* Add Multi-Region support to cloud-run-v2 module
* Support context expansion for multi_region_settings regions
* Fix multi_region_regions formatting line length
* Add net-lb-proxy-int-cross-region module and tests
* Add context support example and tests
* Update copyright to 2026 and support instance group backends
* docs: correct Instance Groups support note in README
* Support per-replica tier override in modules/cloudsql-instance
Replicas previously ignored any caller-provided tier and silently
inherited the primary's tier. Add an optional `tier` field to the
`replicas` map and use `coalesce(each.value.tier, var.tier)` in the
replica resource so per-replica overrides take effect while
preserving the inherit-from-primary default.
* Update README
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* Bump provider version
* Fix inventories
* Ignore certificates in inventories
* Add header to cloud run recipe
* Optimize file copy for example-based tests
* Remove local references
* Add ephemeral_storage_local_ssd_config support to modules/gke-nodepool
Adds ephemeral_storage_local_ssd_count to node_config variable and the
corresponding dynamic ephemeral_storage_local_ssd_config block in the
node pool resource, enabling use of local SSDs as ephemeral storage.
* feat(gke-nodepool): add flex_start support to node_config
Add `flex_start` as an optional bool to the `node_config` variable type
and wire it through to the `google_container_node_pool` resource's
node_config block. This enables DWS (Dynamic Workload Scheduler)
flex-start mode for node pools, used for on-demand capacity access
without requiring ProvisioningRequest objects (e.g. spot TPU pools).
* feat(gke-nodepool): add flex_start support to node_config
Add `flex_start` as an optional bool to the `node_config` variable type
and wire it through to the `google_container_node_pool` resource's
node_config block. This enables DWS (Dynamic Workload Scheduler)
flex-start mode for node pools, which allows the Cluster Autoscaler to
request capacity on-demand without requiring ProvisioningRequest objects
(unlike queued_provisioning). Typical use case is spot TPU node pools.
* feat(gke-nodepool): add advanced_machine_features support to node_config
Add `advanced_machine_features` as an optional object to the `node_config`
variable type and wire it through to the `google_container_node_pool`
resource via a dynamic block. This allows callers to configure
`threads_per_core` (e.g. set to 1 to disable hyperthreading) and
`enable_nested_virtualization` for node pools that require fine-grained
CPU threading control or nested hypervisor support.
GKE auto-sets `advanced_machine_features` (threads_per_core=1) on
ct6e/TPU machine types; exposing this field also lets consumers add it to
ignore_changes in their own lifecycle blocks to avoid forced replacements.
* feat(gke-nodepool): add containerd_config support to node_config
Add `containerd_config` as an optional object to the `node_config` variable
and wire it through to the `google_container_node_pool` resource via a
dynamic block. This allows callers to configure private registry mirrors or
custom containerd registry hosts per node pool — useful for air-gapped
environments and internal registry proxies.
The `registry_hosts` list maps each upstream server to one or more mirror
hosts, with optional `capabilities`, `override_path`, and `dial_timeout`
fields (all defaulting to sensible values).
* refactor(gke-nodepool): use maps for containerd_config registry_hosts and hosts
Convert registry_hosts and hosts from lists to maps so that the registry
server and host URLs serve as stable keys, avoiding index-shifting issues
with for_each. Add default values for capabilities, override_path, and
dial_timeout. Update README example and test inventory accordingly.
* Remove default values from containerd_config hosts fields
Leave capabilities, override_path, and dial_timeout without defaults
so the provider/API picks them rather than the module imposing values.
* Refine containerd_config variable interface
- Simplify header to optional(map(list(string)))
- Flatten ca, client cert/key to strings with descriptive names
- Derive private_registry_access_config enabled from ca domain config list
- Simplify writable_cgroups to optional(bool)
- Flatten gcp_secret_manager_certificate_config to string
- Remove redundant defaults where try() handles null in main.tf
- Fix long lines in main.tf to stay within 79-char limit
- Update copyright year to 2026 in inventory files
* fix(gke-nodepool): run terraform fmt to fix attribute alignment in containerd_config
* docs(gke-nodepool): regenerate README with updated variable line numbers
* fix(gke-nodepool): use coalesce instead of try for null header map in for_each
* tests(gke-nodepool): update containerd-config inventory to match actual plan output
---------
Co-authored-by: Julio Castillo <jccb@google.com>
Enforce that only designated code owners can satisfy the
required review count on protected branches. This prevents
non-member approvals (which GitHub allows on public repos)
from appearing to meet branch protection requirements.
* Refactor skill turn harness, fix session serialization, and resolve E2E test failures
* Ignore symlinks during workspace copying and enforce sandbox boundaries in playbooks
* Refactor interaction loop to use clean async generator-based Event flow
* Introduce dedicated async generator test and improve autonomous tester instructions
* Enforce strict sandbox awareness and Step 8 policy import gates
* Track and display conversation context size next to turn headers
* Streamline token usage display to only appear in turn step headers
* Refactor token usage tracking to show actual active context size
* Implement progress tracking block and human recovery in test harness
* docs: document and categorize repository skills and tools
* docs: add maintenance instructions for updating FACTORIES.md tables
* docs: add missing data-catalog-policy-tag factory in FACTORIES.md
* docs: add missing networking stage sub-factories in FACTORIES.md
* docs: add systematic commands for discovering module/stage factories in FACTORIES.md
* docs: add missing vpcs factories in 0-org-setup and 2-project-factory stages
* initial version of a FAST pre-install skill
* first round of testing
* Update fast-0-org-setup-prereqs skill with improved UX and local path handling
- Add explicit lockout warning and stop condition if the user is not a member of the provided Admin Principal group.
- Streamline bootstrap project selection to only prompt for an override if the active gcloud project is rejected.
- Restrict dataset discovery strictly to the `fast/stages/0-org-setup/datasets/` directory.
- Improve location handling by referencing `defaults.schema.json` for Standard GCP and auto-configuring fixed regions for GCD.
- Add comprehensive `local_path` management: prompt for customization, create directories, move `defaults.yaml` to the local data folder, and symlink `0-org-setup.auto.tfvars` back to the stage directory.
* add testing scenarios, implement initial changes for scenario 2
* move skills
* move to a skills/fast subfolder
* Refactor fast-0-org-setup prereqs skill
* Add skill-turn-harness utility tool
* Use relative markdown links for skill references
* Use descriptive titles for markdown links in skill references
* Add descriptions to each phase in the prerequisites workflow map
* Use backslash for markdown line breaks in skill map
* Update README security warning to mention default .gitignore
* shebang
* Update fast prereqs skill rules to force sequential question flow and refine harness tool with proper ctrl+c handling and slugified log paths
* Move playbook-gcp-dev.yaml to fast/prerequisites/gcp-dev.yaml and update fast prerequisites
* docs(skill-turn-harness): detail autonomous pond testing approach
* docs(skill-turn-harness): add final_state_checks to pond architecture and update toc
* Refine fast prereqs SKILL and gcp-dev playbook to strictly align with one-question-at-a-time rule
* feat(skill-turn-harness): update playbook schema for autonomous persona mode
* feat(skill-turn-harness): implement autonomous persona testing mode and fallback logic
* docs(skill-turn-harness): document the three modes of testing and update ToC
* implement timeout, schema validation, configurable cli
* chore: remove accidentally committed log files
* chore: ignore logs directory
* feat(skill-harness): implement tool execution interception, configurable workspace, and modularized validation
* feat(skill-harness): add model configuration and update README
* fix(skill-harness): automatically inject -y flag to gemini commands
* docs(skill-harness): add TODO.md with analysis for skill environment dependencies
* feat(skill-harness): add working_dir support and clean up fixtures
- Implement working_dir in harness to run tests in specific directories.
- Rename test fixtures and playbooks to be more descriptive.
- Add E2E test for working_dir.
- Apply code quality improvements to harness.py (imports, linting).
- Update README with working directory considerations and usage notes.
- Update phase3-bootstrap-and-iam.md skill doc to add execution rule against creating temp scripts.
* fix: capture customer_id and respect relative paths
* Implement isolated temp workspace sandboxing with symlinks in test harness
* Configure GCD manual autonomous playbook and align Phase 3/4 steps order
* Fix linting and schema tests failures
- Add missing license headers to tools/skill-turn-harness files.
- Fix trailing spaces and newlines in playbooks.
- Ignore tools directory in schema tests workflow.
TAG=agy
CONV=1bb75453-c3e2-448b-bae9-8e332a068012
* Fix Python formatting with yapf
TAG=agy
CONV=1bb75453-c3e2-448b-bae9-8e332a068012
* Refactor skill-turn-harness to use Antigravity SDK
- Migrated harness from gemini-cli subprocesses to Antigravity SDK.
- Implemented real-time step streaming and console logging.
- Added color-coded terminal output (dark gray headers, blue inputs, pink outputs).
- Collapsed excessive newlines in streamed thoughts.
- Excluded harness codebase from workspace copy to prevent agent cheating.
- Enabled skills folder copy to resolve agent lookup loops.
- Added key validation and CLI --debug flag.
* Fix autonomous turn layout: print Turn ID before execution
- Moved the [Autonomous Turn X] header print to before running the agent turn.
- This groups the real-time thinking and tool calls under the correct Turn ID block, instead of displaying them before the label.
* Remove obsolete .log.md from prerequisites skill directory
Add `advanced_machine_features` as an optional object to the `node_config`
variable type and wire it through to the `google_container_node_pool`
resource via a dynamic block. This allows callers to configure
`threads_per_core` (e.g. set to 1 to disable hyperthreading) and
`enable_nested_virtualization` for node pools that require fine-grained
CPU threading control or nested hypervisor support.
GKE auto-sets `advanced_machine_features` (threads_per_core=1) on
ct6e/TPU machine types; exposing this field also lets consumers add it to
ignore_changes in their own lifecycle blocks to avoid forced replacements.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Add `flex_start` as an optional bool to the `node_config` variable type
and wire it through to the `google_container_node_pool` resource's
node_config block. This enables DWS (Dynamic Workload Scheduler)
flex-start mode for node pools, which allows the Cluster Autoscaler to
request capacity on-demand without requiring ProvisioningRequest objects
(unlike queued_provisioning). Typical use case is spot TPU node pools.
Co-authored-by: Julio Castillo <jccb@google.com>
linting runs prettier / yamllint / boilerplate checks.
tests runs terraform/tofu plan + unit tests with matrix providers.
Both are pure read - no commits, releases, or comments.
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
* dp rewrite stage 0, projects
* remove plan files
* generalize handling of basepath for projects in project-factory module
* central-0 ---> core-0
* add schemas, validate YAMLs, tags
* aspect types
* data catalog policy tag factory
* add support for data catalog taxonomy to project factory
* complete retrofit of old stage configuration, except networking
* shared vpc networking
* networking
* data platform as pf dataset
* docs
* test
* remove legacy dp stage, fix tests and links
* boilerplate
* tfdoc
* fix unrelated tfdoc
* schemas
* fix errors
* schema
* duplicate schemas
* yamllint
* Fix module naming convention for aspect-types
* Fix factories_config in vpcs.tf for net-vpc-factory compatibility
* Update schema documentation based on schema changes
* Fix false rename conflict in .config.yaml files
* Sync schemas and update documentation
* Fix path expansion for aspect-types and revert projects_input to master
* Restore path expansion for org_policies in projects-iam call
* Fix trailing newlines in schema duplicates to satisfy duplicate-diff
* Fix path expansion for data_catalog_taxonomy in taxonomies.tf
* Update inventory for data-platform test and clean up debug prints
* Add full values to data-platform inventory
* Align Stage 2 VPC Factory integration with Stage 0 and fix tests
TAG=agy
* Fix project factory context resolution and data platform datasets
- Update tag context keys in project factory to use file key without 'projects/' prefix.
- Fix tag reference in product-0.yaml.
- Fix shared_vpc_service_config in shared-0.yaml by moving service account to network_users.
- Set parent for domain-0 folder to data-platform.
- Mock net-dev-0 project ID in tests.
- Update inventories.
TAG=agy
CONV=4b37fa5b-bf59-4604-9e8f-b55353d967a0
* Fix project-level tag keys context resolution in project factory
* Fix commented out tag reference in domain-0 .config.yaml
* Fix merge() calls with empty arguments in project-factory and data-catalog-policy-tag
* Update Data Platform dataset README with prerequisites and customization guide
* Add Table of Contents to Data Platform dataset README
* docs: update Data Platform README with project templates tip
* Document data platform output files and linking sequence in README
* Update data platform README with VPC-SC and delegated IAM details
* Refactor data platform dataset and align stage defaults
* Update test inventory and variables for data platform with new prefix
Adds ephemeral_storage_local_ssd_count to node_config variable and the
corresponding dynamic ephemeral_storage_local_ssd_config block in the
node pool resource, enabling use of local SSDs as ephemeral storage.
* Fix categorization of PR #3949 in CHANGELOG.md
* Enhance changelog.py to error on uncategorized PRs
* Update skill to propose breaking changes to user
