Agentic Engineering · · 9 min
Google ADK: 30+ Integrations for AI Agents
Google ADK now has 30+ integrations (GitHub, Stripe, Qdrant). Understand what changes in AI agent architecture in production.
Fabiano Brito
CEO & Founder
TL;DR
The ADK now connects agents to 30+ platforms (GitHub, Stripe, Qdrant, Notion, Mailgun…) via
McpToolset with a few lines of config. The technical bottleneck became a commodity; the real bottleneck now is minimal permission, observability and governance. Start with read (GitHub read-only, Notion search), observability before production, and mandatory human-in-the-loop for irreversible actions.
An agent that "thinks" is interesting. An agent that opens a PR on GitHub, fires a payment on Stripe, writes semantic memory to Qdrant and sends an email via Mailgun — all in a single orchestrated flow — is operationally useful. On February 27, 2026, Google announced exactly that: the expansion of the Agent Development Kit (ADK) with more than 30 native integrations from leading partners.
<hr />
<h2>What Google announced — without romanticizing</h2>
<p>The <a href="https://developers.googleblog.com/supercharge-your-ai-agents-adk-integrations-ecosystem/" target="_blank" rel="noopener">official Google Developers blog</a> (Feb 27, 2026) describes the ADK expansion as an ecosystem of third-party integrations organized into eight functional categories. The premise is straightforward: the framework already provided orchestration primitives; it now delivers ready-made connectors for the real world.</p>
<p>The integration architecture is uniform: you configure a <code>McpToolset</code> pointing to the partner's MCP endpoint (or use the ADK's native <code>plugin</code>), pass scoped credentials and the agent gains access to that system's tools. The core agent — model, instructions, memory — doesn't change.</p>
<div class="blog-table-container">
<table class="blog-table">
<thead>
<tr>
<th>Category</th>
<th>Available partners</th>
<th>Example agent action</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Code & Dev</strong></td>
<td>Daytona, GitHub, GitLab, Postman, Restate</td>
<td>Open PR, run tests in isolated sandbox, inspect CI/CD pipeline</td>
</tr>
<tr>
<td><strong>Project Management</strong></td>
<td>Asana, Atlassian, Linear, Notion</td>
<td>Create issue, update sprint, search documentation in Confluence</td>
</tr>
<tr>
<td><strong>Databases & Vector</strong></td>
<td>Chroma, MongoDB, Pinecone</td>
<td>Semantic search, collection query, result reranking</td>
</tr>
<tr>
<td><strong>Persistent Memory</strong></td>
<td>GoodMem, Qdrant</td>
<td>Save context between sessions, retrieve multimodal memory</td>
</tr>
<tr>
<td><strong>Observability</strong></td>
<td>AgentOps, Arize AX, MLflow, W&B Weave, Phoenix</td>
<td>Session replay, tool-use tracing, LLM evaluation in production</td>
</tr>
<tr>
<td><strong>Connectors</strong></td>
<td>n8n, StackOne</td>
<td>Trigger workflow, connect to 200+ SaaS via unified gateway</td>
</tr>
<tr>
<td><strong>Payments</strong></td>
<td>PayPal, Stripe</td>
<td>Issue invoice, process subscription, query history</td>
</tr>
<tr>
<td><strong>Voice & Audio</strong></td>
<td>Cartesia, ElevenLabs</td>
<td>Generate speech, clone voice, transcribe audio</td>
</tr>
<tr>
<td><strong>Email & Messaging</strong></td>
<td>AgentMail, Mailgun</td>
<td>Manage dedicated agent inbox, send and track emails</td>
</tr>
<tr>
<td><strong>AI & Datasets</strong></td>
<td>Hugging Face</td>
<td>Access models, datasets and papers; run Gradio apps</td>
</tr>
</tbody>
</table>
</div>
<p>Beyond third-party integrations, the ADK already includes native connectors to Google Cloud services: BigQuery, Spanner, Pub/Sub and others — relevant for those operating within the GCP ecosystem.</p>
<hr />
<h2>What this means in practice — the section that matters</h2>
<h3>Before vs. After the ADK ecosystem</h3>
<div class="blog-table-container">
<table class="blog-table">
<thead>
<tr>
<th>Scenario</th>
<th>Before (manual integration)</th>
<th>Now (ADK + McpToolset)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Agent opens PR on GitHub</td>
<td>GitHub SDK + custom wrapper + manual auth</td>
<td><code>McpToolset</code> with scoped token, 10 lines of config</td>
</tr>
<tr>
<td>Agent saves memory between sessions</td>
<td>Own vector database + embedding logic + retrieval</td>
<td>Qdrant or GoodMem plugin with automatic persistence</td>
</tr>
<tr>
<td>Agent triggers payment</td>
<td>Manual Stripe integration + validation + audit</td>
<td>Stripe plugin — but <strong>requires human approval guardrail</strong></td>
</tr>
<tr>
<td>Observe what the agent did</td>
<td>Ad-hoc logs, no tool-use traceability</td>
<td>AgentOps / Phoenix / MLflow with native ADK tracing</td>
</tr>
</tbody>
</table>
</div>
<h3>4-step adoption pipeline (workshop-tested)</h3>
<ol>
<li><strong>Map the target workflow</strong> — identify which systems the agent needs to touch and in what order. Don't connect everything at once.</li>
<li><strong>Start with read integrations</strong> — GitHub read-only, Notion search, Confluence query. Validate the agent's reasoning before enabling writes.</li>
<li><strong>Add observability before production</strong> — install AgentOps or Phoenix from the start. Without tracing, you're flying blind.</li>
<li><strong>Enable writes/payments with human approval</strong> — use <code>human_in_the_loop</code> for irreversible actions (merge, payment, mass email send).</li>
</ol>
<hr />
<h2>Risks and frictions the announcement doesn't mention</h2>
<p>The ADK ecosystem solves the connection problem. But the <strong>governance</strong> problem is yours — and it gets bigger as the agent gains more tools.</p>
<h3>1. Attack surface explosion</h3>
<p>Each integration is a potential prompt injection vector. An agent with access to GitHub + Stripe + email can, if misconfigured, leak data, trigger charges or send unauthorized communications. Access tokens must be scoped to the minimum necessary — read where possible, write only where demonstrably needed.</p>
<h3>2. Token cost scales with tools</h3>
<p>Each tool call adds tokens to the context. An agent with 10 active integrations making 5 calls per flow can consume 3–5x more tokens than a simple agent. Monitor cost per session from day 1.</p>
<h3>3. Persistent memory creates compliance risk</h3>
<p>GoodMem and Qdrant write context between sessions. In regulated sectors (healthcare, finance, education), this requires retention policy, anonymization and audit. "Memory" without governance is unmanaged personal data.</p>
<h3>4. Dependency on third-party SLAs</h3>
<p>If the partner's MCP endpoint goes down, your agent loses that tool. Implement fallback and circuit breaker for critical integrations.</p>
<hr />
<h2>Code example: GitHub Agent with ADK</h2>
<p>Google's official blog provides a direct example. In Python, adding GitHub to your ADK agent looks like this:</p>
<div class="blog-code-block">from google.adk.agents import Agent from google.adk.tools.mcp_tool import McpToolset from google.adk.tools.mcp_tool.mcp_session_manager import StreamableHTTPServerParams
GITHUB_TOKEN = “YOUR_GITHUB_TOKEN” # use scoped token (read-only where possible)
root_agent = Agent( model=“gemini-2.0-flash”, name=“github_agent”, instruction=“Help the user query repositories and issues on GitHub”, tools=[ McpToolset( connection_params=StreamableHTTPServerParams( url=“https://api.githubcopilot.com/mcp/”, headers={ “Authorization”: f”Bearer {GITHUB_TOKEN}”, “X-MCP-Toolsets”: “all”, “X-MCP-Read-Only”: “true” # explicit guardrail }, ), ) ], )
The pattern is the same for any integration: swap the endpoint and credentials. The agent doesn’t need to know how GitHub works internally — only what it can do.
<hr />
<h2>Connection to A-MAD: where the ADK ecosystem fits</h2>
<p>In the <strong>A-MAD (AI-Managed Agile Development)</strong> methodology we apply in Autenticare projects, the ADK with integrations specifically solves the <em>autonomous execution</em> layer — the point where the agent stops being a chat assistant and becomes an active participant in the workflow.</p>
<p>In real projects, we see three adoption patterns that work well with this ecosystem:</p>
<ul>
<li><strong>Issue triage agent</strong> — reads GitHub/Linear, classifies by severity, assigns to the right dev, updates Notion. Zero code writing, high operational impact.</li>
<li><strong>Customer onboarding agent</strong> — queries CRM, generates contract from template, fires email via Mailgun, creates workspace in Notion. A flow that took 2 days takes 20 minutes.</li>
<li><strong>Financial monitoring agent</strong> — queries Stripe, consolidates metrics, generates report and sends via email. Replaces manual weekly dashboard.</li>
</ul>
<p>In all cases, the rule is the same: <strong>observability first, autonomy second</strong>. Install Phoenix or AgentOps before putting the agent in production. Understand the tool-use pattern before removing the human from the loop.</p>
<hr />
<h2>Readiness checklist before flipping the switch</h2>
<ul>
<li>☐ Access tokens scoped to minimum necessary per integration</li>
<li>☐ Observability configured (tool-use tracing, session logs)</li>
<li>☐ Human approval active for irreversible actions (payment, merge, mass email)</li>
<li>☐ Retention policy defined for persistent memory (Qdrant/GoodMem)</li>
<li>☐ Fallback implemented for critical integrations</li>
<li>☐ Prompt injection tests with adversarial inputs before production</li>
<li>☐ Token cost monitoring per session active</li>
</ul>
<blockquote>
Observability first, autonomy second. Install Phoenix or AgentOps before putting the agent in production — understand the tool-use pattern before removing the human from the loop.
</blockquote>Agentic maturity
Want to apply this checklist in your context?
Agentic maturity diagnostic + adoption roadmap with governance (observability, scoped permissions, HITL for irreversible actions). 4 weeks with executive deliverable.