gws-mcp
The gws-mcp server provides read and write access to Google Tasks, Calendar, and Drive, running locally via stdio using your own Google Cloud OAuth credentials. All write operations require explicit human approval.
Authentication: Check the current Google auth status (
auth_status).Google Tasks: List task lists, list/get tasks. Create, update, complete, move, and delete tasks (writes approval-gated).
Google Calendar: List calendars, list/search/get events. Create, update, respond to, and delete events (writes approval-gated).
Google Drive: Search files, get metadata, read file content. Create files, update content, move files, and trash files — hard delete is not supported (writes approval-gated).
Write Approval: Enforced via MCP elicitation (primary) or a two-step preview/confirm token fallback. Destructive actions are explicitly gated and logged.
Privacy: Runs locally, not network-hosted; OAuth tokens are stored securely in the OS keyring.
Provides read and write operations for Google Tasks, including listing task lists and tasks, creating, updating, completing, moving, and deleting tasks, with every write requiring explicit human approval.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@gws-mcpAdd a task 'Review PR' to my work list"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
gws-mcp
A small, self-contained MCP server for Google Tasks, Calendar, and Drive — read-write, with one hard rule: every write requires explicit human approval before it executes.
Status: alpha (v0.1.0). The full designed surface — 25 tools across Tasks, Calendar, and Drive — is implemented and tested (46 tests, both approval modes). Not yet battle-hardened against real-world API quirks.
Why another Google MCP?
There is no official Google MCP server for consumer Workspace data, and the community options are broad (10+ services) and mostly unmaintained. This one is deliberately narrow:
Three services only — Tasks, Calendar, Drive. Smaller code, smaller audit surface.
Local stdio server — spawned by your MCP client (Claude Code, Gemini CLI, …). Nothing hosted, nothing listening on a network. The server only ever sees tool calls, never your prompts.
BYO OAuth — you create your own Google Cloud OAuth client and grant scopes to yourself. No shared credentials anywhere.
Tokens in the OS keyring (Secret Service / KDE Wallet / macOS Keychain) — never plaintext on disk.
Related MCP server: google-workspace-mcp-server
The write-approval invariant
Read tools (list_*, get_*, search_*, read_*) run freely. Mutating
tools (create_*, update_*, complete_*, move_*, trash_*, delete_*)
cannot execute without a human saying yes, enforced in layers:
MCP elicitation (primary): before executing, the server sends a human-readable preview through the client UI — the confirmation goes directly to the human, so the model cannot approve its own writes.
Two-step fallback (clients without elicitation): the first call returns a preview + one-time confirm token and mutates nothing; only a second call with the token executes. All executed writes are logged to stderr.
Tool annotations (
readOnlyHint/destructiveHint) + the strict naming convention, so client permission systems can auto-allow reads and always-prompt writes.
Destructive operations are softened where the API allows it: Drive "delete" is trash, never a hard delete.
Planned tool surface (~22 tools)
Service | Read | Write (approval-gated) |
Tasks |
|
|
Calendar |
|
|
Drive |
|
|
OAuth scopes: tasks, calendar.events (events only — no ACL/settings
access), drive.
Stack
Python 3.12+ · uv · official
mcp SDK (FastMCP,
stdio) · google-api-python-client + google-auth-oauthlib · keyring ·
pytest + ruff.
Quick start
Bring your own OAuth client (one-time, ~30 min): in the Google Cloud console create a project, enable the Tasks, Calendar, and Drive APIs, create an OAuth 2.0 Desktop app client, and download its JSON to
~/.config/gws-mcp/credentials.json(chmod 600). No credentials ever ship with, or are stored by, this project — the OAuth grant lives in your OS keyring.Authenticate (interactive, opens a browser):
git clone https://github.com/purplespacecat/gws-mcp && cd gws-mcp uv sync uv run gws-mcp auth # then: uv run gws-mcp auth --statusWire it into your MCP client (stdio):
# Claude Code claude mcp add google-workspace -- uv --directory /path/to/gws-mcp run gws-mcp # Gemini CLI gemini mcp add google-workspace uv -- --directory /path/to/gws-mcp run gws-mcpIn clients that support MCP elicitation, write approvals appear as UI prompts; in clients that don't, writes return a preview + one-time confirm token and nothing mutates until
confirm_writeis called.
Contributing
Issues and PRs are welcome — see CONTRIBUTING.md. All contributions are reviewed before merge; PRs that touch auth, scopes, or the write-approval layer get extra scrutiny.
License
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/purplespacecat/gws-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server