/** * Creates a new Gemini Cloud Assist Investigation. This tool is the primary entry point for initiating any new troubleshooting analysis. * * Prerequisites: * Argument Resolution: Before invoking this tool, you **MUST** resolve all user-provided information into the specific formats requir...
Bulk/mass operation — affects multiple targets
Part of the Gemini Cloud Assist MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use create_investigation to create or modify resources in Gemini Cloud Assist. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call create_investigation repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Gemini Cloud Assist.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
create_investigation:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Gemini Cloud Assist policy for all 4 tools.
Agents calling write-class tools like create_investigation have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
/** * Creates a new Gemini Cloud Assist Investigation. This tool is the primary entry point for initiating any new troubleshooting analysis. * * Prerequisites: * Argument Resolution: Before invoking this tool, you **MUST** resolve all user-provided information into the specific formats required by the arguments. * * Resource URI Mandate: The 'relevant_resources' parameter requires a list of full Google Cloud Platform (GCP) resource URIs. * - **Format:** Each URI **MUST** strictly adhere to the format: //<service>.googleapis.com/<resource-path>. * - **Validation:** The tool will fail if the provided strings are not well-formed URIs in this exact format. * - **Resolution:** You are responsible for converting any partial, ambiguous, or incomplete resource names (e.g., "my GKE cluster", "the default nodepool", or "project/zone/resource_type/resource_name") into their full URI representation. Utilize available tools like 'gcloud', 'kubectl', or your internal knowledge base to discover the complete and accurate resource URIs. * - **GCP Resource URI Reference**: https://cloud.google.com/asset-inventory/docs/asset-names * * Example of a correct GCP Resource URI: * - //compute.googleapis.com/projects/my-gcp-project/zones/us-central1-a/instances/my-vm-instance * * Additional Argument Formatting: * - **Timestamp ('start_time'):** Convert all relative time expressions (e.g., "30 minutes ago", "yesterday at 5pm") into the absolute 'YYYY-MM-DDTHH:mm:ssZ' UTC format. The 'Shell' tool with the 'date' command can be used for this conversion. * - **Project ID ('project_id'):** If a project is not explicitly mentioned by the user, you must determine the correct one from the context of the conversation or by using the command 'gcloud config get-value project'. * * **Crucial:** If you are unable to resolve any of this information into the required formats, you **MUST** seek clarification from the user before proceeding to call this tool. * * @returns {string} A summary of the new investigation, structured with Markdown. * You **MUST** parse this output to find the '**Investigation Path**' and '**Revision Path**' * fields. The final segment of the 'Investigation Path' is the 'investigation_id' and the * final segment of the 'Revision Path' is the 'revision_id'. These are required for subsequent tool calls. */. It is categorised as a Write tool in the Gemini Cloud Assist MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for create_investigation. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Gemini Cloud Assist MCP server.
create_investigation is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the create_investigation rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for create_investigation. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
create_investigation is provided by the Gemini Cloud Assist MCP server (@google-cloud/gemini-cloud-assist-mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept