google-workspace-mcp 2.0.0

package/dist/auth.js

@@ -0,0 +1,206 @@
+// src/auth.ts
+import { google } from 'googleapis';
+import { JWT } from 'google-auth-library'; // ADDED: Import for Service Account client
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as readline from 'readline/promises';
+import * as http from 'http';
+import { fileURLToPath } from 'url';
+// --- Calculate paths relative to this script file (ESM way) ---
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const projectRootDir = path.resolve(__dirname, '..');
+const TOKEN_PATH = path.join(projectRootDir, 'token.json');
+const CREDENTIALS_PATH = path.join(projectRootDir, 'credentials.json');
+// --- End of path calculation ---
+const SCOPES = [
+    'https://www.googleapis.com/auth/documents',
+    'https://www.googleapis.com/auth/drive', // Full Drive access for listing, searching, and document discovery
+    'https://www.googleapis.com/auth/spreadsheets', // Google Sheets API access
+];
+// --- NEW FUNCTION: Handles Service Account Authentication ---
+// This entire function is new. It is called only when the
+// SERVICE_ACCOUNT_PATH environment variable is set.
+// Supports domain-wide delegation via GOOGLE_IMPERSONATE_USER env var.
+async function authorizeWithServiceAccount() {
+    const serviceAccountPath = process.env.SERVICE_ACCOUNT_PATH;
+    if (!serviceAccountPath) {
+        throw new Error('SERVICE_ACCOUNT_PATH environment variable is required');
+    }
+    const impersonateUser = process.env.GOOGLE_IMPERSONATE_USER; // Optional: email of user to impersonate
+    try {
+        // eslint-disable-next-line security/detect-non-literal-fs-filename -- serviceAccountPath from environment variable, admin-controlled
+        const keyFileContent = await fs.readFile(serviceAccountPath, 'utf8');
+        const serviceAccountKey = JSON.parse(keyFileContent);
+        const auth = new JWT({
+            email: serviceAccountKey.client_email,
+            key: serviceAccountKey.private_key,
+            scopes: SCOPES,
+            subject: impersonateUser, // Enables domain-wide delegation when set
+        });
+        await auth.authorize();
+        if (impersonateUser) {
+            console.error(`Service Account authentication successful, impersonating: ${impersonateUser}`);
+        }
+        else {
+            console.error('Service Account authentication successful!');
+        }
+        return auth;
+    }
+    catch (error) {
+        const isNodeError = (e) => e instanceof Error && 'code' in e;
+        if (isNodeError(error) && error.code === 'ENOENT') {
+            console.error(`FATAL: Service account key file not found at path: ${serviceAccountPath}`);
+            throw new Error('Service account key file not found. Please check the path in SERVICE_ACCOUNT_PATH.');
+        }
+        const message = error instanceof Error ? error.message : String(error);
+        console.error('FATAL: Error loading or authorizing the service account key:', message);
+        throw new Error('Failed to authorize using the service account. Ensure the key file is valid and the path is correct.');
+    }
+}
+// --- END OF NEW FUNCTION---
+async function loadSavedCredentialsIfExist() {
+    try {
+        const content = await fs.readFile(TOKEN_PATH);
+        const credentials = JSON.parse(content.toString());
+        const { client_secret, client_id, redirect_uris } = await loadClientSecrets();
+        const client = new google.auth.OAuth2(client_id, client_secret, redirect_uris[0]);
+        client.setCredentials(credentials);
+        return client;
+    }
+    catch {
+        return null;
+    }
+}
+async function loadClientSecrets() {
+    const content = await fs.readFile(CREDENTIALS_PATH);
+    const keys = JSON.parse(content.toString());
+    const key = keys.installed ?? keys.web;
+    if (!key)
+        throw new Error('Could not find client secrets in credentials.json.');
+    return {
+        client_id: key.client_id,
+        client_secret: key.client_secret,
+        redirect_uris: key.redirect_uris ?? ['http://localhost:3000/'], // Default for web clients
+        client_type: keys.web ? 'web' : 'installed',
+    };
+}
+async function saveCredentials(client) {
+    const { client_secret, client_id } = await loadClientSecrets();
+    const payload = JSON.stringify({
+        type: 'authorized_user',
+        client_id: client_id,
+        client_secret: client_secret,
+        refresh_token: client.credentials.refresh_token,
+    });
+    await fs.writeFile(TOKEN_PATH, payload);
+    console.error('Token stored to', TOKEN_PATH);
+}
+async function authenticate() {
+    const { client_secret, client_id, redirect_uris, client_type } = await loadClientSecrets();
+    // Use localhost redirect for desktop apps (OOB flow is deprecated)
+    const redirectUri = client_type === 'web' ? redirect_uris[0] : 'http://localhost:3000';
+    console.error(`DEBUG: Using redirect URI: ${redirectUri}`);
+    console.error(`DEBUG: Client type: ${client_type}`);
+    const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirectUri);
+    const authorizeUrl = oAuth2Client.generateAuthUrl({
+        access_type: 'offline',
+        scope: SCOPES.join(' '),
+    });
+    console.error('DEBUG: Generated auth URL:', authorizeUrl);
+    console.error('Authorize this app by visiting this url:', authorizeUrl);
+    // For desktop apps, start a local server to receive the OAuth callback
+    if (client_type === 'installed') {
+        return new Promise((resolve, reject) => {
+            const server = http.createServer((req, res) => {
+                void (async () => {
+                    try {
+                        const url = new URL(req.url || '', 'http://localhost:3000');
+                        const code = url.searchParams.get('code');
+                        if (code) {
+                            res.writeHead(200, { 'Content-Type': 'text/html' });
+                            res.end('<html><body><h1>Authentication successful!</h1><p>You can close this window.</p></body></html>');
+                            server.close();
+                            const { tokens } = await oAuth2Client.getToken(code);
+                            oAuth2Client.setCredentials(tokens);
+                            if (tokens.refresh_token) {
+                                await saveCredentials(oAuth2Client);
+                            }
+                            else {
+                                console.error('Did not receive refresh token. Token might expire.');
+                            }
+                            console.error('Authentication successful!');
+                            resolve(oAuth2Client);
+                        }
+                        else {
+                            res.writeHead(400, { 'Content-Type': 'text/html' });
+                            res.end('<html><body><h1>Error: No code received</h1></body></html>');
+                        }
+                    }
+                    catch (err) {
+                        console.error('Error retrieving access token', err);
+                        res.writeHead(500, { 'Content-Type': 'text/html' });
+                        res.end('<html><body><h1>Authentication failed</h1></body></html>');
+                        server.close();
+                        reject(new Error('Authentication failed'));
+                    }
+                })();
+            });
+            server.listen(3000, () => {
+                console.error('Local server started on http://localhost:3000');
+                console.error('Waiting for OAuth callback...');
+            });
+            server.on('error', (err) => {
+                console.error('Server error:', err);
+                reject(err);
+            });
+        });
+    }
+    else {
+        // For web clients, use readline to get the code manually
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        const code = await rl.question('Enter the code from that page here: ');
+        rl.close();
+        try {
+            const { tokens } = await oAuth2Client.getToken(code);
+            oAuth2Client.setCredentials(tokens);
+            if (tokens.refresh_token) {
+                await saveCredentials(oAuth2Client);
+            }
+            else {
+                console.error('Did not receive refresh token. Token might expire.');
+            }
+            console.error('Authentication successful!');
+            return oAuth2Client;
+        }
+        catch (err) {
+            console.error('Error retrieving access token', err);
+            throw new Error('Authentication failed');
+        }
+    }
+}
+// --- MODIFIED: The Main Exported Function ---
+// This function now acts as a router. It checks for the environment
+// variable and decides which authentication method to use.
+export async function authorize() {
+    // Check if the Service Account environment variable is set.
+    if (process.env.SERVICE_ACCOUNT_PATH) {
+        console.error('Service account path detected. Attempting service account authentication...');
+        return authorizeWithServiceAccount();
+    }
+    else {
+        // If not, execute the original OAuth 2.0 flow exactly as it was.
+        console.error('No service account path detected. Falling back to standard OAuth 2.0 flow...');
+        let client = await loadSavedCredentialsIfExist();
+        if (client) {
+            // Optional: Add token refresh logic here if needed, though library often handles it.
+            console.error('Using saved credentials.');
+            return client;
+        }
+        console.error('Starting authentication flow...');
+        client = await authenticate();
+        return client;
+    }
+}
+// --- END OF MODIFIED: The Main Exported Function ---
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEpC,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC,CAAC,2CAA2C;AACtF,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,QAAQ,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AAGpC,iEAAiE;AACjE,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AAErD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;AAC3D,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;AACvE,kCAAkC;AAElC,MAAM,MAAM,GAAG;IACb,2CAA2C;IAC3C,uCAAuC,EAAE,mEAAmE;IAC5G,8CAA8C,EAAE,2BAA2B;CAC5E,CAAC;AAEF,+DAA+D;AAC/D,0DAA0D;AAC1D,oDAAoD;AACpD,uEAAuE;AACvE,KAAK,UAAU,2BAA2B;IACxC,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAC5D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,yCAAyC;IACtG,IAAI,CAAC;QACH,qIAAqI;QACrI,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;QACrE,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAsB,CAAC;QAE1E,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC;YACnB,KAAK,EAAE,iBAAiB,CAAC,YAAY;YACrC,GAAG,EAAE,iBAAiB,CAAC,WAAW;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,eAAe,EAAE,0CAA0C;SACrE,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,6DAA6D,eAAe,EAAE,CAAC,CAAC;QAChG,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,WAAW,GAAG,CAAC,CAAU,EAA8B,EAAE,CAC7D,CAAC,YAAY,KAAK,IAAI,MAAM,IAAI,CAAC,CAAC;QACpC,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClD,OAAO,CAAC,KAAK,CAAC,sDAAsD,kBAAkB,EAAE,CAAC,CAAC;YAC1F,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO,CAAC,KAAK,CAAC,8DAA8D,EAAE,OAAO,CAAC,CAAC;QACvF,MAAM,IAAI,KAAK,CACb,sGAAsG,CACvG,CAAC;IACJ,CAAC;AACH,CAAC;AACD,6BAA6B;AAE7B,KAAK,UAAU,2BAA2B;IACxC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAgB,CAAC;QAClE,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QAClF,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AASD,KAAK,UAAU,iBAAiB;IAC9B,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAyB,CAAC;IACpE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC;IACvC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAChF,OAAO;QACL,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,aAAa,EAAE,GAAG,CAAC,aAAa;QAChC,aAAa,EAAE,GAAG,CAAC,aAAa,IAAI,CAAC,wBAAwB,CAAC,EAAE,0BAA0B;QAC1F,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;KAC5C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,MAAoB;IACjD,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7B,IAAI,EAAE,iBAAiB;QACvB,SAAS,EAAE,SAAS;QACpB,aAAa,EAAE,aAAa;QAC5B,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,aAAa;KAChD,CAAC,CAAC;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AAC/C,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAC3F,mEAAmE;IACnE,MAAM,WAAW,GAAG,WAAW,KAAK,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC;IACvF,OAAO,CAAC,KAAK,CAAC,8BAA8B,WAAW,EAAE,CAAC,CAAC;IAC3D,OAAO,CAAC,KAAK,CAAC,uBAAuB,WAAW,EAAE,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;IAEnF,MAAM,YAAY,GAAG,YAAY,CAAC,eAAe,CAAC;QAChD,WAAW,EAAE,SAAS;QACtB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KACxB,CAAC,CAAC;IAEH,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,YAAY,CAAC,CAAC;IAC1D,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,YAAY,CAAC,CAAC;IAExE,uEAAuE;IACvE,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;QAChC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC5C,KAAK,CAAC,KAAK,IAAI,EAAE;oBACf,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,uBAAuB,CAAC,CAAC;wBAC5D,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBAE1C,IAAI,IAAI,EAAE,CAAC;4BACT,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CACL,gGAAgG,CACjG,CAAC;4BAEF,MAAM,CAAC,KAAK,EAAE,CAAC;4BAEf,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;4BACrD,YAAY,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;4BACpC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gCACzB,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC;4BACtC,CAAC;iCAAM,CAAC;gCACN,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;4BACtE,CAAC;4BACD,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;4BAC5C,OAAO,CAAC,YAAY,CAAC,CAAC;wBACxB,CAAC;6BAAM,CAAC;4BACN,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;wBACxE,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;wBACpD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;wBACpE,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;oBAC7C,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACvB,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;gBAC/D,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;gBACpC,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,yDAAyD;QACzD,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtF,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC,CAAC;QACvE,EAAE,CAAC,KAAK,EAAE,CAAC;QAEX,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrD,YAAY,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACtE,CAAC;YACD,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC5C,OAAO,YAAY,CAAC;QACtB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;AACH,CAAC;AAED,+CAA+C;AAC/C,oEAAoE;AACpE,2DAA2D;AAC3D,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,4DAA4D;IAC5D,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACrC,OAAO,CAAC,KAAK,CAAC,6EAA6E,CAAC,CAAC;QAC7F,OAAO,2BAA2B,EAAE,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,iEAAiE;QACjE,OAAO,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAC;QAC9F,IAAI,MAAM,GAAG,MAAM,2BAA2B,EAAE,CAAC;QACjD,IAAI,MAAM,EAAE,CAAC;YACX,qFAAqF;YACrF,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAC1C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACjD,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;AACH,CAAC;AACD,sDAAsD"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,426 @@
+#!/usr/bin/env node
+// src/cli.ts - CLI entrypoint for Google Workspace MCP Server
+import { Command } from 'commander';
+import * as fs from 'fs/promises';
+import { exec } from 'child_process';
+import { initializeAccounts, listAccounts, completeAddAccount, removeAccount, getConfigDir, getCredentialsPath, getAccountClients, } from './accounts.js';
+/** Type guard for errors with a message property */
+function isErrorWithMessage(error) {
+    return (typeof error === 'object' &&
+        error !== null &&
+        'message' in error &&
+        typeof error.message === 'string');
+}
+/** Type guard for Google API errors with a code property */
+function isGoogleApiError(error) {
+    return (isErrorWithMessage(error) &&
+        'code' in error &&
+        typeof error.code === 'number');
+}
+/** Get error message from unknown error */
+function getErrorMessage(error) {
+    if (isErrorWithMessage(error)) {
+        return error.message;
+    }
+    return String(error);
+}
+// Helper to open URL in browser (cross-platform)
+function openBrowser(url) {
+    const platform = process.platform;
+    let command;
+    if (platform === 'darwin') {
+        command = `open "${url}"`;
+    }
+    else if (platform === 'win32') {
+        command = `start "" "${url}"`;
+    }
+    else {
+        command = `xdg-open "${url}"`;
+    }
+    // eslint-disable-next-line security/detect-child-process -- command is constructed from known safe platform-specific openers with URL-encoded input
+    exec(command, (error) => {
+        if (error) {
+            console.error('Could not open browser automatically. Please open the URL manually.');
+        }
+    });
+}
+const program = new Command();
+// Version from package.json
+const packageJsonPath = new URL('../package.json', import.meta.url);
+// eslint-disable-next-line security/detect-non-literal-fs-filename -- packageJsonPath is a known safe path relative to this file
+const packageJson = JSON.parse(await fs.readFile(packageJsonPath, 'utf8'));
+program
+    .name('google-workspace-mcp')
+    .description('Google Workspace MCP Server - Manage Google Docs, Sheets, Drive, Gmail, Calendar, Slides, and Forms')
+    .version(packageJson.version);
+// === MCP Server Command ===
+program
+    .command('serve')
+    .alias('mcp')
+    .description('Start the MCP server (for use with Claude Desktop, VS Code, etc.)')
+    .option('--read-only', 'Run in read-only mode (block all write operations)')
+    .action(async (options) => {
+    // Set env var for server.ts to pick up
+    if (options.readOnly) {
+        process.env.GOOGLE_MCP_READ_ONLY = 'true';
+    }
+    // Dynamically import and start the server
+    await import('./server.js');
+});
+// === Setup Command ===
+program
+    .command('setup')
+    .description('Interactive setup wizard for configuring the MCP server')
+    .action(async () => {
+    console.log('\n🚀 Google Workspace MCP Server Setup\n');
+    console.log('This wizard will help you set up the MCP server.\n');
+    const configDir = getConfigDir();
+    const credPath = getCredentialsPath();
+    console.log('📁 Configuration directory:', configDir);
+    console.log('🔑 Credentials file path:', credPath);
+    console.log('');
+    // Check if credentials exist
+    try {
+        await fs.access(credPath);
+        console.log('✅ Credentials file found at', credPath);
+    }
+    catch {
+        console.log('❌ Credentials file NOT found at', credPath);
+        console.log('');
+        console.log('To set up credentials:');
+        console.log('1. Go to https://console.cloud.google.com/');
+        console.log('2. Create a new project (or select an existing one)');
+        console.log('3. Enable the following APIs:');
+        console.log('   - Google Docs API');
+        console.log('   - Google Drive API');
+        console.log('   - Google Sheets API');
+        console.log('   - Gmail API');
+        console.log('   - Google Calendar API');
+        console.log('   - Google Slides API');
+        console.log('   - Google Forms API');
+        console.log('4. Create OAuth 2.0 credentials (Desktop application)');
+        console.log('5. Download the credentials JSON file');
+        console.log(`6. Copy it to: ${credPath}`);
+        console.log('');
+        console.log('After setting up credentials, run this command again or use:');
+        console.log('  google-workspace-mcp accounts add <account-name>');
+        return;
+    }
+    // Initialize and check accounts
+    await initializeAccounts();
+    const accounts = await listAccounts();
+    if (accounts.length === 0) {
+        console.log('');
+        console.log('No accounts configured yet.');
+        console.log('');
+        console.log('To add an account, run:');
+        console.log('  google-workspace-mcp accounts add <account-name>');
+        console.log('');
+        console.log('Example:');
+        console.log('  google-workspace-mcp accounts add personal');
+        console.log('  google-workspace-mcp accounts add work');
+    }
+    else {
+        console.log('');
+        console.log(`✅ Found ${accounts.length} configured account(s):`);
+        accounts.forEach((acc, i) => {
+            console.log(`   ${i + 1}. ${acc.name}${acc.email ? ` (${acc.email})` : ''}`);
+        });
+        console.log('');
+        console.log('Your MCP server is ready to use!');
+        console.log('');
+        console.log('To start the server:');
+        console.log('  google-workspace-mcp serve');
+    }
+    console.log('');
+    console.log('📚 For more information, see the README.md');
+});
+// === Accounts Commands ===
+const accountsCmd = program.command('accounts').description('Manage Google account authentication');
+accountsCmd
+    .command('list')
+    .description('List all configured Google accounts')
+    .action(async () => {
+    await initializeAccounts();
+    const accounts = await listAccounts();
+    if (accounts.length === 0) {
+        console.log('No accounts configured.');
+        console.log('');
+        console.log('To add an account, run:');
+        console.log('  google-workspace-mcp accounts add <account-name>');
+        return;
+    }
+    console.log(`\nConfigured accounts (${accounts.length}):\n`);
+    accounts.forEach((account, index) => {
+        console.log(`${index + 1}. ${account.name}`);
+        if (account.email) {
+            console.log(`   Email: ${account.email}`);
+        }
+        console.log(`   Added: ${account.addedAt}`);
+        console.log('');
+    });
+});
+accountsCmd
+    .command('add <name>')
+    .description('Add a new Google account')
+    .option('-c, --credentials <path>', 'Path to custom credentials.json file for this account')
+    .option('--open', 'Automatically open the authorization URL in browser (default)')
+    .option('--no-open', 'Do not automatically open browser, just print the URL')
+    .action(async (name, options) => {
+    console.log(`\nAdding account: ${name}\n`);
+    // Validate name
+    if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
+        console.error('Error: Account name must contain only letters, numbers, underscores, and hyphens.');
+        process.exit(1);
+    }
+    await initializeAccounts();
+    // Check if account already exists
+    const accounts = await listAccounts();
+    if (accounts.some((a) => a.name === name)) {
+        console.error(`Error: Account "${name}" already exists.`);
+        console.error('Use "google-workspace-mcp auth remove <name>" first if you want to re-add it.');
+        process.exit(1);
+    }
+    const port = 3000;
+    console.log(`Starting OAuth flow on port ${port}...`);
+    console.log('');
+    // Default to opening browser unless --no-open is specified
+    const shouldOpenBrowser = options.open !== false;
+    try {
+        // This will block until OAuth is complete
+        await completeAddAccount(name, port, options.credentials, (authUrl) => {
+            console.log('╔════════════════════════════════════════════════════════════════════╗');
+            console.log('║                    AUTHORIZATION REQUIRED                          ║');
+            console.log('╚════════════════════════════════════════════════════════════════════╝');
+            console.log('');
+            if (shouldOpenBrowser) {
+                console.log('Opening browser for authorization...');
+                console.log('');
+                console.log('If the browser does not open, visit this URL manually:');
+            }
+            else {
+                console.log('Open this URL in your browser to authorize:');
+            }
+            console.log(authUrl);
+            console.log('');
+            console.log('Waiting for authorization...');
+            // Open the URL in the default browser (unless --no-open)
+            if (shouldOpenBrowser) {
+                openBrowser(authUrl);
+            }
+        });
+        console.log('');
+        console.log(`✅ Account "${name}" added successfully!`);
+        console.log('');
+        console.log('You can now use this account with the MCP server.');
+    }
+    catch (error) {
+        console.error('');
+        console.error(`❌ Failed to add account: ${getErrorMessage(error)}`);
+        process.exit(1);
+    }
+});
+accountsCmd
+    .command('remove <name>')
+    .description('Remove a Google account')
+    .action(async (name) => {
+    await initializeAccounts();
+    try {
+        await removeAccount(name);
+        console.log(`✅ Account "${name}" removed successfully.`);
+    }
+    catch (error) {
+        console.error(`❌ Failed to remove account: ${getErrorMessage(error)}`);
+        process.exit(1);
+    }
+});
+accountsCmd
+    .command('test-permissions [name]')
+    .description('Test API permissions for account(s). Tests all accounts if no name specified.')
+    .action(async (name) => {
+    await initializeAccounts();
+    const accounts = await listAccounts();
+    if (accounts.length === 0) {
+        console.log('No accounts configured.');
+        console.log('');
+        console.log('To add an account, run:');
+        console.log('  google-workspace-mcp accounts add <account-name>');
+        return;
+    }
+    // Filter to specific account if name provided
+    const accountsToTest = name ? accounts.filter((a) => a.name === name) : accounts;
+    if (name && accountsToTest.length === 0) {
+        console.error(`Account "${name}" not found.`);
+        process.exit(1);
+    }
+    console.log(`\n🔍 Testing API permissions for ${accountsToTest.length} account(s)...\n`);
+    /** Helper to handle 404 errors as success (resource doesn't exist but we have access) */
+    const handle404 = (promise) => promise.catch((e) => {
+        if (isGoogleApiError(e) && e.code === 404)
+            return { status: 200 };
+        throw e;
+    });
+    const services = [
+        { name: 'Drive', test: async (clients) => await clients.drive.files.list({ pageSize: 1 }) },
+        {
+            name: 'Docs',
+            test: async (clients) => await handle404(clients.docs.documents.get({ documentId: 'test' })),
+        },
+        {
+            name: 'Sheets',
+            test: async (clients) => await handle404(clients.sheets.spreadsheets.get({ spreadsheetId: 'test' })),
+        },
+        {
+            name: 'Gmail',
+            test: async (clients) => await clients.gmail.users.labels.list({ userId: 'me' }),
+        },
+        {
+            name: 'Calendar',
+            test: async (clients) => await clients.calendar.calendarList.list({ maxResults: 1 }),
+        },
+        {
+            name: 'Slides',
+            test: async (clients) => await handle404(clients.slides.presentations.get({ presentationId: 'test' })),
+        },
+        {
+            name: 'Forms',
+            test: async (clients) => await handle404(clients.forms.forms.get({ formId: 'test' })),
+        },
+    ];
+    let totalIssues = 0;
+    for (const account of accountsToTest) {
+        console.log(`📧 ${account.name}${account.email ? ` (${account.email})` : ''}`);
+        try {
+            const clients = await getAccountClients(account.name);
+            let accountIssues = 0;
+            for (const service of services) {
+                try {
+                    await service.test(clients);
+                    console.log(`   ✅ ${service.name}`);
+                }
+                catch (error) {
+                    accountIssues++;
+                    const message = getErrorMessage(error);
+                    if (message.includes('insufficient') ||
+                        message.includes('permission') ||
+                        message.includes('403')) {
+                        console.log(`   ❌ ${service.name}: Permission denied`);
+                    }
+                    else if (message.includes('401') || message.includes('invalid_grant')) {
+                        console.log(`   ❌ ${service.name}: Token expired or revoked`);
+                    }
+                    else {
+                        console.log(`   ❌ ${service.name}: ${message.substring(0, 60)}`);
+                    }
+                }
+            }
+            if (accountIssues > 0) {
+                totalIssues += accountIssues;
+                console.log(`   ⚠️  ${accountIssues} service(s) need attention`);
+            }
+        }
+        catch (error) {
+            console.log(`   ❌ Failed to load account: ${getErrorMessage(error)}`);
+            totalIssues++;
+        }
+        console.log('');
+    }
+    if (totalIssues === 0) {
+        console.log('✅ All API permissions verified successfully!');
+    }
+    else {
+        console.log(`⚠️  ${totalIssues} issue(s) found.`);
+        console.log('');
+        console.log('To fix permission issues, remove and re-add the account:');
+        console.log('  google-workspace-mcp accounts remove <name>');
+        console.log('  google-workspace-mcp accounts add <name>');
+    }
+});
+// === Config Commands ===
+const configCmd = program.command('config').description('View configuration information');
+configCmd
+    .command('path')
+    .description('Show the configuration directory path')
+    .action(() => {
+    console.log(getConfigDir());
+});
+configCmd
+    .command('show')
+    .description('Show current configuration')
+    .action(async () => {
+    const configDir = getConfigDir();
+    const credPath = getCredentialsPath();
+    console.log('\nGoogle Workspace MCP Server Configuration\n');
+    console.log('Configuration directory:', configDir);
+    console.log('Credentials file:', credPath);
+    console.log('');
+    // Check credentials
+    try {
+        await fs.access(credPath);
+        console.log('Credentials status: ✅ Found');
+    }
+    catch {
+        console.log('Credentials status: ❌ Not found');
+    }
+    // List accounts
+    await initializeAccounts();
+    const accounts = await listAccounts();
+    console.log('');
+    console.log(`Accounts configured: ${accounts.length}`);
+    if (accounts.length > 0) {
+        accounts.forEach((acc, i) => {
+            console.log(`  ${i + 1}. ${acc.name}${acc.email ? ` (${acc.email})` : ''}`);
+        });
+    }
+});
+// === Status Command ===
+program
+    .command('status')
+    .description('Check if the server is properly configured and ready')
+    .action(async () => {
+    console.log('\n🔍 Checking Google Workspace MCP Server status...\n');
+    let issues = 0;
+    // Check credentials
+    const credPath = getCredentialsPath();
+    try {
+        await fs.access(credPath);
+        console.log('✅ Credentials file found');
+    }
+    catch {
+        console.log('❌ Credentials file NOT found');
+        console.log(`   Expected at: ${credPath}`);
+        issues++;
+    }
+    // Check accounts
+    await initializeAccounts();
+    const accounts = await listAccounts();
+    if (accounts.length > 0) {
+        console.log(`✅ ${accounts.length} account(s) configured`);
+        accounts.forEach((acc) => {
+            console.log(`   - ${acc.name}${acc.email ? ` (${acc.email})` : ''}`);
+        });
+    }
+    else {
+        console.log('⚠️  No accounts configured');
+        console.log('   Run: google-workspace-mcp accounts add <account-name>');
+        issues++;
+    }
+    console.log('');
+    if (issues === 0) {
+        console.log('✅ Server is ready to use!');
+        console.log('');
+        console.log('Start the server with:');
+        console.log('  google-workspace-mcp serve');
+    }
+    else {
+        console.log(`⚠️  ${issues} issue(s) found. Please resolve them before using the server.`);
+    }
+});
+// Default command is 'serve' if no command is specified
+program.action(() => {
+    // If no command provided, show help
+    program.help();
+});
+// Parse arguments
+program.parse();
+//# sourceMappingURL=cli.js.map