Configure Gemini Code Assist logging

This document describes how to configure Gemini Code Assist logging for a project by using the Google Cloud console or an API.

Limitations

Gemini in Google Cloud log data recording is limited to user interactions with Gemini Code Assist within the IDE.

Additionally, Gemini for Google Cloud doesn't log data for Gemini Code Assist if VS Code telemetry is turned off by the user.

Before you begin

  • Ensure your Google Cloud project is attached to a billing account.

(Optional) Grant IAM permissions

To configure Gemini Code Assist logging, you must have specific Identity and Access Management (IAM) permissions, which are detailed in the following sections. Ensure these permissions are added to custom IAM roles.

Alternatively, you can grant the Gemini for Google Cloud Settings Admin (roles/cloudaicompanion.settingsAdmin) IAM predefined role, which includes all required permissions needed to work with all Gemini for Google Cloud administrator settings.

(Optional) Bind permissions to settings and targets

If you are configuring Gemini Code Assist administrator settings in the Google Cloud console, then you can skip this section.

To configure Gemini Code Assist administrator settings with the Gemini for Google Cloud API, you must first create settings, then create bindings to "bind" those settings and targets (such as instance, topic, or projects) for specific products (such as Gemini Cloud Assist or Gemini Code Assist).

All permissions to create and update settings are at the project level.

Configure Gemini Code Assist logging

The following sections provide steps required to enable the collection and storage of Gemini Code Assist activity in Cloud Logging, including:

  • Gemini Code Assist prompts and response logs, such as user input, contextual information, and responses.

  • Gemini Code Assist metadata logs, such as telemetry metadata and lines of code accepted by the user.

For more details on both types of log, see View Gemini logs.

Enable logging for Gemini Code Assist

Select one of the following options:

Console

  1. Ensure you have enabled the Cloud Logging API in the project.

  2. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.create
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsCreate
    • cloudaicompanion.settingBindings.loggingSettingsUse
    • cloudaicompanion.instances.queryEffectiveSettingBindings

  3. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  4. Click Settings in the left navigation menu.

    The Settings page loads.

  5. (Optional) Click Logging for Code Assist metadata to record the metadata from the usage of Gemini Code Assist in the project.

  6. (Optional) Click Logging for Code Assist prompts and responses to record the prompts and responses generated by users of Gemini Code Assist in the project.

  7. Click Save Changes.

API

To enable logging for Gemini Code Assist, use the loggingSetting method.

  1. Ensure you have enabled the Cloud Logging API in the project.

  2. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.create
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsCreate
    • cloudaicompanion.settingBindings.loggingSettingsUse
    • cloudaicompanion.instances.queryEffectiveSettingBindings

  3. Create the setting and a setting-specific value:

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

  4. Enable Gemini Code Assist metadata logs.

    1. Run the following command to create the setting:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "log_metadata": true,
    } ' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter a unique setting name, such as gcalm1 for Gemini Code Assist log metadata.

      If the command succeeds, it returns a response body that shows the log_metadata set to true:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_metadata": true
}

    2. Run the following command to create the Gemini Code Assist metadata logs setting binding:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "target": "projects/TARGET_PROJECT_NAME"
    }' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"

    Replace the following:

    • TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.
    • SETTING_ID: Use the same SETTING_ID when you created the setting, but append it with b1. For example, use gcalmb1 for Gemini Code Assist log metadata.

    If the command succeeds, it returns the operation metadata in the following format:

    {
  "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata",
    "createTime": "2025-01-23T15:27:50.076075570Z",
    "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/loggingSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>",
    "verb": "create",
    "requestedCancellation": false,
    "apiVersion": "v1"
  },
  "done": false
}

  5. Enable Gemini Code Assist user logs.

    1. Run the following command to create the setting:

      curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "log_prompts_and_responses": true,
    } ' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"

      Replace the following:

      • CONTAINER_PROJECT_NAME: Enter the parent project ID.
      • SETTING_ID: Enter a unique setting name, such as gcapar1 for Gemini Code Assist prompts and responses.

      If the command succeeds, it returns a response body that shows the log_prompts_and_responses set to true:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_prompts_and_responses": true
}

    2. Run the following command to create the Gemini Code Assist user logs setting binding:

      curl \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "target": "projects/TARGET_PROJECT_NAME"
    }' \
  "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID/settingBindings?setting_binding_id=BINDING_ID"

    Replace the following:

    • TARGET_PROJECT_NAME: Enter the target project to which the setting should be applied.
    • SETTING_ID: Use the same SETTING_ID when you created the setting, but append it with b1. For example, use gcaparb1 for Gemini Code Assist prompts and responses.

    If the command succeeds, it returns the operation metadata in the following format:

    {
  "name": "projects/<var>CONTAINER_PROJECT_NAME</var>/locations/global/operations/operation-1737646069712-62c6140bb04bb-49261230-43701daf",
  "metadata": {
    "@type": "type.googleapis.com/google.cloud.cloudaicompanion.v1.OperationMetadata",
    "createTime": "2025-01-23T15:27:50.076075570Z",
    "target": "projects/<var>TARGET_PROJECT_NAME</var>/locations/global/loggingSettings/<var>SETTING_ID</var>/settingBindings/<var>BINDING_ID</var>",
    "verb": "create",
    "requestedCancellation": false,
    "apiVersion": "v1"
  },
  "done": false
}

Disable logging for Gemini Code Assist

Select one of the following options:

Console

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.delete
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsDelete
    • cloudaicompanion.settingBindings.loggingSettingsUse
    • cloudaicompanion.instances.queryEffectiveSettingBindings

  2. In the Google Cloud console, go to the Admin for Gemini page.

    Go to Gemini for Google Cloud

    The Gemini for Google Cloud page loads.

  3. Click Settings in the left navigation menu.

    The Settings page loads.

  4. (Optional) Click Logging for Code Assist metadata to record the metadata from the usage of Gemini Code Assist in the project.

  5. Click Turn off logging.

  6. Click Save Changes.

API

To enable logging for Gemini Code Assist, use the loggingSetting method.

  1. Ensure that you have the following Identity and Access Management (IAM) permissions on the project that owns the subscription:

    • loggingSettings.create
    • loggingSettings.list
    • loggingSettings.update
    • loggingSettings.get
    • cloudaicompanion.instances.loggingSettings.use
    • cloudaicompanion.instances.queryEffectiveSetting
    • settingBindings.loggingSettingsList
    • settingBindings.loggingSettingsGet
    • settingBindings.loggingSettingsUpdate
    • settingBindings.loggingSettingsCreate
    • serviceusage.services.enable

  2. Create the setting and a setting-specific value:

    1. Obtain the token:

      TOKEN=$(gcloud auth print-access-token)

  3. Run the following command to disable the Gemini Code Assist metadata logs setting:

      curl -X POST \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Content-Type: application/json' \
    -d '{
      "log_metadata": false,
      } ' \
    "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_metadata_id=SETTING_ID"

    Replace the following:

    • CONTAINER_PROJECT_NAME: Enter the parent project ID.

    • SETTING_ID: Enter the existing setting name, such as gcalm1 for Gemini Code Assist log metadata.

      If the command succeeds, it returns a response body that shows the log_metadata set to false:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_metadata": false
}

  4. Run the following command to disable the Gemini Code Assist user logs setting:

      curl -X POST \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Content-Type: application/json' \
    -d '{
      "log_prompts_and_responses": false,
      } ' \
    "https://cloudaicompanion.googleapis.com/v1/projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings?logging_setting_id=SETTING_ID"

    Replace the following:

    • CONTAINER_PROJECT_NAME: Enter the parent project ID.

    • SETTING_ID: Enter the existing setting name, such as gcapar1 for Gemini Code Assist prompts and responses.

      If the command succeeds, it returns a response body that shows the log_prompts_and_responses set to false:

      {
  "name": "projects/CONTAINER_PROJECT_NAME/locations/global/loggingSettings/SETTING_ID",
  "createTime": "2025-01-23T15:22:49.717166932Z",
  "updateTime": "2025-01-23T15:22:49.717166932Z",
  "log_prompts_and_responses": false
}

What's next