Skip to content

fix: add explicit timeout to OpenAPI tool httpx client #4432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
fuki01 wants to merge 9 commits into
base: main
Choose a base branch
from
Open

fix: add explicit timeout to OpenAPI tool httpx client #4432

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
69d0179
fix: add explicit timeout to OpenAPI tool httpx client
fuki01 Feb 10, 2026
d6546d8
fix: make timeout configurable via request_params
fuki01 Feb 11, 2026
d12bdc2
fix: use 10-minute default timeout instead of None
fuki01 Feb 11, 2026
c02e275
Merge branch 'main' into fix/openapi-tool-timeout
fuki01 Feb 15, 2026
1e9537a
Merge branch 'main' into fix/openapi-tool-timeout
fuki01 Feb 17, 2026
faacc4f
Merge branch 'main' into fix/openapi-tool-timeout
fuki01 Feb 18, 2026
5889a56
Merge branch 'main' into fix/openapi-tool-timeout
fuki01 Feb 19, 2026
67eca33
Merge branch 'main' into fix/openapi-tool-timeout
fuki01 Feb 22, 2026
030f6b9
Merge branch 'main' into fix/openapi-tool-timeout
fuki01 Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/google/adk/tools/openapi_tool/openapi_spec_parser/rest_api_tool.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,7 @@ def __repr__(self):

async def _request(**request_params) -> httpx.Response:
async with httpx.AsyncClient(
verify=request_params.pop("verify", True)
verify=request_params.pop("verify", True),
timeout=None,
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

While setting timeout=None restores the previous behavior of requests and fixes the immediate httpx.ReadTimeout issue, it introduces a significant risk. Disabling timeouts can cause requests to hang indefinitely if the remote API is unresponsive, potentially leading to resource exhaustion and service instability.

Even though a follow-up is mentioned in the pull request description, I strongly recommend addressing this now by setting a generous default timeout (e.g., 10 minutes) instead of None. This would provide a crucial safety net. A truly indefinite timeout should be an explicit choice by the user of the tool, not the default behavior.

Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

While setting timeout=None restores the previous behavior of requests, it's risky to have no timeout as requests can hang indefinitely, potentially leading to resource exhaustion.

To make this more robust and prepare for a future change where the timeout is configurable (as mentioned in the PR description), I suggest reading the timeout from request_params. This way, RestApiTool can be updated to control the timeout value without needing to change this helper function again.

Using request_params.pop("timeout", None) will keep the current behavior of no timeout by default if no other changes are made, but makes the function extensible for a proper fix.

Suggested change
timeout=None,
timeout=request_params.pop("timeout", None),

Copy link
Collaborator

@ryanaiagent ryanaiagent Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please address this.

Copy link
Author

@fuki01 fuki01 Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated the implementation based on the feedback:

  1. Changed to request_params.pop("timeout", httpx.Timeout(600.0)) — this makes the timeout configurable via request_params, so RestApiTool can control timeout without modifying _request() in the future.
  2. Instead of None (no timeout), I set a generous 10-minute default as a safety net to prevent indefinite hangs while still accommodating slow API responses.

) as client:
return await client.request(**request_params)
Loading