geadm 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- geadm-0.1.0/.claude/agents/discoveryengine-lister.md +7 -0
- geadm-0.1.0/.claude/agents/ge-api-researcher.md +7 -0
- geadm-0.1.0/.claude/agents/logging-inspector.md +7 -0
- geadm-0.1.0/.claude/agents/monitoring-stats.md +7 -0
- geadm-0.1.0/.claude/agents/readonly-auditor.md +7 -0
- geadm-0.1.0/.claude/skills/ge-api-drift/SKILL.md +70 -0
- geadm-0.1.0/.github/workflows/release-please.yml +25 -0
- geadm-0.1.0/.github/workflows/release.yml +27 -0
- geadm-0.1.0/.github/workflows/test.yml +30 -0
- geadm-0.1.0/.gitignore +5 -0
- geadm-0.1.0/AGENTS.md +57 -0
- geadm-0.1.0/CHANGELOG.md +24 -0
- geadm-0.1.0/LICENSE +21 -0
- geadm-0.1.0/PKG-INFO +172 -0
- geadm-0.1.0/README.md +141 -0
- geadm-0.1.0/geadm/__init__.py +3 -0
- geadm-0.1.0/geadm/auth.py +180 -0
- geadm-0.1.0/geadm/commands/__init__.py +1 -0
- geadm-0.1.0/geadm/commands/doctor.py +212 -0
- geadm-0.1.0/geadm/commands/info.py +376 -0
- geadm-0.1.0/geadm/commands/logs.py +801 -0
- geadm-0.1.0/geadm/commands/ls.py +488 -0
- geadm-0.1.0/geadm/commands/stats.py +545 -0
- geadm-0.1.0/geadm/duration.py +31 -0
- geadm-0.1.0/geadm/main.py +132 -0
- geadm-0.1.0/geadm/render.py +87 -0
- geadm-0.1.0/pyproject.toml +55 -0
- geadm-0.1.0/tests/conftest.py +120 -0
- geadm-0.1.0/tests/test_cli.py +41 -0
- geadm-0.1.0/tests/test_doctor.py +84 -0
- geadm-0.1.0/tests/test_duration.py +40 -0
- geadm-0.1.0/tests/test_info.py +168 -0
- geadm-0.1.0/tests/test_logs.py +281 -0
- geadm-0.1.0/tests/test_ls.py +142 -0
- geadm-0.1.0/tests/test_readonly.py +45 -0
- geadm-0.1.0/tests/test_render.py +38 -0
- geadm-0.1.0/tests/test_stats.py +176 -0
- geadm-0.1.0/uv.lock +727 -0
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: discoveryengine-lister
|
|
3
|
+
description: Use to implement the `geadm ls` command group (engines, datastores, connectors, agents) using read-only Discovery Engine list calls. Returns the implemented files and a note of which methods were used.
|
|
4
|
+
tools: Read, Write, Edit, Bash, Grep, Glob
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
You implement `geadm/commands/ls.py` only. Use the get_clients() factory from geadm/auth.py — never construct clients yourself. Implement engines/datastores/connectors/agents listing via read-only Discovery Engine list_* methods, walking the default_collection hierarchy from the brief. Render with geadm/render.py helpers and support --json. Absolutely no create/update/delete/import calls. End with a one-paragraph summary of the methods used.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ge-api-researcher
|
|
3
|
+
description: Use before implementation to confirm current google-cloud-discoveryengine method names, the ClientOptions regional-endpoint pattern, and the exact Cloud Logging field names/filters for Gemini Enterprise (connector_activity, consumed_api, principal email). Returns a short markdown reference of verified names and one code snippet per client.
|
|
4
|
+
tools: Read, Grep, Glob, WebFetch, WebSearch
|
|
5
|
+
model: haiku
|
|
6
|
+
---
|
|
7
|
+
You verify GCP API surfaces so the builder agents don't hallucinate. Check the current Discovery Engine Python client (list_engines, list_data_stores, list of the connector/agent resources) and the Cloud Logging filter fields named in the project brief against official Google Cloud docs. Return a concise markdown reference: verified client class + method names, the regional-endpoint ClientOptions snippet, and confirmed log filter strings including the correct principal-email field. Flag anything that has drifted. Do not write project code.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: logging-inspector
|
|
3
|
+
description: Use to implement `geadm logs connector` and `geadm logs user` against Cloud Logging using the exact filters in the brief. Returns the implemented file and the final filter strings used.
|
|
4
|
+
tools: Read, Write, Edit, Bash, Grep, Glob
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
You implement `geadm/commands/logs.py` only. Use get_clients() for the logging client. Build the connector_activity and consumed_api filters exactly as specified in the brief, honour --severity and --since, and scope `logs user` by principal email. `logs user` MUST call render.warn_banner() first because it can surface user prompt content. Read-only: only entries.list. Support --json. End by printing the final filter strings you settled on.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: monitoring-stats
|
|
3
|
+
description: Use to implement `geadm stats` using read-only Cloud Monitoring time series (query volume, latency, connector sync freshness). Returns the file and the metric types queried.
|
|
4
|
+
tools: Read, Write, Edit, Bash, Grep, Glob
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
You implement `geadm/commands/stats.py` only. Use get_clients() for the monitoring client, list_time_series over the --since window, and render summary tables via render.py. Discover the relevant discoveryengine.googleapis.com metric descriptors first, then chart counts/latency and the freshest connector sync time. Read-only. Support --json. End by listing the metric types you used.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: readonly-auditor
|
|
3
|
+
description: Use after all commands are built to prove the tool is read-only and correctly scoped. Returns a PASS/FAIL report by file with line references.
|
|
4
|
+
tools: Read, Grep, Glob
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
You are a read-only safety auditor. Grep the whole codebase for any mutating client calls (create, update, patch, delete, import, purge, set, write-style RPCs) and fail if any exist outside comments. Confirm clients are only ever built in geadm/auth.py, that `logs user` calls warn_banner() before output, and that --help text names the viewer roles. Produce a PASS/FAIL table per file with file:line references. You cannot edit files — report only.
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ge-api-drift
|
|
3
|
+
description: Reconcile every Gemini Enterprise / Discovery Engine API surface geadm uses against the installed google-cloud-discoveryengine client and current Google Cloud docs, highlighting new or deprecated calls. Use after upgrading the client dependency, before a release, or when a command misbehaves against a live project.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# GE API drift check
|
|
7
|
+
|
|
8
|
+
Verify that the API surfaces geadm depends on are still consistent with the
|
|
9
|
+
Discovery Engine product, and report anything new or deprecated. Do not change
|
|
10
|
+
behaviour in this skill — produce a report; fixes happen in a follow-up PR via
|
|
11
|
+
the owning subagent.
|
|
12
|
+
|
|
13
|
+
## Step 1 — inventory what geadm uses
|
|
14
|
+
|
|
15
|
+
Build the "used surface" list from the code (don't work from memory):
|
|
16
|
+
|
|
17
|
+
- **Python client calls**: `grep -n "discoveryengine\|list_\|get_" geadm/commands/*.py geadm/auth.py` — collect every client class passed to `Clients.discoveryengine()` and every method invoked on it, plus `logging.list_entries`, `monitoring.list_time_series`, `list_metric_descriptors`.
|
|
18
|
+
- **REST paths**: every `rest_get(...)` call — note the API version segment (`v1alpha/...`) and resource shape (collections list, `dataConnector` singleton, `assistants/default_assistant/agents`, logging `v2/projects/{p}/logs`).
|
|
19
|
+
- **Log names & filter fields**: from `geadm/commands/logs.py` — `connector_activity`, `gemini_enterprise_user_activity`, `jsonPayload.userIamPrincipal`, `jsonPayload.LogMetadata.name` / `logMetadata`, `serviceTextReply`, `request.query.text|parts|userPromptData`.
|
|
20
|
+
- **Metric filters**: from `geadm/commands/stats.py` — the `starts_with("discoveryengine.googleapis.com/")` discovery filter and the `quota/<name>/{usage,limit,exceeded}` pattern.
|
|
21
|
+
|
|
22
|
+
## Step 2 — check against the installed client
|
|
23
|
+
|
|
24
|
+
Introspect the environment, not the docs, for the Python surface:
|
|
25
|
+
|
|
26
|
+
```sh
|
|
27
|
+
uv run python - <<'EOF'
|
|
28
|
+
import inspect
|
|
29
|
+
from google.cloud import discoveryengine_v1, discoveryengine_v1alpha
|
|
30
|
+
for mod in (discoveryengine_v1, discoveryengine_v1alpha):
|
|
31
|
+
clients = [n for n in dir(mod) if n.endswith("ServiceClient")]
|
|
32
|
+
print(mod.__name__, "->", clients)
|
|
33
|
+
EOF
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
- Confirm every used class/method still exists and emits no `DeprecationWarning` on import/call signature inspection.
|
|
37
|
+
- Flag **new** service clients relevant to geadm's scope (e.g. a real
|
|
38
|
+
`DataConnectorServiceClient` or agent-listing client appearing would let the
|
|
39
|
+
v1alpha REST fallbacks in `ls.py` be replaced).
|
|
40
|
+
- Note the installed package version (`uv run python -c "import google.cloud.discoveryengine as d; print(d.__version__)"`) and the latest on PyPI.
|
|
41
|
+
|
|
42
|
+
## Step 3 — verify REST/logging/metric surfaces against docs
|
|
43
|
+
|
|
44
|
+
Use the `ge-api-researcher` subagent ("Use the ge-api-researcher subagent to
|
|
45
|
+
…") to confirm, from official Google Cloud documentation:
|
|
46
|
+
|
|
47
|
+
- the v1alpha REST resources geadm GETs still exist at those paths, and whether
|
|
48
|
+
any have been promoted to v1/v1beta (promotion = update the path);
|
|
49
|
+
- the Cloud Logging log names and payload fields (especially
|
|
50
|
+
`jsonPayload.userIamPrincipal` and `serviceTextReply`) are still documented/
|
|
51
|
+
current;
|
|
52
|
+
- any newly documented `discoveryengine.googleapis.com` metrics or quota
|
|
53
|
+
metrics worth surfacing in `stats`/`quota`.
|
|
54
|
+
|
|
55
|
+
If docs and verified live behaviour (see memory / tests) disagree, trust the
|
|
56
|
+
live shape but flag the discrepancy.
|
|
57
|
+
|
|
58
|
+
## Step 4 — report
|
|
59
|
+
|
|
60
|
+
Produce a drift report with three sections:
|
|
61
|
+
|
|
62
|
+
1. **Consistent** — used surfaces confirmed current (one line each).
|
|
63
|
+
2. **Deprecated / changed** — anything removed, renamed, promoted to a newer
|
|
64
|
+
API version, or emitting deprecation warnings; include the geadm file:line
|
|
65
|
+
that uses it and the recommended replacement.
|
|
66
|
+
3. **New / unused opportunities** — newly available clients, methods, log
|
|
67
|
+
fields or metrics geadm could adopt.
|
|
68
|
+
|
|
69
|
+
End with a verdict: `NO DRIFT`, or `DRIFT FOUND` plus which subagent should
|
|
70
|
+
implement each fix. Read-only throughout — this skill never edits geadm code.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
name: release-please
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
|
|
7
|
+
permissions:
|
|
8
|
+
contents: write
|
|
9
|
+
pull-requests: write
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
release-please:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
steps:
|
|
15
|
+
- uses: googleapis/release-please-action@v4
|
|
16
|
+
with:
|
|
17
|
+
# Runs with the default Actions token: the egen org forbids classic
|
|
18
|
+
# PATs and fine-grained PATs are not enabled, so release PRs do not
|
|
19
|
+
# trigger the required `test` checks on their own. To release:
|
|
20
|
+
# gh pr close <release-pr> && gh pr reopen <release-pr>
|
|
21
|
+
# (close/reopen re-delivers the pull_request event and CI runs).
|
|
22
|
+
# If a RELEASE_PLEASE_TOKEN secret is ever added, it takes over and
|
|
23
|
+
# the workaround becomes unnecessary.
|
|
24
|
+
token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
|
|
25
|
+
release-type: python
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
name: release
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
release:
|
|
5
|
+
types: [published]
|
|
6
|
+
|
|
7
|
+
jobs:
|
|
8
|
+
publish:
|
|
9
|
+
runs-on: ubuntu-latest
|
|
10
|
+
environment: pypi
|
|
11
|
+
permissions:
|
|
12
|
+
# Required for PyPI Trusted Publishing (OIDC) — no API tokens.
|
|
13
|
+
id-token: write
|
|
14
|
+
contents: read
|
|
15
|
+
steps:
|
|
16
|
+
- uses: actions/checkout@v7
|
|
17
|
+
|
|
18
|
+
- name: Install uv
|
|
19
|
+
uses: astral-sh/setup-uv@v8.2.0
|
|
20
|
+
|
|
21
|
+
- name: Build sdist and wheel
|
|
22
|
+
run: uv build
|
|
23
|
+
|
|
24
|
+
- name: Publish to PyPI
|
|
25
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
|
26
|
+
with:
|
|
27
|
+
packages-dir: dist/
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
name: test
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches: [main]
|
|
6
|
+
pull_request:
|
|
7
|
+
|
|
8
|
+
jobs:
|
|
9
|
+
test:
|
|
10
|
+
runs-on: ubuntu-latest
|
|
11
|
+
strategy:
|
|
12
|
+
matrix:
|
|
13
|
+
python-version: ["3.11", "3.12", "3.13"]
|
|
14
|
+
steps:
|
|
15
|
+
- uses: actions/checkout@v7
|
|
16
|
+
|
|
17
|
+
- name: Install uv
|
|
18
|
+
uses: astral-sh/setup-uv@v8.2.0
|
|
19
|
+
with:
|
|
20
|
+
python-version: ${{ matrix.python-version }}
|
|
21
|
+
enable-cache: true
|
|
22
|
+
|
|
23
|
+
- name: Install dependencies
|
|
24
|
+
run: uv sync
|
|
25
|
+
|
|
26
|
+
- name: Run tests
|
|
27
|
+
run: uv run pytest -q
|
|
28
|
+
|
|
29
|
+
- name: CLI smoke test
|
|
30
|
+
run: uv run geadm --help
|
geadm-0.1.0/.gitignore
ADDED
geadm-0.1.0/AGENTS.md
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# Agent instructions for geadm
|
|
2
|
+
|
|
3
|
+
This repository is built and maintained with AI coding agents. If you are an
|
|
4
|
+
agent working here, follow these rules.
|
|
5
|
+
|
|
6
|
+
## Use the project subagents
|
|
7
|
+
|
|
8
|
+
Definitions live in `.claude/agents/`. Delegate explicitly ("Use the X
|
|
9
|
+
subagent to …") rather than doing everything in the main session:
|
|
10
|
+
|
|
11
|
+
| Subagent | When to use |
|
|
12
|
+
|---|---|
|
|
13
|
+
| `ge-api-researcher` | **Before** touching any API surface: verifies current google-cloud-discoveryengine method names, Cloud Logging field names/filters, and metric types against official docs so nothing is hallucinated. |
|
|
14
|
+
| `discoveryengine-lister` | Changes to `geadm/commands/ls.py` (inventory listing). |
|
|
15
|
+
| `logging-inspector` | Changes to `geadm/commands/logs.py` (log filters, tailing, normalization). |
|
|
16
|
+
| `monitoring-stats` | Changes to `geadm/commands/stats.py` (metrics, quotas). |
|
|
17
|
+
| `readonly-auditor` | **After** any change that touches API calls: greps the tree for mutating calls and confirms the read-only guarantees still hold. |
|
|
18
|
+
|
|
19
|
+
The main session owns the shared contracts (`geadm/auth.py`, `geadm/render.py`,
|
|
20
|
+
`geadm/duration.py`, `geadm/main.py`, `geadm/commands/doctor.py`) and the final
|
|
21
|
+
wiring; builders must not edit files outside their charter.
|
|
22
|
+
|
|
23
|
+
## Skills
|
|
24
|
+
|
|
25
|
+
Run `/ge-api-drift` (defined in `.claude/skills/ge-api-drift/`) whenever the
|
|
26
|
+
google-cloud-discoveryengine dependency is upgraded, before a release, or when
|
|
27
|
+
a command misbehaves against a live project — it reconciles every API surface
|
|
28
|
+
geadm uses against the installed client and current docs, and highlights new
|
|
29
|
+
or deprecated calls.
|
|
30
|
+
|
|
31
|
+
## Hard constraints
|
|
32
|
+
|
|
33
|
+
- **Read-only.** geadm must never call a mutating RPC (create/update/patch/
|
|
34
|
+
delete/import/purge). Only `list_*`, `get_*`, `entries.list`,
|
|
35
|
+
`list_time_series` / `list_metric_descriptors`, and GET-only REST via
|
|
36
|
+
`Clients.rest_get`. `tests/test_readonly.py` enforces this — keep it passing.
|
|
37
|
+
- **Clients are constructed only in `geadm/auth.py`** (ADC only, no key files).
|
|
38
|
+
- `geadm logs user` must call `render.warn_banner()` before any other output.
|
|
39
|
+
- Every command supports `--json`; progress/warnings go to stderr, data to stdout.
|
|
40
|
+
|
|
41
|
+
## Workflow
|
|
42
|
+
|
|
43
|
+
`main` is protected: changes go through a feature branch and PR, and the
|
|
44
|
+
`test (3.11/3.12/3.13)` checks must pass. Run `uv run pytest -q` locally before
|
|
45
|
+
pushing. Verified live behaviour beats documentation — when docs and a live
|
|
46
|
+
log/metric disagree, trust the live shape and record it in a test.
|
|
47
|
+
|
|
48
|
+
### Commit messages
|
|
49
|
+
|
|
50
|
+
Use [Conventional Commits](https://www.conventionalcommits.org/):
|
|
51
|
+
`<type>(<scope>): <imperative summary>` — e.g. `feat(logs): add gen_ai
|
|
52
|
+
content stream`, `fix(stats): humanize aggregate numbers`. Types: `feat`,
|
|
53
|
+
`fix`, `docs`, `test`, `refactor`, `perf`, `chore`, `ci`. Scope is the
|
|
54
|
+
command group or module (`ls`, `logs`, `stats`, `quota`, `doctor`, `auth`,
|
|
55
|
+
`render`, `agents`, `ci`). PR titles follow the same convention — they become
|
|
56
|
+
the squash-merge subject. Keep the body explaining *why*, and end agent
|
|
57
|
+
commits with the Co-Authored-By trailer.
|
geadm-0.1.0/CHANGELOG.md
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## 0.1.0 (2026-07-03)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Features
|
|
7
|
+
|
|
8
|
+
* **info:** add project overview with per-engine cards ([#8](https://github.com/egen/geadm/issues/8)) ([49b92e2](https://github.com/egen/geadm/commit/49b92e27eff310ba33428bcdbe320c2006f35d6e))
|
|
9
|
+
* **info:** show engine feature toggles and app type on cards ([#10](https://github.com/egen/geadm/issues/10)) ([fad2b5b](https://github.com/egen/geadm/commit/fad2b5b8651a8915af34eb6ac0f7a230dcb9f8a6))
|
|
10
|
+
* **logs:** add gen_ai prompt/response content stream ([#4](https://github.com/egen/geadm/issues/4)) ([432c1c8](https://github.com/egen/geadm/commit/432c1c8bf01b613e72d84dbf81239dcda21b7f7e))
|
|
11
|
+
* **ls:** add user license inventory ([#3](https://github.com/egen/geadm/issues/3)) ([708c173](https://github.com/egen/geadm/commit/708c173af1fcf1a283bc1a49712317362f46a926))
|
|
12
|
+
* **release:** add MIT license, packaging metadata and release pipeline ([#11](https://github.com/egen/geadm/issues/11)) ([308fe11](https://github.com/egen/geadm/commit/308fe11abecafca8daae6d5d853b0323efff9f3e))
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
### Bug Fixes
|
|
16
|
+
|
|
17
|
+
* **logs:** parse structured gen_ai content payloads ([#6](https://github.com/egen/geadm/issues/6)) ([fa2662c](https://github.com/egen/geadm/commit/fa2662c0b3ee2a6b96d71d938fec10142168c061))
|
|
18
|
+
* **logs:** use non-markup prefixes for gen_ai tool/thought parts ([#7](https://github.com/egen/geadm/issues/7)) ([e40ec55](https://github.com/egen/geadm/commit/e40ec556ac38befa94881276ecc24b3e97a1a519))
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
### Documentation
|
|
22
|
+
|
|
23
|
+
* **agents:** adopt Conventional Commits ([#5](https://github.com/egen/geadm/issues/5)) ([514a710](https://github.com/egen/geadm/commit/514a710cf82fe863e254c7e223a6a3d15606efb6))
|
|
24
|
+
* **readme:** document geadm info ([#9](https://github.com/egen/geadm/issues/9)) ([4494f56](https://github.com/egen/geadm/commit/4494f5646ea323ca6f16d04d01eac38423c9e99a))
|
geadm-0.1.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Egen
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
geadm-0.1.0/PKG-INFO
ADDED
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: geadm
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: CLI for Google Gemini Enterprise
|
|
5
|
+
Project-URL: Homepage, https://github.com/egen/geadm
|
|
6
|
+
Project-URL: Repository, https://github.com/egen/geadm
|
|
7
|
+
Project-URL: Issues, https://github.com/egen/geadm/issues
|
|
8
|
+
Project-URL: Changelog, https://github.com/egen/geadm/blob/main/CHANGELOG.md
|
|
9
|
+
Author: Egen
|
|
10
|
+
Maintainer: Andrew McKinney
|
|
11
|
+
License: MIT
|
|
12
|
+
License-File: LICENSE
|
|
13
|
+
Keywords: agentspace,cli,discovery-engine,gemini-enterprise,google-cloud,observability
|
|
14
|
+
Classifier: Development Status :: 4 - Beta
|
|
15
|
+
Classifier: Environment :: Console
|
|
16
|
+
Classifier: Intended Audience :: Developers
|
|
17
|
+
Classifier: Intended Audience :: System Administrators
|
|
18
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
19
|
+
Classifier: Operating System :: OS Independent
|
|
20
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
21
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
22
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
23
|
+
Classifier: Topic :: System :: Monitoring
|
|
24
|
+
Requires-Python: >=3.11
|
|
25
|
+
Requires-Dist: google-cloud-discoveryengine>=0.13
|
|
26
|
+
Requires-Dist: google-cloud-logging>=3.10
|
|
27
|
+
Requires-Dist: google-cloud-monitoring>=2.21
|
|
28
|
+
Requires-Dist: rich>=13.7
|
|
29
|
+
Requires-Dist: typer>=0.12
|
|
30
|
+
Description-Content-Type: text/markdown
|
|
31
|
+
|
|
32
|
+
# geadm
|
|
33
|
+
|
|
34
|
+
[](https://cloud.google.com/gemini/enterprise)
|
|
35
|
+
[](https://github.com/astral-sh/uv)
|
|
36
|
+
[](https://www.python.org/)
|
|
37
|
+
|
|
38
|
+
**geadm** is a command-line companion for operating **Google Gemini Enterprise**.
|
|
39
|
+
It gives platform teams fast answers to the questions that come up daily while
|
|
40
|
+
running a Gemini Enterprise deployment: What's deployed? Are the connectors
|
|
41
|
+
syncing? What are users asking, and what is Model Armor flagging? How close are
|
|
42
|
+
we to a quota ceiling? Is everything healthy?
|
|
43
|
+
|
|
44
|
+
It inventories engines, data stores, connectors and agents; inspects and tails
|
|
45
|
+
the platform's Cloud Logging streams; summarises Cloud Monitoring metrics and
|
|
46
|
+
quota utilisation; and runs a one-shot health check across all of it.
|
|
47
|
+
|
|
48
|
+
By design, the current release is strictly read-only — every command works with
|
|
49
|
+
viewer roles alone, so it can be handed to anyone on the team without change-risk.
|
|
50
|
+
It may grow administrative verbs (e.g. triggering connector syncs, managing
|
|
51
|
+
agents) in a future release.
|
|
52
|
+
|
|
53
|
+
Contributing with an AI coding agent? Read [AGENTS.md](AGENTS.md) — it maps
|
|
54
|
+
the project subagents, skills and hard constraints.
|
|
55
|
+
|
|
56
|
+
## Install
|
|
57
|
+
|
|
58
|
+
```sh
|
|
59
|
+
uv tool install geadm # or: pipx install geadm / pip install geadm
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
From a checkout:
|
|
63
|
+
|
|
64
|
+
```sh
|
|
65
|
+
uv tool install .
|
|
66
|
+
# or for development:
|
|
67
|
+
uv sync && uv run geadm --help
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
## Authentication & roles
|
|
71
|
+
|
|
72
|
+
geadm uses Application Default Credentials (`gcloud auth application-default login`);
|
|
73
|
+
it never reads or writes key files.
|
|
74
|
+
|
|
75
|
+
| Role | Used by |
|
|
76
|
+
|---|---|
|
|
77
|
+
| `roles/discoveryengine.viewer` | `geadm ls …`, `geadm doctor` |
|
|
78
|
+
| `roles/logging.viewer` | `geadm logs …`, `geadm doctor` |
|
|
79
|
+
| `roles/monitoring.viewer` | `geadm stats`, `geadm quota`, `geadm doctor` |
|
|
80
|
+
|
|
81
|
+
User credentials (as opposed to service accounts) also need a quota project:
|
|
82
|
+
geadm uses the target project automatically, which requires
|
|
83
|
+
`serviceusage.services.use` there. If you don't have it, pass
|
|
84
|
+
`--quota-project <other-project>` (or set `GOOGLE_CLOUD_QUOTA_PROJECT`) to bill
|
|
85
|
+
a project you can use.
|
|
86
|
+
|
|
87
|
+
Enabling connector/observability *logging* on a project is a one-time setup
|
|
88
|
+
step requiring `roles/discoveryengine.agentspaceAdmin`; geadm only ever reads
|
|
89
|
+
what's there.
|
|
90
|
+
|
|
91
|
+
## Commands
|
|
92
|
+
|
|
93
|
+
Global options: `--project` (defaults to the ADC project), `--location`
|
|
94
|
+
(default `global`; regional locations are routed to
|
|
95
|
+
`{location}-discoveryengine.googleapis.com`). Every command supports `--json`
|
|
96
|
+
for machine-readable output, and time-windowed commands take `--since`
|
|
97
|
+
(`30m`, `1h`, `24h`, `7d`).
|
|
98
|
+
|
|
99
|
+
### Overview — `geadm info`
|
|
100
|
+
|
|
101
|
+
```sh
|
|
102
|
+
geadm info
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
Project-wide dashboard: summary tiles (engines, data stores, connector
|
|
106
|
+
health, agents, license seats/activation/unmet demand) plus a card per
|
|
107
|
+
engine showing its data stores with their connector sources and its agents
|
|
108
|
+
("My Agent" user defaults are grouped into a single ×N line).
|
|
109
|
+
|
|
110
|
+
### Inventory — `geadm ls`
|
|
111
|
+
|
|
112
|
+
```sh
|
|
113
|
+
geadm ls engines|datastores|connectors|agents|licenses
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
Walks the collection hierarchy: engines and data stores under
|
|
117
|
+
`default_collection`, data connectors across *all* collections (each
|
|
118
|
+
connector-backed source lives in its own), agents per engine, and user
|
|
119
|
+
licenses in the project's `default_user_store`.
|
|
120
|
+
|
|
121
|
+
### Logs — `geadm logs`
|
|
122
|
+
|
|
123
|
+
```sh
|
|
124
|
+
geadm logs connector [--datastore ID] [--severity ERROR] [--since 1h]
|
|
125
|
+
geadm logs user [email] [--since 24h] [--follow]
|
|
126
|
+
geadm logs ai [--since 24h] [--follow]
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
`logs connector` shows data-connector sync activity. `logs user` shows
|
|
130
|
+
end-user Gemini Enterprise activity — prompts, assistant replies, searches and
|
|
131
|
+
Model Armor screening events — for one user, or all users when the email is
|
|
132
|
+
omitted. `logs ai` streams the raw `gen_ai.user.message`/`gen_ai.choice`
|
|
133
|
+
content logs (prompt and reply text with no identity field, so it cannot be
|
|
134
|
+
scoped per user — use `logs user` for that). `--follow`/`-f` tails either
|
|
135
|
+
stream live (newline-delimited JSON with `--json`). When a log turns out to be
|
|
136
|
+
empty, geadm tells you whether logging simply isn't enabled on the project or
|
|
137
|
+
nothing matched your filter.
|
|
138
|
+
|
|
139
|
+
> ⚠ **Sensitive output**: `geadm logs user` and `geadm logs ai` can surface
|
|
140
|
+
> end-user prompt and response content when prompt/response logging is
|
|
141
|
+
> enabled on the project, and print a warning banner before any output.
|
|
142
|
+
|
|
143
|
+
### Metrics — `geadm stats`
|
|
144
|
+
|
|
145
|
+
```sh
|
|
146
|
+
geadm stats [--engine ID] [--since 24h]
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
Discovers the project's `discoveryengine.googleapis.com` metrics at runtime and
|
|
150
|
+
summarises query volume, latency and connector sync freshness over the window.
|
|
151
|
+
|
|
152
|
+
### Quotas — `geadm quota`
|
|
153
|
+
|
|
154
|
+
```sh
|
|
155
|
+
geadm quota [--since 24h]
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
Pairs each Discovery Engine quota's latest usage with its limit per location:
|
|
159
|
+
percent used (highlighted at ≥75% / ≥90%), byte quotas in human units, and
|
|
160
|
+
counts of quota-exceeded events over the window — the quickest way to spot the
|
|
161
|
+
next capacity ceiling before ingestion hits it.
|
|
162
|
+
|
|
163
|
+
### Health check — `geadm doctor`
|
|
164
|
+
|
|
165
|
+
```sh
|
|
166
|
+
geadm doctor [--since 24h]
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
Runs the whole suite concurrently — inventory reachability, connector states
|
|
170
|
+
and sync freshness, connector/API error logs, metric availability — and renders
|
|
171
|
+
a live PASS/WARN/FAIL table. Exits non-zero if any check fails, so it drops
|
|
172
|
+
straight into CI or cron.
|
geadm-0.1.0/README.md
ADDED
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
# geadm
|
|
2
|
+
|
|
3
|
+
[](https://cloud.google.com/gemini/enterprise)
|
|
4
|
+
[](https://github.com/astral-sh/uv)
|
|
5
|
+
[](https://www.python.org/)
|
|
6
|
+
|
|
7
|
+
**geadm** is a command-line companion for operating **Google Gemini Enterprise**.
|
|
8
|
+
It gives platform teams fast answers to the questions that come up daily while
|
|
9
|
+
running a Gemini Enterprise deployment: What's deployed? Are the connectors
|
|
10
|
+
syncing? What are users asking, and what is Model Armor flagging? How close are
|
|
11
|
+
we to a quota ceiling? Is everything healthy?
|
|
12
|
+
|
|
13
|
+
It inventories engines, data stores, connectors and agents; inspects and tails
|
|
14
|
+
the platform's Cloud Logging streams; summarises Cloud Monitoring metrics and
|
|
15
|
+
quota utilisation; and runs a one-shot health check across all of it.
|
|
16
|
+
|
|
17
|
+
By design, the current release is strictly read-only — every command works with
|
|
18
|
+
viewer roles alone, so it can be handed to anyone on the team without change-risk.
|
|
19
|
+
It may grow administrative verbs (e.g. triggering connector syncs, managing
|
|
20
|
+
agents) in a future release.
|
|
21
|
+
|
|
22
|
+
Contributing with an AI coding agent? Read [AGENTS.md](AGENTS.md) — it maps
|
|
23
|
+
the project subagents, skills and hard constraints.
|
|
24
|
+
|
|
25
|
+
## Install
|
|
26
|
+
|
|
27
|
+
```sh
|
|
28
|
+
uv tool install geadm # or: pipx install geadm / pip install geadm
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
From a checkout:
|
|
32
|
+
|
|
33
|
+
```sh
|
|
34
|
+
uv tool install .
|
|
35
|
+
# or for development:
|
|
36
|
+
uv sync && uv run geadm --help
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
## Authentication & roles
|
|
40
|
+
|
|
41
|
+
geadm uses Application Default Credentials (`gcloud auth application-default login`);
|
|
42
|
+
it never reads or writes key files.
|
|
43
|
+
|
|
44
|
+
| Role | Used by |
|
|
45
|
+
|---|---|
|
|
46
|
+
| `roles/discoveryengine.viewer` | `geadm ls …`, `geadm doctor` |
|
|
47
|
+
| `roles/logging.viewer` | `geadm logs …`, `geadm doctor` |
|
|
48
|
+
| `roles/monitoring.viewer` | `geadm stats`, `geadm quota`, `geadm doctor` |
|
|
49
|
+
|
|
50
|
+
User credentials (as opposed to service accounts) also need a quota project:
|
|
51
|
+
geadm uses the target project automatically, which requires
|
|
52
|
+
`serviceusage.services.use` there. If you don't have it, pass
|
|
53
|
+
`--quota-project <other-project>` (or set `GOOGLE_CLOUD_QUOTA_PROJECT`) to bill
|
|
54
|
+
a project you can use.
|
|
55
|
+
|
|
56
|
+
Enabling connector/observability *logging* on a project is a one-time setup
|
|
57
|
+
step requiring `roles/discoveryengine.agentspaceAdmin`; geadm only ever reads
|
|
58
|
+
what's there.
|
|
59
|
+
|
|
60
|
+
## Commands
|
|
61
|
+
|
|
62
|
+
Global options: `--project` (defaults to the ADC project), `--location`
|
|
63
|
+
(default `global`; regional locations are routed to
|
|
64
|
+
`{location}-discoveryengine.googleapis.com`). Every command supports `--json`
|
|
65
|
+
for machine-readable output, and time-windowed commands take `--since`
|
|
66
|
+
(`30m`, `1h`, `24h`, `7d`).
|
|
67
|
+
|
|
68
|
+
### Overview — `geadm info`
|
|
69
|
+
|
|
70
|
+
```sh
|
|
71
|
+
geadm info
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
Project-wide dashboard: summary tiles (engines, data stores, connector
|
|
75
|
+
health, agents, license seats/activation/unmet demand) plus a card per
|
|
76
|
+
engine showing its data stores with their connector sources and its agents
|
|
77
|
+
("My Agent" user defaults are grouped into a single ×N line).
|
|
78
|
+
|
|
79
|
+
### Inventory — `geadm ls`
|
|
80
|
+
|
|
81
|
+
```sh
|
|
82
|
+
geadm ls engines|datastores|connectors|agents|licenses
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Walks the collection hierarchy: engines and data stores under
|
|
86
|
+
`default_collection`, data connectors across *all* collections (each
|
|
87
|
+
connector-backed source lives in its own), agents per engine, and user
|
|
88
|
+
licenses in the project's `default_user_store`.
|
|
89
|
+
|
|
90
|
+
### Logs — `geadm logs`
|
|
91
|
+
|
|
92
|
+
```sh
|
|
93
|
+
geadm logs connector [--datastore ID] [--severity ERROR] [--since 1h]
|
|
94
|
+
geadm logs user [email] [--since 24h] [--follow]
|
|
95
|
+
geadm logs ai [--since 24h] [--follow]
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
`logs connector` shows data-connector sync activity. `logs user` shows
|
|
99
|
+
end-user Gemini Enterprise activity — prompts, assistant replies, searches and
|
|
100
|
+
Model Armor screening events — for one user, or all users when the email is
|
|
101
|
+
omitted. `logs ai` streams the raw `gen_ai.user.message`/`gen_ai.choice`
|
|
102
|
+
content logs (prompt and reply text with no identity field, so it cannot be
|
|
103
|
+
scoped per user — use `logs user` for that). `--follow`/`-f` tails either
|
|
104
|
+
stream live (newline-delimited JSON with `--json`). When a log turns out to be
|
|
105
|
+
empty, geadm tells you whether logging simply isn't enabled on the project or
|
|
106
|
+
nothing matched your filter.
|
|
107
|
+
|
|
108
|
+
> ⚠ **Sensitive output**: `geadm logs user` and `geadm logs ai` can surface
|
|
109
|
+
> end-user prompt and response content when prompt/response logging is
|
|
110
|
+
> enabled on the project, and print a warning banner before any output.
|
|
111
|
+
|
|
112
|
+
### Metrics — `geadm stats`
|
|
113
|
+
|
|
114
|
+
```sh
|
|
115
|
+
geadm stats [--engine ID] [--since 24h]
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
Discovers the project's `discoveryengine.googleapis.com` metrics at runtime and
|
|
119
|
+
summarises query volume, latency and connector sync freshness over the window.
|
|
120
|
+
|
|
121
|
+
### Quotas — `geadm quota`
|
|
122
|
+
|
|
123
|
+
```sh
|
|
124
|
+
geadm quota [--since 24h]
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
Pairs each Discovery Engine quota's latest usage with its limit per location:
|
|
128
|
+
percent used (highlighted at ≥75% / ≥90%), byte quotas in human units, and
|
|
129
|
+
counts of quota-exceeded events over the window — the quickest way to spot the
|
|
130
|
+
next capacity ceiling before ingestion hits it.
|
|
131
|
+
|
|
132
|
+
### Health check — `geadm doctor`
|
|
133
|
+
|
|
134
|
+
```sh
|
|
135
|
+
geadm doctor [--since 24h]
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
Runs the whole suite concurrently — inventory reachability, connector states
|
|
139
|
+
and sync freshness, connector/API error logs, metric availability — and renders
|
|
140
|
+
a live PASS/WARN/FAIL table. Exits non-zero if any check fails, so it drops
|
|
141
|
+
straight into CI or cron.
|