1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.aiplatform.v1beta1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/aiplatform/v1beta1/tool.proto"; 22import "google/protobuf/struct.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.AIPlatform.V1Beta1"; 26option go_package = "cloud.google.com/go/aiplatform/apiv1beta1/aiplatformpb;aiplatformpb"; 27option java_multiple_files = true; 28option java_outer_classname = "ExtensionProto"; 29option java_package = "com.google.cloud.aiplatform.v1beta1"; 30option php_namespace = "Google\\Cloud\\AIPlatform\\V1beta1"; 31option ruby_package = "Google::Cloud::AIPlatform::V1beta1"; 32option (google.api.resource_definition) = { 33 type: "secretmanager.googleapis.com/SecretVersion" 34 pattern: "projects/{project}/secrets/{secret}/versions/{secret_version}" 35 pattern: "projects/{project}/locations/{location}/secrets/{secret}/versions/{secret_version}" 36}; 37option (google.api.resource_definition) = { 38 type: "servicedirectory.googleapis.com/Service" 39 pattern: "projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}" 40}; 41 42// Enum of location an HTTP element can be. 43enum HttpElementLocation { 44 HTTP_IN_UNSPECIFIED = 0; 45 46 // Element is in the HTTP request query. 47 HTTP_IN_QUERY = 1; 48 49 // Element is in the HTTP request header. 50 HTTP_IN_HEADER = 2; 51 52 // Element is in the HTTP request path. 53 HTTP_IN_PATH = 3; 54 55 // Element is in the HTTP request body. 56 HTTP_IN_BODY = 4; 57 58 // Element is in the HTTP request cookie. 59 HTTP_IN_COOKIE = 5; 60} 61 62// Type of Auth. 63enum AuthType { 64 AUTH_TYPE_UNSPECIFIED = 0; 65 66 // No Auth. 67 NO_AUTH = 1; 68 69 // API Key Auth. 70 API_KEY_AUTH = 2; 71 72 // HTTP Basic Auth. 73 HTTP_BASIC_AUTH = 3; 74 75 // Google Service Account Auth. 76 GOOGLE_SERVICE_ACCOUNT_AUTH = 4; 77 78 // OAuth auth. 79 OAUTH = 6; 80 81 // OpenID Connect (OIDC) Auth. 82 OIDC_AUTH = 8; 83} 84 85// Extensions are tools for large language models to access external data, run 86// computations, etc. 87message Extension { 88 option (google.api.resource) = { 89 type: "aiplatform.googleapis.com/Extension" 90 pattern: "projects/{project}/locations/{location}/extensions/{extension}" 91 plural: "extensions" 92 singular: "extension" 93 }; 94 95 // Identifier. The resource name of the Extension. 96 string name = 1 [(google.api.field_behavior) = IDENTIFIER]; 97 98 // Required. The display name of the Extension. 99 // The name can be up to 128 characters long and can consist of any UTF-8 100 // characters. 101 string display_name = 3 [(google.api.field_behavior) = REQUIRED]; 102 103 // Optional. The description of the Extension. 104 string description = 4 [(google.api.field_behavior) = OPTIONAL]; 105 106 // Output only. Timestamp when this Extension was created. 107 google.protobuf.Timestamp create_time = 5 108 [(google.api.field_behavior) = OUTPUT_ONLY]; 109 110 // Output only. Timestamp when this Extension was most recently updated. 111 google.protobuf.Timestamp update_time = 6 112 [(google.api.field_behavior) = OUTPUT_ONLY]; 113 114 // Optional. Used to perform consistent read-modify-write updates. If not set, 115 // a blind "overwrite" update happens. 116 string etag = 7 [(google.api.field_behavior) = OPTIONAL]; 117 118 // Required. Manifest of the Extension. 119 ExtensionManifest manifest = 9 [(google.api.field_behavior) = REQUIRED]; 120 121 // Output only. Supported operations. 122 repeated ExtensionOperation extension_operations = 11 123 [(google.api.field_behavior) = OUTPUT_ONLY]; 124 125 // Optional. Runtime config controlling the runtime behavior of this 126 // Extension. 127 RuntimeConfig runtime_config = 13 [(google.api.field_behavior) = OPTIONAL]; 128 129 // Optional. Examples to illustrate the usage of the extension as a tool. 130 repeated ToolUseExample tool_use_examples = 15 131 [(google.api.field_behavior) = OPTIONAL]; 132 133 // Optional. The PrivateServiceConnect config for the extension. 134 // If specified, the service endpoints associated with the 135 // Extension should be registered with private network access in the provided 136 // Service Directory 137 // (https://cloud.google.com/service-directory/docs/configuring-private-network-access). 138 // 139 // If the service contains more than one endpoint with a network, the service 140 // will arbitrarilty choose one of the endpoints to use for extension 141 // execution. 142 ExtensionPrivateServiceConnectConfig private_service_connect_config = 16 143 [(google.api.field_behavior) = OPTIONAL]; 144} 145 146// Manifest spec of an Extension needed for runtime execution. 147message ExtensionManifest { 148 // The API specification shown to the LLM. 149 message ApiSpec { 150 oneof api_spec { 151 // The API spec in Open API standard and YAML format. 152 string open_api_yaml = 1; 153 154 // Cloud Storage URI pointing to the OpenAPI spec. 155 string open_api_gcs_uri = 2; 156 } 157 } 158 159 // Required. Extension name shown to the LLM. 160 // The name can be up to 128 characters long. 161 string name = 1 [(google.api.field_behavior) = REQUIRED]; 162 163 // Required. The natural language description shown to the LLM. It should 164 // describe the usage of the extension, and is essential for the LLM to 165 // perform reasoning. 166 string description = 2 [(google.api.field_behavior) = REQUIRED]; 167 168 // Required. Immutable. The API specification shown to the LLM. 169 ApiSpec api_spec = 3 [ 170 (google.api.field_behavior) = IMMUTABLE, 171 (google.api.field_behavior) = REQUIRED 172 ]; 173 174 // Required. Immutable. Type of auth supported by this extension. 175 AuthConfig auth_config = 5 [ 176 (google.api.field_behavior) = IMMUTABLE, 177 (google.api.field_behavior) = REQUIRED 178 ]; 179} 180 181// Operation of an extension. 182message ExtensionOperation { 183 // Operation ID that uniquely identifies the operations among the extension. 184 // See: "Operation Object" in https://swagger.io/specification/. 185 // 186 // This field is parsed from the OpenAPI spec. For HTTP extensions, if it does 187 // not exist in the spec, we will generate one from the HTTP method and path. 188 string operation_id = 1; 189 190 // Output only. Structured representation of a function declaration as defined 191 // by the OpenAPI Spec. 192 FunctionDeclaration function_declaration = 3 193 [(google.api.field_behavior) = OUTPUT_ONLY]; 194} 195 196// Auth configuration to run the extension. 197message AuthConfig { 198 // Config for authentication with API key. 199 message ApiKeyConfig { 200 // Required. The parameter name of the API key. 201 // E.g. If the API request is "https://example.com/act?api_key=<API KEY>", 202 // "api_key" would be the parameter name. 203 string name = 1 [(google.api.field_behavior) = REQUIRED]; 204 205 // Required. The name of the SecretManager secret version resource storing 206 // the API key. Format: 207 // `projects/{project}/secrets/{secrete}/versions/{version}` 208 // 209 // - If specified, the `secretmanager.versions.access` permission should be 210 // granted to Vertex AI Extension Service Agent 211 // (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) 212 // on the specified resource. 213 string api_key_secret = 2 [ 214 (google.api.field_behavior) = REQUIRED, 215 (google.api.resource_reference) = { 216 type: "secretmanager.googleapis.com/SecretVersion" 217 } 218 ]; 219 220 // Required. The location of the API key. 221 HttpElementLocation http_element_location = 3 222 [(google.api.field_behavior) = REQUIRED]; 223 } 224 225 // Config for HTTP Basic Authentication. 226 message HttpBasicAuthConfig { 227 // Required. The name of the SecretManager secret version resource storing 228 // the base64 encoded credentials. Format: 229 // `projects/{project}/secrets/{secrete}/versions/{version}` 230 // 231 // - If specified, the `secretmanager.versions.access` permission should be 232 // granted to Vertex AI Extension Service Agent 233 // (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) 234 // on the specified resource. 235 string credential_secret = 2 [ 236 (google.api.field_behavior) = REQUIRED, 237 (google.api.resource_reference) = { 238 type: "secretmanager.googleapis.com/SecretVersion" 239 } 240 ]; 241 } 242 243 // Config for Google Service Account Authentication. 244 message GoogleServiceAccountConfig { 245 // Optional. The service account that the extension execution service runs 246 // as. 247 // 248 // - If the service account is specified, 249 // the `iam.serviceAccounts.getAccessToken` permission should be granted to 250 // Vertex AI Extension Service Agent 251 // (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) 252 // on the specified service account. 253 // 254 // - If not specified, the Vertex AI Extension Service Agent 255 // will be used to execute the Extension. 256 string service_account = 1 [(google.api.field_behavior) = OPTIONAL]; 257 } 258 259 // Config for user oauth. 260 message OauthConfig { 261 oneof oauth_config { 262 // Access token for extension endpoint. 263 // Only used to propagate token from 264 // [[ExecuteExtensionRequest.runtime_auth_config]] at request time. 265 string access_token = 1; 266 267 // The service account used to generate access tokens for executing the 268 // Extension. 269 // 270 // - If the service account is specified, 271 // the `iam.serviceAccounts.getAccessToken` permission should be granted 272 // to Vertex AI Extension Service Agent 273 // (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) 274 // on the provided service account. 275 string service_account = 2; 276 } 277 } 278 279 // Config for user OIDC auth. 280 message OidcConfig { 281 oneof oidc_config { 282 // OpenID Connect formatted ID token for extension endpoint. 283 // Only used to propagate token from 284 // [[ExecuteExtensionRequest.runtime_auth_config]] at request time. 285 string id_token = 1; 286 287 // The service account used to generate an OpenID Connect 288 // (OIDC)-compatible JWT token signed by the Google OIDC Provider 289 // (accounts.google.com) for extension endpoint 290 // (https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-oidc). 291 // 292 // - The audience for the token will be set to the URL in the server url 293 // defined in the OpenApi spec. 294 // 295 // - If the service account is provided, the service account should grant 296 // `iam.serviceAccounts.getOpenIdToken` permission to Vertex AI Extension 297 // Service Agent 298 // (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents). 299 string service_account = 2; 300 } 301 } 302 303 oneof auth_config { 304 // Config for API key auth. 305 ApiKeyConfig api_key_config = 2; 306 307 // Config for HTTP Basic auth. 308 HttpBasicAuthConfig http_basic_auth_config = 3; 309 310 // Config for Google Service Account auth. 311 GoogleServiceAccountConfig google_service_account_config = 4; 312 313 // Config for user oauth. 314 OauthConfig oauth_config = 5; 315 316 // Config for user OIDC auth. 317 OidcConfig oidc_config = 7; 318 } 319 320 // Type of auth scheme. 321 AuthType auth_type = 101; 322} 323 324// Runtime configuration to run the extension. 325message RuntimeConfig { 326 message CodeInterpreterRuntimeConfig { 327 // Optional. The GCS bucket for file input of this Extension. 328 // If specified, support input from the GCS bucket. 329 // Vertex Extension Custom Code Service Agent should be granted 330 // file reader to this bucket. 331 // If not specified, the extension will only accept file contents from 332 // request body and reject GCS file inputs. 333 string file_input_gcs_bucket = 1 [(google.api.field_behavior) = OPTIONAL]; 334 335 // Optional. The GCS bucket for file output of this Extension. 336 // If specified, write all output files to the GCS bucket. 337 // Vertex Extension Custom Code Service Agent should be granted 338 // file writer to this bucket. 339 // If not specified, the file content will be output in response body. 340 string file_output_gcs_bucket = 2 [(google.api.field_behavior) = OPTIONAL]; 341 } 342 343 message VertexAISearchRuntimeConfig { 344 // Required. Vertext AI Search serving config name. Format: 345 // `projects/{project}/locations/{location}/collections/{collection}/engines/{engine}/servingConfigs/{serving_config}` 346 // or 347 // `projects/{project}/locations/{location}/collections/{collection}/dataStores/{data_store}/servingConfigs/{serving_config}` 348 string serving_config_name = 1 [(google.api.field_behavior) = REQUIRED]; 349 } 350 351 // Runtime configurations for Google first party extensions. 352 oneof GoogleFirstPartyExtensionConfig { 353 // Code execution runtime configurations for code interpreter extension. 354 CodeInterpreterRuntimeConfig code_interpreter_runtime_config = 2; 355 356 // Runtime configuration for Vertext AI Search extension. 357 VertexAISearchRuntimeConfig vertex_ai_search_runtime_config = 6; 358 } 359 360 // Optional. Default parameters that will be set for all the execution of this 361 // extension. If specified, the parameter values can be overridden by values 362 // in [[ExecuteExtensionRequest.operation_params]] at request time. 363 // 364 // The struct should be in a form of map with param name as the key and actual 365 // param value as the value. 366 // E.g. If this operation requires a param "name" to be set to "abc". you can 367 // set this to something like {"name": "abc"}. 368 google.protobuf.Struct default_params = 4 369 [(google.api.field_behavior) = OPTIONAL]; 370} 371 372// PrivateExtensionConfig configuration for the extension. 373message ExtensionPrivateServiceConnectConfig { 374 // Required. The Service Directory resource name in which the service 375 // endpoints associated to the extension are registered. Format: 376 // `projects/{project_id}/locations/{location_id}/namespaces/{namespace_id}/services/{service_id}` 377 // 378 // - The Vertex AI Extension Service Agent 379 // (https://cloud.google.com/vertex-ai/docs/general/access-control#service-agents) 380 // should be granted `servicedirectory.viewer` and 381 // `servicedirectory.pscAuthorizedService` roles on the resource. 382 string service_directory = 1 [ 383 (google.api.field_behavior) = REQUIRED, 384 (google.api.resource_reference) = { 385 type: "servicedirectory.googleapis.com/Service" 386 } 387 ]; 388} 389