Validates Vertex AI Agent Engine deployments for production readiness across security, monitoring, performance, compliance, and best practices. Generates weighted scores and remediation plans.
How this skill is triggered — by the user, by Claude, or both
Slash command
/jeremy-vertex-validator:validator-expert [project-id][project-id]inheritThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
!`gcloud config get-value project 2>/dev/null || echo 'no active project'`
!gcloud config get-value project 2>/dev/null || echo 'no active project'
!gcloud auth list --filter=status:ACTIVE --format="value(account)" 2>/dev/null || echo 'not authenticated'
Validate production readiness of Vertex AI Agent Engine deployments by executing weighted checks across five categories: security (30 points), monitoring (20 points), performance (25 points), compliance (15 points), and best practices (10 points). This skill produces a 0-100% composite score with pass/fail per check and prioritized remediation recommendations.
gcloud CLI authenticated with roles/aiplatform.viewer, roles/iam.securityReviewer, and roles/monitoring.viewervertexai.Client().agent_engines.get(name)) or REST API (GET https://{LOCATION}-aiplatform.googleapis.com/v1/projects/{PROJECT}/locations/{LOCATION}/reasoningEngines/{ID}) and parse model, scaling, and feature settingsroles/aiplatform.expressUser, not roles/aiplatform.admin)roles/modelarmor.user granted| Error | Cause | Solution |
|---|---|---|
| Insufficient IAM permissions | Viewer roles not granted on target project | Request roles/aiplatform.viewer and roles/iam.securityReviewer from project admin |
| Agent deployment not found | Incorrect agent ID or deployment deleted | Verify agent ID with vertexai.Client().agent_engines.list() or REST GET .../reasoningEngines; confirm deployment region |
| Monitoring API returns no data | API not enabled or agent has zero traffic | Enable Monitoring API; generate synthetic traffic to populate baseline metrics |
| VPC-SC configuration inaccessible | Organization policy restricts VPC-SC reads | Request roles/accesscontextmanager.policyReader at organization level |
| Compliance check inconclusive | Audit logs not enabled or retention too short | Enable Data Access audit logs; set log retention to minimum 365 days |
Scenario 1: Pre-Launch Validation -- Validate a new ADK agent before production launch. Run all five validation categories. Target score: 85%+ overall, with security score at 28/30 minimum. Generate remediation plan for any failing checks.
Scenario 2: Post-Incident Security Audit -- After a permission escalation incident, re-validate security posture. Focus on IAM least-privilege, service account bindings, and VPC-SC perimeter integrity. Compare scores against the last passing validation.
Scenario 3: Quarterly Compliance Review -- Execute compliance and monitoring validation suites for SOC 2 audit preparation. Verify audit logging coverage, data residency compliance, and backup/DR configuration. Export results as evidence artifacts.
Validation checklists (read the relevant one during each validation step):
Official Google Cloud documentation:
5plugins reuse this skill
First indexed Jul 10, 2026
npx claudepluginhub kriptoburak/jeremylongshore-claude-code-plugins-plus-skills --plugin jeremy-vertex-validatorValidates production readiness of Vertex AI Agent Engine deployments with weighted security, monitoring, performance, compliance, and best practice checks.
Inspects and validates Vertex AI Agent Engine deployments across Code Execution Sandbox, Memory Bank, A2A compliance, and security posture. Generates production readiness scores.
Measures and improves agent quality through evaluators, monitoring, observability, and cost optimization. Sets up CloudWatch dashboards, X-Ray tracing, CI/CD quality gates, and LLM-as-a-judge evals.