feat: add vertex ai sample

[PierrickVoulet]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new, locally deployable Vertex AI Agent sample designed as an Enterprise AI Assistant, featuring static authentication and Google Chat integration. Concurrently, it refactors the existing enterprise-ai-agent to decouple its authentication mechanism from Gemini Enterprise specifics, making it more versatile for various client integrations.

Highlights

• New Local Vertex AI Agent Sample: A new Enterprise AI Agent sample has been introduced, designed for local deployment and demonstrating an AI Assistant capable of querying user data via Vertex AI Search and sending messages through Google Chat.
• Static Authentication for Local Agent: The new local agent utilizes static authentication by extracting an ACCESS_TOKEN from an environment variable, simplifying local development and testing.
• Google Chat Integration: The local agent includes a send_direct_message tool, enabling the AI to send direct messages to users within Google Chat.
• Generalized Authentication in Existing Agent: The existing enterprise-ai-agent has been updated to generalize its authentication mechanism, moving from Gemini Enterprise-specific references to a more generic client-injected token approach.
• Updated Documentation for Existing Agent: The README.md for the existing enterprise-ai-agent was revised to reflect broader applicability, include an additional Codelabs reference, and remove specific Gemini Enterprise deployment instructions.

Changelog

• solutions/enterprise-ai-agent-local/README.md
  • Documented the new local Enterprise AI Agent, its key features, and deployment steps.
• solutions/enterprise-ai-agent-local/enterprise_ai/init.py
  • Initialized the enterprise_ai Python package for the new local agent.
• solutions/enterprise-ai-agent-local/enterprise_ai/agent.py
  • Implemented the core logic for the local Enterprise AI Agent, including Vertex AI Search McpToolset and Google Chat send_direct_message function.
• solutions/enterprise-ai-agent-local/enterprise_ai/requirements.txt
  • Specified Python package dependencies for the new local agent.
• solutions/enterprise-ai-agent-local/pyproject.toml
  • Configured the Poetry project for the new local Enterprise AI Agent.
• solutions/enterprise-ai-agent/README.md
  • Updated the project title to be more generic.
  • Added a new Codelabs reference for Vertex AI Agents.
  • Generalized the description of dynamic authentication from Gemini Enterprise specific to client injection.
  • Removed specific Gemini Enterprise deployment instructions.
• solutions/enterprise-ai-agent/enterprise_ai/agent.py
  • Renamed the GE_AUTH_NAME constant to CLIENT_AUTH_NAME.
  • Updated related comments to reflect a more generic client authentication mechanism.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new local version of the Enterprise AI agent sample, which uses a static access token for authentication. It also includes some refactoring of the existing agent. My review focuses on the new local agent implementation. I've identified a critical issue with the authentication mechanism which will cause the agent to fail after a short time. I've also found high-severity issues related to dependency management, where dependencies are unpinned and defined inconsistently across pyproject.toml and requirements.txt. My suggestions aim to make the new sample more robust and the project's dependencies more maintainable.

[gemini-code-assist]

The current implementation reads a static ACCESS_TOKEN from an environment variable at module load time. Access tokens from gcloud auth application-default print-access-token are short-lived (typically 1 hour). For a long-running service started with adk web, this will cause authentication failures once the token expires, requiring a manual restart of the service.

A more robust approach is to use Application Default Credentials (ADC), which can automatically refresh tokens. This avoids the need for the ACCESS_TOKEN environment variable and makes the agent more resilient.

Here's how you can refactor the code to use ADC:

1. Remove ACCESS_TOKEN logic: Delete lines 29-32 and the ACCESS_TOKEN environment variable dependency.

2. Initialize ADC: Get credentials that can be refreshed.

   from google.adk.tools import ToolContext
   from google.auth.transport.requests import Request
   
   SCOPES = [
       "https://www.googleapis.com/auth/cloud-platform",
       "https://www.googleapis.com/auth/chat.spaces",
       "https://www.googleapis.com/auth/chat.messages",
   ]
   creds, _ = google.auth.default(scopes=SCOPES)

3. Create a header provider for McpToolset: This will provide a fresh token for each API call.

   def auth_header_provider(_: ToolContext) -> dict[str, str]:
       """Provides auth headers, refreshing token if necessary."""
       creds.refresh(Request())
       return {"Authorization": f"Bearer {creds.token}"}

4. Update McpToolset and send_direct_message:

   def send_direct_message(email: str, message: str) -> dict:
       """Sends a Google Chat Direct Message (DM) to a specific user by email address."""
       chat_client = chat_v1.ChatServiceClient(credentials=creds)
       # ... rest of the function is the same
   
   vertexai_mcp = McpToolset(
       connection_params=StreamableHTTPConnectionParams(
           url="https://discoveryengine.googleapis.com/mcp",
           timeout=VERTEXAI_SEARCH_TIMEOUT,
           sse_read_timeout=VERTEXAI_SEARCH_TIMEOUT,
       ),
       header_provider=auth_header_provider,
       tool_filter=['search']
   )

This approach also requires updating README.md to remove instructions about setting ACCESS_TOKEN.

[gemini-code-assist]

The authentication mechanism described here relies on a short-lived ACCESS_TOKEN. This will cause the agent to fail after about an hour. It's better to rely on Application Default Credentials (ADC) directly in the code, which can handle token refreshes automatically. If the authentication logic in agent.py is updated to use ADC as suggested in another comment, these instructions should be changed to only require the user to run gcloud auth application-default login ... (step 2), and remove all mentions of ACCESS_TOKEN (steps 1, 3).

[gemini-code-assist]

This requirements.txt file seems to be maintained separately from pyproject.toml, and they are inconsistent. For example, pyproject.toml lists python-dotenv which is missing here, and this file lists absl-py as a main dependency while it's a 'deployment' dependency in pyproject.toml. Having two competing dependency definition files increases maintenance overhead and can lead to confusion and errors. It's recommended to use pyproject.toml as the single source of truth and generate requirements.txt from it if needed (e.g., using poetry export).

[gemini-code-assist]

Some dependencies have open-ended version constraints (e.g., >=1.126.1). This can lead to non-reproducible builds and unexpected breakages if a new major version with breaking changes is released. It's recommended to specify an upper bound for all dependencies to ensure stability. The requirements.txt file in the same directory already uses more restrictive version ranges (e.g., <2.0.0). The constraints in pyproject.toml should be at least as restrictive.

Suggested change

	"google-cloud-aiplatform[adk,agent-engines]>=1.126.1",
	"google-genai>=1.9.0",
	"pydantic>=2.10.6",
	"google-cloud-aiplatform[adk,agent-engines] (>=1.126.1,<2.0.0)",
	"google-genai (>=1.9.0,<2.0.0)",
	"pydantic (>=2.10.6,<3.0.0)",