Validates Vertex AI Agent Engine deployments for production readiness across security, monitoring, performance, compliance, and best practices. Generates weighted scores and remediation plans.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin jeremy-vertex-validatorThis skill is limited to using the following tools:
!`gcloud config get-value project 2>/dev/null || echo 'no active project'`
Inspects Vertex AI Agent Engine deployments for config, code sandbox, memory bank, A2A compliance, security posture, performance, and monitoring. Generates readiness scores.
Sets up evaluators, online monitoring, CI/CD quality gates, CloudWatch/X-Ray observability, and cost optimization for AgentCore agents to measure and improve quality and performance.
Builds Vertex AI Agent Engine scaffolds with Gemini models, RAG, function calling, multi-modal capabilities, evaluation, and GCP deployment configs.
Share bugs, ideas, or general feedback.
!gcloud config get-value project 2>/dev/null || echo 'no active project'
!gcloud auth list --filter=status:ACTIVE --format="value(account)" 2>/dev/null || echo 'not authenticated'
Validate production readiness of Vertex AI Agent Engine deployments by executing weighted checks across five categories: security (30 points), monitoring (20 points), performance (25 points), compliance (15 points), and best practices (10 points). This skill produces a 0-100% composite score with pass/fail per check and prioritized remediation recommendations.
gcloud CLI authenticated with roles/aiplatform.viewer, roles/iam.securityReviewer, and roles/monitoring.viewervertexai.Client().agent_engines.get(name)) or REST API (GET https://{LOCATION}-aiplatform.googleapis.com/v1/projects/{PROJECT}/locations/{LOCATION}/reasoningEngines/{ID}) and parse model, scaling, and feature settingsroles/aiplatform.expressUser, not roles/aiplatform.admin)roles/modelarmor.user granted| Error | Cause | Solution |
|---|---|---|
| Insufficient IAM permissions | Viewer roles not granted on target project | Request roles/aiplatform.viewer and roles/iam.securityReviewer from project admin |
| Agent deployment not found | Incorrect agent ID or deployment deleted | Verify agent ID with vertexai.Client().agent_engines.list() or REST GET .../reasoningEngines; confirm deployment region |
| Monitoring API returns no data | API not enabled or agent has zero traffic | Enable Monitoring API; generate synthetic traffic to populate baseline metrics |
| VPC-SC configuration inaccessible | Organization policy restricts VPC-SC reads | Request roles/accesscontextmanager.policyReader at organization level |
| Compliance check inconclusive | Audit logs not enabled or retention too short | Enable Data Access audit logs; set log retention to minimum 365 days |
Scenario 1: Pre-Launch Validation -- Validate a new ADK agent before production launch. Run all five validation categories. Target score: 85%+ overall, with security score at 28/30 minimum. Generate remediation plan for any failing checks.
Scenario 2: Post-Incident Security Audit -- After a permission escalation incident, re-validate security posture. Focus on IAM least-privilege, service account bindings, and VPC-SC perimeter integrity. Compare scores against the last passing validation.
Scenario 3: Quarterly Compliance Review -- Execute compliance and monitoring validation suites for SOC 2 audit preparation. Verify audit logging coverage, data residency compliance, and backup/DR configuration. Export results as evidence artifacts.
Validation checklists (read the relevant one during each validation step):
Official Google Cloud documentation: