Tool Confirmation & Security Auth: Adding Safety Valves Before Agent Actions

Letting Agent automatically do things for users is convenient, but some operations are risky—deleting data, transferring money, sending emails. Adding user confirmation before these operations execute is called Tool Confirmation.

Tool Confirmation: Let User Confirm Before Executing

Use Cases

• Delete operations (delete, drop)
• Financial operations (transfer, payment)
• Information leak risk operations (send email, publish content)
• High-cost operations (calling paid APIs)

Implementation

ADK Go’s Tool supports Confirmation field:

type deleteTool struct{}

func (deleteTool) Name() string          { return "delete_file" }
func (deleteTool) Description() string   { return "Delete a file from the system" }
func (deleteTool) InputSchema() string   { return `{"type":"object","properties":{"path":{"type":"string"}}}` }

func (t deleteTool) Confirmation(ctx context.Context, input string) (bool, error) {
    var args struct {
        Path string `json:"path"`
    }
    json.Unmarshal([]byte(input), &args)

    fmt.Printf("⚠️ Confirm: Delete file %s? (y/N) ", args.Path)
    var confirm string
    fmt.Scan(&confirm)
    return confirm == "y" || confirm == "Y", nil
}

func (t deleteTool) Call(ctx context.Context, input string) (string, error) {
    // Actual delete logic
}

Confirmation() returns true to execute Call(), returns false to skip.

Confirmation in Web Mode

In CLI mode fmt.Scan works, but not in Web mode. More universal approach: return a confirmation UI hint:

func (t deleteTool) Confirmation(ctx context.Context, input string) (bool, error) {
    return false, tool.ErrConfirmationRequired  // Tell Agent needs user confirmation
}

ADK Go converts ErrConfirmationRequired to confirmation popup in Web UI.

API Key Management

Scenario: Different Tools Use Different Keys

One Agent attached multiple Tools, each Tool using different API Key:

type weatherTool struct{ apiKey string }
type stockTool struct{ apiKey string }

func main() {
    weatherTool := newWeatherTool(os.Getenv("WEATHER_API_KEY"))
    stockTool := newStockTool(os.Getenv("STOCK_API_KEY"))

    agent, _ := llmagent.New(llmagent.Config{
        Tools: []tool.Tool{weatherTool, stockTool},
    })
}

Keys Not in Code

Inject via environment variables or Secret Manager, don’t hardcode:

type toolWithKey struct {
    apiKey string
}

func newToolWithKey() *toolWithKey {
    return &toolWithKey{
        apiKey: os.Getenv("MY_TOOL_API_KEY"),  // Read from environment variable
    }
}

OAuth Auth

If Tool needs to access user-authorized resources (like Google Calendar, GitHub):

import "google.golang.org/adk/auth"

oauthTool, err := auth.NewOAuthTool(ctx,
    auth.WithConfig(auth.OAuthConfig{
        ClientID:     os.Getenv("OAUTH_CLIENT_ID"),
        ClientSecret: os.Getenv("OAUTH_CLIENT_SECRET"),
        AuthURL:      "https://accounts.google.com/o/oauth2/auth",
        TokenURL:     "https://oauth2.googleapis.com/token",
        Scopes:       []string{"https://www.googleapis.com/auth/calendar.readonly"},
    }),
)

Principle of Least Privilege

Each Tool’s Key should have only minimum permissions needed for that Tool’s execution:

Common Issues

Q: Confirmation callback stuck A: Don’t use fmt.Scan in Web mode, use ErrConfirmationRequired to return error, let framework handle UI confirmation.

Q: Tool reports permission denied but Key is correct A: Confirm Key has corresponding API permissions. Different APIs have separate Key permissions.

Q: OAuth token expired, what to do A: Implement token refresh logic, or use framework’s built-in token auto-refresh.

Summary

Module 3 complete. Learned:

• Function Tool basics
• Function Tool performance optimization
• MCP Server integration
• OpenAPI Tool
• Tool Confirmation & security auth

Next, Module 4: Memory & Context—how Agent remembers conversation history and manages state.

← OpenAPI Tool | Session Management →

Follow “Mengshou Programming” on WeChat for more Go ADK hands-on tutorials, weekly updates on Go / AI programming 实战干货.