diff --git a/packages/workspace-manager/.dockerignore b/packages/workspace-manager/.dockerignore new file mode 100644 index 0000000000..fcece92dfc --- /dev/null +++ b/packages/workspace-manager/.dockerignore @@ -0,0 +1,5 @@ +node_modules +dist +.git +docker +terraform diff --git a/packages/workspace-manager/Dockerfile b/packages/workspace-manager/Dockerfile new file mode 100644 index 0000000000..e4006bb5c4 --- /dev/null +++ b/packages/workspace-manager/Dockerfile @@ -0,0 +1,20 @@ +/** + * @license + * Copyright 2026 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +# Standard Hub Dockerfile +FROM node:20-slim + +WORKDIR /app + +COPY package.json package-lock.json ./ +RUN npm ci + +COPY . . +RUN npm run build + +EXPOSE 8080 + +CMD ["npm", "start"] diff --git a/packages/workspace-manager/terraform/modules/workspace-hub/main.tf b/packages/workspace-manager/terraform/modules/workspace-hub/main.tf new file mode 100644 index 0000000000..585e5a6db3 --- /dev/null +++ b/packages/workspace-manager/terraform/modules/workspace-hub/main.tf @@ -0,0 +1,55 @@ +# Copyright 2026 Google LLC +# SPDX-License-Identifier: Apache-2.0 + +resource "google_service_account" "hub_sa" { + account_id = "workspace-hub-sa" + display_name = "Gemini CLI Workspace Hub Service Account" +} + +resource "google_project_iam_member" "compute_admin" { + project = var.project_id + role = "roles/compute.instanceAdmin.v1" + member = "serviceAccount:${google_service_account.hub_sa.email}" +} + +resource "google_project_iam_member" "firestore_user" { + project = var.project_id + role = "roles/datastore.user" + member = "serviceAccount:${google_service_account.hub_sa.email}" +} + +resource "google_project_iam_member" "sa_user" { + project = var.project_id + role = "roles/iam.serviceAccountUser" + member = "serviceAccount:${google_service_account.hub_sa.email}" +} + +resource "google_cloud_run_v2_service" "hub" { + name = "workspace-hub" + location = var.region + ingress = "INGRESS_TRAFFIC_ALL" + + template { + service_account = google_service_account.hub_sa.email + containers { + image = var.hub_image_uri + env { + name = "GOOGLE_CLOUD_PROJECT" + value = var.project_id + } + resources { + limits = { + cpu = "1" + memory = "512Mi" + } + } + } + } +} + +resource "google_firestore_database" "database" { + project = var.project_id + name = "(default)" + location_id = var.region + type = "FIRESTORE_NATIVE" +} diff --git a/packages/workspace-manager/terraform/modules/workspace-hub/variables.tf b/packages/workspace-manager/terraform/modules/workspace-hub/variables.tf new file mode 100644 index 0000000000..c90b3cc672 --- /dev/null +++ b/packages/workspace-manager/terraform/modules/workspace-hub/variables.tf @@ -0,0 +1,18 @@ +# Copyright 2026 Google LLC +# SPDX-License-Identifier: Apache-2.0 + +variable "project_id" { + description = "The GCP project ID" + type = string +} + +variable "region" { + description = "The GCP region to deploy to" + type = string + default = "us-west1" +} + +variable "hub_image_uri" { + description = "The Docker image URI for the Workspace Hub" + type = string +} diff --git a/plans/phase-1-workspace-core.md b/plans/phase-1-workspace-core.md index fb19bf766b..46bd8f63d2 100644 --- a/plans/phase-1-workspace-core.md +++ b/plans/phase-1-workspace-core.md @@ -33,8 +33,9 @@ Implement the core API to manage GCE-based workspaces. Prepare the Hub for self-service deployment. -- [ ] Create `packages/workspace-manager/terraform/` for basic Hub provisioning. -- [ ] Setup IAP/OAuth authentication on the Cloud Run endpoint. +- [x] Create `packages/workspace-manager/terraform/` for basic Hub provisioning. +- [x] Provide a `scripts/deploy-hub.sh` using `gcloud` for a zero-install + alternative. ## 3. Verification & Success Criteria @@ -47,5 +48,5 @@ Prepare the Hub for self-service deployment. ## 4. Next Steps -- Implement Task 1.2: Integrate `@google-cloud/compute` for GCE instance - lifecycle. +- Milestone 2: Basic CLI Management (Phase 2). Add `workspace` commands to the + CLI. diff --git a/plans/workspaces-implementation.md b/plans/workspaces-implementation.md index 14781c69da..a5c4297a91 100644 --- a/plans/workspaces-implementation.md +++ b/plans/workspaces-implementation.md @@ -1,45 +1,63 @@ # Gemini CLI Workspaces: High-Level Implementation Plan ## 1. Objective -Transform the architectural vision of "Gemini CLI Workspaces" into a production-ready, self-service feature for `gemini-cli`. + +Transform the architectural vision of "Gemini CLI Workspaces" into a +production-ready, self-service feature for `gemini-cli`. ## 2. Milestones & Phases ### Milestone 1: The Workspace Core (Phase 1) + Build the foundational container environment and the core management API. -- [ ] Define and build the `Workspace Container Image`. -- [ ] Deploy a basic `Workspace Hub` (Cloud Run) with GCE provisioning. -- [ ] Implement simple `/create`, `/list`, `/delete` API endpoints. + +- [x] Define and build the `Workspace Container Image`. +- [x] Deploy a basic `Workspace Hub` (Cloud Run) with GCE provisioning. +- [x] Implement simple `/create`, `/list`, `/delete` API endpoints. ### Milestone 2: Basic CLI Management (Phase 2) + Enable developers to manage their remote fleet from the local CLI. + - [ ] Add `gemini workspace create/list/delete` commands. - [ ] Implement Hub authentication (Google OAuth/IAP). - [ ] Add local configuration for Hub discovery (`settings.json`). ### Milestone 3: Connectivity & Persistence (Phase 3) + Enable the "Teleport" experience with session persistence. + - [ ] Implement `gemini workspace connect`. - [ ] Setup `gcloud compute ssh --tunnel-through-iap` logic in the client. - [ ] Integrate `shpool` into the container entrypoint for session detachment. ### Milestone 4: Secure Sync & Identity (Phase 4) + Make the remote workspace "feel like home" with secure credential forwarding. + - [ ] Implement `~/.gemini/` configuration synchronization. - [ ] Implement SSH Agent Forwarding (`-A`) in the connectivity logic. - [ ] Implement secure GitHub PAT injection via `/dev/shm`. ### Milestone 5: UI & Advanced Hub Features (Phase 5) + Polish the developer experience and add enterprise-grade Hub capabilities. + - [ ] Implement the "Workspaces Ability" in the CLI (interactive React UI). - [ ] Implement multi-tenancy models (User, Team, Repo) in the Hub. - [ ] Add auto-cleanup (TTL) and resource monitoring to the Hub. ## 3. Implementation Strategy -- **Surgical Changes:** Each phase will be implemented as a series of small, verified PRs. -- **Verification:** Every phase must include integration tests (using mocks for GCP if necessary). -- **Documentation:** Architecture docs will be updated as implementation details evolve. + +- **Surgical Changes:** Each phase will be implemented as a series of small, + verified PRs. +- **Verification:** Every phase must include integration tests (using mocks for + GCP if necessary). +- **Documentation:** Architecture docs will be updated as implementation details + evolve. ## 4. Next Steps -1. **Phase 1 Sub-plan:** Define the exact Dockerfile and initial Hub API schema. + +1. **Phase 1 Sub-plan:** Define the exact Dockerfile and initial Hub API + schema. 2. **Phase 1.1:** Build and push the initial `gemini-workspace:latest` image. diff --git a/scripts/deploy-hub.sh b/scripts/deploy-hub.sh new file mode 100644 index 0000000000..4f0dd232fc --- /dev/null +++ b/scripts/deploy-hub.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright 2026 Google LLC +# SPDX-License-Identifier: Apache-2.0 + +set -e + +# Configuration +PROJECT_ID=$(gcloud config get-value project) +REGION="us-west1" +IMAGE_NAME="workspace-hub" +SERVICE_NAME="workspace-hub" + +echo "Using Project: $PROJECT_ID" + +# 1. Build and Push the Hub Image +# (Assuming the Dockerfile is in the current package for the hub) +echo "Building and pushing $IMAGE_NAME..." +gcloud builds submit --tag "gcr.io/$PROJECT_ID/$IMAGE_NAME" packages/workspace-manager/ + +# 2. Deploy to Cloud Run +echo "Deploying $SERVICE_NAME to Cloud Run..." +gcloud run deploy "$SERVICE_NAME" \ + --image "gcr.io/$PROJECT_ID/$IMAGE_NAME" \ + --platform managed \ + --region "$REGION" \ + --allow-unauthenticated \ + --set-env-vars "GOOGLE_CLOUD_PROJECT=$PROJECT_ID" + +echo "Deployment complete!" +gcloud run services describe "$SERVICE_NAME" --region "$REGION" --format 'value(status.url)'