If you use Claude Code on AWS, you're spoiled. There are 45+ official MCP servers from awslabs, a deploy-on-aws plugin with skills and agents, blog series walking you through every service, and an entire ecosystem of community tooling on top of that.
If you use Claude Code on GCP? Here's what you get:
- cloud-run-mcp - deploys to Cloud Run. That's it.
- gcloud-mcp - a gcloud CLI wrapper.
- gke-mcp - GKE specific.
- A handful of community MCP servers with varying levels of completeness.
All useful tools. But they're all MCP servers that give Claude API access to GCP services. None of them are Claude Code skills or plugins that teach Claude how to think about GCP infrastructure: the right deploy patterns, IAM least-privilege practices, Secret Manager workflows, Cloud Build trigger setups, and so on.
There's a real difference between "Claude can call the Cloud Run API" and "Claude knows how to set up a Cloud Build trigger, wire Secret Manager into your deploy, configure a least-privilege service account, and handle the full workflow end to end."
AWS has both. GCP didn't. So I built it.
What is claude-gcp?
An open-source Claude Code plugin (Apache 2.0) that brings skills, agents, hooks, slash commands, and starter templates for GCP infrastructure.
GitHub: github.com/shamis6ali/claude-gcp
What's in v0.1.1-beta
Skills
Reference docs and workflow instructions that Claude loads when you ask about a GCP service:
- Cloud Run - deploy, scale, traffic splitting, canary/blue-green, jobs
- Cloud Build - CI/CD pipelines, triggers, caching, approvals
- IAM - service accounts, least privilege, Workload Identity Federation, custom roles
- Secret Manager - create/version/mount secrets, rotation, access patterns
Each skill has a SKILL.md plus a references/ directory with deep-dive guides for specific patterns.
Deploy Agent
A full orchestration agent that detects your project type, validates the Dockerfile, builds the image, deploys to Cloud Run, and verifies health. One command, full workflow.
Slash Commands
-
/gcp-deploy- interactive deploy wizard -
/gcp-status- service health dashboard (revisions, traffic, errors, resource config)
Three-Layer Safety System
This was important to us. No GCP command runs without your explicit approval:
- CLAUDE.md Safety Protocol - Claude must explain every command (what it does, billing impact, reversibility) and get confirmation before running it
-
PreToolUse Hook - automatically intercepts and blocks high-risk commands: destructive operations, overly broad IAM roles (
roles/editor,roles/owner), public access grants, SA key creation - Claude Code's built-in permission system - you still approve every Bash command in the terminal
The hook catches dangerous commands before they execute and feeds context back to Claude so it explains the impact and re-confirms.
Starter Templates
- Cloud Run + FastAPI - FastAPI app with Secret Manager integration and structured logging
- GitHub Actions + WIF - keyless deploys using Workload Identity Federation (no service account keys)
Why I Built This
I'm the CTO at Orchestrator, a small AI company in Calgary. We build and deploy production AI systems entirely on the Anthropic + GCP stack. Every day we're using Claude Code to ship to Cloud Run, manage IAM, configure builds, and handle secrets. We kept running into the same gap: Claude Code had no GCP-specific knowledge baked in, and the existing MCP servers only gave it tool access without the workflow intelligence.
So we built the plugin for ourselves first, then open-sourced it.
Roadmap
- v0.2.0 - Vertex AI, Cloud Tasks, VPC Networking, Security Audit Agent, Cost Agent
- v0.3.0 - Cloud Logging, Cloud Storage, Pub/Sub, Incident Agent
- v1.0.0 - full test coverage, plugin marketplace submission
Try It
git clone https://github.com/shamis6ali/claude-gcp.git
claude --plugin-dir /path/to/claude-gcp
Would love feedback, especially on which GCP services people want covered next. Drop a comment or open an issue on GitHub.
Top comments (0)