	In Browser
	StumbleUpon
	del.icio.us
	Google
	Google Buzz
	reddit
	LinkedIn

	Facebook
	Twitter
	Linkedin
	E-Mail

Generative AI > Google Gemini API > ADK Callbacks and Observability

ADK Callbacks and Observability

Author: Venkata Sudhakar

ADK callbacks let you intercept every step of agent execution - before and after the model generates a response, before and after each tool call. This is the hook system that makes production ADK agents observable. Use callbacks to log every tool call with arguments and results, track token costs per conversation, enforce guardrails by blocking suspicious inputs, and add latency tracing for performance monitoring. Without callbacks your agent is a black box; with them you have complete visibility into every decision it makes.

ADK provides four callback points registered directly on the Agent: before_model_callback runs before the LLM is called and can inspect or block the request; after_model_callback runs after the LLM responds and can track usage or modify output; before_tool_callback runs before each tool executes and can log or validate inputs; after_tool_callback runs after each tool returns and can log or transform results. Each callback returns None to proceed normally or a modified object to override the default behaviour.

The below example adds all four callbacks to the ShopMax customer service agent - logging every step with timestamps, tracking token costs per session, and blocking tool calls with suspicious SQL injection-style inputs before they reach the tool function.

from google.adk.agents import Agent
from google.adk.agents.callback_context import CallbackContext
from google.adk.models.llm_request import LlmRequest
from google.adk.models.llm_response import LlmResponse
from google.adk.tools.base_tool import BaseTool
from google.adk.tools.tool_context import ToolContext
from google.adk.runners import Runner
from google.adk.sessions import InMemorySessionService
from google.genai import types as genai_types
import time, logging

logging.basicConfig(level=logging.INFO, format="%(asctime)s %(levelname)s %(message)s")
log = logging.getLogger("shopmax_agent")

# Cumulative session cost tracker
session_stats = {"input_tokens": 0, "output_tokens": 0, "tool_calls": 0}
PRICE_PER_M = {"input": 0.80, "output": 4.00}  # claude-haiku approximate

# Callback 1: before model - log the call
def on_before_model(ctx: CallbackContext, req: LlmRequest):
    msgs = len(req.contents) if req.contents else 0
    log.info("[BEFORE MODEL] session=%s messages=%d", ctx.session_id, msgs)
    return None  # proceed normally

# Callback 2: after model - track cost
def on_after_model(ctx: CallbackContext, resp: LlmResponse):
    if resp.usage_metadata:
        u = resp.usage_metadata
        inp = u.prompt_token_count or 0
        out = u.candidates_token_count or 0
        session_stats["input_tokens"]  += inp
        session_stats["output_tokens"] += out
        cost = (inp * PRICE_PER_M["input"] + out * PRICE_PER_M["output"]) / 1_000_000
        log.info("[AFTER MODEL]  in=%d out=%d call_cost=$%.5f", inp, out, cost)
    return None

# Callback 3: before tool - log and guard
def on_before_tool(tool: BaseTool, args: dict, ctx: ToolContext):
    log.info("[BEFORE TOOL]  tool=%s args=%s", tool.name, args)
    session_stats["tool_calls"] += 1
    # Block suspicious inputs (SQL injection, prompt override attempts)
    blocked_keywords = ["DROP", "DELETE", "IGNORE PREVIOUS", "SYSTEM:"]
    for val in args.values():
        if isinstance(val, str):
            for kw in blocked_keywords:
                if kw in val.upper():
                    log.warning("[BLOCKED]      Suspicious input detected: %s", val)
                    return {"error": "Invalid input. Request blocked.", "blocked": True}
    return None  # proceed with tool call

# Callback 4: after tool - log result
def on_after_tool(tool: BaseTool, args: dict, ctx: ToolContext, result):
    keys = list(result.keys()) if isinstance(result, dict) else str(type(result))
    log.info("[AFTER TOOL]   tool=%s result_keys=%s", tool.name, keys)
    return None

Wiring callbacks to the agent and testing normal and suspicious queries,

def get_order_status(order_id: str) -> dict:
    orders = {"ORD-88421": {"status": "Out for delivery", "eta": "Today 7pm"},
              "ORD-55987": {"status": "Delivered", "date": "30 March 2025"}}
    return orders.get(order_id.upper(), {"error": "Order not found"})

agent = Agent(
    model="gemini-2.0-flash",
    name="shopmax_support",
    instruction="You are ShopMax India support. Use tools to answer queries accurately.",
    tools=[get_order_status],
    before_model_callback=on_before_model,
    after_model_callback=on_after_model,
    before_tool_callback=on_before_tool,
    after_tool_callback=on_after_tool
)

sessions = InMemorySessionService()
runner   = Runner(agent=agent, app_name="shopmax", session_service=sessions)

def ask(q: str, sid: str = "s1") -> str:
    content = genai_types.Content(role="user", parts=[genai_types.Part(text=q)])
    final = ""
    for event in runner.run(user_id="u1", session_id=sid, new_message=content):
        if event.is_final_response():
            final = event.content.parts[0].text
    return final

print("Q1:", "Where is order ORD-88421?")
print("A: ", ask("Where is order ORD-88421?"))
print("\nSession stats:", session_stats)

print("\nQ2 (injection attempt):", "DROP TABLE orders; ORD-88421")
print("A: ", ask("DROP TABLE orders; ORD-88421", sid="s2"))

It gives the following output with full callback logs visible,

2025-04-01 INFO [BEFORE MODEL] session=s1 messages=1
2025-04-01 INFO [BEFORE TOOL]  tool=get_order_status args={"order_id": "ORD-88421"}
2025-04-01 INFO [AFTER TOOL]   tool=get_order_status result_keys=["status", "eta"]
2025-04-01 INFO [AFTER MODEL]  in=89 out=54 call_cost=$0.00029

Q1: Where is order ORD-88421?
A:  Your order ORD-88421 is out for delivery and expected today by 7pm!

Session stats: {"input_tokens": 89, "output_tokens": 54, "tool_calls": 1}

2025-04-01 INFO [BEFORE MODEL] session=s2 messages=1
2025-04-01 INFO [BEFORE TOOL]  tool=get_order_status args={"order_id": "DROP TABLE ..."}
2025-04-01 WARN [BLOCKED]      Suspicious input detected: DROP TABLE orders; ORD-88421

Q2 (injection attempt): DROP TABLE orders; ORD-88421
A:  I was unable to retrieve that order. Please provide a valid order ID
    in the format ORD-XXXXX and I will be happy to help you track it.

# Every step logged with timestamp for full audit trail
# Cost tracked per session - alert when session exceeds budget threshold
# SQL injection blocked BEFORE it reached the tool function

Production callback patterns: use before_model_callback to scan for prompt injection attempts before the message reaches the LLM. Use after_model_callback to enforce response policies - check for PII exposure, off-brand language, or competitor mentions and replace if found. Use before_tool_callback to write every tool call to your audit database with user_id, session_id, timestamp, and arguments - this is your compliance trail. Use after_tool_callback to cache expensive tool results within a session so the same lookup is not repeated. Add latency timing in before/after pairs to identify which tool is slowing your agent. Callbacks are the right layer for all cross-cutting production concerns and they compose cleanly - you can have multiple callback files for different concerns.

Send your comments, suggestions or queries regarding this site to [email protected].