AxioRankDocs
Integrations

Gemini Enterprise Agent Platform

Govern agents built on Google's Gemini Enterprise Agent Platform. One ADK plugin for the whole runtime, plus model-call guarding, card verification, and shadow-agent discovery.

Google's Gemini Enterprise Agent Platform is built on the Agent Development Kit (ADK), the Agent Runtime, and the A2A and MCP protocols. AxioRank governs all four surfaces, so a tool call is scored, held, or denied no matter which one carried it:

  1. ADK Runtime Plugin registers once on the Runner and governs every tool call across every agent.
  2. The Gemini model adapter guards the function-calling loop you run with the Gemini SDK.
  3. Card verification preflights the A2A agents and MCP servers your agents reach out to.
  4. Shadow AI discovery surfaces Vertex and Agent Engine usage from Cloud Audit Logs, so agents nobody registered still show up.

Govern the runtime with one plugin

This is the platform-native path. An ADK plugin runs callbacks around every tool, model, and agent step for the whole Runner, so a single registration governs every agent on the Agent Runtime with no per-tool wrapping. AxioRankPlugin scores each tool call through AxioRank before it runs: a require_approval hold is waited out by the client, and a deny becomes a short refusal the model can re-plan around.

pip install axiorank[adk]
from axiorank import AsyncAxioRank
from axiorank.integrations.adk import AxioRankPlugin
from google.adk.agents import Agent
from google.adk.runners import Runner

axio = AsyncAxioRank(api_key="axr_live_...")

runner = Runner(
    agent=root_agent,
    app_name="treasury",
    session_service=session_service,
    plugins=[AxioRankPlugin(axio, on_deny="return")],
)

ADK invokes plugin callbacks by name, so the plugin is duck-typed and the adapter never imports google.adk itself. Bring your own (pip install google-adk, which axiorank[adk] installs for you).

Pass on_deny="raise" to fail the run on a denial instead of returning a refusal the agent re-plans around. The plugin defaults to on_deny="return" because a runtime-wide guard should keep the agent moving.

Inspect tool output for indirect injection

Pass inspect_results=True and an untrusted-source tool's OUTPUT (fetched pages, emails, query results) is also scored for indirect prompt injection before the agent ingests it. A deny on the output is handled like a denied call.

plugins=[AxioRankPlugin(axio, on_deny="return", inspect_results=True)]

See Tool-output inspection for the full model.

Per-tool guarding without a plugin

If you would rather wrap individual tools (for example, to govern only the high-risk ones), the same adapter exposes guard_tool / guard_tools. See the Google ADK page.

Guard Gemini function calling

Agents that call the Gemini SDK directly (rather than through ADK) guard their dispatch step with the Gemini adapter. It scores each functionCall before you execute it and returns a ready-to-send functionResponse.

import { guardFunctionHandlers } from "@axiorank/sdk/gemini";

const dispatch = guardFunctionHandlers(myHandlers, axio.trace(), { onDeny: "return" });
from axiorank.integrations.google_genai import guard_function_handlers

dispatch = guard_function_handlers(my_handlers, axio.trace(), on_deny="return")

Full detail on the Google Gemini page.

Verify the agents and servers you reach

Gemini Enterprise leans on A2A for agent-to-agent calls and MCP for tools. Preflight an external A2A agent or MCP server before your agent trusts it: AxioRank resolves its card, verifies the signature, and returns a deny / review / allow verdict.

result = axio.verify_card(url="https://partner.example.com/.well-known/agent-card.json")
if result.decision == "deny":
    ...  # do not route to this agent

Discover shadow Gemini Enterprise agents

Model and Agent Engine calls on Vertex never cross a network egress proxy, so the proxy channel cannot see them. Stream Cloud Audit Logs for aiplatform.googleapis.com to AxioRank and every Vertex model invocation and Agent Engine query lands in discovery beside your proxy and CloudTrail findings, attributed to the principal that made the call.

Create a logging sink that forwards Vertex Data Access audit logs and post each batch to the GCP discovery endpoint with your workspace discovery token:

curl -X POST https://app.axiorank.com/api/discovery/gcp \
  -H "Authorization: Bearer $AXIORANK_DISCOVERY_TOKEN" \
  -H "Content-Type: application/json" \
  --data @audit-logs.json

The payload is the Cloud Logging { "entries": [...] } shape (or a bare array of log entries). Only invocation methods count as usage; control-plane calls are dropped.

Google Gemini

Guard the function-calling loop you run with the Gemini SDK, so every dispatch is scored before it executes.

smolagents

Wrap any smolagents Tool so AxioRank scores every execution, with the schema untouched.

On this page

Govern the runtime with one pluginInspect tool output for indirect injectionPer-tool guarding without a pluginGuard Gemini function callingVerify the agents and servers you reachDiscover shadow Gemini Enterprise agents