commit c7e75cabe6a3b1680f7ea6fb7916a00742f4d7a7
Author: Slawomir Koszewski <slawek@koszewscy.waw.pl>
Date:   Wed Jun 10 01:12:36 2026 +0200

    Added AI generated scaffold.

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e3857e1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+# Terraform
+.terraform/
+.terraform.lock.hcl
+terraform.tfvars
+terraform.tfstate
+terraform.tfstate.backup
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..62a5795
--- /dev/null
+++ b/README.md
@@ -0,0 +1,73 @@
+# Gemini Enterprise Agent Platform — Terraform Scaffold
+
+Provisions the infrastructure needed to use the Gemini Enterprise Agent Platform (Vertex AI Agent Engine) on an existing GCP project: required APIs, service accounts, IAM bindings, a GCS artifacts bucket, and an Artifact Registry repository.
+
+## Prerequisites
+
+- Terraform >= 1.5.0
+- An existing GCP project
+- `gcloud` CLI authenticated with permissions to enable APIs and manage IAM
+
+## Usage
+
+```bash
+cp terraform.tfvars.example terraform.tfvars
+# edit terraform.tfvars — set your project_id
+
+terraform init
+terraform plan
+terraform apply
+```
+
+## Variables
+
+| Name | Required | Default | Description |
+|---|---|---|---|
+| `project_id` | yes | — | Existing GCP project ID |
+| `prefix` | no | `gemini` | Short prefix applied to all resource names |
+
+## Outputs
+
+| Name | Description |
+|---|---|
+| `project_id` | GCP project ID |
+| `agent_sa_email` | Runtime service account email (for apps) |
+| `code_assist_sa_email` | Code Assist enterprise SA email |
+
+## What gets created
+
+- **7 GCP APIs** enabled (`aiplatform`, `cloudaicompanion`, `discoveryengine`, `dialogflow`, `secretmanager`, `iam`, `cloudresourcemanager`)
+- **2 service accounts** — one for app runtime, one for IDE enterprise config
+- **4 project IAM bindings**
+
+## Setting up credentials
+
+Use Application Default Credentials:
+
+```bash
+gcloud auth application-default login
+gcloud config set project <your-project-id>
+```
+
+For workloads running on GCP (Cloud Run, GKE, Compute Engine), attach the service account to the resource — no credentials file needed.
+
+## Granting developer access to Gemini Code Assist
+
+```bash
+# Single user
+gcloud projects add-iam-policy-binding PROJECT_ID \
+  --member="user:YOU@DOMAIN" \
+  --role="roles/cloudaicompanion.user"
+
+# Google Group (recommended for teams)
+gcloud projects add-iam-policy-binding PROJECT_ID \
+  --member="group:devs@DOMAIN" \
+  --role="roles/cloudaicompanion.user"
+```
+
+## VS Code setup
+
+1. Install the **Gemini Code Assist** extension from the VS Code Marketplace
+2. Sign in with a Google account that has `roles/cloudaicompanion.user` on the project
+3. In Settings, set **Cloud AI Companion: Project** to your `project_id`
+
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..e34f003
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,76 @@
+# ─────────────────────────────────────────────
+# 1. API Enablement
+# ─────────────────────────────────────────────
+
+locals {
+  apis = toset([
+    "iam.googleapis.com",
+    "cloudresourcemanager.googleapis.com",
+    "aiplatform.googleapis.com",
+    "cloudaicompanion.googleapis.com",
+    "discoveryengine.googleapis.com",
+    "dialogflow.googleapis.com",
+    "secretmanager.googleapis.com",
+  ])
+}
+
+resource "google_project_service" "apis" {
+  for_each = local.apis
+
+  project = var.project_id
+  service = each.value
+
+  disable_on_destroy         = false
+  disable_dependent_services = false
+}
+
+# ─────────────────────────────────────────────
+# 2. Service Accounts
+# ─────────────────────────────────────────────
+
+resource "google_service_account" "agent_sa" {
+  project      = var.project_id
+  account_id   = "${var.prefix}-agent-sa"
+  display_name = "Gemini Agent Runtime SA"
+  description  = "Runtime service account for applications calling Vertex AI / Agent Engine APIs."
+
+  depends_on = [google_project_service.apis]
+}
+
+resource "google_service_account" "code_assist_sa" {
+  project      = var.project_id
+  account_id   = "${var.prefix}-code-assist-sa"
+  display_name = "Gemini Code Assist Enterprise SA"
+  description  = "Service account for Gemini Code Assist Enterprise IDE plugin configuration."
+
+  depends_on = [google_project_service.apis]
+}
+
+# ─────────────────────────────────────────────
+# 3. Project-level IAM Bindings (additive)
+# ─────────────────────────────────────────────
+
+resource "google_project_iam_member" "agent_sa_aiplatform_user" {
+  project = var.project_id
+  role    = "roles/aiplatform.user"
+  member  = google_service_account.agent_sa.member
+}
+
+resource "google_project_iam_member" "agent_sa_discovery_viewer" {
+  project = var.project_id
+  role    = "roles/discoveryengine.viewer"
+  member  = google_service_account.agent_sa.member
+}
+
+resource "google_project_iam_member" "agent_sa_cac_user" {
+  project = var.project_id
+  role    = "roles/cloudaicompanion.user"
+  member  = google_service_account.agent_sa.member
+}
+
+resource "google_project_iam_member" "code_assist_sa_cac_admin" {
+  project = var.project_id
+  role    = "roles/cloudaicompanion.admin"
+  member  = google_service_account.code_assist_sa.member
+}
+
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..b99da9f
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,16 @@
+output "project_id" {
+  description = "The GCP project ID scaffolded into."
+  value       = var.project_id
+}
+
+output "agent_sa_email" {
+  description = "Email of the Gemini Agent runtime service account."
+  value       = google_service_account.agent_sa.email
+}
+
+output "code_assist_sa_email" {
+  description = "Email of the Gemini Code Assist Enterprise service account."
+  value       = google_service_account.code_assist_sa.email
+}
+
+
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
new file mode 100644
index 0000000..ace64af
--- /dev/null
+++ b/terraform.tfvars.example
@@ -0,0 +1,5 @@
+# Copy this file to terraform.tfvars and fill in your values.
+# terraform.tfvars is excluded from git (see .gitignore).
+
+project_id = "your-gcp-project-id"  # required — your existing GCP project
+prefix     = "gemini"               # optional, default: gemini
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..d860217
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,15 @@
+variable "project_id" {
+  description = "The ID of the existing GCP project to scaffold into."
+  type        = string
+}
+
+variable "prefix" {
+  description = "Short name prefix applied to all created resource names."
+  type        = string
+  default     = "gemini"
+
+  validation {
+    condition     = can(regex("^[a-z][a-z0-9-]{0,14}$", var.prefix))
+    error_message = "prefix must be 1-15 lowercase letters, digits, or hyphens, starting with a letter."
+  }
+}
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..a375163
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 7.36.0"
+    }
+  }
+}
+
+provider "google" {
+  project = var.project_id
+}