geadm 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. geadm-0.1.0/.claude/agents/discoveryengine-lister.md +7 -0
  2. geadm-0.1.0/.claude/agents/ge-api-researcher.md +7 -0
  3. geadm-0.1.0/.claude/agents/logging-inspector.md +7 -0
  4. geadm-0.1.0/.claude/agents/monitoring-stats.md +7 -0
  5. geadm-0.1.0/.claude/agents/readonly-auditor.md +7 -0
  6. geadm-0.1.0/.claude/skills/ge-api-drift/SKILL.md +70 -0
  7. geadm-0.1.0/.github/workflows/release-please.yml +25 -0
  8. geadm-0.1.0/.github/workflows/release.yml +27 -0
  9. geadm-0.1.0/.github/workflows/test.yml +30 -0
  10. geadm-0.1.0/.gitignore +5 -0
  11. geadm-0.1.0/AGENTS.md +57 -0
  12. geadm-0.1.0/CHANGELOG.md +24 -0
  13. geadm-0.1.0/LICENSE +21 -0
  14. geadm-0.1.0/PKG-INFO +172 -0
  15. geadm-0.1.0/README.md +141 -0
  16. geadm-0.1.0/geadm/__init__.py +3 -0
  17. geadm-0.1.0/geadm/auth.py +180 -0
  18. geadm-0.1.0/geadm/commands/__init__.py +1 -0
  19. geadm-0.1.0/geadm/commands/doctor.py +212 -0
  20. geadm-0.1.0/geadm/commands/info.py +376 -0
  21. geadm-0.1.0/geadm/commands/logs.py +801 -0
  22. geadm-0.1.0/geadm/commands/ls.py +488 -0
  23. geadm-0.1.0/geadm/commands/stats.py +545 -0
  24. geadm-0.1.0/geadm/duration.py +31 -0
  25. geadm-0.1.0/geadm/main.py +132 -0
  26. geadm-0.1.0/geadm/render.py +87 -0
  27. geadm-0.1.0/pyproject.toml +55 -0
  28. geadm-0.1.0/tests/conftest.py +120 -0
  29. geadm-0.1.0/tests/test_cli.py +41 -0
  30. geadm-0.1.0/tests/test_doctor.py +84 -0
  31. geadm-0.1.0/tests/test_duration.py +40 -0
  32. geadm-0.1.0/tests/test_info.py +168 -0
  33. geadm-0.1.0/tests/test_logs.py +281 -0
  34. geadm-0.1.0/tests/test_ls.py +142 -0
  35. geadm-0.1.0/tests/test_readonly.py +45 -0
  36. geadm-0.1.0/tests/test_render.py +38 -0
  37. geadm-0.1.0/tests/test_stats.py +176 -0
  38. geadm-0.1.0/uv.lock +727 -0
@@ -0,0 +1,7 @@
1
+ ---
2
+ name: discoveryengine-lister
3
+ description: Use to implement the `geadm ls` command group (engines, datastores, connectors, agents) using read-only Discovery Engine list calls. Returns the implemented files and a note of which methods were used.
4
+ tools: Read, Write, Edit, Bash, Grep, Glob
5
+ model: sonnet
6
+ ---
7
+ You implement `geadm/commands/ls.py` only. Use the get_clients() factory from geadm/auth.py — never construct clients yourself. Implement engines/datastores/connectors/agents listing via read-only Discovery Engine list_* methods, walking the default_collection hierarchy from the brief. Render with geadm/render.py helpers and support --json. Absolutely no create/update/delete/import calls. End with a one-paragraph summary of the methods used.
@@ -0,0 +1,7 @@
1
+ ---
2
+ name: ge-api-researcher
3
+ description: Use before implementation to confirm current google-cloud-discoveryengine method names, the ClientOptions regional-endpoint pattern, and the exact Cloud Logging field names/filters for Gemini Enterprise (connector_activity, consumed_api, principal email). Returns a short markdown reference of verified names and one code snippet per client.
4
+ tools: Read, Grep, Glob, WebFetch, WebSearch
5
+ model: haiku
6
+ ---
7
+ You verify GCP API surfaces so the builder agents don't hallucinate. Check the current Discovery Engine Python client (list_engines, list_data_stores, list of the connector/agent resources) and the Cloud Logging filter fields named in the project brief against official Google Cloud docs. Return a concise markdown reference: verified client class + method names, the regional-endpoint ClientOptions snippet, and confirmed log filter strings including the correct principal-email field. Flag anything that has drifted. Do not write project code.
@@ -0,0 +1,7 @@
1
+ ---
2
+ name: logging-inspector
3
+ description: Use to implement `geadm logs connector` and `geadm logs user` against Cloud Logging using the exact filters in the brief. Returns the implemented file and the final filter strings used.
4
+ tools: Read, Write, Edit, Bash, Grep, Glob
5
+ model: sonnet
6
+ ---
7
+ You implement `geadm/commands/logs.py` only. Use get_clients() for the logging client. Build the connector_activity and consumed_api filters exactly as specified in the brief, honour --severity and --since, and scope `logs user` by principal email. `logs user` MUST call render.warn_banner() first because it can surface user prompt content. Read-only: only entries.list. Support --json. End by printing the final filter strings you settled on.
@@ -0,0 +1,7 @@
1
+ ---
2
+ name: monitoring-stats
3
+ description: Use to implement `geadm stats` using read-only Cloud Monitoring time series (query volume, latency, connector sync freshness). Returns the file and the metric types queried.
4
+ tools: Read, Write, Edit, Bash, Grep, Glob
5
+ model: sonnet
6
+ ---
7
+ You implement `geadm/commands/stats.py` only. Use get_clients() for the monitoring client, list_time_series over the --since window, and render summary tables via render.py. Discover the relevant discoveryengine.googleapis.com metric descriptors first, then chart counts/latency and the freshest connector sync time. Read-only. Support --json. End by listing the metric types you used.
@@ -0,0 +1,7 @@
1
+ ---
2
+ name: readonly-auditor
3
+ description: Use after all commands are built to prove the tool is read-only and correctly scoped. Returns a PASS/FAIL report by file with line references.
4
+ tools: Read, Grep, Glob
5
+ model: sonnet
6
+ ---
7
+ You are a read-only safety auditor. Grep the whole codebase for any mutating client calls (create, update, patch, delete, import, purge, set, write-style RPCs) and fail if any exist outside comments. Confirm clients are only ever built in geadm/auth.py, that `logs user` calls warn_banner() before output, and that --help text names the viewer roles. Produce a PASS/FAIL table per file with file:line references. You cannot edit files — report only.
@@ -0,0 +1,70 @@
1
+ ---
2
+ name: ge-api-drift
3
+ description: Reconcile every Gemini Enterprise / Discovery Engine API surface geadm uses against the installed google-cloud-discoveryengine client and current Google Cloud docs, highlighting new or deprecated calls. Use after upgrading the client dependency, before a release, or when a command misbehaves against a live project.
4
+ ---
5
+
6
+ # GE API drift check
7
+
8
+ Verify that the API surfaces geadm depends on are still consistent with the
9
+ Discovery Engine product, and report anything new or deprecated. Do not change
10
+ behaviour in this skill — produce a report; fixes happen in a follow-up PR via
11
+ the owning subagent.
12
+
13
+ ## Step 1 — inventory what geadm uses
14
+
15
+ Build the "used surface" list from the code (don't work from memory):
16
+
17
+ - **Python client calls**: `grep -n "discoveryengine\|list_\|get_" geadm/commands/*.py geadm/auth.py` — collect every client class passed to `Clients.discoveryengine()` and every method invoked on it, plus `logging.list_entries`, `monitoring.list_time_series`, `list_metric_descriptors`.
18
+ - **REST paths**: every `rest_get(...)` call — note the API version segment (`v1alpha/...`) and resource shape (collections list, `dataConnector` singleton, `assistants/default_assistant/agents`, logging `v2/projects/{p}/logs`).
19
+ - **Log names & filter fields**: from `geadm/commands/logs.py` — `connector_activity`, `gemini_enterprise_user_activity`, `jsonPayload.userIamPrincipal`, `jsonPayload.LogMetadata.name` / `logMetadata`, `serviceTextReply`, `request.query.text|parts|userPromptData`.
20
+ - **Metric filters**: from `geadm/commands/stats.py` — the `starts_with("discoveryengine.googleapis.com/")` discovery filter and the `quota/<name>/{usage,limit,exceeded}` pattern.
21
+
22
+ ## Step 2 — check against the installed client
23
+
24
+ Introspect the environment, not the docs, for the Python surface:
25
+
26
+ ```sh
27
+ uv run python - <<'EOF'
28
+ import inspect
29
+ from google.cloud import discoveryengine_v1, discoveryengine_v1alpha
30
+ for mod in (discoveryengine_v1, discoveryengine_v1alpha):
31
+ clients = [n for n in dir(mod) if n.endswith("ServiceClient")]
32
+ print(mod.__name__, "->", clients)
33
+ EOF
34
+ ```
35
+
36
+ - Confirm every used class/method still exists and emits no `DeprecationWarning` on import/call signature inspection.
37
+ - Flag **new** service clients relevant to geadm's scope (e.g. a real
38
+ `DataConnectorServiceClient` or agent-listing client appearing would let the
39
+ v1alpha REST fallbacks in `ls.py` be replaced).
40
+ - Note the installed package version (`uv run python -c "import google.cloud.discoveryengine as d; print(d.__version__)"`) and the latest on PyPI.
41
+
42
+ ## Step 3 — verify REST/logging/metric surfaces against docs
43
+
44
+ Use the `ge-api-researcher` subagent ("Use the ge-api-researcher subagent to
45
+ …") to confirm, from official Google Cloud documentation:
46
+
47
+ - the v1alpha REST resources geadm GETs still exist at those paths, and whether
48
+ any have been promoted to v1/v1beta (promotion = update the path);
49
+ - the Cloud Logging log names and payload fields (especially
50
+ `jsonPayload.userIamPrincipal` and `serviceTextReply`) are still documented/
51
+ current;
52
+ - any newly documented `discoveryengine.googleapis.com` metrics or quota
53
+ metrics worth surfacing in `stats`/`quota`.
54
+
55
+ If docs and verified live behaviour (see memory / tests) disagree, trust the
56
+ live shape but flag the discrepancy.
57
+
58
+ ## Step 4 — report
59
+
60
+ Produce a drift report with three sections:
61
+
62
+ 1. **Consistent** — used surfaces confirmed current (one line each).
63
+ 2. **Deprecated / changed** — anything removed, renamed, promoted to a newer
64
+ API version, or emitting deprecation warnings; include the geadm file:line
65
+ that uses it and the recommended replacement.
66
+ 3. **New / unused opportunities** — newly available clients, methods, log
67
+ fields or metrics geadm could adopt.
68
+
69
+ End with a verdict: `NO DRIFT`, or `DRIFT FOUND` plus which subagent should
70
+ implement each fix. Read-only throughout — this skill never edits geadm code.
@@ -0,0 +1,25 @@
1
+ name: release-please
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+
7
+ permissions:
8
+ contents: write
9
+ pull-requests: write
10
+
11
+ jobs:
12
+ release-please:
13
+ runs-on: ubuntu-latest
14
+ steps:
15
+ - uses: googleapis/release-please-action@v4
16
+ with:
17
+ # Runs with the default Actions token: the egen org forbids classic
18
+ # PATs and fine-grained PATs are not enabled, so release PRs do not
19
+ # trigger the required `test` checks on their own. To release:
20
+ # gh pr close <release-pr> && gh pr reopen <release-pr>
21
+ # (close/reopen re-delivers the pull_request event and CI runs).
22
+ # If a RELEASE_PLEASE_TOKEN secret is ever added, it takes over and
23
+ # the workaround becomes unnecessary.
24
+ token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
25
+ release-type: python
@@ -0,0 +1,27 @@
1
+ name: release
2
+
3
+ on:
4
+ release:
5
+ types: [published]
6
+
7
+ jobs:
8
+ publish:
9
+ runs-on: ubuntu-latest
10
+ environment: pypi
11
+ permissions:
12
+ # Required for PyPI Trusted Publishing (OIDC) — no API tokens.
13
+ id-token: write
14
+ contents: read
15
+ steps:
16
+ - uses: actions/checkout@v7
17
+
18
+ - name: Install uv
19
+ uses: astral-sh/setup-uv@v8.2.0
20
+
21
+ - name: Build sdist and wheel
22
+ run: uv build
23
+
24
+ - name: Publish to PyPI
25
+ uses: pypa/gh-action-pypi-publish@release/v1
26
+ with:
27
+ packages-dir: dist/
@@ -0,0 +1,30 @@
1
+ name: test
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+
8
+ jobs:
9
+ test:
10
+ runs-on: ubuntu-latest
11
+ strategy:
12
+ matrix:
13
+ python-version: ["3.11", "3.12", "3.13"]
14
+ steps:
15
+ - uses: actions/checkout@v7
16
+
17
+ - name: Install uv
18
+ uses: astral-sh/setup-uv@v8.2.0
19
+ with:
20
+ python-version: ${{ matrix.python-version }}
21
+ enable-cache: true
22
+
23
+ - name: Install dependencies
24
+ run: uv sync
25
+
26
+ - name: Run tests
27
+ run: uv run pytest -q
28
+
29
+ - name: CLI smoke test
30
+ run: uv run geadm --help
geadm-0.1.0/.gitignore ADDED
@@ -0,0 +1,5 @@
1
+ .venv/
2
+ __pycache__/
3
+ *.egg-info/
4
+ .claude/settings.local.json
5
+ dist/
geadm-0.1.0/AGENTS.md ADDED
@@ -0,0 +1,57 @@
1
+ # Agent instructions for geadm
2
+
3
+ This repository is built and maintained with AI coding agents. If you are an
4
+ agent working here, follow these rules.
5
+
6
+ ## Use the project subagents
7
+
8
+ Definitions live in `.claude/agents/`. Delegate explicitly ("Use the X
9
+ subagent to …") rather than doing everything in the main session:
10
+
11
+ | Subagent | When to use |
12
+ |---|---|
13
+ | `ge-api-researcher` | **Before** touching any API surface: verifies current google-cloud-discoveryengine method names, Cloud Logging field names/filters, and metric types against official docs so nothing is hallucinated. |
14
+ | `discoveryengine-lister` | Changes to `geadm/commands/ls.py` (inventory listing). |
15
+ | `logging-inspector` | Changes to `geadm/commands/logs.py` (log filters, tailing, normalization). |
16
+ | `monitoring-stats` | Changes to `geadm/commands/stats.py` (metrics, quotas). |
17
+ | `readonly-auditor` | **After** any change that touches API calls: greps the tree for mutating calls and confirms the read-only guarantees still hold. |
18
+
19
+ The main session owns the shared contracts (`geadm/auth.py`, `geadm/render.py`,
20
+ `geadm/duration.py`, `geadm/main.py`, `geadm/commands/doctor.py`) and the final
21
+ wiring; builders must not edit files outside their charter.
22
+
23
+ ## Skills
24
+
25
+ Run `/ge-api-drift` (defined in `.claude/skills/ge-api-drift/`) whenever the
26
+ google-cloud-discoveryengine dependency is upgraded, before a release, or when
27
+ a command misbehaves against a live project — it reconciles every API surface
28
+ geadm uses against the installed client and current docs, and highlights new
29
+ or deprecated calls.
30
+
31
+ ## Hard constraints
32
+
33
+ - **Read-only.** geadm must never call a mutating RPC (create/update/patch/
34
+ delete/import/purge). Only `list_*`, `get_*`, `entries.list`,
35
+ `list_time_series` / `list_metric_descriptors`, and GET-only REST via
36
+ `Clients.rest_get`. `tests/test_readonly.py` enforces this — keep it passing.
37
+ - **Clients are constructed only in `geadm/auth.py`** (ADC only, no key files).
38
+ - `geadm logs user` must call `render.warn_banner()` before any other output.
39
+ - Every command supports `--json`; progress/warnings go to stderr, data to stdout.
40
+
41
+ ## Workflow
42
+
43
+ `main` is protected: changes go through a feature branch and PR, and the
44
+ `test (3.11/3.12/3.13)` checks must pass. Run `uv run pytest -q` locally before
45
+ pushing. Verified live behaviour beats documentation — when docs and a live
46
+ log/metric disagree, trust the live shape and record it in a test.
47
+
48
+ ### Commit messages
49
+
50
+ Use [Conventional Commits](https://www.conventionalcommits.org/):
51
+ `<type>(<scope>): <imperative summary>` — e.g. `feat(logs): add gen_ai
52
+ content stream`, `fix(stats): humanize aggregate numbers`. Types: `feat`,
53
+ `fix`, `docs`, `test`, `refactor`, `perf`, `chore`, `ci`. Scope is the
54
+ command group or module (`ls`, `logs`, `stats`, `quota`, `doctor`, `auth`,
55
+ `render`, `agents`, `ci`). PR titles follow the same convention — they become
56
+ the squash-merge subject. Keep the body explaining *why*, and end agent
57
+ commits with the Co-Authored-By trailer.
@@ -0,0 +1,24 @@
1
+ # Changelog
2
+
3
+ ## 0.1.0 (2026-07-03)
4
+
5
+
6
+ ### Features
7
+
8
+ * **info:** add project overview with per-engine cards ([#8](https://github.com/egen/geadm/issues/8)) ([49b92e2](https://github.com/egen/geadm/commit/49b92e27eff310ba33428bcdbe320c2006f35d6e))
9
+ * **info:** show engine feature toggles and app type on cards ([#10](https://github.com/egen/geadm/issues/10)) ([fad2b5b](https://github.com/egen/geadm/commit/fad2b5b8651a8915af34eb6ac0f7a230dcb9f8a6))
10
+ * **logs:** add gen_ai prompt/response content stream ([#4](https://github.com/egen/geadm/issues/4)) ([432c1c8](https://github.com/egen/geadm/commit/432c1c8bf01b613e72d84dbf81239dcda21b7f7e))
11
+ * **ls:** add user license inventory ([#3](https://github.com/egen/geadm/issues/3)) ([708c173](https://github.com/egen/geadm/commit/708c173af1fcf1a283bc1a49712317362f46a926))
12
+ * **release:** add MIT license, packaging metadata and release pipeline ([#11](https://github.com/egen/geadm/issues/11)) ([308fe11](https://github.com/egen/geadm/commit/308fe11abecafca8daae6d5d853b0323efff9f3e))
13
+
14
+
15
+ ### Bug Fixes
16
+
17
+ * **logs:** parse structured gen_ai content payloads ([#6](https://github.com/egen/geadm/issues/6)) ([fa2662c](https://github.com/egen/geadm/commit/fa2662c0b3ee2a6b96d71d938fec10142168c061))
18
+ * **logs:** use non-markup prefixes for gen_ai tool/thought parts ([#7](https://github.com/egen/geadm/issues/7)) ([e40ec55](https://github.com/egen/geadm/commit/e40ec556ac38befa94881276ecc24b3e97a1a519))
19
+
20
+
21
+ ### Documentation
22
+
23
+ * **agents:** adopt Conventional Commits ([#5](https://github.com/egen/geadm/issues/5)) ([514a710](https://github.com/egen/geadm/commit/514a710cf82fe863e254c7e223a6a3d15606efb6))
24
+ * **readme:** document geadm info ([#9](https://github.com/egen/geadm/issues/9)) ([4494f56](https://github.com/egen/geadm/commit/4494f5646ea323ca6f16d04d01eac38423c9e99a))
geadm-0.1.0/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Egen
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
geadm-0.1.0/PKG-INFO ADDED
@@ -0,0 +1,172 @@
1
+ Metadata-Version: 2.4
2
+ Name: geadm
3
+ Version: 0.1.0
4
+ Summary: CLI for Google Gemini Enterprise
5
+ Project-URL: Homepage, https://github.com/egen/geadm
6
+ Project-URL: Repository, https://github.com/egen/geadm
7
+ Project-URL: Issues, https://github.com/egen/geadm/issues
8
+ Project-URL: Changelog, https://github.com/egen/geadm/blob/main/CHANGELOG.md
9
+ Author: Egen
10
+ Maintainer: Andrew McKinney
11
+ License: MIT
12
+ License-File: LICENSE
13
+ Keywords: agentspace,cli,discovery-engine,gemini-enterprise,google-cloud,observability
14
+ Classifier: Development Status :: 4 - Beta
15
+ Classifier: Environment :: Console
16
+ Classifier: Intended Audience :: Developers
17
+ Classifier: Intended Audience :: System Administrators
18
+ Classifier: License :: OSI Approved :: MIT License
19
+ Classifier: Operating System :: OS Independent
20
+ Classifier: Programming Language :: Python :: 3.11
21
+ Classifier: Programming Language :: Python :: 3.12
22
+ Classifier: Programming Language :: Python :: 3.13
23
+ Classifier: Topic :: System :: Monitoring
24
+ Requires-Python: >=3.11
25
+ Requires-Dist: google-cloud-discoveryengine>=0.13
26
+ Requires-Dist: google-cloud-logging>=3.10
27
+ Requires-Dist: google-cloud-monitoring>=2.21
28
+ Requires-Dist: rich>=13.7
29
+ Requires-Dist: typer>=0.12
30
+ Description-Content-Type: text/markdown
31
+
32
+ # geadm
33
+
34
+ [![Gemini Enterprise](https://img.shields.io/badge/Gemini%20Enterprise-Discovery%20Engine-4285F4?logo=googlecloud&logoColor=white)](https://cloud.google.com/gemini/enterprise)
35
+ [![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)
36
+ [![Python](https://img.shields.io/badge/python-3.11%2B-3776AB?logo=python&logoColor=white)](https://www.python.org/)
37
+
38
+ **geadm** is a command-line companion for operating **Google Gemini Enterprise**.
39
+ It gives platform teams fast answers to the questions that come up daily while
40
+ running a Gemini Enterprise deployment: What's deployed? Are the connectors
41
+ syncing? What are users asking, and what is Model Armor flagging? How close are
42
+ we to a quota ceiling? Is everything healthy?
43
+
44
+ It inventories engines, data stores, connectors and agents; inspects and tails
45
+ the platform's Cloud Logging streams; summarises Cloud Monitoring metrics and
46
+ quota utilisation; and runs a one-shot health check across all of it.
47
+
48
+ By design, the current release is strictly read-only — every command works with
49
+ viewer roles alone, so it can be handed to anyone on the team without change-risk.
50
+ It may grow administrative verbs (e.g. triggering connector syncs, managing
51
+ agents) in a future release.
52
+
53
+ Contributing with an AI coding agent? Read [AGENTS.md](AGENTS.md) — it maps
54
+ the project subagents, skills and hard constraints.
55
+
56
+ ## Install
57
+
58
+ ```sh
59
+ uv tool install geadm # or: pipx install geadm / pip install geadm
60
+ ```
61
+
62
+ From a checkout:
63
+
64
+ ```sh
65
+ uv tool install .
66
+ # or for development:
67
+ uv sync && uv run geadm --help
68
+ ```
69
+
70
+ ## Authentication & roles
71
+
72
+ geadm uses Application Default Credentials (`gcloud auth application-default login`);
73
+ it never reads or writes key files.
74
+
75
+ | Role | Used by |
76
+ |---|---|
77
+ | `roles/discoveryengine.viewer` | `geadm ls …`, `geadm doctor` |
78
+ | `roles/logging.viewer` | `geadm logs …`, `geadm doctor` |
79
+ | `roles/monitoring.viewer` | `geadm stats`, `geadm quota`, `geadm doctor` |
80
+
81
+ User credentials (as opposed to service accounts) also need a quota project:
82
+ geadm uses the target project automatically, which requires
83
+ `serviceusage.services.use` there. If you don't have it, pass
84
+ `--quota-project <other-project>` (or set `GOOGLE_CLOUD_QUOTA_PROJECT`) to bill
85
+ a project you can use.
86
+
87
+ Enabling connector/observability *logging* on a project is a one-time setup
88
+ step requiring `roles/discoveryengine.agentspaceAdmin`; geadm only ever reads
89
+ what's there.
90
+
91
+ ## Commands
92
+
93
+ Global options: `--project` (defaults to the ADC project), `--location`
94
+ (default `global`; regional locations are routed to
95
+ `{location}-discoveryengine.googleapis.com`). Every command supports `--json`
96
+ for machine-readable output, and time-windowed commands take `--since`
97
+ (`30m`, `1h`, `24h`, `7d`).
98
+
99
+ ### Overview — `geadm info`
100
+
101
+ ```sh
102
+ geadm info
103
+ ```
104
+
105
+ Project-wide dashboard: summary tiles (engines, data stores, connector
106
+ health, agents, license seats/activation/unmet demand) plus a card per
107
+ engine showing its data stores with their connector sources and its agents
108
+ ("My Agent" user defaults are grouped into a single ×N line).
109
+
110
+ ### Inventory — `geadm ls`
111
+
112
+ ```sh
113
+ geadm ls engines|datastores|connectors|agents|licenses
114
+ ```
115
+
116
+ Walks the collection hierarchy: engines and data stores under
117
+ `default_collection`, data connectors across *all* collections (each
118
+ connector-backed source lives in its own), agents per engine, and user
119
+ licenses in the project's `default_user_store`.
120
+
121
+ ### Logs — `geadm logs`
122
+
123
+ ```sh
124
+ geadm logs connector [--datastore ID] [--severity ERROR] [--since 1h]
125
+ geadm logs user [email] [--since 24h] [--follow]
126
+ geadm logs ai [--since 24h] [--follow]
127
+ ```
128
+
129
+ `logs connector` shows data-connector sync activity. `logs user` shows
130
+ end-user Gemini Enterprise activity — prompts, assistant replies, searches and
131
+ Model Armor screening events — for one user, or all users when the email is
132
+ omitted. `logs ai` streams the raw `gen_ai.user.message`/`gen_ai.choice`
133
+ content logs (prompt and reply text with no identity field, so it cannot be
134
+ scoped per user — use `logs user` for that). `--follow`/`-f` tails either
135
+ stream live (newline-delimited JSON with `--json`). When a log turns out to be
136
+ empty, geadm tells you whether logging simply isn't enabled on the project or
137
+ nothing matched your filter.
138
+
139
+ > ⚠ **Sensitive output**: `geadm logs user` and `geadm logs ai` can surface
140
+ > end-user prompt and response content when prompt/response logging is
141
+ > enabled on the project, and print a warning banner before any output.
142
+
143
+ ### Metrics — `geadm stats`
144
+
145
+ ```sh
146
+ geadm stats [--engine ID] [--since 24h]
147
+ ```
148
+
149
+ Discovers the project's `discoveryengine.googleapis.com` metrics at runtime and
150
+ summarises query volume, latency and connector sync freshness over the window.
151
+
152
+ ### Quotas — `geadm quota`
153
+
154
+ ```sh
155
+ geadm quota [--since 24h]
156
+ ```
157
+
158
+ Pairs each Discovery Engine quota's latest usage with its limit per location:
159
+ percent used (highlighted at ≥75% / ≥90%), byte quotas in human units, and
160
+ counts of quota-exceeded events over the window — the quickest way to spot the
161
+ next capacity ceiling before ingestion hits it.
162
+
163
+ ### Health check — `geadm doctor`
164
+
165
+ ```sh
166
+ geadm doctor [--since 24h]
167
+ ```
168
+
169
+ Runs the whole suite concurrently — inventory reachability, connector states
170
+ and sync freshness, connector/API error logs, metric availability — and renders
171
+ a live PASS/WARN/FAIL table. Exits non-zero if any check fails, so it drops
172
+ straight into CI or cron.
geadm-0.1.0/README.md ADDED
@@ -0,0 +1,141 @@
1
+ # geadm
2
+
3
+ [![Gemini Enterprise](https://img.shields.io/badge/Gemini%20Enterprise-Discovery%20Engine-4285F4?logo=googlecloud&logoColor=white)](https://cloud.google.com/gemini/enterprise)
4
+ [![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)
5
+ [![Python](https://img.shields.io/badge/python-3.11%2B-3776AB?logo=python&logoColor=white)](https://www.python.org/)
6
+
7
+ **geadm** is a command-line companion for operating **Google Gemini Enterprise**.
8
+ It gives platform teams fast answers to the questions that come up daily while
9
+ running a Gemini Enterprise deployment: What's deployed? Are the connectors
10
+ syncing? What are users asking, and what is Model Armor flagging? How close are
11
+ we to a quota ceiling? Is everything healthy?
12
+
13
+ It inventories engines, data stores, connectors and agents; inspects and tails
14
+ the platform's Cloud Logging streams; summarises Cloud Monitoring metrics and
15
+ quota utilisation; and runs a one-shot health check across all of it.
16
+
17
+ By design, the current release is strictly read-only — every command works with
18
+ viewer roles alone, so it can be handed to anyone on the team without change-risk.
19
+ It may grow administrative verbs (e.g. triggering connector syncs, managing
20
+ agents) in a future release.
21
+
22
+ Contributing with an AI coding agent? Read [AGENTS.md](AGENTS.md) — it maps
23
+ the project subagents, skills and hard constraints.
24
+
25
+ ## Install
26
+
27
+ ```sh
28
+ uv tool install geadm # or: pipx install geadm / pip install geadm
29
+ ```
30
+
31
+ From a checkout:
32
+
33
+ ```sh
34
+ uv tool install .
35
+ # or for development:
36
+ uv sync && uv run geadm --help
37
+ ```
38
+
39
+ ## Authentication & roles
40
+
41
+ geadm uses Application Default Credentials (`gcloud auth application-default login`);
42
+ it never reads or writes key files.
43
+
44
+ | Role | Used by |
45
+ |---|---|
46
+ | `roles/discoveryengine.viewer` | `geadm ls …`, `geadm doctor` |
47
+ | `roles/logging.viewer` | `geadm logs …`, `geadm doctor` |
48
+ | `roles/monitoring.viewer` | `geadm stats`, `geadm quota`, `geadm doctor` |
49
+
50
+ User credentials (as opposed to service accounts) also need a quota project:
51
+ geadm uses the target project automatically, which requires
52
+ `serviceusage.services.use` there. If you don't have it, pass
53
+ `--quota-project <other-project>` (or set `GOOGLE_CLOUD_QUOTA_PROJECT`) to bill
54
+ a project you can use.
55
+
56
+ Enabling connector/observability *logging* on a project is a one-time setup
57
+ step requiring `roles/discoveryengine.agentspaceAdmin`; geadm only ever reads
58
+ what's there.
59
+
60
+ ## Commands
61
+
62
+ Global options: `--project` (defaults to the ADC project), `--location`
63
+ (default `global`; regional locations are routed to
64
+ `{location}-discoveryengine.googleapis.com`). Every command supports `--json`
65
+ for machine-readable output, and time-windowed commands take `--since`
66
+ (`30m`, `1h`, `24h`, `7d`).
67
+
68
+ ### Overview — `geadm info`
69
+
70
+ ```sh
71
+ geadm info
72
+ ```
73
+
74
+ Project-wide dashboard: summary tiles (engines, data stores, connector
75
+ health, agents, license seats/activation/unmet demand) plus a card per
76
+ engine showing its data stores with their connector sources and its agents
77
+ ("My Agent" user defaults are grouped into a single ×N line).
78
+
79
+ ### Inventory — `geadm ls`
80
+
81
+ ```sh
82
+ geadm ls engines|datastores|connectors|agents|licenses
83
+ ```
84
+
85
+ Walks the collection hierarchy: engines and data stores under
86
+ `default_collection`, data connectors across *all* collections (each
87
+ connector-backed source lives in its own), agents per engine, and user
88
+ licenses in the project's `default_user_store`.
89
+
90
+ ### Logs — `geadm logs`
91
+
92
+ ```sh
93
+ geadm logs connector [--datastore ID] [--severity ERROR] [--since 1h]
94
+ geadm logs user [email] [--since 24h] [--follow]
95
+ geadm logs ai [--since 24h] [--follow]
96
+ ```
97
+
98
+ `logs connector` shows data-connector sync activity. `logs user` shows
99
+ end-user Gemini Enterprise activity — prompts, assistant replies, searches and
100
+ Model Armor screening events — for one user, or all users when the email is
101
+ omitted. `logs ai` streams the raw `gen_ai.user.message`/`gen_ai.choice`
102
+ content logs (prompt and reply text with no identity field, so it cannot be
103
+ scoped per user — use `logs user` for that). `--follow`/`-f` tails either
104
+ stream live (newline-delimited JSON with `--json`). When a log turns out to be
105
+ empty, geadm tells you whether logging simply isn't enabled on the project or
106
+ nothing matched your filter.
107
+
108
+ > ⚠ **Sensitive output**: `geadm logs user` and `geadm logs ai` can surface
109
+ > end-user prompt and response content when prompt/response logging is
110
+ > enabled on the project, and print a warning banner before any output.
111
+
112
+ ### Metrics — `geadm stats`
113
+
114
+ ```sh
115
+ geadm stats [--engine ID] [--since 24h]
116
+ ```
117
+
118
+ Discovers the project's `discoveryengine.googleapis.com` metrics at runtime and
119
+ summarises query volume, latency and connector sync freshness over the window.
120
+
121
+ ### Quotas — `geadm quota`
122
+
123
+ ```sh
124
+ geadm quota [--since 24h]
125
+ ```
126
+
127
+ Pairs each Discovery Engine quota's latest usage with its limit per location:
128
+ percent used (highlighted at ≥75% / ≥90%), byte quotas in human units, and
129
+ counts of quota-exceeded events over the window — the quickest way to spot the
130
+ next capacity ceiling before ingestion hits it.
131
+
132
+ ### Health check — `geadm doctor`
133
+
134
+ ```sh
135
+ geadm doctor [--since 24h]
136
+ ```
137
+
138
+ Runs the whole suite concurrently — inventory reachability, connector states
139
+ and sync freshness, connector/API error logs, metric availability — and renders
140
+ a live PASS/WARN/FAIL table. Exits non-zero if any check fails, so it drops
141
+ straight into CI or cron.
@@ -0,0 +1,3 @@
1
+ """geadm — read-only troubleshooting CLI for Google Gemini Enterprise (Discovery Engine)."""
2
+
3
+ __version__ = "0.1.0"