DevGruGold/suite - Complete Setup Instructions
- ✅ Modified:
supabase/functions/ai-chat/index.ts- Added Vertex AI as primary AI provider (with OAuth)
- Maintains fallback chain: Vertex AI → Gemini API → DeepSeek
- Added OAuth authentication flag in responses
- ✅ Created:
supabase/migrations/20241228_vertex_ai_oauth_setup.sqloauth_connectionstable for storing OAuth refresh tokensai_provider_usage_logtable for tracking AI provider usagegoogle_cloud_service_logtable for Google Cloud API calls- Performance monitoring views
- Auto-disable triggers for failing connections
cd /path/to/suite
# Apply the migration
supabase db push
# Verify tables were created
supabase db query "
SELECT tablename
FROM pg_tables
WHERE schemaname = 'public'
AND tablename IN ('oauth_connections', 'ai_provider_usage_log', 'google_cloud_service_log')
ORDER BY tablename;
"Expected output:
tablename
------------------------------------
ai_provider_usage_log
google_cloud_service_log
oauth_connections
# Set required secrets in Supabase
supabase secrets set GOOGLE_CLIENT_ID=your_client_id_here
supabase secrets set GOOGLE_CLIENT_SECRET=your_client_secret_here
supabase secrets set GOOGLE_REFRESH_TOKEN=your_refresh_token_here
supabase secrets set GOOGLE_CLOUD_PROJECT_ID=your_project_id_here
# Verify secrets are set
supabase secrets list-- Insert OAuth connection into database
INSERT INTO public.oauth_connections (
provider,
provider_email,
refresh_token,
scopes,
is_active,
metadata
) VALUES (
'google_cloud',
'xmrtsolutions@gmail.com',
'YOUR_REFRESH_TOKEN_HERE',
ARRAY[
'https://www.googleapis.com/auth/gmail.send',
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/spreadsheets',
'https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/cloud-platform'
],
true,
'{"source": "manual_setup", "setup_date": "2024-12-28"}'::jsonb
);curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/google-cloud-auth \
-H "Authorization: Bearer YOUR_ANON_KEY" \
-H "Content-Type: application/json" \
-d '{"action":"status"}'If response shows "ready": false, continue with 3b-3d:
curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/google-cloud-auth \
-H "Authorization: Bearer YOUR_ANON_KEY" \
-H "Content-Type: application/json" \
-d '{"action":"get_authorization_url"}'Response contains:
{
"authorization_url": "https://accounts.google.com/o/oauth2/v2/auth?client_id=...",
"instructions": "Open this URL..."
}- Copy the
authorization_urlfrom step 3b - Open in browser
- Sign in with
xmrtsolutions@gmail.com - Grant all permissions
- You'll be redirected to callback with refresh token
# Store in Supabase secrets
supabase secrets set GOOGLE_REFRESH_TOKEN=<token_from_callback>
# OR insert into database (see Option B above)# Deploy ai-chat function with Vertex AI integration
supabase functions deploy ai-chat
# Watch deployment logs
supabase functions logs ai-chat --followcurl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/google-cloud-auth \
-H "Authorization: Bearer YOUR_ANON_KEY" \
-H "Content-Type: application/json" \
-d '{"action":"status"}'Expected Response:
{
"success": true,
"configured": {
"client_id": true,
"client_secret": true,
"refresh_token": true
},
"ready": true,
"available_services": ["gmail", "drive", "sheets", "calendar", "gemini"]
}curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/vertex-ai-chat \
-H "Authorization: Bearer YOUR_ANON_KEY" \
-H "Content-Type: application/json" \
-d '{
"messages": [
{"role": "user", "content": "Hello, test Vertex AI"}
]
}'Expected Response:
{
"success": true,
"data": {
"choices": [{"message": {"content": "Hello! I'm the Vertex AI..."}}],
"provider": "vertex"
},
"executive": {
"name": "ML Operations Specialist",
"aiService": "vertex"
}
}curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/ai-chat \
-H "Authorization: Bearer YOUR_ANON_KEY" \
-H "Content-Type: application/json" \
-d '{
"messages": [
{"role": "user", "content": "What AI provider are you using?"}
]
}'Expected Response (KEY FIELD: "provider": "vertex-ai"):
{
"success": true,
"response": "I am currently using Vertex AI...",
"executive": "ai-chat",
"executiveTitle": "AI Assistant [Vertex AI]",
"provider": "vertex-ai",
"model": "gemini-1.5-pro",
"oauth_authenticated": true
}✅ SUCCESS INDICATOR: Response shows "provider": "vertex-ai"
SELECT * FROM public.oauth_connection_health;Expected Result:
provider | total_connections | active_connections | most_recent_use
--------------|-------------------|--------------------|-----------------
google_cloud | 1 | 1 | 2024-12-28 ...
SELECT
provider,
COUNT(*) as request_count,
COUNT(*) FILTER (WHERE success = TRUE) as successful,
AVG(execution_time_ms) as avg_time_ms,
COUNT(*) FILTER (WHERE oauth_authenticated = TRUE) as oauth_requests
FROM public.ai_provider_usage_log
WHERE timestamp > NOW() - INTERVAL '1 hour'
GROUP BY provider
ORDER BY request_count DESC;Expected Result:
provider | request_count | successful | avg_time_ms | oauth_requests
------------|---------------|------------|-------------|---------------
vertex-ai | 15 | 15 | 850 | 15
gemini-api | 2 | 2 | 920 | 0
✅ Success: vertex-ai should have highest request count with oauth_requests > 0
SELECT
provider,
model,
oauth_authenticated,
execution_time_ms,
success,
fallback_level,
timestamp
FROM public.ai_provider_usage_log
ORDER BY timestamp DESC
LIMIT 10;SELECT
service,
operation,
COUNT(*) as operation_count,
AVG(execution_time_ms) as avg_time_ms,
COUNT(*) FILTER (WHERE success = TRUE) as successful
FROM public.google_cloud_service_log
WHERE timestamp > NOW() - INTERVAL '24 hours'
GROUP BY service, operation
ORDER BY operation_count DESC;Diagnosis:
supabase secrets listLook for:
GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRETGOOGLE_REFRESH_TOKENGOOGLE_CLOUD_PROJECT_ID
Solution: Complete Step 3 (Get OAuth Refresh Token) above
Cause: Vertex AI API not enabled in Google Cloud Project
Solution:
- Go to: https://console.cloud.google.com/apis/library/aiplatform.googleapis.com
- Click "Enable"
- Wait 2-3 minutes for propagation
- Test again
Possible Causes:
- Function not deployed
- Vertex AI failing silently
- OAuth not configured
Debug Steps:
# Check deployment
supabase functions list
# Watch logs in real-time
supabase functions logs ai-chat --follow
# Send test message and watch for:
# - "🔵 Attempting Vertex AI"
# - Any error messagesLook for these log messages:
- ✅
🔵 Attempting Vertex AI (Google Cloud OAuth)... - ✅
✅ Vertex AI succeeded ⚠️ ⚠️ Vertex AI unavailable or failed, falling back to Gemini API(indicates OAuth issue)
Check Error:
supabase db query "SELECT * FROM _supabase_migrations ORDER BY inserted_at DESC LIMIT 5;"Common Errors:
- "already exists" - Tables created, migration safe to skip
- "permission denied" - Run as database owner/service role
Force Reapply (if needed):
# Drop and recreate (CAUTION: loses data in these tables)
supabase db query "
DROP TABLE IF EXISTS public.google_cloud_service_log CASCADE;
DROP TABLE IF EXISTS public.ai_provider_usage_log CASCADE;
DROP TABLE IF EXISTS public.oauth_connections CASCADE;
"
# Reapply migration
supabase db pushUser → ai-chat → Gemini API → Response
- No OAuth
- No Google Cloud integration
- Direct API calls only
User → ai-chat → Vertex AI (OAuth) → Response
↓ (if fails)
Gemini API → Response
↓ (if fails)
DeepSeek → Response
- ✅ OAuth authenticated
- ✅ Google Cloud integration (Gmail, Drive, Sheets, Calendar)
- ✅ Enterprise-grade Vertex AI
- ✅ Maintained fallback chain
- Database migration applied successfully
- Tables created:
oauth_connections,ai_provider_usage_log,google_cloud_service_log - Google OAuth secrets configured (either env or database)
- OAuth status shows
"ready": true -
vertex-ai-chattest returns success -
ai-chattest returns"provider": "vertex-ai" - Frontend chat uses Vertex AI (check browser console)
- Monitoring queries return data
- Logs show "Vertex AI succeeded" messages
oauth_connection_health- OAuth connection statusai_provider_performance- 24-hour AI provider metricsgoogle_cloud_service_summary- 7-day Google Cloud usage
google-cloud-auth- OAuth flow and token managementvertex-ai-chat- Vertex AI API integrationai-chat- Main chat router (now includes Vertex AI)
-
Refresh Token Security
- Stored in
oauth_connections.refresh_token(plaintext) - PRODUCTION RECOMMENDATION: Encrypt with Supabase Vault or similar
- Auto-disabled after 5 consecutive failures
- Stored in
-
Row Level Security (RLS)
- Enabled on all new tables
- Service role has full access
- Adjust policies based on your auth model
-
Token Rotation
- Access tokens automatically refreshed
- Last refresh tracked in
last_refreshed_at - Error tracking in
error_countcolumn
If you encounter issues:
-
Check logs:
supabase functions logs ai-chat --follow supabase functions logs google-cloud-auth --follow
-
Verify database:
SELECT * FROM public.oauth_connection_health; SELECT * FROM public.ai_provider_performance;
-
Test OAuth directly:
curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/google-cloud-auth \ -H "Authorization: Bearer YOUR_ANON_KEY" \ -d '{"action":"get_access_token"}'
Setup Time: ~15-20 minutes
Testing Time: ~10 minutes
Total Time: ~30 minutes for complete integration
🎉 Congratulations! Your Vertex AI integration with Google Cloud OAuth is now live!