Google Cloud Inventory / warm

Review Run Service Identity Drift

Compare live Cloud Run runtime service-account bindings against a caller-supplied desired identity map. Read-only drift review for bridge-caller migration planning.

Quick Start

aweb inspect gcp_inventory.review_run_service_identity_drift
aweb add gcp_inventory
aweb plan "use Google Cloud Inventory review run service identity drift in an agent workflow"

import Aweb, { Agent } from '@aweb/sdk';

const aweb = new Aweb({ apiKey: process.env.AWEB_API_KEY });
const agent = new Agent({ tools: aweb.tools });

agent.add('gcp_inventory');

const plan = await agent.plan('Use Google Cloud Inventory for this workflow');
const tool = await aweb.tools.inspect('gcp_inventory.review_run_service_identity_drift');

console.log(plan.nextAction);
console.log(tool.inputSchema);

Tool Card

Tool idgcp_inventory.review_run_service_identity_drift

ProviderGoogle Cloud Inventory (gcp_inventory)

Tool namereview_run_service_identity_drift

Activationwarm

Healthhealthy

Trust score1.00

Transportstreamable_http

Latencynot yet measured

Cost0

Requirements and Governance

Authstatic_fields

Credentialsetup_required

Workspaceglobal

Approvalnone

RiskREAD

Permissionsread

Credential setup/api/mcp-warehouse/credentials/gcp_inventory/init

Schemas

{
  "type": "object",
  "properties": {
    "projectId": {
      "type": "string",
      "description": "Optional Google Cloud project id. Must be in the allowed-project list."
    },
    "region": {
      "type": "string",
      "description": "Optional Cloud Run region. Defaults to the configured default region."
    },
    "targets": {
      "type": "array",
      "description": "Desired Cloud Run runtime identities keyed by service name. The provider compares these against live Cloud Run service-account bindings.",
      "items": {
        "type": "object",
        "properties": {
          "serviceName": {
            "type": "string",
            "description": "Cloud Run service name to compare."
          },
          "expectedServiceAccount": {
            "type": "string",
            "description": "Expected runtime service-account email for the service."
          },
          "bridgeCaller": {
            "type": "boolean",
            "description": "Optional operator hint marking whether this service is expected to call bridge-reasoning-daemon."
          },
          "note": {
            "type": "string",
            "description": "Optional operator note echoed back in the drift review output."
          }
        },
        "required": [
          "serviceName",
          "expectedServiceAccount"
        ],
        "additionalProperties": false
      },
      "minItems": 1
    },
    "includeUnmanaged": {
      "type": "boolean",
      "description": "When true, also include live Cloud Run services that were not present in the desired target map."
    }
  },
  "required": [
    "targets"
  ],
  "additionalProperties": false
}

Examples

[
  {
    "objective": "Use Google Cloud Inventory review run service identity drift in an agent workflow.",
    "args": {
      "projectId": "<projectId>",
      "region": "<region>",
      "targets": "<targets>",
      "includeUnmanaged": "<includeUnmanaged>"
    }
  }
]

Back to MCP Tool Cards