You're viewing a demo portfolio

Join the waitlist
PRSM

gcpinspect

Active

Tool of InsideOut (Riley)

declared in v2.0.0

INSPECTION: Inspect GCP infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed GCP resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed GCP infrastructure. It fetches temporary read-only credentials securely and queries the GCP API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: apigateway, bastion, billing, certificatemanager, cloudarmor, cloudbuild, cloudcdn, clouddeploy, clouddns, cloudfunctions, cloudkms, cloudlogging, cloudmonitoring, cloudrun, cloudsql, compute, firestore, gcs, gke, iam, identityplatform, loadbalancer, memorystore, pubsub, secretmanager, vertexai, vpc For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to see available Cloud Monitoring metrics for any service (no credentials needed — progressive disclosure). Use get-metrics to retrieve time-series data. Optional filters JSON: {"hours":6,"period":300}. Label breakdowns: Cloud Functions (by status), Load Balancer/API Gateway (by response_code_class), Cloud CDN (by cache_result). Secret Manager get-metrics returns operational health (version count, replication, create time) — no time-series. Bastion is an alias for Compute Engine metrics (SSH connection count not available as a GCP metric). BILLING: Use service=billing to inspect GCP billing. Actions: get-billing-info (check if billing enabled, which billing account), get-budgets (list budget alerts for the project — auto-fetches billing account). Requires roles/billing.viewer IAM role. Required IAM roles: Monitoring Viewer (roles/monitoring.viewer) for metrics, Secret Manager Viewer (roles/secretmanager.viewer) for secret health, Billing Viewer (roles/billing.viewer) for billing. EXAMPLES: - gcpinspect(session_id=..., service="compute", action="list-instances") - gcpinspect(session_id=..., service="gke", action="list-clusters") - gcpinspect(session_id=..., service="cloudsql", action="get-metrics", filters="{\"hours\":6}") - gcpinspect(session_id=..., service="billing", action="get-billing-info")

Parameters schema

{
  "type": "object",
  "required": [
    "session_id",
    "service",
    "action",
    "filters",
    "detail",
    "raw"
  ],
  "properties": {
    "raw": {
      "type": "boolean",
      "description": "When true, returns the unprocessed GCP API response. Escape hatch for fields the summarized response doesn't surface."
    },
    "action": {
      "type": "string",
      "description": "Operation on the service. Examples: 'list-instances' (compute), 'list-buckets' (storage), 'list-clusters' (gke), 'list-actions' (discovery), 'list-metrics' / 'get-metrics' (Cloud Monitoring)."
    },
    "detail": {
      "type": "boolean",
      "description": "When true, returns full metadata for a single resource. When false (default), returns a summary."
    },
    "filters": {
      "type": "string",
      "description": "Optional JSON-encoded filter object passed through to the underlying GCP API. Examples: '{\"hours\":6}' for metric windows, '{\"zone\":\"us-central1-a\"}' for zone-scoped queries."
    },
    "service": {
      "enum": [
        "apigateway",
        "bastion",
        "billing",
        "certificatemanager",
        "cloudarmor",
        "cloudbuild",
        "cloudcdn",
        "clouddeploy",
        "clouddns",
        "cloudfunctions",
        "cloudkms",
        "cloudlogging",
        "cloudmonitoring",
        "cloudrun",
        "cloudsql",
        "compute",
        "firestore",
        "gcs",
        "gke",
        "iam",
        "identityplatform",
        "loadbalancer",
        "memorystore",
        "pubsub",
        "secretmanager",
        "vertexai",
        "vpc"
      ],
      "type": "string",
      "description": "GCP service to query. Examples: 'compute', 'storage', 'cloudsql', 'gke', 'cloudrun', 'pubsub', 'firestore'. Use action='list-actions' to discover supported actions for a service."
    },
    "session_id": {
      "type": "string",
      "pattern": "^sess_v2_[0-9A-Za-z]+\\?token=[0-9a-f]+$",
      "description": "Session ID from convoopen — pass back EXACTLY as returned, including the ?token=... suffix (format: sess_v2_*?token=*). The suffix is part of the session credential; never strip it when summarizing. The session must have a GCP deploy attempt before inspect probes will succeed."
    }
  },
  "additionalProperties": false
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.50.

Parent server

InsideOut (Riley)

https://github.com/luthersystems/insideout-agent-skills

2/7 registries
View full server →
gcpinspect — InsideOut (Riley) — PRSM MCP