fix: Make EUC request args JSON-serializable

[doughayden]

Link to Issue or Description of Change

• Closes: adk_request_credential FunctionCall args contain non-JSON-serializable SecuritySchemeType enum #6006

Problem:

Two call sites dump AuthToolArguments with the default mode="python", leaving the auth scheme's type field as a live SecuritySchemeType enum inside the adk_request_credential FunctionCall args:

• build_auth_request_event in flows/llm_flows/functions.py (the LLM-flow EUC path)
• create_auth_request_event in workflow/utils/_workflow_hitl_utils.py (the v2 workflow HITL path)

The in-memory Event.content is therefore not JSON-serializable: any consumer that json.dumps it before it round-trips the session DB raises TypeError: Object of type SecuritySchemeType is not JSON serializable. Memory ingestion (VertexAiMemoryBankService) is a concrete trigger. It stays hidden in most flows because the session DB launders enums to strings on write and the auth preprocessor re-validates from either form.

Solution:

Dump with mode="json" at both sites, which coerces the enum to its "oauth2" string while preserving by_alias/exclude_none. Parse-back is unaffected: pydantic validation already accepts the string form, exactly what DB-read events carry. Two one-line changes, each with a regression test.

Testing Plan

Unit Tests:

• I have added or updated unit tests for my change.
• All unit tests pass locally.

Both tests build an EUC/auth request, assert the args are JSON-serializable, and assert the auth scheme type is the string "oauth2". Each fails before its change and passes after.

• test_function_request_euc_args_are_json_serializable in tests/unittests/flows/llm_flows/test_functions_request_euc.py (LLM-flow path)
• test_args_are_json_serializable in tests/unittests/workflow/utils/test_workflow_hitl_utils.py (workflow HITL path)

$ pytest tests/unittests/flows/llm_flows/test_functions_request_euc.py -q
4 passed, 24 warnings in 1.25s

$ pytest tests/unittests/workflow/utils/test_workflow_hitl_utils.py -q
12 passed, 5 warnings in 0.67s

Manual End-to-End (E2E) Tests:

The inline repro in the linked issue is the manual check: json.dumps on the args dict raises TypeError before the change and passes after. Verified against google-adk 2.2.0 (== current main).

Checklist

• I have read the CONTRIBUTING.md document.
• I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have added tests that prove my fix is effective or that my feature works.
• New and existing unit tests pass locally with my changes.
• I have manually tested my changes end-to-end.
• Any dependent changes have been merged and published in downstream modules.

Additional context

The workflow HITL site was folded in per @surajksharma07's suggestion on the issue, so both auth-request builders are now covered. The remaining sibling model_dump(exclude_none=True, by_alias=True) call sites in functions.py (the tool-confirmation args near :368/:371 and the event-actions dump near :1241) follow the same python-mode pattern and may carry the same hazard if their models contain enums, but they are a different feature path with no confirmed repro, so I left them out of scope. Happy to fold them in if you'd prefer consistency across the file.

[adk-bot]

I have completed a thorough, read-only architectural and QA compliance analysis of PR #6007 (addressing the serialization crash reported in Issue #6006).

The Contributor License Agreement (CLA) verification for contributor @doughayden returned SUCCESS, satisfying the mandatory compliance gateway.

I have generated a detailed PR Analysis Report artifact, which you can read directly.

💡 Key Findings & Highlights

1. Root Cause Resolved: The PR effectively prevents TypeError: Object of type SecuritySchemeType is not JSON serializable exceptions by switching the dump mode from 'python' to 'json' inside functions.py.
2. Quality Tests: The added regression test test_function_request_euc_args_are_json_serializable is clean, robust, and correctly tests the standard runner serialization boundary.
3. Open Architectural Question / Sibling Vulnerabilities:
   While the change fixes the immediate issue in the LLM flow EUC auth request path, we identified sibling call sites using .model_dump(exclude_none=True, by_alias=True) without explicit mode='json'. If models serialized in these paths grow to include nested enums, they will suffer from the identical serialization crash:
   • LLM Tool Confirmation: functions.py:L368-L373
   • Workflow HITL Auth: _workflow_hitl_utils.py:L172-L175

Recommended Next Step

• Approve and Merge PR fix: Make EUC request args JSON-serializable #6007.
• (Optional) Request the author or file a follow-up commit to proactively modernize the sibling call sites identified above to systematically immunize the codebase from future latent enum serialization bugs.

[adk-bot]

I have completed a thorough, read-only architectural and style compliance analysis of PR #6007 (which addresses the serialization crash reported in Issue #6006).

The Google Contributor License Agreement (CLA) verification for contributor @doughayden returned SUCCESS, satisfying the mandatory compliance gateway.

I have generated a detailed PR Analysis Report artifact, which you can read directly.

💡 Key Findings & Highlights

1. Root Cause Resolved: The PR effectively prevents TypeError: Object of type SecuritySchemeType is not JSON serializable exceptions by switching the dump mode from 'python' to 'json' inside functions.py.
2. Quality Tests: The added regression tests test_function_request_euc_args_are_json_serializable and test_args_are_json_serializable are clean, robust, and correctly test the standard runner serialization boundary.

Recommended Next Step

• Approve and Merge PR fix: Make EUC request args JSON-serializable #6007. The changes are concise, highly effective, and fully verified by unit tests.