When using DatabaseSessionService with a string connection URI (e.g. --session_service_uri on the CLI), ADK resolves it via getConnectionOptionsFromUri in sessions/db/operations.js.
That helper parses new URL(uri) but only destructures host, port, username, password, and pathname. It builds MikroORM options from those fields plus driver / entities.
The URL search / searchParams (everything after ?) is never read and is not mapped to driverOptions, clientUrl, or any other field passed to MikroORM.init.
Impact
Common Postgres URLs rely on the query string for TLS and driver behavior, e.g.:
postgresql://…/db?sslmode=require (managed providers such as Neon)
With the current implementation, sslmode=require in the URL has no effect. The client may connect without the intended SSL settings, and Neon responds with errors like:
connection is insecure (try using sslmode=require)
This is confusing because the same URI works with clients that honor the full connection string (e.g. direct pg use with connectionString: uri).
Expected behavior
honor search params for postgres connection string
Environment
@google/adk: e.g. 0.6.1
Runtime: Node.js 22+
Repro: --session_service_uri 'postgresql://user:pass@HOST/DB?sslmode=require' against a host that requires TLS.
Workaround
for ssl requirement (but not other search param options)
export PGSSLMODE=require
it hints the pg driver to use SSL on connection independently and works around the connection problem
When using DatabaseSessionService with a string connection URI (e.g. --session_service_uri on the CLI), ADK resolves it via getConnectionOptionsFromUri in sessions/db/operations.js.
That helper parses new URL(uri) but only destructures host, port, username, password, and pathname. It builds MikroORM options from those fields plus driver / entities.
The URL search / searchParams (everything after ?) is never read and is not mapped to driverOptions, clientUrl, or any other field passed to MikroORM.init.
Impact
Common Postgres URLs rely on the query string for TLS and driver behavior, e.g.:
postgresql://…/db?sslmode=require (managed providers such as Neon)
With the current implementation, sslmode=require in the URL has no effect. The client may connect without the intended SSL settings, and Neon responds with errors like:
connection is insecure (try using sslmode=require)
This is confusing because the same URI works with clients that honor the full connection string (e.g. direct pg use with connectionString: uri).
Expected behavior
honor search params for postgres connection string
Environment
@google/adk: e.g. 0.6.1
Runtime: Node.js 22+
Repro: --session_service_uri 'postgresql://user:pass@HOST/DB?sslmode=require' against a host that requires TLS.
Workaround
for ssl requirement (but not other search param options)
export PGSSLMODE=require
it hints the pg driver to use SSL on connection independently and works around the connection problem