From dccb43b25e4a949a04ba0268e8ca53873f3abcba Mon Sep 17 00:00:00 2001
From: Zhongwei Li <lizhongwei.nkcs@gmail.com>
Date: Sun, 30 Nov 2025 08:19:38 +0800
Subject: [PATCH] Initial commit

---
 .claude-plugin/plugin.json       |  12 +++
 README.md                        |   3 +
 plugin.lock.json                 |  45 ++++++++++++
 skills/adk-infra-expert/SKILL.md | 121 +++++++++++++++++++++++++++++++
 4 files changed, 181 insertions(+)
 create mode 100644 .claude-plugin/plugin.json
 create mode 100644 README.md
 create mode 100644 plugin.lock.json
 create mode 100644 skills/adk-infra-expert/SKILL.md

diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json
new file mode 100644
index 0000000..4893481
--- /dev/null
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,12 @@
+{
+  "name": "jeremy-adk-terraform",
+  "description": "Terraform infrastructure as code for ADK and Vertex AI Agent Engine deployments",
+  "version": "1.0.0",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "jeremy@intentsolutions.io"
+  },
+  "skills": [
+    "./skills"
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5cd237c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# jeremy-adk-terraform
+
+Terraform infrastructure as code for ADK and Vertex AI Agent Engine deployments
diff --git a/plugin.lock.json b/plugin.lock.json
new file mode 100644
index 0000000..6090d33
--- /dev/null
+++ b/plugin.lock.json
@@ -0,0 +1,45 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/devops/jeremy-adk-terraform",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "077ffc3a967fe944198bf6c2e1e1bd68353d9a65",
+    "treeHash": "2556c0fef53cbda1530f6dbeb9f3e030e46bac9038db118195e5982de178f08c",
+    "generatedAt": "2025-11-28T10:18:54.499193Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "jeremy-adk-terraform",
+    "description": "Terraform infrastructure as code for ADK and Vertex AI Agent Engine deployments",
+    "version": "1.0.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "81acca2db13e6223dcd81c4f2f04e9e7ebac358b95a5b49194056acb0b3e8377"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "0464005a4b09e75585203af5a55a6f3406e21f45a06c740349b34f337d1f7c6a"
+      },
+      {
+        "path": "skills/adk-infra-expert/SKILL.md",
+        "sha256": "a74c1d8d452730abfc43cd13377c927cd145b3529978d1e9e4cde65a55c2ee5e"
+      }
+    ],
+    "dirSha256": "2556c0fef53cbda1530f6dbeb9f3e030e46bac9038db118195e5982de178f08c"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}
\ No newline at end of file
diff --git a/skills/adk-infra-expert/SKILL.md b/skills/adk-infra-expert/SKILL.md
new file mode 100644
index 0000000..d6ef72e
--- /dev/null
+++ b/skills/adk-infra-expert/SKILL.md
@@ -0,0 +1,121 @@
+---
+name: adk-infra-expert
+description: |
+  Terraform infrastructure specialist for Vertex AI ADK Agent Engine production deployments.
+  Provisions Agent Engine runtime, Code Execution Sandbox, Memory Bank, VPC-SC, IAM, and secure multi-agent infrastructure.
+  Triggers: "deploy adk terraform", "agent engine infrastructure", "adk production deployment", "vpc-sc agent engine"
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash
+version: 1.0.0
+---
+
+## What This Skill Does
+
+Expert in provisioning production Vertex AI ADK infrastructure with Agent Engine, Code Execution Sandbox (14-day state), Memory Bank, VPC Service Controls, and enterprise security.
+
+## When This Skill Activates
+
+Triggers: "adk terraform deployment", "agent engine infrastructure", "provision adk agent", "vertex ai agent terraform", "code execution sandbox terraform"
+
+## Core Terraform Modules
+
+### Agent Engine Deployment
+
+```hcl
+resource "google_vertex_ai_agent_runtime" "adk_agent" {
+  project  = var.project_id
+  location = var.region
+
+  display_name = "adk-production-agent"
+
+  agent_config {
+    model         = "gemini-2.5-flash"
+
+    code_execution {
+      enabled           = true
+      state_ttl_days    = 14
+      sandbox_type      = "SECURE_ISOLATED"
+    }
+
+    memory_bank {
+      enabled = true
+    }
+
+    tools = [
+      {
+        code_execution = {}
+      },
+      {
+        memory_bank = {}
+      }
+    ]
+  }
+
+  vpc_config {
+    vpc_network    = google_compute_network.agent_vpc.id
+    private_service_connect {
+      enabled = true
+    }
+  }
+}
+```
+
+### VPC Service Controls
+
+```hcl
+resource "google_access_context_manager_service_perimeter" "adk_perimeter" {
+  parent = "accessPolicies/${var.access_policy_id}"
+  name   = "accessPolicies/${var.access_policy_id}/servicePerimeters/adk_perimeter"
+  title  = "ADK Agent Engine Perimeter"
+
+  status {
+    restricted_services = [
+      "aiplatform.googleapis.com",
+      "run.googleapis.com"
+    ]
+
+    vpc_accessible_services {
+      enable_restriction = true
+      allowed_services   = [
+        "aiplatform.googleapis.com"
+      ]
+    }
+  }
+}
+```
+
+### IAM for Native Agent Identity
+
+```hcl
+resource "google_project_iam_member" "agent_identity" {
+  project = var.project_id
+  role    = "roles/aiplatform.agentUser"
+  member  = "serviceAccount:${google_service_account.adk_agent.email}"
+}
+
+resource "google_service_account" "adk_agent" {
+  account_id   = "adk-agent-sa"
+  display_name = "ADK Agent Service Account"
+}
+
+# Least privilege for Code Execution
+resource "google_project_iam_member" "code_exec_permissions" {
+  for_each = toset([
+    "roles/compute.viewer",
+    "roles/container.viewer",
+    "roles/run.viewer"
+  ])
+
+  project = var.project_id
+  role    = each.key
+  member  = "serviceAccount:${google_service_account.adk_agent.email}"
+}
+```
+
+## Tool Permissions
+
+Read, Write, Edit, Grep, Glob, Bash - Enterprise infrastructure provisioning
+
+## References
+
+- Agent Engine: https://cloud.google.com/vertex-ai/generative-ai/docs/agent-engine/overview
+- VPC-SC: https://cloud.google.com/vpc-service-controls/docs