🚀 GoogleUnlimited Google Workspace Platform

GoogleUnlimited is a comprehensive MCP framework that provides seamless Google Workspace integration through an advanced middleware architecture. It enables AI assistants and MCP clients to interact with Gmail, Google Drive, Docs, Sheets, Slides, Calendar, Forms, Chat, and Photos services using a unified, secure API.

📋 Table of Contents

• Quick Installation Instructions

• Service Capabilities

• Middleware Architecture

• Tool Management Dashboard

• Template System

• Resource Discovery

• Testing Framework

• Security & Authentication

⚡ Quick Installation Instructions

What is GoogleUnlimited?

GoogleUnlimited provides AI assistants with access to Google Workspace services through the Model Context Protocol (MCP). It supports 92+ tools across 9 Google services, enabling seamless integration between AI workflows and Google Workspace applications with revolutionary performance improvements.

🛠️ Installation Methods

Method 1: Quick Install via uvx (Recommended)

The fastest way to get started - install directly from PyPI:

{
  "mcpServers": {
    "google-workspace-unlimited": {
      "command": "uvx",
      "args": ["google-workspace-unlimited"],
      "disabled": false,
      "timeout": 300
    }
  }
}

⚡ That's it! The server runs in stdio mode by default, perfect for MCP clients like Claude Desktop, Cursor, Roo, etc.

Method 2: Clone and Development Setup

For development or customization:

1. Clone and setup:

   git clone https://github.com/dipseth/google_workspace_fastmcp2.git
   cd google_workspace_fastmcp2
   uv sync

2. Start the server:

   uv run python server.py

   The server starts immediately with zero configuration required. OAuth credentials are not needed at startup — authentication is handled lazily when you first interact with a Google service.

3. Authenticate when ready:

   When you call any Google Workspace tool, the server will prompt you to authenticate via the start_google_auth tool. This opens a browser-based OAuth flow. Once completed, credentials are stored locally and reused across sessions.

   To pre-configure OAuth credentials (optional), create a .env file:

   cp .env.example .env

   Then add your Google Cloud Console credentials:

   # Option A: Client ID + Secret
   GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
   GOOGLE_CLIENT_SECRET=your-client-secret
   
   # Option B: Downloaded JSON credentials file
   GOOGLE_CLIENT_SECRETS_FILE=credentials.json

   See the Google Cloud Console setup steps for creating OAuth credentials and enabling APIs.

📚 Configuration Resources:

• 🔧 Complete Configuration Guide - Comprehensive environment variables and settings reference

• 🤖 Claude.ai Integration Guide - Setup for Claude.ai remote MCP server usage

• 🔒 HTTPS Setup Guide - SSL certificate configuration for secure connections

• ⚙️ MCP JSON Configuration Guide - Standard MCP configuration for any compatible client

📋 Environment Variables Reference

All environment variables are optional — the server starts with sensible defaults and no .env file required. OAuth credentials are only needed when initiating a new authentication flow via start_google_auth.

Google OAuth (needed for first-time authentication):

Provide either GOOGLE_CLIENT_ID + GOOGLE_CLIENT_SECRET or GOOGLE_CLIENT_SECRETS_FILE before your first OAuth flow. Once authenticated, credentials are stored locally and these variables are no longer needed.

Server:

Security & Sessions:

Tool Management:

Qdrant Vector Database:

Other:

🔗 Client Connections

GoogleUnlimited supports multiple connection methods. Here are the two most popular ways to get started:

🎯 Quick Setup Options

Option 1: Cursor IDE (STDIO - Community Verified ✅):

{
  "mcpServers": {
    "google-workspace": {
      "command": "uv",
      "args": [
        "--directory", "/path/to/google_workspace_fastmcp2",
        "run", "python", "server.py"
      ],
      "env": {
        "GOOGLE_CLIENT_SECRETS_FILE": "/path/to/client_secrets.json",
        "MCP_TRANSPORT": "stdio"
      }
    }
  }
}

Option 2: HTTP Streamable (VS Code Roo, Claude Code, Claude Desktop, etc.):

# Start server in HTTP mode
uv run python server.py --transport http --port 8002

Basic single-connection config:

{
  "google-workspace": {
    "type": "streamable-http",
    "url": "https://localhost:8002/mcp",
    "disabled": false
  }
}

Multi-connection setup — connect the same client (or multiple clients) to the same server with different tool sets using URL query parameters:

{
  "google-email": {
    "type": "streamable-http",
    "url": "https://localhost:8002/mcp?service=gmail"
  },
  "google-chat": {
    "type": "streamable-http",
    "url": "https://localhost:8002/mcp?service=chat"
  },
  "google-productivity": {
    "type": "streamable-http",
    "url": "https://localhost:8002/mcp?service=drive,docs,sheets,slides"
  }
}

Each connection gets its own isolated session with only the requested service tools enabled. You can also pin a session ID with ?uuid= to resume the same session state across reconnects:

{
  "google-workspace": {
    "type": "streamable-http",
    "url": "https://localhost:8002/mcp?uuid=my-workspace&service=gmail,drive,calendar"
  }
}

See URL-Based Service Filtering for the full list of query parameters.

📚 Complete Connection Guide

For detailed setup instructions, troubleshooting, and configurations for all supported clients including:

• Claude Code CLI (HTTP & STDIO)

• Claude Desktop

• VS Code / Roo / GitHub Copilot

• Claude.ai with Cloudflare Tunnel

• And more...

🔗 Complete Client Connection Guide - Comprehensive setup instructions, troubleshooting, and advanced configurations for all supported AI clients and development environments

🎯 Service Capabilities

GoogleUnlimited supports 9 Google Workspace services with 90+ specialized tools:

📚 API Documentation Resources:

• 🔗 Complete API Reference - Comprehensive documentation for all 92+ tools across 9 services

• 📧 Gmail API Guide - Email management, labels, filters, and search operations

• 📁 Drive API Guide - File operations, sharing, and Office document handling

• 📊 Sheets API Guide - Spreadsheet data manipulation and formatting

• 📅 Calendar API Guide - Event scheduling and timezone management

🧠 Middleware Architecture

GoogleUnlimited uses a middleware architecture that provides seamless service integration, intelligent resource management, and powerful templating capabilities.

🔧 Core Middleware Components

• 🏷️ TagBasedResourceMiddleware: Intelligent resource discovery using URI patterns (service://gmail/messages, user://current/email)

• 🧠 QdrantUnifiedMiddleware: AI-powered semantic search across all tool responses with vector embeddings

• 🎨 TemplateMiddleware: Advanced Jinja2 template system for beautiful, structured output formatting

✨ Architecture Benefits

• 🔄 Unified Resource Access: URI-based access to service data without API calls

• 🧠 Semantic Intelligence: Natural language search across all stored responses

• 🎨 Visual Excellence: Consistent, beautiful output formatting for optimal AI consumption

• 💰 Token Efficiency: Template macros reduce token usage by 60-80% through structured data rendering

• ⚡ Performance: 30x faster than traditional approaches through intelligent caching

📚 Middleware Documentation Resources:

• 📖 Middleware Architecture Guide - Complete middleware system documentation and implementation details

• 🏷️ TagBasedResourceMiddleware - URI pattern resource discovery and management

• 🧠 QdrantUnifiedMiddleware - AI-powered semantic search and vector embeddings

• 🎨 TemplateMiddleware - Advanced Jinja2 template system for output formatting

• 🔧 SessionToolFilteringMiddleware - Per-session tool enable/disable management

🚀 Minimal Tools Startup

By default, GoogleUnlimited starts with only 5 protected tools enabled for optimal performance and security. This allows clients to enable only the tools they need.

Protected Tools (Always Available):

• manage_tools - Enable/disable tools globally or per-session

• manage_tools_by_analytics - Analytics-based tool management

• health_check - Server health and configuration status

• start_google_auth - Initiate OAuth authentication

• check_drive_auth - Verify authentication status

Configuration:

# Default: Start with minimal tools (only 5 protected tools)
MINIMAL_TOOLS_STARTUP=true

# Optional: Pre-enable specific services at startup
MINIMAL_STARTUP_SERVICES=drive,gmail,calendar

# Disable minimal startup (enable all 92+ tools immediately)
MINIMAL_TOOLS_STARTUP=false

Enabling Tools at Runtime:

# Enable all tools globally
manage_tools(action="enable_all")

# Enable specific tools
manage_tools(action="enable", tool_names=["search_drive_files", "list_gmail_labels"])

# List all registered tools (shows enabled/disabled status)
manage_tools(action="list")

🔧 Session-Scoped Tool Management

GoogleUnlimited supports per-session tool enable/disable functionality, allowing different MCP clients to have different tool availability without affecting other connected clients.

Key Features:

• Session Isolation: Disable tools for one client session without affecting others

• Non-Invasive: Session-scoped operations never modify the global tool registry

• Protected Tools: Core management tools (manage_tools, health_check, etc.) always remain available

• Middleware-Based: Uses SessionToolFilteringMiddleware for protocol-level filtering

Usage Examples:

# Disable tools for this session only (other clients unaffected)
manage_tools(action="disable", tool_names=["send_gmail_message"], scope="session")

# Disable all except specific tools for this session
manage_tools(action="disable_all_except", tool_names=["search_drive_files", "list_events"], scope="session")

# Re-enable all tools for this session
manage_tools(action="enable_all", scope="session")

# Global operations (original behavior, affects all clients)
manage_tools(action="disable", tool_names=["send_gmail_message"], scope="global")

Response Structure:

{
  "success": true,
  "action": "disable_all_except",
  "scope": "session",
  "enabledCount": 94,
  "disabledCount": 0,
  "toolsAffected": ["tool1", "tool2", "..."],
  "sessionState": {
    "sessionId": "f725be09...",
    "sessionAvailable": true,
    "sessionDisabledTools": ["tool1", "tool2"],
    "sessionDisabledCount": 89
  },
  "message": "Kept 5 tools, disabled 89 tools for this session"
}

🧠 CodeMode Transform (Experimental)

When enabled via ENABLE_CODE_MODE=true, CodeMode replaces the full 92+ tool catalog with 4 meta-tools, dramatically reducing token usage for LLM clients:

How it works: Instead of loading all 92+ tool schemas upfront (expensive on tokens), LLMs discover tools on-demand via search, then chain multiple call_tool() calls in a single execute block:

# Single execute block can chain multiple tool calls
result = await call_tool("search_drive_files", {"query": "Q4 report"})
return result

Configuration:

ENABLE_CODE_MODE=true   # Enable CodeMode transform

CodeMode and the standard tool catalog are mutually exclusive — when CodeMode is active, direct tool calls are replaced by the search + execute pattern.

📚 Skills Provider

When enabled via ENABLE_SKILLS_PROVIDER=true, GoogleUnlimited generates skill documents from ModuleWrapper instances and serves them via FastMCP's SkillsDirectoryProvider. Skills provide structured knowledge that LLMs can reference for complex multi-step tasks.

Currently supported modules:

• card_framework → gchat-cards skill (Google Chat card DSL reference, component hierarchy, examples)

Configuration:

ENABLE_SKILLS_PROVIDER=true     # Enable skill generation
SKILLS_DIRECTORY=~/.claude/skills  # Output directory (default)

Skills are auto-regenerated on each startup and immediately available via the FastMCP skills system.

🖥️ Tool Management Dashboard

GoogleUnlimited includes a built-in Tool Management Dashboard served via the MCP Apps ui:// resource scheme. This provides a visual interface for monitoring and managing tool availability across sessions.

Features:

• Service-grouped tool view — tools organized by Google service (Gmail, Drive, Sheets, etc.) with counts

• Session state visibility — see which tools are enabled, disabled, or session-disabled at a glance

• Filter chips — quickly filter by service to focus on relevant tools

• Live data — powered by DashboardCacheMiddleware which caches list-tool results for instant ui://data-dashboard resource access

The dashboard is automatically wired to all list tools via wire_dashboard_to_list_tools() — no per-tool configuration needed.

🔗 URL-Based Service Filtering (HTTP Transport)

When using HTTP/SSE transport, you can filter tools by service directly via URL query parameters - no code required:

# Enable only Gmail tools
http://localhost:8002/mcp?service=gmail

# Enable Gmail + Drive + Calendar
http://localhost:8002/mcp?service=gmail,drive,calendar

# Resume a previous session
http://localhost:8002/mcp?uuid=your-session-id

# Resume session with specific services
http://localhost:8002/mcp?uuid=abc123&service=gmail,drive

# Disable minimal startup (enable all tools)
http://localhost:8002/mcp?minimal=false

Available URL Parameters:

Available Services: gmail, drive, calendar, docs, sheets, slides, photos, chat, forms, people

📚 Session Tool Management Resources:

• 🔧 SessionToolFilteringMiddleware Guide - Complete documentation for per-session tool management

🎨 Template System

GoogleUnlimited features powerful Jinja2 template macros that transform raw Google Workspace data into visually stunning, AI-optimized formats.

🎯 Available Template Macros

💡 Template Macro Examples

Gmail Labels Visualization - Transform label lists into beautiful interactive chips:

{{ render_gmail_labels_chips( service://gmail/labels , 'Label summary for: ' + user://current/email ) }}

Calendar Dashboard - Create comprehensive calendar overviews:

{{ render_calendar_dashboard( service://calendar/calendars, service://calendar/events, 'My Calendar Overview' ) }}

Calendar Events Dashboard - Transform calendar events into beautiful, interactive event cards:

{{ render_calendar_events_dashboard( service://calendar/events , 'Upcoming Events for: ' + user://current/email.email ) }}

This macro creates a stunning dark-themed dashboard featuring:

• 📅 Interactive Event Cards: Each event is rendered as a clickable card that opens in Google Calendar

• 🕐 Smart Time Display: Automatically formats all-day events vs. timed events with timezone support

• 📍 Location Integration: Displays meeting locations and virtual meeting links

• 👥 Attendee Information: Shows attendee counts and participant details

• ✅ Status Indicators: Color-coded status (confirmed, tentative, cancelled) with visual feedback

• 📱 Responsive Design: Mobile-optimized layout with touch-friendly interactions

• 🎨 Dark Theme Styling: Professional appearance with gradient backgrounds and hover effects

Professional Documents - Generate reports with metrics and charts:

{{ generate_report_doc(
    report_title='Q4 Performance Report',
    metrics=[{'value': '$1.2M', 'label': 'Revenue', 'change': 15}],
    company_name='Your Company'
) }}

🔍 Macro Discovery & Dynamic Creation

Explore all available macros using the template resource system:

# Access the template://macros resource to discover all available macros
macros = await access_resource("template://macros")
# Returns comprehensive macro information with usage examples

# Access specific macro details
macro_details = await access_resource("template://macros/render_gmail_labels_chips")

🎯 Dynamic Macro Creation

Create custom macros at runtime using the create_template_macro tool:

# Create a new macro dynamically
await create_template_macro(
    macro_name="render_task_status_badge",
    macro_content='''
    {% macro render_task_status_badge(status, size='small') %}
    {% if status == 'completed' %}
    <span class="status-badge status-completed {{ size }}">✅ Complete</span>
    {% elif status == 'in_progress' %}
    <span class="status-badge status-in-progress {{ size }}">🔄 In Progress</span>
    {% else %}
    <span class="status-badge status-pending {{ size }}">⏳ {{ status|title }}</span>
    {% endif %}
    {% endmacro %}
    ''',
    description="Renders visual status badges for task states with appropriate icons",
    usage_example="{{ render_task_status_badge('completed', 'large') }}",
    persist_to_file=True
)

# Immediately use the newly created macro
await send_gmail_message(
    html_body="Task Status: {{ render_task_status_badge('completed', 'large') }}"
)

DSL-powered macros — dynamic macros can also embed Google Chat card DSL notation to generate rich, structured cards. The DSL symbols define the card layout while Jinja2 handles dynamic content:

{# workspace_dashboard.j2 — a dynamic macro that outputs a Google Chat card #}
{% macro workspace_dashboard(user_email, stats=None, quick_actions=None) %}
{% set username = user_email.split('@')[0] if user_email else 'User' %}
{% set default_stats = stats or [
    {'label': 'Emails', 'value': '12 unread'},
    {'label': 'Calendar', 'value': '3 meetings today'},
    {'label': 'Tasks', 'value': '5 pending'}
] %}

§[δ×3, ℊ[ǵ×4], §[δ×2, Ƀ[ᵬ×3]]]

Welcome back, {{ username | title }}!

Your Workspace Overview:
{% for stat in default_stats %}
- {{ stat.label }}: {{ stat.value }}
{% endfor %}

Actions:
- Button: Open Gmail → https://mail.google.com
- Button: Open Calendar → https://calendar.google.com
- Button: Open Drive → https://drive.google.com
{% endmacro %}

The DSL line §[δ×3, ℊ[ǵ×4], §[δ×2, Ƀ[ᵬ×3]]] defines the card structure: a Section with 3 DecoratedText widgets, a Grid with 4 items, and a nested Section with 2 DecoratedText widgets and a ButtonList with 3 buttons. The Jinja2 template fills in the content dynamically — and because it's persisted to templates/dynamic/, it's immediately available to send_dynamic_card and other tools.

Key Features:

• ⚡ Immediate Availability: Macros are instantly available after creation

• 🎯 Resource Integration: Automatically available via template://macros/macro_name

• 💾 Optional Persistence: Save macros to disk for permanent availability

• 🔄 Template Processing: Full Jinja2 syntax validation and error handling

• 💬 DSL Integration: Macros can output card DSL notation for rich Google Chat cards

🚀 Real-World Usage

Templates can be directly used in tool calls for beautiful, structured output:

# Send a beautiful email with calendar dashboard
await send_gmail_message(
    to="manager@company.com",
    subject="Weekly Schedule Update",
    html_body="{{ render_calendar_events_dashboard( service://calendar/events, 'My upcoming events') }}",
    content_type="mixed"
)

# Generate and send a professional report
await create_doc(
    title="Q4 Performance Report",
    content="{{ generate_report_doc( report_title='Quarterly Results', company_name='GoogleUnlimited' ) }}"
)

📚 Template System Resources:

• 🎨 Template Directory - Complete collection of Jinja2 templates and macros

• 💌 Beautiful Email Templates - Rich HTML email styling and themes

• 🏷️ Gmail Label Cards - Interactive label visualization with chips

• 📅 Calendar Dashboard - Event timeline and scheduling views

• 📄 Document Templates - Structured document formatting

🗂️ Resource Discovery

GoogleUnlimited provides a powerful MCP resource system that enables lightning-fast data access without API calls through intelligent URI patterns.

🎯 Resource URI Patterns

🏗️ Key Resource Files

• resources/user_resources.py: Authentication, profiles, session management (1,812 lines)

• resources/service_list_resources.py: Service discovery through TagBasedResourceMiddleware (446 lines)

• middleware/qdrant_core/resources.py: AI-powered search and analytics (319 lines)

⚡ Lightning-Fast Access

# Instant Gmail labels (no API call needed)
labels = await access_resource("service://gmail/labels")

# Current user info from session
user = await access_resource("user://current/email")

# Semantic search across all tool responses
results = await access_resource("qdrant://search/gmail errors today")

# Recent calendar events
events = await access_resource("recent://calendar")

📚 Resource System Documentation:

• 🗂️ User Resources - Authentication, profiles, and session management (1,812 lines)

• 🏷️ Service List Resources - Service discovery through TagBasedResourceMiddleware (446 lines)

• 🧠 Qdrant Core Resources - AI-powered search and analytics (319 lines)

• 📋 Resource Patterns Guide - Complete URI pattern reference and usage examples

🧪 Testing Framework

GoogleUnlimited includes comprehensive testing with client tests that validate MCP usage exactly as an LLM would experience it, plus additional testing suites. 559 tests passing with 100% pass rate.

🎯 Client Testing Focus

The client tests are the most important component - they provide deterministic testing of MCP operations using real resource integration and standardized patterns across all 92+ tools and 9 Google services. These tests validate both explicit email authentication and middleware injection patterns.

🚀 Quick Test Commands

# 🧪 Run all client tests (primary test suite)
uv run pytest tests/client/ -v

# 📧 Test specific service
uv run pytest tests/client/ -k "gmail" -v

# 🔐 Authentication required tests
uv run pytest tests/client/ -m "auth_required" -v

🔬 Real Resource ID Integration

The testing framework fetches real IDs from service resources for realistic testing:

# Available fixtures for real resource testing
real_gmail_message_id      # From service://gmail/messages
real_drive_document_id     # From service://drive/items
real_calendar_event_id     # From service://calendar/events
real_photos_album_id       # From service://photos/albums
real_forms_form_id         # From service://forms/forms
real_chat_space_id         # From service://chat/spaces

🔄 CI/CD Pipeline

Automated testing and publishing via GitHub Actions:

• CI Workflow: Runs on every PR and push to main

  • Python 3.11 & 3.12 matrix testing

  • Linting with ruff check and formatting with ruff format

  • Full test suite execution

• TestPyPI Publishing: Automated package publishing for testing

📚 Testing Resources:

• 📋 Client Testing Framework Guide - Complete client testing documentation and patterns

• 🧪 Client Tests Directory - Real resource integration tests for deterministic MCP validation

• 🤖 MCP Client Integration - Learn more about MCP client patterns and usage

• 🔐 Authentication Patterns - Email vs middleware injection validation testing

🔒 Security & Authentication

GoogleUnlimited implements enterprise-grade security with OAuth 2.1 + PKCE, advanced session management, and comprehensive audit capabilities.

🛡️ Authentication Flows

1. 🌐 MCP Inspector OAuth: MCP Spec compliant with Dynamic Client Registration

2. 🖥️ Direct Server OAuth: Web-based authentication for direct access

3. 🔧 Development JWT: Testing mode with generated tokens

4. 📁 Enhanced File Credentials: Persistent storage with encryption options

5. 🔑 Custom OAuth Clients: Bring your own OAuth credentials with automatic fallback

6. 🪪 Per-User API Keys: Individual keys generated on OAuth completion with credential isolation

✨ Security Features

• 🔐 OAuth 2.1 + PKCE: Modern authentication with proof-of-key exchange (supports public clients)

• 🔑 Per-User API Keys: Unique, revocable keys per user with hash-only storage and timing-safe lookup

• 🛡️ Credential Isolation: Auth provenance-based access control prevents cross-user credential inheritance

• 🔗 Account Linking: Bidirectional account linking for multi-account per-user key access

• 🔒 Crypto-Bound Encryption: HKDF-SHA256 derived encryption keys bound to MCP_API_KEY

• 🔒 Session Isolation: Multi-tenant support preventing data leaks

• 🏷️ 27+ API Scopes: Granular permission management across all services

• 📊 Audit Logging: Complete security event tracking with auth provenance

• 🔐 AES-256 Encryption: Credential storage with legacy key migration support

• 🔄 Three-Tier Fallback: Robust credential persistence across server restarts (State Map → UnifiedSession → Context Storage)

• 🧹 Sensitive Data Stripping: Auth metadata removed from Qdrant embeddings before storage

⚙️ Security Configuration

# 🔒 Security settings in .env
CREDENTIAL_STORAGE_MODE=FILE_ENCRYPTED
SESSION_SECRET_KEY=your-secret-key
SESSION_TIMEOUT_MINUTES=30
ENABLE_AUDIT_LOGGING=true
GMAIL_ALLOW_LIST=trusted@example.com

📚 Security Documentation Resources:

• 🛡️ Unified OAuth Architecture - Complete security architecture and authentication design

• 🔐 OAuth 2.1 + PKCE Implementation - Modern authentication with proof-of-key exchange

• 🏠 Session Management Guide - Multi-tenant support and session isolation

• 🔒 Encryption & Storage - AES-256 credential encryption and machine-specific keys

• 📊 Audit Logging System - Complete security event tracking and monitoring

🚀 Ready to revolutionize your Google Workspace integration?

📚 Documentation • 🔧 Configuration • 🎯 API Reference • 🧪 Testing