azmaveth
diff --git a/‎docs/gemini/OAUTH2_SETUP_GUIDE.md‎
Lines changed: 126 additions & 0 deletions b/‎docs/gemini/OAUTH2_SETUP_GUIDE.md‎
Lines changed: 126 additions & 0 deletions
diff --git a/‎docs/gemini/OAUTH2_TEST_SETUP.md‎
Lines changed: 184 additions & 0 deletions b/‎docs/gemini/OAUTH2_TEST_SETUP.md‎
Lines changed: 184 additions & 0 deletions
@@ -0,0 +1,126 @@
+# Setting Up Real Google OAuth2 Credentials for Gemini API
+
+This guide will walk you through obtaining real OAuth2 credentials for testing the Gemini Permissions API and other OAuth2-only features.
+
+## Prerequisites
+
+1. A Google Account
+2. A Google Cloud Project (or create a new one)
+3. Gemini API enabled in your project
+
+## Step 1: Create a Google Cloud Project
+
+1. Go to [Google Cloud Console](https://console.cloud.google.com/)
+2. Click on the project dropdown at the top
+3. Click "New Project"
+4. Enter a project name (e.g., "ExLLM Testing")
+5. Click "Create"
+
+## Step 2: Enable the Gemini API
+
+1. In your project, go to "APIs & Services" > "Library"
+2. Search for "Generative Language API" or "Gemini API"
+3. Click on it and press "Enable"
+
+## Step 3: Create OAuth2 Credentials
+
+1. Go to "APIs & Services" > "Credentials"
+2. Click "+ CREATE CREDENTIALS" > "OAuth client ID"
+3. If prompted, configure the OAuth consent screen first:
+   - Choose "External" user type (for testing)
+   - Fill in required fields:
+     - App name: "ExLLM OAuth Test"
+     - User support email: your email
+     - Developer contact: your email
+   - Add scopes:
+     - Click "Add or Remove Scopes"
+     - Add these scopes:
+       - `https://www.googleapis.com/auth/cloud-platform`
+       - `openid`
+       - `https://www.googleapis.com/auth/userinfo.email`
+   - Add your email as a test user
+   - Save and continue
+
+4. Now create the OAuth client ID:
+   - Application type: "Desktop app" (easiest for CLI testing)
+   - Name: "ExLLM CLI"
+   - Click "Create"
+
+5. Download the credentials JSON file
+   - Click the download button next to your new OAuth client
+   - Save it as `client_secret.json` in a secure location
+
+## Step 4: Set Up Environment Variables
+
+```bash
+# Extract from the downloaded JSON file:
+export GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+export GOOGLE_CLIENT_SECRET="your-client-secret"
+
+# Or for permanent setup, add to your shell profile:
+echo 'export GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"' >> ~/.bashrc
+echo 'export GOOGLE_CLIENT_SECRET="your-client-secret"' >> ~/.bashrc
+```
+
+## Step 5: Run the OAuth2 Setup Script
+
+```bash
+# From the ex_llm directory
+elixir scripts/setup_oauth2.exs
+```
+
+The script will:
+1. Start a local web server on port 8080
+2. Open your browser to Google's authorization page
+3. After you authorize, capture the authorization code
+4. Exchange it for access and refresh tokens
+5. Save the tokens to `.gemini_tokens`
+
+## Step 6: Test the OAuth2 Integration
+
+```bash
+# Run the OAuth2 permission tests
+mix test test/ex_llm/adapters/gemini/permissions_oauth2_test.exs
+
+# Or test manually in IEx:
+iex -S mix
+
+# In IEx:
+{:ok, tokens} = File.read!(".gemini_tokens") |> Jason.decode!()
+{:ok, result} = ExLLM.Gemini.Permissions.list_permissions(
+  "tunedModels/test-model",
+  oauth_token: tokens["access_token"]
+)
+```
+
+## Troubleshooting
+
+### "redirect_uri_mismatch" Error
+- Make sure you're using "Desktop app" type for the OAuth client
+- The redirect URI should be `http://localhost:8080/callback`
+
+### "invalid_client" Error
+- Double-check your CLIENT_ID and CLIENT_SECRET
+- Make sure you're using the correct credentials from the downloaded JSON
+
+### "access_denied" Error
+- Make sure your Google account is added as a test user in the OAuth consent screen
+- Try clearing browser cookies for accounts.google.com
+
+### Token Expired
+- Run `elixir scripts/refresh_oauth2_token.exs` to refresh
+- Tokens expire after 1 hour
+
+## Security Notes
+
+1. **Never commit credentials**: The `.gemini_tokens` file is already in `.gitignore`
+2. **Keep client_secret.json secure**: Don't commit this file
+3. **Use environment variables**: Don't hardcode credentials
+4. **Rotate credentials regularly**: Revoke and recreate if compromised
+
+## Next Steps
+
+Once you have OAuth2 working:
+1. Test the Permissions API for managing tuned model access
+2. Test the Corpus API for document management
+3. Implement automatic token refresh in your application
@@ -0,0 +1,184 @@
+# OAuth2 API Test Setup Guide
+
+This guide explains how to set up test data and accounts for comprehensive OAuth2 API testing.
+
+## Overview
+
+The OAuth2-protected APIs in Gemini include:
+1. **Corpus Management API** - Document collections for semantic retrieval
+2. **Document Management API** - Documents within corpora
+3. **Chunk Management API** - Text chunks within documents
+4. **Question Answering API** - Semantic Q&A using corpora
+5. **Permissions API** - Access control for tuned models
+
+## Test Data Requirements
+
+### 1. Basic OAuth2 Setup (Required)
+
+```bash
+# Set up OAuth2 credentials
+elixir scripts/setup_oauth2.exs
+
+# This creates .gemini_tokens with access to:
+# - https://www.googleapis.com/auth/cloud-platform
+# - https://www.googleapis.com/auth/generative-language.tuning
+# - https://www.googleapis.com/auth/generative-language.retriever
+```
+
+### 2. Corpus/Document/Chunk APIs (Automatic)
+
+The test suite automatically creates and cleans up:
+- Test corpora with unique names
+- Documents with metadata
+- Chunks with searchable content
+
+No manual setup required - tests are self-contained.
+
+### 3. Question Answering API (Automatic)
+
+Tests automatically create:
+- A corpus with Elixir documentation
+- Multiple chunks about Elixir features
+- Queries are run against this test data
+
+### 4. Permissions API (Manual Setup Required)
+
+To fully test the Permissions API, you need a tuned model:
+
+#### Option A: Use Gemini AI Studio (Easiest)
+1. Go to [Google AI Studio](https://aistudio.google.com/)
+2. Click "Tune a model" in the left sidebar
+3. Select a base model (e.g., Gemini 1.5 Flash)
+4. Upload training data (even a small dataset works)
+5. Start tuning (takes 1-2 hours)
+6. Note the model name (e.g., `tunedModels/my-test-model-123`)
+
+#### Option B: Use the API (Advanced)
+```elixir
+# Create a tuning job via API
+{:ok, operation} = ExLLM.Gemini.Tuning.create_tuning_job(
+  "models/gemini-1.5-flash-001-tuning",
+  %{
+    display_name: "Test Model for Permissions",
+    training_examples: [
+      %{
+        text_input: "What is ExLLM?",
+        output: "ExLLM is a unified Elixir client for Large Language Models."
+      },
+      # Add more examples...
+    ]
+  },
+  oauth_token: token
+)
+```
+
+#### Setting the Test Model
+```bash
+# Set environment variable with your tuned model
+export TEST_TUNED_MODEL="tunedModels/your-actual-model-name"
+
+# Run permission tests
+mix test test/ex_llm/adapters/gemini/oauth2_apis_test.exs --only requires_tuned_model
+```
+
+## Running OAuth2 Tests
+
+### Run All OAuth2 Tests
+```bash
+# Ensure you have valid tokens
+mix test --only oauth2
+```
+
+### Run Specific OAuth2 API Tests
+```bash
+# Corpus Management
+mix test test/ex_llm/adapters/gemini/oauth2_apis_test.exs:"Corpus Management API"
+
+# Document Management
+mix test test/ex_llm/adapters/gemini/oauth2_apis_test.exs:"Document Management API"
+
+# Chunk Management
+mix test test/ex_llm/adapters/gemini/oauth2_apis_test.exs:"Chunk Management API"
+
+# Question Answering
+mix test test/ex_llm/adapters/gemini/oauth2_apis_test.exs:"Question Answering API"
+
+# Permissions (requires tuned model)
+mix test test/ex_llm/adapters/gemini/oauth2_apis_test.exs:"Permissions API"
+```
+
+### Token Management
+
+```bash
+# Refresh expired token
+elixir scripts/refresh_oauth2_token.exs
+
+# Check token validity
+iex -S mix
+iex> {:ok, tokens} = File.read!(".gemini_tokens") |> Jason.decode!()
+iex> tokens["expires_at"]  # Check expiration time
+```
+
+## Test Data Cleanup
+
+The test suite automatically cleans up all created resources:
+- Corpora are deleted after each test
+- Documents and chunks are deleted with their parent corpus
+- Uses `on_exit` callbacks to ensure cleanup even on test failure
+
+## Quotas and Limits
+
+Be aware of API quotas:
+- **Corpora**: Up to 5 per project
+- **Documents**: Up to 10,000 per corpus
+- **Chunks**: Up to 1,000,000 per corpus
+- **Request rate**: Check your project's quota in Google Cloud Console
+
+## Troubleshooting
+
+### "Request had insufficient authentication scopes"
+- Re-run `elixir scripts/setup_oauth2.exs` with updated scopes
+- Ensure all required scopes are included
+
+### "Quota exceeded"
+- Delete old test corpora manually:
+```elixir
+{:ok, list} = Corpus.list_corpora([], oauth_token: token)
+Enum.each(list.corpora, fn corpus ->
+  if String.contains?(corpus.display_name, "test") do
+    Corpus.delete_corpus(corpus.name, oauth_token: token, force: true)
+  end
+end)
+```
+
+### "Invalid corpus/document name"
+- Names must follow the pattern: `corpora/[a-z0-9-]+`
+- No uppercase letters or special characters except hyphens
+
+## Best Practices
+
+1. **Use unique names**: Include timestamps or random IDs in test data names
+2. **Clean up resources**: Always use `on_exit` callbacks
+3. **Test incrementally**: Build corpus → add documents → add chunks → query
+4. **Mock when possible**: For unit tests, mock OAuth2 responses
+5. **Monitor quotas**: Check Google Cloud Console for usage
+
+## Example Test Data Structure
+
+```
+corpus: "test-corpus-12345"
+├── document: "elixir-guide"
+│   ├── chunk: "Elixir is a dynamic, functional language..."
+│   ├── chunk: "Pattern matching is powerful..."
+│   └── chunk: "GenServer implements client-server..."
+└── document: "phoenix-guide"
+    ├── chunk: "Phoenix is a web framework..."
+    └── chunk: "LiveView enables real-time features..."
+```
+
+This structure allows testing:
+- Corpus queries across all documents
+- Document-specific queries
+- Metadata filtering
+- Semantic retrieval
+- Question answering