feat(cli): add inference sub-command for standalone WIF provisioning#1258
Open
waynesun09 wants to merge 4 commits into
Open
feat(cli): add inference sub-command for standalone WIF provisioning#1258waynesun09 wants to merge 4 commits into
waynesun09 wants to merge 4 commits into
Conversation
Extract inference WIF provisioning from the monolithic admin install command into a standalone `fullsend inference` sub-command tree that only requires GCP access (no GitHub token or mint project needed). New commands: - `fullsend inference provision-wif <org|owner/repo>` — creates WIF pool, provider, and IAM bindings for Vertex AI inference. Supports both org-scoped and repo-scoped modes with --dry-run preview. - `fullsend inference status <org|owner/repo>` — checks WIF health and prints config values with --format support (text, json, env) for handoff to the GitHub admin. This enables a split-admin workflow where the GCP inference admin provisions WIF independently and hands off the provider resource name to the GitHub admin who runs `fullsend github setup`. Signed-off-by: Wayne Sun <[email protected]>
Site previewPreview: https://75e7eef8-site.fullsend-ai.workers.dev Commit: |
ReviewFindingsLow
Previous runReviewFindingsLow
Info
Previous run (2)ReviewFindingsLow
Info
Previous run (3)ReviewFindingsMedium
Low
|
fullsend-ai-review
Bot
added
the
requires-manual-review
- Fix condition mismatch not setting unhealthy status (tracked via conditionOK bool with proper org exact/substring validation) - Remove misleading --region flag (WIF is always locations/global) - Add --pool/--provider flags to status command (was hardcoded) - Remove false service account claim from dry-run output - Lowercase org/repo in condition output to match provisioner behavior - Fix redundant SplitN in repo-scoped dry-run - Reject --provider in repo-scoped mode for both provision and status - Use cmd.OutOrStdout() instead of os.Stdout for testability - Conditionally include config keys in JSON/env output only when healthy - Add FULLSEND_INFERENCE_STATUS to env output format - Remove non-existent FULLSEND_GCP_REGION from all output formats - Rename provision-wif to provision (shorter, unambiguous) Signed-off-by: Wayne Sun <[email protected]>
![fullsend-ai-review[bot]](https://avatars.githubusercontent.com/in/3478501?s=60&v=4){kind=small}
| printer := ui.New(cmd.OutOrStdout()) | ||
| printer.Banner() | ||
| printer.Blank() | ||
| printer.Header("Inference Status") |
There was a problem hiding this comment.
[info] style
formatStatusJSON mixes domain keys (FULLSEND_GCP_PROJECT_ID, FULLSEND_GCP_WIF_PROVIDER) with metadata keys (status, details) in a map[string]interface{}. A dedicated struct would make the JSON contract more explicit.
fullsend-ai-review
Bot
added
ready-for-merge
Fix incorrect handoff command reference (fullsend github setup → fullsend admin install), gate JSON/env config key output on WIFProvider presence instead of status string, and tighten multi-org condition matching to also require repository_owner in the attribute condition. Signed-off-by: Wayne Sun <[email protected]>
| printer := ui.New(cmd.OutOrStdout()) | ||
| printer.Banner() | ||
| printer.Blank() | ||
| printer.Header("Inference Status") |
There was a problem hiding this comment.
[info] style
formatStatusJSON mixes domain keys (FULLSEND_GCP_PROJECT_ID, FULLSEND_GCP_WIF_PROVIDER) with metadata keys (status, details) in a map[string]interface{}. A dedicated struct would make the JSON contract more explicit.
fullsend-ai-review
Bot
added
ready-for-merge
Add early project ID validation using the same regex pattern as the gcf provisioner. This gives users a clear error message instead of an opaque API failure when an invalid project ID is passed to inference provision or status. Signed-off-by: Wayne Sun <[email protected]>
fullsend-ai-review
Bot
added
ready-for-merge
rh-hemartin
approved these changes
May 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fullsend inferencesub-command tree with 2 commands:provisionandstatusadmin installso GCP admins can provision Vertex AI WIF infrastructure without needing GitHub credentialsprovisioncreates WIF pool/provider and prints the resource name for handoff tofullsend admin installstatuscombines health check + config display with--formatsupport (text/json/env)Test plan
go test ./internal/cli/...passes (28 tests)go vet ./internal/cli/...cleanfullsend inference --helpshows both sub-commandsfullsend inference provision --helpshows all flagsfullsend inference status --helpshows--formatflagfullsend inference provision <org> --project=<proj>creates WIF infra and prints provider namefullsend inference status <org> --project=<proj> --format=envprints config values