cloudrun-claude-code
Verified Safeby mslavov
Overview
A production-ready Cloud Run service that executes Claude Code tasks in isolated jobs, enabling AI-driven code analysis, development, and automation with secure credential handling and post-execution actions.
Installation
npm startEnvironment Variables
- PROJECT_ID
- REGION
- GCS_LOGS_BUCKET
- KMS_KEY_RING
- KMS_KEY_NAME
- CLOUDRUN_JOB_NAME
- CLOUDRUN_CALLBACK_SECRET
Security Notes
The server exhibits strong security practices by offloading all task execution to isolated Cloud Run Jobs. It employs Google Cloud KMS for envelope encryption of sensitive task payloads (API keys, SSH keys, environment variables) at rest in GCS. A local proxy intercepts Claude API calls, injecting real credentials only at the outbound request, preventing the Claude CLI subprocess from direct access to sensitive tokens. Ephemeral workspaces with strict file permissions are created per request and automatically cleaned up. Webhook callbacks are secured with HMAC-SHA256 signatures. The use of `execSync` for `preExecutionCommands` is a powerful primitive, but it operates within the Cloud Run Job's sandbox, and the server itself does not use `eval` or similar patterns directly on user input. The overall design prioritizes credential isolation and secure execution.
Similar Servers
pg-aiguide
Provides AI-optimized PostgreSQL expertise, including semantic search over documentation and curated best practices, to assist AI coding tools in generating better PostgreSQL code.
cloud-run-mcp
Enables MCP-compatible AI agents to deploy applications to Google Cloud Run, abstracting underlying GCP infrastructure operations.
my-ai-tools
Provides a comprehensive setup and configuration management guide for an AI-powered developer environment, integrating various AI coding tools and their custom settings.
cloudrun-claude-code
Cloud Run service for executing Claude Code AI agent tasks with secure credential handling and flexible configuration, ideal for GitOps and CI/CD workflows.