@piotr-agier/google-drive-mcp 1.6.0 → 1.7.0

package/README.md

@@ -390,6 +390,25 @@ Add the server to your Claude Desktop configuration:
   - `role`: Role (`reader`, `commenter`, `writer`)
   - `sendNotificationEmail`: Send notification email (optional)
 
+#### File Revisions (v1.7.0)
+- **getRevisions** - List revisions for a file
+  - `fileId`: File ID
+  - `pageSize`: Max revisions to return (optional)
+
+- **restoreRevision** - Restore a file from a selected revision (safety-confirmed)
+  - `fileId`: File ID
+  - `revisionId`: Revision ID to restore
+  - `confirm`: Must be `true` to execute restore
+
+#### Auth Diagnostics & Scope Presets (v1.7.0)
+- **authGetStatus** - Show token/scopes/auth health diagnostics (machine + human readable)
+- **authListScopes** - Show configured/requested scopes, granted scopes, missing scopes, and presets
+- **authTestFileAccess** - Test Drive access (optionally against a specific `fileId`)
+- **authClearTokens** - Clear saved OAuth tokens (`confirm=true` required)
+- **authSuggestScopePreset** - Get scope configuration instructions for a preset
+  - `preset`: `readonly` | `content-editor` | `full`
+  - `clearTokens`: optional best-effort token clear
+
 - **uploadFile** - Upload a local file (any type: image, audio, video, PDF, etc.) to Google Drive
   - `localPath`: Absolute path to the local file
   - `name`: File name in Drive (optional, defaults to local filename)

package/dist/index.js

@@ -351,16 +351,8 @@ var TokenManager = class {
 
 // src/auth/server.ts
 import open from "open";
-var DEFAULT_SCOPES = [
-  "https://www.googleapis.com/auth/drive",
-  "https://www.googleapis.com/auth/drive.file",
-  "https://www.googleapis.com/auth/drive.readonly",
-  "https://www.googleapis.com/auth/documents",
-  "https://www.googleapis.com/auth/spreadsheets",
-  "https://www.googleapis.com/auth/presentations",
-  "https://www.googleapis.com/auth/calendar",
-  "https://www.googleapis.com/auth/calendar.events"
-];
+
+// src/auth/scopes.ts
 var SCOPE_ALIASES = {
   drive: "https://www.googleapis.com/auth/drive",
   "drive.file": "https://www.googleapis.com/auth/drive.file",
@@ -371,6 +363,21 @@ var SCOPE_ALIASES = {
   calendar: "https://www.googleapis.com/auth/calendar",
   "calendar.events": "https://www.googleapis.com/auth/calendar.events"
 };
+var SCOPE_PRESETS = {
+  readonly: ["drive.readonly"],
+  "content-editor": ["drive.file", "documents", "spreadsheets", "presentations"],
+  full: ["drive", "documents", "spreadsheets", "presentations", "calendar", "calendar.events"]
+};
+var DEFAULT_SCOPES = [
+  "drive",
+  "drive.file",
+  "drive.readonly",
+  "documents",
+  "spreadsheets",
+  "presentations",
+  "calendar",
+  "calendar.events"
+].map((s) => SCOPE_ALIASES[s]);
 function resolveOAuthScopes() {
   const raw = process.env.GOOGLE_DRIVE_MCP_SCOPES?.trim();
   if (!raw) return [...DEFAULT_SCOPES];
@@ -385,6 +392,8 @@ function resolveOAuthScopes() {
   if (scopes.length === 0) return [...DEFAULT_SCOPES];
   return [...new Set(scopes)];
 }
+
+// src/auth/server.ts
 var SCOPES = resolveOAuthScopes();
 var AuthServer = class {
   // Flag for standalone script
@@ -690,7 +699,7 @@ __export(drive_exports, {
 });
 import { z } from "zod";
 import { existsSync as existsSync2, statSync as statSync2, createReadStream } from "fs";
-import { mkdtemp, readFile as readFile3, writeFile as writeFile2, rm } from "fs/promises";
+import { mkdtemp, readFile as readFile3, writeFile as writeFile2, rm, unlink as unlink2 } from "fs/promises";
 import { tmpdir } from "os";
 import { basename as basename2, extname as extname2, join as join3 } from "path";
 import { PDFDocument } from "pdf-lib";
@@ -1028,6 +1037,31 @@ async function splitPdfIntoChunkFiles(localPath, maxPagesPerChunk) {
   }
   return { tempDir, files };
 }
+var GetRevisionsSchema = z.object({
+  fileId: z.string().min(1, "File ID is required"),
+  pageSize: z.number().int().min(1).max(200).optional().default(50),
+  pageToken: z.string().optional()
+});
+var RestoreRevisionSchema = z.object({
+  fileId: z.string().min(1, "File ID is required"),
+  revisionId: z.string().min(1, "Revision ID is required"),
+  confirm: z.boolean().optional().default(false)
+});
+var AuthTestFileAccessSchema = z.object({
+  fileId: z.string().optional()
+});
+var AuthClearTokensSchema = z.object({
+  confirm: z.boolean().optional().default(false)
+});
+var AuthSetScopePresetSchema = z.object({
+  preset: z.enum(["readonly", "content-editor", "full"]),
+  clearTokens: z.boolean().optional().default(false)
+});
+function getGrantedScopesFromAuthClient(ctx) {
+  const scopeRaw = ctx.authClient?.credentials?.scope;
+  if (!scopeRaw || typeof scopeRaw !== "string") return [];
+  return [...new Set(scopeRaw.split(" ").map((s) => s.trim()).filter(Boolean))];
+}
 var toolDefinitions = [
   {
     name: "search",
@@ -1291,6 +1325,74 @@ var toolDefinitions = [
       },
       required: ["localPath"]
     }
+  },
+  {
+    name: "getRevisions",
+    description: "List revisions for a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        fileId: { type: "string", description: "Google Drive file ID" },
+        pageSize: { type: "number", description: "Max revisions to return (default 50, max 200)" },
+        pageToken: { type: "string", description: "Page token for pagination" }
+      },
+      required: ["fileId"]
+    }
+  },
+  {
+    name: "restoreRevision",
+    description: "Restore a file to a selected revision (creates a new head revision). Note: workspace files (Docs, Sheets, Slides) are restored via export/import and may lose some formatting.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        fileId: { type: "string", description: "Google Drive file ID" },
+        revisionId: { type: "string", description: "Revision ID to restore" },
+        confirm: { type: "boolean", description: "Safety flag. Must be true to execute restore." }
+      },
+      required: ["fileId", "revisionId"]
+    }
+  },
+  {
+    name: "authGetStatus",
+    description: "Show authentication/token status and scope diagnostics",
+    inputSchema: { type: "object", properties: {} }
+  },
+  {
+    name: "authListScopes",
+    description: "List configured/requested scopes and currently granted scopes",
+    inputSchema: { type: "object", properties: {} }
+  },
+  {
+    name: "authTestFileAccess",
+    description: "Run auth diagnostics against Drive API/file access",
+    inputSchema: {
+      type: "object",
+      properties: {
+        fileId: { type: "string", description: "Optional file ID for targeted access check" }
+      }
+    }
+  },
+  {
+    name: "authClearTokens",
+    description: "Clear saved OAuth tokens (requires confirm=true)",
+    inputSchema: {
+      type: "object",
+      properties: {
+        confirm: { type: "boolean", description: "Must be true to clear tokens" }
+      }
+    }
+  },
+  {
+    name: "authSuggestScopePreset",
+    description: "Get scope configuration instructions for a preset",
+    inputSchema: {
+      type: "object",
+      properties: {
+        preset: { type: "string", enum: ["readonly", "content-editor", "full"], description: "Scope preset" },
+        clearTokens: { type: "boolean", description: "Also clear saved tokens now" }
+      },
+      required: ["preset"]
+    }
   }
 ];
 async function handleTool(toolName, args, ctx) {
@@ -1308,6 +1410,7 @@ async function handleTool(toolName, args, ctx) {
         pageSize: Math.min(pageSize || 50, 100),
         pageToken,
         fields: "nextPageToken, files(id, name, mimeType, modifiedTime, size)",
+        corpora: "allDrives",
         includeItemsFromAllDrives: true,
         supportsAllDrives: true
       });
@@ -1916,6 +2019,249 @@ ${lines.join("\n")}`
         }
       }
     }
+    case "getRevisions": {
+      const validation = GetRevisionsSchema.safeParse(args);
+      if (!validation.success) return errorResponse(validation.error.errors[0].message);
+      const data = validation.data;
+      const response = await ctx.getDrive().revisions.list({
+        fileId: data.fileId,
+        pageSize: data.pageSize,
+        pageToken: data.pageToken,
+        fields: "nextPageToken,revisions(id,modifiedTime,lastModifyingUser(displayName,emailAddress),keepForever,size,originalFilename)"
+      });
+      const revisions = response.data.revisions || [];
+      if (revisions.length === 0) {
+        return { content: [{ type: "text", text: `No revisions found for file ${data.fileId}.` }], isError: false };
+      }
+      const lines = revisions.map((r) => {
+        const who = r.lastModifyingUser?.displayName || r.lastModifyingUser?.emailAddress || "unknown";
+        return `- ${r.id}: ${r.modifiedTime || "unknown-time"} by ${who}${r.keepForever ? " [kept]" : ""}`;
+      });
+      let text = `Revisions for file ${data.fileId}:
+${lines.join("\n")}`;
+      if (response.data.nextPageToken) {
+        text += `
+
+More revisions available. Use pageToken="${response.data.nextPageToken}" to fetch the next page.`;
+      }
+      return {
+        content: [{ type: "text", text }],
+        isError: false
+      };
+    }
+    case "restoreRevision": {
+      const validation = RestoreRevisionSchema.safeParse(args);
+      if (!validation.success) return errorResponse(validation.error.errors[0].message);
+      const data = validation.data;
+      if (!data.confirm) {
+        return errorResponse("Refusing restore: set confirm=true to restore a revision.");
+      }
+      try {
+        const current = await ctx.getDrive().files.get({
+          fileId: data.fileId,
+          fields: "name,mimeType",
+          supportsAllDrives: true
+        });
+        const fileMimeType = current.data.mimeType || "";
+        const isWorkspaceFile = fileMimeType.startsWith("application/vnd.google-apps.");
+        let revisionBody;
+        let uploadMimeType;
+        if (isWorkspaceFile) {
+          const revision = await ctx.getDrive().revisions.get({
+            fileId: data.fileId,
+            revisionId: data.revisionId,
+            fields: "id,exportLinks"
+          });
+          const exportLinks = revision.data.exportLinks || {};
+          const formatMap = GOOGLE_WORKSPACE_EXPORT_FORMATS[fileMimeType];
+          const editableMimes = formatMap ? Object.entries(formatMap).filter(([ext]) => ext !== "pdf").map(([, mime]) => mime) : [];
+          const selectedMime = editableMimes.find((m) => exportLinks[m]) || Object.keys(exportLinks).find((m) => m !== "application/pdf") || Object.keys(exportLinks)[0];
+          if (!selectedMime || !exportLinks[selectedMime]) {
+            return errorResponse("Selected revision has no usable export links for restore.");
+          }
+          uploadMimeType = selectedMime;
+          const exportResponse = await ctx.authClient.request({ url: exportLinks[selectedMime], responseType: "stream" });
+          revisionBody = exportResponse.data;
+        } else {
+          const revision = await ctx.getDrive().revisions.get(
+            { fileId: data.fileId, revisionId: data.revisionId, alt: "media" },
+            { responseType: "stream" }
+          );
+          revisionBody = revision.data;
+          uploadMimeType = fileMimeType || "application/octet-stream";
+        }
+        await ctx.getDrive().files.update({
+          fileId: data.fileId,
+          media: {
+            mimeType: uploadMimeType,
+            body: revisionBody
+          },
+          supportsAllDrives: true
+        });
+        const restoreMsg = `Restored file ${data.fileId} (${current.data.name || "unnamed"}) from revision ${data.revisionId}.`;
+        const workspaceWarning = isWorkspaceFile ? "\n\nWarning: This workspace file was restored via export/import. Some formatting or features (e.g. comments, suggestions, version history metadata) may have been lost." : "";
+        return {
+          content: [{
+            type: "text",
+            text: restoreMsg + workspaceWarning
+          }],
+          isError: false
+        };
+      } catch (err) {
+        return errorResponse(`Failed to restore revision: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
+    case "authGetStatus": {
+      const tokenPath = getSecureTokenPath();
+      const tokenFileExists = existsSync2(tokenPath);
+      let requestedScopes;
+      try {
+        requestedScopes = resolveOAuthScopes();
+      } catch (e) {
+        return errorResponse(`Invalid scope configuration: ${e instanceof Error ? e.message : String(e)}`);
+      }
+      const grantedScopes = getGrantedScopesFromAuthClient(ctx);
+      const missingScopes = requestedScopes.filter((s) => !grantedScopes.includes(s));
+      const expiryDate = ctx.authClient?.credentials?.expiry_date;
+      const expiresInSec = expiryDate ? Math.floor((expiryDate - Date.now()) / 1e3) : null;
+      const payload = {
+        tokenFilePath: tokenPath,
+        tokenFileExists,
+        hasAccessToken: !!ctx.authClient?.credentials?.access_token,
+        hasRefreshToken: !!ctx.authClient?.credentials?.refresh_token,
+        expiryDate: expiryDate || null,
+        expiresInSec,
+        requestedScopes,
+        grantedScopes,
+        missingScopes
+      };
+      const status = !tokenFileExists || !payload.hasRefreshToken ? "needs_reauth" : missingScopes.length > 0 ? "scope_mismatch" : "ok";
+      let text = `Auth status (${status}):
+${JSON.stringify(payload, null, 2)}
+
+Summary: token file ${tokenFileExists ? "found" : "missing"}, missing scopes=${missingScopes.length}.`;
+      if (grantedScopes.length === 0 && payload.hasAccessToken) {
+        text += "\nNote: granted scopes may appear empty when the token was loaded from disk. This does not necessarily indicate missing permissions.";
+      }
+      return {
+        content: [{ type: "text", text }],
+        isError: false
+      };
+    }
+    case "authListScopes": {
+      let requestedScopes;
+      try {
+        requestedScopes = resolveOAuthScopes();
+      } catch (e) {
+        return errorResponse(`Invalid scope configuration: ${e instanceof Error ? e.message : String(e)}`);
+      }
+      const grantedScopes = getGrantedScopesFromAuthClient(ctx);
+      const missingScopes = requestedScopes.filter((s) => !grantedScopes.includes(s));
+      const presetsResolved = Object.fromEntries(
+        Object.entries(SCOPE_PRESETS).map(([k, v]) => [k, v.map((s) => SCOPE_ALIASES[s])])
+      );
+      let text = `Scopes:
+${JSON.stringify({ requestedScopes, grantedScopes, missingScopes, presets: presetsResolved }, null, 2)}`;
+      if (grantedScopes.length === 0 && !!ctx.authClient?.credentials?.access_token) {
+        text += "\nNote: granted scopes may appear empty when the token was loaded from disk. This does not necessarily indicate missing permissions.";
+      }
+      return {
+        content: [{ type: "text", text }],
+        isError: false
+      };
+    }
+    case "authTestFileAccess": {
+      const validation = AuthTestFileAccessSchema.safeParse(args);
+      if (!validation.success) return errorResponse(validation.error.errors[0].message);
+      const data = validation.data;
+      try {
+        let check;
+        if (data.fileId) {
+          const file = await ctx.getDrive().files.get({
+            fileId: data.fileId,
+            fields: "id,name,mimeType,permissions",
+            supportsAllDrives: true
+          });
+          check = { mode: "file", fileId: file.data.id, name: file.data.name, mimeType: file.data.mimeType };
+        } else {
+          const list = await ctx.getDrive().files.list({
+            pageSize: 1,
+            fields: "files(id,name,mimeType)",
+            includeItemsFromAllDrives: true,
+            supportsAllDrives: true
+          });
+          check = { mode: "list", visibleCount: list.data.files?.length || 0, sample: list.data.files?.[0] || null };
+        }
+        return {
+          content: [{ type: "text", text: `Auth access check OK:
+${JSON.stringify(check, null, 2)}` }],
+          isError: false
+        };
+      } catch (e) {
+        const message = e instanceof Error ? e.message : String(e);
+        return {
+          content: [{ type: "text", text: `Auth access check failed:
+${JSON.stringify({ message }, null, 2)}` }],
+          isError: true
+        };
+      }
+    }
+    case "authClearTokens": {
+      const validation = AuthClearTokensSchema.safeParse(args);
+      if (!validation.success) return errorResponse(validation.error.errors[0].message);
+      const data = validation.data;
+      if (!data.confirm) return errorResponse("Refusing token clear: set confirm=true.");
+      const tokenPath = getSecureTokenPath();
+      const existed = existsSync2(tokenPath);
+      if (existed) {
+        try {
+          await unlink2(tokenPath);
+        } catch (e) {
+          const msg = e instanceof Error ? e.message : String(e);
+          return errorResponse(`Failed to remove token file at ${tokenPath}: ${msg}`);
+        }
+      }
+      return {
+        content: [{ type: "text", text: `Tokens cleared. File previously ${existed ? "existed" : "did not exist"} at ${tokenPath}. Re-run auth flow before next privileged operation.` }],
+        isError: false
+      };
+    }
+    case "authSuggestScopePreset": {
+      const validation = AuthSetScopePresetSchema.safeParse(args);
+      if (!validation.success) return errorResponse(validation.error.errors[0].message);
+      const data = validation.data;
+      const aliases = SCOPE_PRESETS[data.preset];
+      const resolved = aliases.map((a) => SCOPE_ALIASES[a]);
+      const envValue = aliases.join(",");
+      let clearMessage = "";
+      if (data.clearTokens) {
+        const tokenPath = getSecureTokenPath();
+        try {
+          await unlink2(tokenPath);
+          clearMessage = `
+Tokens cleared at ${tokenPath}.`;
+        } catch (_e) {
+          clearMessage = `
+Tokens clear requested, but no token file removed.`;
+        }
+      }
+      return {
+        content: [{
+          type: "text",
+          text: `Scope preset selected: ${data.preset}
+Requested scopes: ${JSON.stringify(resolved, null, 2)}
+
+Next steps:
+1) Export scope env:
+   GOOGLE_DRIVE_MCP_SCOPES=${envValue}
+2) Restart MCP server
+3) Run auth flow to refresh consent (if prompted)
+
+This tool does not mutate process env automatically.${clearMessage}`
+        }],
+        isError: false
+      };
+    }
     default:
       return null;
   }