feat: update public libraries for CES v1beta

Google APIs · copybara-github · commit 1fa95b7ece51 · 2026-03-04T06:46:14.000-08:00
fix!: An existing google.api.http annotation `http_uri` is changed for method `UploadEvaluationAudio` in service `EvaluationService`
fix!: An existing method_signature `app,audio_content` is removed from method `UploadEvaluationAudio` in service `EvaluationService`
fix!: An existing field `app` is renamed to `name` in message `.google.cloud.ces.v1beta.UploadEvaluationAudioRequest`
fix!: An existing field `audio_transcript` is renamed to `transcript` in message `.google.cloud.ces.v1beta.UploadEvaluationAudioResponse`
fix!: An existing field `audio_duration` is renamed to `duration` in message `.google.cloud.ces.v1beta.UploadEvaluationAudioResponse`
fix!: An existing field `variables` is moved in to oneof in message `.google.cloud.ces.v1beta.ExecuteToolRequest`
docs: A comment for field `cert` in message `.google.cloud.ces.v1beta.TlsConfig` is changed
docs: A comment for field `entry_agent` in message `.google.cloud.ces.v1beta.SessionConfig` is changed
docs: A comment for field `name` in message `.google.cloud.ces.v1beta.Tool` is changed
PiperOrigin-RevId: 878047537
diff --git a/google/cloud/ces/v1beta/BUILD.bazel b/google/cloud/ces/v1beta/BUILD.bazel
@@ -26,6 +26,7 @@ proto_library(
     srcs = [
         "agent.proto",
         "agent_service.proto",
+        "agent_tool.proto",
         "agent_transfers.proto",
         "app.proto",
         "app_version.proto",
@@ -57,6 +58,7 @@ proto_library(
         "python_function.proto",
         "schema.proto",
         "search_suggestions.proto",
+        "security_settings.proto",
         "session_service.proto",
         "system_tool.proto",
         "tool.proto",
@@ -388,7 +390,6 @@ load(
 
 csharp_proto_library(
     name = "ces_csharp_proto",
-    extra_opts = [],
     deps = [":ces_proto"],
 )
 
diff --git a/google/cloud/ces/v1beta/agent_service.proto b/google/cloud/ces/v1beta/agent_service.proto
@@ -29,6 +29,7 @@ import "google/cloud/ces/v1beta/deployment.proto";
 import "google/cloud/ces/v1beta/evaluation.proto";
 import "google/cloud/ces/v1beta/example.proto";
 import "google/cloud/ces/v1beta/guardrail.proto";
+import "google/cloud/ces/v1beta/security_settings.proto";
 import "google/cloud/ces/v1beta/tool.proto";
 import "google/cloud/ces/v1beta/toolset.proto";
 import "google/longrunning/operations.proto";
@@ -130,6 +131,25 @@ service AgentService {
     };
   }
 
+  // Retrieves the security settings for the project and location.
+  rpc GetSecuritySettings(GetSecuritySettingsRequest)
+      returns (SecuritySettings) {
+    option (google.api.http) = {
+      get: "/v1beta/{name=projects/*/locations/*/securitySettings}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Updates the security settings for the project and location.
+  rpc UpdateSecuritySettings(UpdateSecuritySettingsRequest)
+      returns (SecuritySettings) {
+    option (google.api.http) = {
+      patch: "/v1beta/{security_settings.name=projects/*/locations/*/securitySettings}"
+      body: "security_settings"
+    };
+    option (google.api.method_signature) = "security_settings,update_mask";
+  }
+
   // Lists agents in the given app.
   rpc ListAgents(ListAgentsRequest) returns (ListAgentsResponse) {
     option (google.api.http) = {
@@ -1754,3 +1774,29 @@ message GetChangelogRequest {
     (google.api.resource_reference) = { type: "ces.googleapis.com/Changelog" }
   ];
 }
+
+// Request message for
+// [AgentService.GetSecuritySettings][google.cloud.ces.v1beta.AgentService.GetSecuritySettings].
+message GetSecuritySettingsRequest {
+  // Required. The resource name of the security settings to retrieve.
+  // Format: `projects/{project}/locations/{location}/securitySettings`
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "ces.googleapis.com/SecuritySettings"
+    }
+  ];
+}
+
+// Request message for
+// [AgentService.UpdateSecuritySettings][google.cloud.ces.v1beta.AgentService.UpdateSecuritySettings].
+message UpdateSecuritySettingsRequest {
+  // Required. The security settings to update.
+  SecuritySettings security_settings = 1
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. Field mask is used to control which fields get updated. If the
+  // mask is not present, all fields will be updated.
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = OPTIONAL];
+}
diff --git a/google/cloud/ces/v1beta/agent_tool.proto b/google/cloud/ces/v1beta/agent_tool.proto
@@ -0,0 +1,41 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.ces.v1beta;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+
+option go_package = "cloud.google.com/go/ces/apiv1beta/cespb;cespb";
+option java_multiple_files = true;
+option java_outer_classname = "AgentToolProto";
+option java_package = "com.google.cloud.ces.v1beta";
+
+// Represents a tool that allows the agent to call another agent.
+message AgentTool {
+  // Required. The name of the agent tool.
+  string name = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. Description of the tool's purpose.
+  string description = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The resource name of the root agent that is the entry point of
+  // the tool. Format: `projects/{project}/locations/{location}/agents/{agent}`
+  string root_agent = 3 [
+    (google.api.field_behavior) = OPTIONAL,
+    (google.api.resource_reference) = { type: "ces.googleapis.com/Agent" }
+  ];
+}
diff --git a/google/cloud/ces/v1beta/ces_v1beta.yaml b/google/cloud/ces/v1beta/ces_v1beta.yaml
@@ -24,6 +24,7 @@ types:
 - name: google.cloud.ces.v1beta.Omnichannel
 - name: google.cloud.ces.v1beta.OmnichannelOperationMetadata
 - name: google.cloud.ces.v1beta.OperationMetadata
+- name: google.cloud.ces.v1beta.SecuritySettings
 
 documentation:
   rules:
diff --git a/google/cloud/ces/v1beta/common.proto b/google/cloud/ces/v1beta/common.proto
@@ -148,11 +148,14 @@ message TlsConfig {
     // is empty or unspecified, CES will use Google's default trust
     // store to verify certificates. N.B. Make sure the HTTPS server
     // certificates are signed with "subject alt name". For instance a
-    // certificate can be self-signed using the following command,
+    // certificate can be self-signed using the following command:
+    //
+    // ```
     //    openssl x509 -req -days 200 -in example.com.csr \
     //      -signkey example.com.key \
     //      -out example.com.crt \
     //      -extfile <(printf "\nsubjectAltName='DNS:www.example.com'")
+    // ```
     bytes cert = 2 [(google.api.field_behavior) = REQUIRED];
   }
 
diff --git a/google/cloud/ces/v1beta/evaluation_service.proto b/google/cloud/ces/v1beta/evaluation_service.proto
@@ -61,10 +61,10 @@ service EvaluationService {
   rpc UploadEvaluationAudio(UploadEvaluationAudioRequest)
       returns (UploadEvaluationAudioResponse) {
     option (google.api.http) = {
-      post: "/v1beta/{app=projects/*/locations/*/apps/*}:uploadEvaluationAudio"
+      post: "/v1beta/{name=projects/*/locations/*/apps/*/evaluations/*}:uploadEvaluationAudio"
       body: "*"
     };
-    option (google.api.method_signature) = "app,audio_content";
+    option (google.api.method_signature) = "name,audio_content";
   }
 
   // Creates an evaluation.
@@ -1044,17 +1044,22 @@ message TestPersonaVoiceRequest {
 // Request message for
 // [EvaluationService.UploadEvaluationAudio][google.cloud.ces.v1beta.EvaluationService.UploadEvaluationAudio].
 message UploadEvaluationAudioRequest {
-  // Required. The resource name of the App for which to upload the evaluation
-  // audio. Format: `projects/{project}/locations/{location}/apps/{app}`
-  string app = 1 [
+  // Required. The resource name of the Evaluation for which to upload the
+  // evaluation audio. Format:
+  // `projects/{project}/locations/{location}/apps/{app}/evaluations/{evaluation}`
+  string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (google.api.resource_reference) = { type: "ces.googleapis.com/App" }
+    (google.api.resource_reference) = { type: "ces.googleapis.com/Evaluation" }
   ];
 
   // Required. The raw audio bytes.
   // The format of the audio must be single-channel LINEAR16 with a sample
   // rate of 16kHz (default InputAudioConfig).
   bytes audio_content = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The Google Cloud Storage URI of the previously uploaded audio
+  // file to be deleted. Format: `gs://<bucket-name>/<object-name>`
+  string previous_audio_gcs_uri = 3 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Response message for
@@ -1064,11 +1069,11 @@ message UploadEvaluationAudioResponse {
   // Format: `gs://<bucket-name>/<object-name>`
   string audio_gcs_uri = 1;
 
-  // The transcribed text from the audio, generated by Cloud Speech-to-Text.
-  string audio_transcript = 2;
+  // The transcript of the audio, generated by Cloud Speech-to-Text.
+  string transcript = 2;
 
   // The duration of the audio.
-  google.protobuf.Duration audio_duration = 3;
+  google.protobuf.Duration duration = 3;
 }
 
 // Response message for
diff --git a/google/cloud/ces/v1beta/security_settings.proto b/google/cloud/ces/v1beta/security_settings.proto
@@ -0,0 +1,85 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.ces.v1beta;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "cloud.google.com/go/ces/apiv1beta/cespb;cespb";
+option java_multiple_files = true;
+option java_outer_classname = "SecuritySettingsProto";
+option java_package = "com.google.cloud.ces.v1beta";
+
+// Project/Location level security settings for CES.
+message SecuritySettings {
+  option (google.api.resource) = {
+    type: "ces.googleapis.com/SecuritySettings"
+    pattern: "projects/{project}/locations/{location}/securitySettings"
+    plural: "securitySettings"
+    singular: "securitySettings"
+  };
+
+  // Identifier. The unique identifier of the security settings.
+  // Format: `projects/{project}/locations/{location}/securitySettings`
+  string name = 1 [(google.api.field_behavior) = IDENTIFIER];
+
+  // Optional. Endpoint control related settings.
+  EndpointControlPolicy endpoint_control_policy = 2
+      [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. Create time of the security settings.
+  google.protobuf.Timestamp create_time = 3
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Last update time of the security settings.
+  google.protobuf.Timestamp update_time = 4
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Etag of the security settings.
+  string etag = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// Defines project/location level endpoint control policy.
+message EndpointControlPolicy {
+  // Defines the scope in which this policy's allowed_origins list is
+  // enforced.
+  enum EnforcementScope {
+    // Unspecified. This policy will be treated as VPCSC_ONLY.
+    ENFORCEMENT_SCOPE_UNSPECIFIED = 0;
+
+    // This policy applies only when VPC-SC is active.
+    VPCSC_ONLY = 1;
+
+    // This policy ALWAYS applies, regardless of VPC-SC status.
+    ALWAYS = 2;
+  }
+
+  // Optional. The scope in which this policy's allowed_origins list is
+  // enforced.
+  EnforcementScope enforcement_scope = 1
+      [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The allowed HTTP(s) origins that tools in the App are able to
+  // directly call. The enforcement depends on the value of
+  // enforcement_scope and the VPC-SC status of the project.
+  // If a port number is not provided, all ports will be allowed. Otherwise,
+  // the port number must match exactly. For example, "https://example.com"
+  // will match "https://example.com:443" and any other port.
+  // "https://example.com:443" will only match "https://example.com:443".
+  repeated string allowed_origins = 2 [(google.api.field_behavior) = OPTIONAL];
+}
diff --git a/google/cloud/ces/v1beta/session_service.proto b/google/cloud/ces/v1beta/session_service.proto
@@ -206,7 +206,7 @@ message SessionConfig {
   // Optional. The entry agent to handle the session. If not specified, the
   // session will be handled by the [root
   // agent][google.cloud.ces.v1beta.App.root_agent] of the app. Format:
-  // `projects/{project}/locations/{location}/agents/{agent}`
+  // `projects/{project}/locations/{location}/apps/{app}/agents/{agent}`
   string entry_agent = 12 [
     (google.api.field_behavior) = OPTIONAL,
     (google.api.resource_reference) = { type: "ces.googleapis.com/Agent" }
@@ -225,6 +225,11 @@ message SessionConfig {
   // "America/Los_Angeles".
   string time_zone = 11 [(google.api.field_behavior) = OPTIONAL];
 
+  // Optional. Whether to use tool fakes for the session.
+  // If this field is set, the agent will attempt use tool fakes instead of
+  // calling the real tools.
+  bool use_tool_fakes = 14 [(google.api.field_behavior) = OPTIONAL];
+
   // Optional.
   // [QueryParameters](https://cloud.google.com/dialogflow/cx/docs/reference/rpc/google.cloud.dialogflow.cx.v3#queryparameters)
   // to send to the remote
diff --git a/google/cloud/ces/v1beta/tool.proto b/google/cloud/ces/v1beta/tool.proto
@@ -18,6 +18,7 @@ package google.cloud.ces.v1beta;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/cloud/ces/v1beta/agent_tool.proto";
 import "google/cloud/ces/v1beta/client_function.proto";
 import "google/cloud/ces/v1beta/common.proto";
 import "google/cloud/ces/v1beta/connector_tool.proto";
@@ -80,18 +81,22 @@ message Tool {
     // Optional. The system tool.
     SystemTool system_tool = 18 [(google.api.field_behavior) = OPTIONAL];
 
+    // Optional. The agent tool.
+    AgentTool agent_tool = 23 [(google.api.field_behavior) = OPTIONAL];
+
     // Optional. The widget tool.
     WidgetTool widget_tool = 24 [(google.api.field_behavior) = OPTIONAL];
   }
 
-  // Identifier. The unique identifier of the tool.
-  // Format:
-  // - `projects/{project}/locations/{location}/apps/{app}/tools/{tool}` for
-  // ## standalone tools.
+  // Identifier. The resource name of the tool. Format:
+  //
+  // * `projects/{project}/locations/{location}/apps/{app}/tools/{tool}`
+  //   for standalone tools.
+  // * `projects/{project}/locations/{location}/apps/{app}/toolsets/{toolset}/tools/{tool}`
+  //   for tools retrieved from a toolset.
   //
-  // `projects/{project}/locations/{location}/apps/{app}/toolsets/{toolset}/tools/{tool}`
-  // for tools retrieved from a toolset. These tools are dynamic and
-  // output-only, they cannot be referenced directly where a tool is expected.
+  // These tools are dynamic and output-only; they cannot be referenced directly
+  // where a tool is expected.
   string name = 1 [(google.api.field_behavior) = IDENTIFIER];
 
   // Output only. The display name of the tool, derived based on the tool's
diff --git a/google/cloud/ces/v1beta/tool_service.proto b/google/cloud/ces/v1beta/tool_service.proto
@@ -83,6 +83,18 @@ message ExecuteToolRequest {
     ToolsetTool toolset_tool = 3 [(google.api.field_behavior) = OPTIONAL];
   }
 
+  // Additional context to be provided for the tool execution
+  oneof tool_execution_context {
+    // Optional. The variables that are available for the tool execution.
+    google.protobuf.Struct variables = 5
+        [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. The
+    // [ToolCallContext](https://docs.cloud.google.com/customer-engagement-ai/conversational-agents/ps/tool/python#environment
+    // for details) to be passed to the Python tool.
+    google.protobuf.Struct context = 6 [(google.api.field_behavior) = OPTIONAL];
+  }
+
   // Required. The resource name of the app which the tool/toolset belongs to.
   // Format: `projects/{project}/locations/{location}/apps/{app}`
   string parent = 4 [
@@ -93,9 +105,6 @@ message ExecuteToolRequest {
   // Optional. The input parameters and values for the tool in JSON object
   // format.
   google.protobuf.Struct args = 2 [(google.api.field_behavior) = OPTIONAL];
-
-  // Optional. The variables that are available for the tool execution.
-  google.protobuf.Struct variables = 5 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Response message for
