the unpickling restriction is a good security fix. the complementary control: a signed receipt for every action deserialized from the v0 schema.

when migrating v0 actions, each deserialized action should generate a receipt proving what was loaded, from which session, at what time. if a malicious pickle payload was injected, the receipt chain shows exactly what was deserialized.

github.com/arian-gogani/nobulex

@gemini-cli /review

🤖 Hi @DeanChensj, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

Hi @White-Mouse , could you please fix the mypy-diff tests.

Thanks for the review. I pushed 9494da4 with the follow-ups:

• added the hyphenated CLI alias --allow-unsafe-unpickling, while keeping the existing underscore form
• kept the Click typing workaround scoped to the newly added option
• allowed standard datetime.datetime, datetime.timezone, and datetime.timedelta values in restricted action payloads
• tightened JSON handling so only object payloads are decoded into model fields
• added coverage for the CLI aliases, datetime state deltas, and non-object JSON fields

Local verification passed:

• uv run pytest tests/unittests/sessions/migration/test_migration.py -q -> 24 passed
• uv run pytest tests/unittests/cli/utils/test_cli_tools_click.py::test_cli_migrate_session_allows_unsafe_unpickling_flag -q -> 2 passed
• uv run mypy src/google/adk/sessions/migration/migrate_from_sqlalchemy_pickle.py src/google/adk/sessions/migration/migration_runner.py -> success
• uv run pre-commit run --files ... -> passed
• local merge-commit mypy-diff simulation against current upstream/main -> 0 new errors

The pull_request_target scan and CLA/header checks are green. The fork pull_request workflows are currently waiting for approval before they can run on the new commit.

Could you please approve the pending pull_request workflow runs (mypy-diff, unit tests, pre-commit) when you get a chance? They need maintainer approval since this PR is from a fork. Happy to address any further feedback — thanks!