{"id":"lreimer-gcp-mcp-server","name":"gcp-mcp-server","homepage":null,"repo_url":"https://github.com/lreimer/gcp-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","google-cloud","gcp","googleapis","stdio","sse","go","cobra","cloud-run","gke","projects"],"what_it_does":"Provides an MCP server that exposes a subset of Google Cloud read-only data via MCP tools: listing and describing Projects, GKE/Container clusters, and Cloud Run services. Supports both stdio and SSE transport, implemented in Go with Cobra.","use_cases":["Allow an MCP-capable agent to explore Google Cloud projects and resources","Generate answers that require current metadata about GCP projects, GKE clusters, and Cloud Run services","Local development with MCP inspector using stdio or SSE"],"not_for":["Write operations / mutating Google Cloud resources (not indicated)","Use cases requiring comprehensive coverage of all GCP services (only a few services/operations listed)","Environments needing formal API contracts (OpenAPI/typed SDK) beyond MCP tooling"],"best_when":"You want an MCP tool layer for lightweight Google Cloud discovery (list/describe) and you can authenticate to Google via service account credentials referenced by environment variables.","avoid_when":"You need robust, documented guarantees on MCP tool error formats, idempotency, pagination, and retry behavior, or you require strict production security posture for public deployments.","alternatives":["Google Cloud APIs directly (agent calls REST APIs with OAuth/service account)","Community MCP servers for GCP (if available) with broader coverage","Custom MCP server wrapping a generated GCP client and enforcing consistent auth/error handling"],"af_score":47.2,"security_score":40.0,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:42:02.951937+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Google Cloud service account credentials (via GOOGLE_APPLICATION_CREDENTIALS) for accessing GCP APIs"],"oauth":false,"scopes":false,"notes":"README indicates service-account key file access through a secret mounted into Cloud Run and referenced by GOOGLE_APPLICATION_CREDENTIALS. No agent-facing OAuth flow or explicit MCP-level auth is documented."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open source; costs depend on where you run it (e.g., Cloud Run) and GCP API usage/quotas."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":47.2,"security_score":40.0,"reliability_score":22.5,"mcp_server_quality":60.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":45.0,"rate_limit_clarity":10.0,"tls_enforcement":20.0,"auth_strength":40.0,"scope_granularity":30.0,"dependency_hygiene":40.0,"secret_handling":70.0,"security_notes":"TLS enforcement for SSE/stdio is not described; Cloud Run example uses --allow-unauthenticated which may expose the service publicly unless protected elsewhere. Auth appears to rely on a service account key file mounted from Secret Manager (requires GOOGLE_APPLICATION_CREDENTIALS). README does not discuss least-privilege beyond granting roles/editor (broad). Secrets are referenced via Cloud Run secret mounting, which is a positive pattern, but agent-facing auth and MCP-level access control are not documented.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Only a limited set of services/operations are listed (Projects, Container/Clusters, Cloud Run/Services). Agents may expect more coverage.","Production deployment example uses --allow-unauthenticated; if mirrored, tools could be exposed publicly without additional MCP-level access control.","README does not document MCP tool schemas, pagination behavior, or retry/error conventions."]}}