Provides comprehensive email tools for searching, reading, sending, replying, and drafting emails via OAuth2 integration.
Integrates multiple Google Workspace services to provide a lightweight CRM solution with centralized contact and document management.
Uses Google Cloud Console for API management, service account configuration, and secure credential handling via PostgreSQL.
Allows for programmatic document creation, reading content, and appending text to existing Google Docs.
Utilizes the Google Drive API to facilitate file access and management across the Workspace ecosystem.
Enables robust CRM contact management and generic spreadsheet operations, including reading/writing ranges and managing worksheet tabs.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Google Workspace CRM MCP Serversearch for Jane Smith and show me our recent email history"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Google Workspace CRM MCP Server
A Python MCP (Model Context Protocol) server that acts as a lightweight CRM by integrating Google Sheets (contact management & generic spreadsheet ops), Gmail (email communication), and Google Docs (document creation). Designed for hosting on Replit with Streamable HTTP transport, compatible with both Claude and ChatGPT as MCP clients.
Features
30 MCP tools for full CRM + workspace workflow
Google Sheets: CRM contacts + generic read/write/append on any range, tab management, and new spreadsheet creation
Gmail integration via OAuth2 for sending, searching, reading emails, replying, and drafting (with SMTP and domain-wide delegation fallbacks)
Google Docs: Create new documents, append text, read document content
Agent Cache: Thread-safe in-memory cache with TTL expiration, LRU eviction, namespace support, and bulk operations for fast batch processing
OAuth2 MCP endpoint protection: Secure the
/mcpendpoint with Client Credentials or Authorization Code + PKCE flow — compatible with Claude's Advanced SettingsSettings dashboard: Web-based UI for credential management, OAuth2 authorization, Google Sheets selection, and comprehensive testing
Streamable HTTP transport for remote hosting on Replit
Full audit logging: Every tool call is tracked through 5 stages (received, API call, Google validated, result delivered, delivery confirmed)
Comprehensive test suite: One-click tests for Service Account, MCP Tools, Gmail Send & Reply, Cache Pipeline, and CRM Contact Management — each writes results to a dedicated Google Sheet tab
Rate limiting & caching to stay within Google API quotas
PostgreSQL-backed credentials: All service account keys, OAuth tokens, and settings stored securely in the database — never in code or files
MCP Tools (30 total)
CRM Contact Management (8 tools)
Tool | Description | R/W |
| List all contacts with optional field filtering | Read |
| Get a single contact by email or row number | Read |
| Add a new contact to the CRM | Write |
| Update an existing contact's fields | Write |
| Soft-delete a contact (moves to "Deleted" sheet) | Destructive |
| Full-text search across all contact fields | Read |
| Append a timestamped note to a contact | Write |
| Get contact profile + recent email history | Read |
Google Sheets Operations (7 tools)
Tool | Description | R/W |
| Read data from a specific A1 range | Read |
| Write a 2D array to a specific A1 range | Write |
| Append rows to the end of a sheet tab | Write |
| Read all data from an entire sheet tab | Read |
| List all worksheet tabs with dimensions | Read |
| Create a new worksheet tab with optional headers | Write |
| Delete a worksheet tab (permanent, requires confirm) | Destructive |
Google Workspace File Creation (4 tools)
Tool | Description | R/W |
| Create a brand new Google Sheets file | Write |
| Create a new Google Doc with optional initial text | Write |
| Append text to an existing Google Doc | Write |
| Read the full text of a Google Doc | Read |
Email Communication (7 tools)
Tool | Description | R/W |
| Send an email (plain text or HTML) | Write |
| Search emails using Gmail query syntax | Read |
| Get full email content by message ID | Read |
| Reply to an existing email thread | Write |
| Create a draft email without sending | Write |
| Log an email interaction on a contact's record | Write |
| Get contact profile + recent email history | Read |
Agent Cache (5 tools)
Tool | Description | R/W |
| Store a value in the agent cache with optional TTL and namespace | Write |
| Retrieve a value from the cache | Read |
| List cache keys, optionally filtered by namespace | Read |
| Delete a cache entry | Write |
| View cache statistics (entries, hits, misses, hit rate) | Read |
System & Audit (4 tools)
Tool | Description | R/W |
| Test connectivity to all Google services | Read |
| Query the audit log (filter by tool, stage, errors) | Read |
| Get the full lifecycle trace of a request by ID | Read |
| Confirm the chat agent received a tool result | Write |
OAuth2 MCP Endpoint Security
The /mcp endpoint can be protected with OAuth2 authentication, preventing unauthorized access.
How It Works
When MCP_CLIENT_ID and MCP_CLIENT_SECRET are configured as secrets:
Discovery: Clients query
/.well-known/oauth-authorization-serverfor metadataAuthorization: Clients redirect to
/authorizewith PKCE challengeToken Exchange: Clients exchange the authorization code at
/tokenfor a Bearer tokenAuthenticated Access: All
/mcprequests requireAuthorization: Bearer <token>
Without these secrets, the endpoint remains open (backward-compatible).
Supported Flows
Authorization Code + PKCE — Used by Claude, ChatGPT, and browser-based clients
Client Credentials — Used by server-to-server integrations
Security Features
Credentials are only viewable/generatable in the development environment
The live/deployed app hides Client IDs and blocks credential generation
Tokens expire after 1 hour
Authorization codes expire after 5 minutes and are single-use
PKCE (S256) verification prevents code interception attacks
Constant-time comparison (HMAC) prevents timing attacks
Test Endpoints
The Settings UI provides one-click test buttons for all major services:
Test | Endpoint | Steps | Description |
Service Account |
| 3 | Verifies Google API connectivity and file access |
MCP Tools |
| 8 | Creates test tab, writes/reads data, cleans up |
Gmail Send & Reply |
| 7 | Sends email, verifies delivery, sends reply, checks thread |
Cache Pipeline |
| 7 | Reads contacts, caches, creates jokes, drafts & sends email |
CRM Contacts |
| 10 | Tests all 8 CRM tools, writes results to dated tab |
OAuth2 Auth | Settings UI button | 3 | Verifies unauthenticated access is blocked |
Audit Logging System
Every tool call is tracked through a 5-stage lifecycle:
1. REQUEST_RECEIVED → Incoming tool invocation from the chat agent
2. API_CALL → Each Google API / SMTP call made by the server
3. GOOGLE_VALIDATED → Confirmation the action landed on the Google side
4. RESULT_DELIVERED → Response payload returned to the chat agent
5. DELIVERY_CONFIRMED → (Optional) Chat agent confirmed receiptEvery tool response includes an _audit field with the request_id:
{
"contact": { ... },
"message": "Contact added at row 5.",
"_audit": { "request_id": "a1b2c3d4e5f6..." }
}Agent Cache System
The in-memory agent cache enables fast batch processing workflows:
TTL Expiration: Default 30-minute TTL, configurable per entry
LRU Eviction: Automatic eviction when cache exceeds 10,000 entries
Namespace Support: Organize entries by namespace (e.g.,
contacts,emails)Bulk Operations: List and delete entries by namespace
Statistics: Track hits, misses, and hit rate
Thread-Safe: Safe for concurrent access across MCP sessions
Global Singleton: Shared across all tool calls for cross-request persistence
Google Sheet Schema
Create a Google Sheet and format the first row as headers:
Column | Header | Example |
A | first_name | Ali |
B | last_name | Smith |
C | ||
D | phone | +1-555-0123 |
E | company | OPTT Health |
F | role | CEO |
G | status | lead |
H | notes | [2025-02-19] Initial outreach... |
I | created_at | 2025-02-19T10:00:00Z |
J | updated_at | 2025-02-19T10:00:00Z |
Valid status values: lead, prospect, customer, churned
Important: Share the Google Sheet with your service account email (shown in the Settings UI after uploading the service account JSON). Give it Editor access.
Setup Instructions
1. Google Cloud Configuration
Go to Google Cloud Console
Select the project associated with your service account
Enable the following APIs:
Google Sheets API
Google Drive API
Gmail API
Google Docs API
Download the service account JSON key (or copy the existing one)
2. Settings Dashboard (Recommended)
The easiest way to configure everything is through the Settings UI at the root path (/):
Upload Service Account: Upload your Google Cloud service account JSON
Select CRM Sheet: Browse and select a Google Sheet for CRM data
Configure Gmail OAuth: Upload OAuth client credentials and authorize Gmail access
Enable MCP Auth: Generate and configure OAuth2 credentials for endpoint protection
3. Gmail Auth — Choose Your Path
Path C — OAuth2 (Recommended):
Create OAuth2 credentials in Google Cloud Console (Web Application type)
Upload the Client ID and Secret in the Settings UI
Click "Authorize Gmail" and complete the browser OAuth flow
Tokens are stored securely in PostgreSQL and refresh automatically
Path A — Google Workspace Domain-Wide Delegation:
If your Gmail is on a Workspace domain (e.g., user@yourdomain.com):
Go to Google Workspace Admin Console → Security → API Controls → Domain-wide Delegation
Add the service account client ID with Gmail scopes
Set
DELEGATED_USER_EMAIL=user@yourdomain.com
Path B — SMTP Fallback:
If you use a personal @gmail.com account:
Enable 2-Step Verification on your Google Account
Generate an App Password at https://myaccount.google.com/apppasswords
Set
USE_SMTP_FALLBACK=true,GMAIL_ADDRESS=your@gmail.com,GMAIL_APP_PASSWORD=xxxx xxxx xxxx xxxx
4. MCP Endpoint Security (Recommended)
To protect the /mcp endpoint with OAuth2:
In the Settings UI (development environment), click "Generate Credentials" in the MCP Authentication card
Copy the generated
MCP_CLIENT_IDandMCP_CLIENT_SECRETAdd them as Replit Secrets (Tools → Secrets)
Restart the server
In Claude's MCP connector Advanced Settings, enter the same Client ID and Client Secret
5. Replit Secrets
Add these as Replit Secrets (Tools → Secrets):
Secret | Required | Description |
| Recommended | OAuth2 Client ID for MCP endpoint protection |
| Recommended | OAuth2 Client Secret for MCP endpoint protection |
| No | Default: |
All other credentials (service account, OAuth tokens, spreadsheet selection) are managed through the Settings UI and stored in PostgreSQL.
6. Deploy on Replit
Fork or import this repository into Replit
Configure credentials via the Settings UI
Click Run — the server starts on port 5000
On startup, connectivity checks run automatically and log results
Your MCP endpoint URL will be shown on the Settings dashboard
Connecting to MCP Clients
Claude (Web / Desktop)
Go to Claude Settings → MCP Servers → Add
Enter your MCP endpoint URL:
https://your-app.replit.app/mcpIn Advanced Settings, enter your
MCP_CLIENT_IDandMCP_CLIENT_SECRETClaude will auto-discover the 30 tools
Claude Desktop (Config File)
Add to your claude_desktop_config.json:
{
"mcpServers": {
"google-workspace-crm": {
"url": "https://your-app.replit.app/mcp"
}
}
}Claude Code (CLI)
claude mcp add google-workspace-crm --transport http https://your-app.replit.app/mcpChatGPT
ChatGPT supports MCP servers via its plugin/actions system:
In your Custom GPT configuration, go to Actions
Import the MCP endpoint URL
ChatGPT will auto-discover the available tools via Streamable HTTP
Any MCP-Compatible Client
Endpoint: https://your-app.replit.app/mcp
Transport: Streamable HTTP
OAuth2 Metadata: https://your-app.replit.app/.well-known/oauth-authorization-server
Token Endpoint: https://your-app.replit.app/tokenProject Structure
├── main.py # MCP server entry point (30 tools, OAuth2 auth, startup checks)
├── config.py # Environment config loader
├── requirements.txt # Python dependencies
├── tools/
│ ├── sheets.py # CRM tools (8) + generic sheet tools (7)
│ ├── gmail.py # Gmail tools (5) + workflow tools (2)
│ ├── workspace.py # Spreadsheet/Doc creation (4) + audit tools (3)
│ └── cache.py # Agent cache tools (5)
├── services/
│ ├── google_auth.py # Service account credential loading
│ ├── sheets_client.py # gspread client with caching & rate limiting
│ ├── gmail_client.py # Gmail API / SMTP client wrapper
│ ├── docs_client.py # Google Docs + Drive API client
│ ├── cache.py # Thread-safe agent cache (TTL, LRU, namespaces)
│ ├── mcp_auth.py # OAuth2 auth for MCP endpoint (PKCE, tokens)
│ ├── audit_logger.py # 5-stage audit log with ring buffer
│ └── health_check.py # Connectivity testing for all Google services
├── web/
│ ├── routes.py # Settings UI routes & test endpoints
│ ├── settings_store.py # PostgreSQL-backed settings storage
│ ├── oauth.py # Gmail OAuth2 flow handler
│ ├── sheets_browser.py # Google Sheets browser for selection UI
│ └── templates/
│ └── settings.html # Settings dashboard UI
└── models/
└── contact.py # Pydantic modelsRate Limits & Caching
Google Sheets API: 60 requests/minute (gspread default) — the server enforces this with a token-bucket rate limiter at 55/min
Sheet data is cached for 30 seconds to minimize API calls on repeated list/search operations
Agent cache provides 30-minute TTL with 10,000 entry max and LRU eviction
Audit log keeps last 500 entries in an in-memory ring buffer
All timestamps are ISO 8601 UTC
License
MIT
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.