feat(gcp): finish wiring, sync docs, ignore .bin/#22
Merged
Conversation
The GCP check modules and scanner integration already existed, but the config layer and skill-driven UX did not — there was no way to drive a GCP scan through the normal flow. - add gcp_project_id / gcp_region to ShastaConfig (with project-id format validator) and the load_config defaults - add get_gcp_client() convenience constructor, mirroring get_aws_client() / get_azure_client() - add /connect-gcp skill mirroring /connect-azure (ADC auth via gcloud, [gcp] extra install, credential validation) - collapse the three near-duplicate per-cloud blocks in /scan into one parameterized block that scans whichever clients are configured Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The GCP integration (PR #20) added ~306 tests but left TRUST.md's internal test counts stale and self-contradictory (TL;DR said 814, Layer 1 said 519/684, run-output said 537). Sync every count to the real collected total of 851, add tests/test_gcp and tests/voice rows to the Layer 1 breakdown, and correct the integrity-test list (it named three Whitney tests deleted in the 2026-04-13 split). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #20 added src/shasta/gcp/ but left CLAUDE.md describing an AWS+Azure-only platform. Add GCP to the project description, tech stack, project layout, install extras, client-session convention, the multi-region/subscription principle (now multi-project via GCPClient.for_project), and the required smoke-test list. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Each developer can bootstrap uv/uvx into ./.bin/ without committing the 48MB binary blobs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
feat(gcp)— addsget_gcp_client()+gcp_project_id/gcp_regionconfig fields, a new/connect-gcpskill mirroring/connect-azure, and collapses/scanfrom three near-duplicate per-cloud blocks into one parameterized block that scans whichever clouds are configured.docs— syncsTRUST.mdtest counts (851) and Layer 1 suite breakdown after the GCP merge; adds GCP toCLAUDE.mdproject map and conventions.chore—.gitignoreentry for.bin/(localuv/uvxbinaries, 48MB).Why this is needed
PR #20 merged the GCP detection layer (check modules + scanner integration + tests), but the config and skill layer wasn't wired up —
shasta.config.jsonhad no GCP fields,config.pyhad noget_gcp_client(), and there was no/connect-gcpskill, so users couldn't drive a GCP scan through the normal flow. This PR closes that gap.What I excluded and why
The remote branch
review/pr-20-gcp-fixeslooked like it might have unmerged fixes (per-subnet networking findings, IAM token-creator, KMS locations). I verified againstmainand confirmed all its substantive fixes already landed via PR #20's squasheda6fe068 fix(gcp): three scanner bugs from PR review. The remaining diff is cosmetic (variable renames, line-wrapping). That branch is stale and can be deleted.Test plan
pytest tests/test_integrity/ tests/test_aws/test_aws_sweep_smoke.py tests/test_azure/test_smoke.py tests/test_gcp/test_smoke.py— 241 passed locallypytest --collect-onlycollects exactly 851 tests, matching the TRUST.md claim (within the integrity test's tolerance of 50)ruff check src/shasta/config.py— cleanget_gcp_client()constructs correctly without google libs (lazy imports); validator accepts valid GCP project IDs and rejects malformed onesEnd-to-end
/connect-gcp→/scanflow against a real GCP project still needs to be run by a human withgcloud auth application-default loginconfigured.🤖 Generated with Claude Code