playbooks

home / mcp / hardened google workspace mcp server

Hardened Google Workspace MCP Server

Provides a security-hardened Google Workspace MCP that lets Claude Code read and draft Gmail, manage Drive/Docs/Sheets, and view calendars.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "c0webster-hardened-google-workspace-mcp": {
      "command": "uv",
      "args": [
        "run",
        "--directory",
        "/Users/YOUR_USERNAME/hardened-google-workspace-mcp",
        "python",
        "-m",
        "main",
        "--single-user"
      ],
      "env": {
        "GOOGLE_OAUTH_CLIENT_ID": "YOUR_CLIENT_ID",
        "GOOGLE_OAUTH_CLIENT_SECRET": "YOUR_CLIENT_SECRET"
      }
    }
  }
}

This security-hardened Google Workspace MCP lets Claude Code interact with your Google Workspace data in a controlled way. You can read Gmail, access Drive and Docs content, work with Sheets and Calendar, Forms, and Slides, all while avoiding actions that could leak data. Use it to automate safe, read/write workflows inside your own workspace without exposing sensitive information.

How to use

You interact with the Hardened Google Workspace MCP through your MCP client. After you connect, you can ask Claude Code to list recent emails, read documents, read and write to spreadsheets, view calendar events, and draft content for emails and forms. Drafts can be created but must be sent manually from Gmail, and files are never shared outside your organization. Use prompts that describe the action you want, for example: list recent emails, read a document from Drive, modify a spreadsheet cell, or show upcoming calendar events.

How to install

Prerequisites
- Claude Code installed on your machine
- A Google Workspace or personal Google account
- Python 3.11+ installed

Step 1: Create OAuth Credentials
- Create Google Cloud OAuth credentials for your project.

Step 2: Install Dependencies
cd ~/hardened-google-workspace-mcp  # or wherever you placed it
uv sync

> Note: If you don't have uv installed, run: curl -LsSf https://astral.sh/uv/install.sh | sh

Step 3: Configure Claude Code

Add the MCP server using claude mcp add:

```bash
claude mcp add hardened-workspace \
  --scope user \
  -e GOOGLE_OAUTH_CLIENT_ID="YOUR_CLIENT_ID" \
  -e GOOGLE_OAUTH_CLIENT_SECRET="YOUR_CLIENT_SECRET" \
  -- uv run --directory ~/hardened-google-workspace-mcp python -m main --single-user
```

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your OAuth credentials.

Or manually add to your MCP config:

```json
{
  "mcpServers": {
    "hardened-workspace": {
      "command": "uv",
      "args": ["run", "--directory", "/Users/YOUR_USERNAME/hardened-google-workspace-mcp", "python", "-m", "main", "--single-user"],
      "env": {
        "GOOGLE_OAUTH_CLIENT_ID": "YOUR_CLIENT_ID",
        "GOOGLE_OAUTH_CLIENT_SECRET": "YOUR_CLIENT_SECRET"
      }
    }
  }
}
```

Step 4: Authorize with Google

1. Start (or restart) Claude Code
2. The first time you use a Google Workspace tool, a browser window will open
3. Sign in with your Google account
4. Click "Allow" to grant permissions

For detailed steps, plan to follow the authorization prompts when they appear.

Additional notes

OAuth credentials must be provided via environment variables in your MCP config. The server runs locally as a stdio process and uses OAuth tokens stored securely as described in the setup. If you need to re-authorize, restart Claude Code and re-run the authorization flow.

Security and troubleshooting

Security notes: never disable permission prompts; drafts can create emails but sending must be manual; no external sharing of files; review what Claude asks to do carefully.

Troubleshooting tips: - OAuth credentials not found: ensure GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET are set in your MCP config. - Permission denied: delete credentials folder (~/.credentials/workspace-mcp/), restart Claude Code, re-authorize your Google account. - Tool not found: confirm the MCP server is running and visible in Claude Code's MCP status. - Browser does not open: copy/paste the provided URL from Claude Code into your browser.

Example prompts

List my recent emails from the past week Read the document "Q4 Planning" from my Google Drive Create a draft email to [email protected] about the meeting tomorrow Show me what's on my calendar for next Monday Update cell A1 in my "Budget 2025" spreadsheet to "Updated"

Support

If you encounter issues with this MCP server setup, file an issue or seek guidance from the project’s support channels.

Available tools

read_gmail

Read Gmail inbox and fetch email headers and content within the scope of the connected account.

draft_email

Create a draft Gmail message that you can review and manually send from Gmail.

drive_read

Read files and folders from Google Drive and access file metadata.

drive_create

Create new files in Google Drive under your account.

docs_read_edit

Read and edit Google Docs documents.

sheets_read_write

Read and write data in Google Sheets spreadsheets.

calendar_view_create

View calendar events and create new events.

forms_read_create

Read and create Google Forms.

slides_read_edit

Read and edit Google Slides presentations.