gcpinspect
ActiveTool of InsideOut (Riley)
INSPECTION: Inspect GCP infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed GCP resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed GCP infrastructure. It fetches temporary read-only credentials securely and queries the GCP API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: apigateway, bastion, billing, certificatemanager, cloudarmor, cloudbuild, cloudcdn, clouddeploy, clouddns, cloudfunctions, cloudkms, cloudlogging, cloudmonitoring, cloudrun, cloudsql, compute, firestore, gcs, gke, iam, identityplatform, loadbalancer, memorystore, pubsub, secretmanager, vertexai, vpc For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to see available Cloud Monitoring metrics for any service (no credentials needed — progressive disclosure). Use get-metrics to retrieve time-series data. Optional filters JSON: {"hours":6,"period":300}. Label breakdowns: Cloud Functions (by status), Load Balancer/API Gateway (by response_code_class), Cloud CDN (by cache_result). Secret Manager get-metrics returns operational health (version count, replication, create time) — no time-series. Bastion is an alias for Compute Engine metrics (SSH connection count not available as a GCP metric). BILLING: Use service=billing to inspect GCP billing. Actions: get-billing-info (check if billing enabled, which billing account), get-budgets (list budget alerts for the project — auto-fetches billing account). Requires roles/billing.viewer IAM role. Required IAM roles: Monitoring Viewer (roles/monitoring.viewer) for metrics, Secret Manager Viewer (roles/secretmanager.viewer) for secret health, Billing Viewer (roles/billing.viewer) for billing. EXAMPLES: - gcpinspect(session_id=..., service="compute", action="list-instances") - gcpinspect(session_id=..., service="gke", action="list-clusters") - gcpinspect(session_id=..., service="cloudsql", action="get-metrics", filters="{\"hours\":6}") - gcpinspect(session_id=..., service="billing", action="get-billing-info")
Parameters schema
{
"type": "object",
"required": [
"session_id",
"service",
"action",
"filters",
"detail",
"raw"
],
"properties": {
"raw": {
"type": "boolean",
"description": "When true, returns the unprocessed GCP API response. Escape hatch for fields the summarized response doesn't surface."
},
"action": {
"type": "string",
"description": "Operation on the service. Examples: 'list-instances' (compute), 'list-buckets' (storage), 'list-clusters' (gke), 'list-actions' (discovery), 'list-metrics' / 'get-metrics' (Cloud Monitoring)."
},
"detail": {
"type": "boolean",
"description": "When true, returns full metadata for a single resource. When false (default), returns a summary."
},
"filters": {
"type": "string",
"description": "Optional JSON-encoded filter object passed through to the underlying GCP API. Examples: '{\"hours\":6}' for metric windows, '{\"zone\":\"us-central1-a\"}' for zone-scoped queries."
},
"service": {
"enum": [
"apigateway",
"bastion",
"billing",
"certificatemanager",
"cloudarmor",
"cloudbuild",
"cloudcdn",
"clouddeploy",
"clouddns",
"cloudfunctions",
"cloudkms",
"cloudlogging",
"cloudmonitoring",
"cloudrun",
"cloudsql",
"compute",
"firestore",
"gcs",
"gke",
"iam",
"identityplatform",
"loadbalancer",
"memorystore",
"pubsub",
"secretmanager",
"vertexai",
"vpc"
],
"type": "string",
"description": "GCP service to query. Examples: 'compute', 'storage', 'cloudsql', 'gke', 'cloudrun', 'pubsub', 'firestore'. Use action='list-actions' to discover supported actions for a service."
},
"session_id": {
"type": "string",
"pattern": "^sess_v2_[0-9A-Za-z]+\\?token=[0-9a-f]+$",
"description": "Session ID from convoopen — pass back EXACTLY as returned, including the ?token=... suffix (format: sess_v2_*?token=*). The suffix is part of the session credential; never strip it when summarizing. The session must have a GCP deploy attempt before inspect probes will succeed."
}
},
"additionalProperties": false
}No endpoints wrapped at confidence ≥ 0.50.
Parent server
InsideOut (Riley)
https://github.com/luthersystems/insideout-agent-skills
2/7 registries