GCP Claude Code Plugin

Shamis Ali — Tue, 21 Apr 2026 20:08:05 +0000

If you use Claude Code on AWS, you're spoiled. There are 45+ official MCP servers from awslabs, a deploy-on-aws plugin with skills and agents, blog series walking you through every service, and an entire ecosystem of community tooling on top of that.

If you use Claude Code on GCP? Here's what you get:

cloud-run-mcp - deploys to Cloud Run. That's it.
gcloud-mcp - a gcloud CLI wrapper.
gke-mcp - GKE specific.
A handful of community MCP servers with varying levels of completeness.

All useful tools. But they're all MCP servers that give Claude API access to GCP services. None of them are Claude Code skills or plugins that teach Claude how to think about GCP infrastructure: the right deploy patterns, IAM least-privilege practices, Secret Manager workflows, Cloud Build trigger setups, and so on.

There's a real difference between "Claude can call the Cloud Run API" and "Claude knows how to set up a Cloud Build trigger, wire Secret Manager into your deploy, configure a least-privilege service account, and handle the full workflow end to end."

AWS has both. GCP didn't. So I built it.

What is claude-gcp?

An open-source Claude Code plugin (Apache 2.0) that brings skills, agents, hooks, slash commands, and starter templates for GCP infrastructure.

GitHub: github.com/shamis6ali/claude-gcp

What's in v0.1.1-beta

Skills

Reference docs and workflow instructions that Claude loads when you ask about a GCP service:

Cloud Run - deploy, scale, traffic splitting, canary/blue-green, jobs
Cloud Build - CI/CD pipelines, triggers, caching, approvals
IAM - service accounts, least privilege, Workload Identity Federation, custom roles
Secret Manager - create/version/mount secrets, rotation, access patterns

Each skill has a SKILL.md plus a references/ directory with deep-dive guides for specific patterns.

Deploy Agent

A full orchestration agent that detects your project type, validates the Dockerfile, builds the image, deploys to Cloud Run, and verifies health. One command, full workflow.

Slash Commands

/gcp-deploy - interactive deploy wizard
/gcp-status - service health dashboard (revisions, traffic, errors, resource config)

Three-Layer Safety System

This was important to us. No GCP command runs without your explicit approval:

CLAUDE.md Safety Protocol - Claude must explain every command (what it does, billing impact, reversibility) and get confirmation before running it
PreToolUse Hook - automatically intercepts and blocks high-risk commands: destructive operations, overly broad IAM roles (roles/editor, roles/owner), public access grants, SA key creation
Claude Code's built-in permission system - you still approve every Bash command in the terminal

The hook catches dangerous commands before they execute and feeds context back to Claude so it explains the impact and re-confirms.

Starter Templates

Cloud Run + FastAPI - FastAPI app with Secret Manager integration and structured logging
GitHub Actions + WIF - keyless deploys using Workload Identity Federation (no service account keys)

Why I Built This

I'm the CTO at Orchestrator, a small AI company in Calgary. We build and deploy production AI systems entirely on the Anthropic + GCP stack. Every day we're using Claude Code to ship to Cloud Run, manage IAM, configure builds, and handle secrets. We kept running into the same gap: Claude Code had no GCP-specific knowledge baked in, and the existing MCP servers only gave it tool access without the workflow intelligence.

So we built the plugin for ourselves first, then open-sourced it.

Roadmap

v0.2.0 - Vertex AI, Cloud Tasks, VPC Networking, Security Audit Agent, Cost Agent
v0.3.0 - Cloud Logging, Cloud Storage, Pub/Sub, Incident Agent
v1.0.0 - full test coverage, plugin marketplace submission

Try It

git clone https://github.com/shamis6ali/claude-gcp.git
claude --plugin-dir /path/to/claude-gcp

Would love feedback, especially on which GCP services people want covered next. Drop a comment or open an issue on GitHub.

DEV Community: Shamis Ali