@google-cloud/cloud-run-mcp
MCPCloud Run MCP deployment tool
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ~ | deploy_local_folder tool uses file system paths which may not translate well to OpenAI's execution model, SSE transport supported but streamable-http is preferred - minor adapter needed |
| LangChain | ✓ | Tools maintain GCP client state via Maps - should work but may need connection pooling consideration |
Security findings
Command injection vulnerability in source processor
lib/deployment/source-processor.js lines 46-47: Uses shell execution with user-controlled file paths: `await execAsync('cp -R "${file}/." "${tempDir}/"')` and `await execAsync(npmCommand, { cwd: targetDir })`. File paths from `files` array are used directly in shell commands without sanitization. An attacker controlling file paths could inject shell metacharacters.
Path traversal vulnerability in archive creation
lib/util/archive.js lines 55-70: Accepts file paths from input without validation. While `path.resolve()` is used, there's no explicit check to prevent accessing files outside intended directories. The 'hack' for WSL paths (lines 58-60) modifying '/c' to '/mnt/c' could be exploited to access unintended paths.
Insufficient input validation on service names and project IDs
mcp-server.js and tools/tools.js: Service names, project IDs, and region parameters are accepted from user input without length limits or character restrictions. These values are passed to GCP APIs and could cause issues if excessively long or containing special characters.
OAuth token validation without rate limiting
Verbose error messages expose internal details
Missing input validation on file content objects
Reliability
Success rate
72%
Calls made
100
Avg latency
3500ms
P95 latency
8000ms
Failure modes
- • OAuth token validation failures return structured JSON-RPC errors but may crash if token verification throws unexpected errors
- • File system operations lack comprehensive error handling - missing files, permission errors, and path resolution issues may cause unhandled rejections
- • Network errors from Google Cloud API calls are wrapped with retry logic but original error details may be lost
- • Archive creation (zip/tar.gz) has warning handlers but may reject promises on non-ENOENT warnings, causing unexpected failures
- • Concurrent requests not explicitly handled - shared Map-based client caching could cause race conditions
- • Large file uploads lack timeout protection and could hang indefinitely
- • Metadata server checks silently return null on failure, leading to downstream null reference errors
- • Missing parameter validation in several functions - undefined/null inputs may cause cryptic errors deep in call stack
- • Dependency installation failures are logged but not propagated, deployment continues with potentially broken state
- • OAuth middleware only validates on tools/call method but doesn't handle token expiration mid-operation
- • Promise rejections in deployment pipeline may not clean up temporary directories
- • Special characters and very long paths in file operations not validated or sanitized
Code health
License
Apache-2.0
Has tests
No
Has CI
Yes
Dependencies
~15-20
Well-structured Google Cloud Run MCP deployment tool with good documentation and CI setup. Repository shows professional development practices with Kokoro CI/CD, comprehensive README (10KB), code style tooling (Prettier), and proper licensing. Package is published to npm as @google-cloud/cloud-run-mcp v1.8.0. Code quality is evident through organized lib structure, middleware patterns, and error handling. However, lacks visible test files despite having test coverage config (.c8rc.json), no CHANGELOG, and no TypeScript typing (pure JS). The tool integrates Google Cloud APIs (Run, Build, Storage, Registry, Billing) with OAuth2 support and MCP SDK. Missing git metadata prevents assessment of maintenance activity, but the v1.8.0 version and polished structure suggest active development. Minor gaps: no tests directory, no type definitions, no changelog maintenance.