workspace-mcp 1.0.1__tar.gz → 1.0.3__tar.gz

{workspace_mcp-1.0.1 → workspace_mcp-1.0.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: workspace-mcp
-Version: 1.0.1
+Version: 1.0.3
 Summary: Comprehensive, highly performant Google Workspace Streamable HTTP & SSE MCP Server for Calendar, Gmail, Docs, Sheets, Slides & Drive
 Author-email: Taylor Wilsdon <taylor@taylorwilsdon.com>
 License: MIT
@@ -36,6 +36,7 @@ Requires-Dist: google-api-python-client>=2.168.0
 Requires-Dist: google-auth-httplib2>=0.2.0
 Requires-Dist: google-auth-oauthlib>=1.2.2
 Requires-Dist: httpx>=0.28.1
+Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: tomlkit
 Dynamic: license-file
 
@@ -48,10 +49,11 @@ Dynamic: license-file
 [![PyPI](https://img.shields.io/pypi/v/workspace-mcp.svg)](https://pypi.org/project/workspace-mcp/)
 [![UV](https://img.shields.io/badge/Package%20Installer-UV-blueviolet)](https://github.com/astral-sh/uv)
 [![Website](https://img.shields.io/badge/Website-workspacemcp.com-green.svg)](https://workspacemcp.com)
+[![Verified on MseeP](https://mseep.ai/badge.svg)](https://mseep.ai/app/eebbc4a6-0f8c-41b2-ace8-038e5516dba0)
 
-**The world's most feature-complete Google Workspace MCP server**
+**This is the single most feature-complete Google Workspace MCP server**
 
-*Connect MCP Clients, AI assistants and developer tools to Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, and Chat*
+*Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, and Chat through all MCP clients, AI assistants and developer tools*
 
 </div>
 
@@ -74,6 +76,20 @@ Dynamic: license-file
 
 ---
 
+## AI-Enhanced Documentation
+
+> **This README was crafted with AI assistance, and here's why that matters**
+> 
+> When people dismiss documentation as "AI-generated," they're missing the bigger picture
+
+As a solo developer building open source tools that may only ever serve my own needs, comprehensive documentation often wouldn't happen without AI help. When done right—using agents like **Roo** or **Claude Code** that understand the entire codebase, AI doesn't just regurgitate generic content - it extracts real implementation details and creates accurate, specific documentation.
+
+**The alternative? No docs at all.** 
+
+I hope the community can appreciate these tools for what they enable: solo developers maintaining professional documentation standards while focusing on building great software.
+
+---
+*This documentation was enhanced by AI with full codebase context. The result? You're reading docs that otherwise might not exist.*
 
 ## 🌐 Overview
 
@@ -100,9 +116,13 @@ A production-ready MCP server that integrates all major Google Workspace service
 
 ### Simplest Start (uvx - Recommended)
 
-Run instantly without installation:
+> Run instantly without manual installation - you must configure OAuth credentials when using uvx. You can use either environment variables (recommended for production) or set the `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable to point to your `client_secret.json` file.
 
 ```bash
+# Set OAuth credentials via environment variables (recommended)
+export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+
 # Start the server with all Google Workspace tools
 uvx workspace-mcp
 
@@ -136,8 +156,31 @@ uv run main.py
 1. **Google Cloud Setup**:
    - Create OAuth 2.0 credentials (web application) in [Google Cloud Console](https://console.cloud.google.com/)
    - Enable APIs: Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Chat
-   - Download credentials as `client_secret.json` in project root
    - Add redirect URI: `http://localhost:8000/oauth2callback`
+   - Configure credentials using one of these methods:
+
+     **Option A: Environment Variables (Recommended for Production)**
+     ```bash
+     export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+     export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+     export GOOGLE_OAUTH_REDIRECT_URI="http://localhost:8000/oauth2callback"  # Optional
+     ```
+
+     **Option B: File-based (Traditional)**
+     - Download credentials as `client_secret.json` in project root
+     - To use a different location, set `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable with the file path
+
+   **Credential Loading Priority**:
+   1. Environment variables (`GOOGLE_OAUTH_CLIENT_ID`, `GOOGLE_OAUTH_CLIENT_SECRET`)
+   2. File specified by `GOOGLE_CLIENT_SECRET_PATH` or `GOOGLE_CLIENT_SECRETS` environment variable
+   3. Default file (`client_secret.json` in project root)
+
+   **Why Environment Variables?**
+   - ✅ Containerized deployments (Docker, Kubernetes)
+   - ✅ Cloud platforms (Heroku, Railway, etc.)
+   - ✅ CI/CD pipelines
+   - ✅ No secrets in version control
+   - ✅ Easy credential rotation
 
 2. **Environment**:
    ```bash
@@ -195,7 +238,11 @@ python install_claude.py
   "mcpServers": {
     "google_workspace": {
       "command": "uvx",
-      "args": ["workspace-mcp"]
+      "args": ["workspace-mcp"],
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -208,7 +255,11 @@ python install_claude.py
     "google_workspace": {
       "command": "uv",
       "args": ["run", "main.py"],
-      "cwd": "/path/to/google_workspace_mcp"
+      "cwd": "/path/to/google_workspace_mcp",
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -256,7 +307,8 @@ When calling a tool:
 |------|-------------|
 | `list_calendars` | List accessible calendars |
 | `get_events` | Retrieve events with time range filtering |
-| `create_event` | Create events (all-day or timed) |
+| `get_event` | Fetch detailed information of a single event by ID |
+| `create_event` | Create events (all-day or timed) with optional Drive file attachments |
 | `modify_event` | Update existing events |
 | `delete_event` | Remove events |
 
@@ -267,7 +319,7 @@ When calling a tool:
 | `search_drive_files` | Search files with query syntax |
 | `get_drive_file_content` | Read file content (supports Office formats) |
 | `list_drive_items` | List folder contents |
-| `create_drive_file` | Create new files |
+| `create_drive_file` | Create new files or fetch content from public URLs |
 
 ### 📧 Gmail ([`gmail_tools.py`](gmail/gmail_tools.py))
 

{workspace_mcp-1.0.1 → workspace_mcp-1.0.3}/README.md

@@ -7,10 +7,11 @@
 [![PyPI](https://img.shields.io/pypi/v/workspace-mcp.svg)](https://pypi.org/project/workspace-mcp/)
 [![UV](https://img.shields.io/badge/Package%20Installer-UV-blueviolet)](https://github.com/astral-sh/uv)
 [![Website](https://img.shields.io/badge/Website-workspacemcp.com-green.svg)](https://workspacemcp.com)
+[![Verified on MseeP](https://mseep.ai/badge.svg)](https://mseep.ai/app/eebbc4a6-0f8c-41b2-ace8-038e5516dba0)
 
-**The world's most feature-complete Google Workspace MCP server**
+**This is the single most feature-complete Google Workspace MCP server**
 
-*Connect MCP Clients, AI assistants and developer tools to Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, and Chat*
+*Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, and Chat through all MCP clients, AI assistants and developer tools*
 
 </div>
 
@@ -33,6 +34,20 @@
 
 ---
 
+## AI-Enhanced Documentation
+
+> **This README was crafted with AI assistance, and here's why that matters**
+> 
+> When people dismiss documentation as "AI-generated," they're missing the bigger picture
+
+As a solo developer building open source tools that may only ever serve my own needs, comprehensive documentation often wouldn't happen without AI help. When done right—using agents like **Roo** or **Claude Code** that understand the entire codebase, AI doesn't just regurgitate generic content - it extracts real implementation details and creates accurate, specific documentation.
+
+**The alternative? No docs at all.** 
+
+I hope the community can appreciate these tools for what they enable: solo developers maintaining professional documentation standards while focusing on building great software.
+
+---
+*This documentation was enhanced by AI with full codebase context. The result? You're reading docs that otherwise might not exist.*
 
 ## 🌐 Overview
 
@@ -59,9 +74,13 @@ A production-ready MCP server that integrates all major Google Workspace service
 
 ### Simplest Start (uvx - Recommended)
 
-Run instantly without installation:
+> Run instantly without manual installation - you must configure OAuth credentials when using uvx. You can use either environment variables (recommended for production) or set the `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable to point to your `client_secret.json` file.
 
 ```bash
+# Set OAuth credentials via environment variables (recommended)
+export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+
 # Start the server with all Google Workspace tools
 uvx workspace-mcp
 
@@ -95,8 +114,31 @@ uv run main.py
 1. **Google Cloud Setup**:
    - Create OAuth 2.0 credentials (web application) in [Google Cloud Console](https://console.cloud.google.com/)
    - Enable APIs: Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Chat
-   - Download credentials as `client_secret.json` in project root
    - Add redirect URI: `http://localhost:8000/oauth2callback`
+   - Configure credentials using one of these methods:
+
+     **Option A: Environment Variables (Recommended for Production)**
+     ```bash
+     export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+     export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+     export GOOGLE_OAUTH_REDIRECT_URI="http://localhost:8000/oauth2callback"  # Optional
+     ```
+
+     **Option B: File-based (Traditional)**
+     - Download credentials as `client_secret.json` in project root
+     - To use a different location, set `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable with the file path
+
+   **Credential Loading Priority**:
+   1. Environment variables (`GOOGLE_OAUTH_CLIENT_ID`, `GOOGLE_OAUTH_CLIENT_SECRET`)
+   2. File specified by `GOOGLE_CLIENT_SECRET_PATH` or `GOOGLE_CLIENT_SECRETS` environment variable
+   3. Default file (`client_secret.json` in project root)
+
+   **Why Environment Variables?**
+   - ✅ Containerized deployments (Docker, Kubernetes)
+   - ✅ Cloud platforms (Heroku, Railway, etc.)
+   - ✅ CI/CD pipelines
+   - ✅ No secrets in version control
+   - ✅ Easy credential rotation
 
 2. **Environment**:
    ```bash
@@ -154,7 +196,11 @@ python install_claude.py
   "mcpServers": {
     "google_workspace": {
       "command": "uvx",
-      "args": ["workspace-mcp"]
+      "args": ["workspace-mcp"],
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -167,7 +213,11 @@ python install_claude.py
     "google_workspace": {
       "command": "uv",
       "args": ["run", "main.py"],
-      "cwd": "/path/to/google_workspace_mcp"
+      "cwd": "/path/to/google_workspace_mcp",
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -215,7 +265,8 @@ When calling a tool:
 |------|-------------|
 | `list_calendars` | List accessible calendars |
 | `get_events` | Retrieve events with time range filtering |
-| `create_event` | Create events (all-day or timed) |
+| `get_event` | Fetch detailed information of a single event by ID |
+| `create_event` | Create events (all-day or timed) with optional Drive file attachments |
 | `modify_event` | Update existing events |
 | `delete_event` | Remove events |
 
@@ -226,7 +277,7 @@ When calling a tool:
 | `search_drive_files` | Search files with query syntax |
 | `get_drive_file_content` | Read file content (supports Office formats) |
 | `list_drive_items` | List folder contents |
-| `create_drive_file` | Create new files |
+| `create_drive_file` | Create new files or fetch content from public URLs |
 
 ### 📧 Gmail ([`gmail_tools.py`](gmail/gmail_tools.py))
 

{workspace_mcp-1.0.1 → workspace_mcp-1.0.3}/auth/google_auth.py

@@ -27,7 +27,7 @@ DEFAULT_CREDENTIALS_DIR = ".credentials"
 # This should be more robust in a production system once OAuth2.1 is implemented in client.
 _SESSION_CREDENTIALS_CACHE: Dict[str, Credentials] = {}
 # Centralized Client Secrets Path Logic
-_client_secrets_env = os.getenv("GOOGLE_CLIENT_SECRETS")
+_client_secrets_env = os.getenv("GOOGLE_CLIENT_SECRET_PATH") or os.getenv("GOOGLE_CLIENT_SECRETS")
 if _client_secrets_env:
     CONFIG_CLIENT_SECRETS_PATH = _client_secrets_env
 else:
@@ -151,22 +151,128 @@ def load_credentials_from_session(session_id: str) -> Optional[Credentials]:
         logger.debug(f"No credentials found in session cache for session_id: {session_id}")
     return credentials
 
+def load_client_secrets_from_env() -> Optional[Dict[str, Any]]:
+    """
+    Loads the client secrets from environment variables.
+
+    Environment variables used:
+        - GOOGLE_OAUTH_CLIENT_ID: OAuth 2.0 client ID
+        - GOOGLE_OAUTH_CLIENT_SECRET: OAuth 2.0 client secret
+        - GOOGLE_OAUTH_REDIRECT_URI: (optional) OAuth redirect URI
+
+    Returns:
+        Client secrets configuration dict compatible with Google OAuth library,
+        or None if required environment variables are not set.
+    """
+    client_id = os.getenv("GOOGLE_OAUTH_CLIENT_ID")
+    client_secret = os.getenv("GOOGLE_OAUTH_CLIENT_SECRET")
+    redirect_uri = os.getenv("GOOGLE_OAUTH_REDIRECT_URI")
+
+    if client_id and client_secret:
+        # Create config structure that matches Google client secrets format
+        web_config = {
+            "client_id": client_id,
+            "client_secret": client_secret,
+            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+            "token_uri": "https://oauth2.googleapis.com/token",
+            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"
+        }
+
+        # Add redirect_uri if provided via environment variable
+        if redirect_uri:
+            web_config["redirect_uris"] = [redirect_uri]
+
+        # Return the full config structure expected by Google OAuth library
+        config = {"web": web_config}
+
+        logger.info("Loaded OAuth client credentials from environment variables")
+        return config
+
+    logger.debug("OAuth client credentials not found in environment variables")
+    return None
+
 def load_client_secrets(client_secrets_path: str) -> Dict[str, Any]:
-    """Loads the client secrets file."""
+    """
+    Loads the client secrets from environment variables (preferred) or from the client secrets file.
+
+    Priority order:
+    1. Environment variables (GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET)
+    2. File-based credentials at the specified path
+
+    Args:
+        client_secrets_path: Path to the client secrets JSON file (used as fallback)
+
+    Returns:
+        Client secrets configuration dict
+
+    Raises:
+        ValueError: If client secrets file has invalid format
+        IOError: If file cannot be read and no environment variables are set
+    """
+    # First, try to load from environment variables
+    env_config = load_client_secrets_from_env()
+    if env_config:
+        # Extract the "web" config from the environment structure
+        return env_config["web"]
+
+    # Fall back to loading from file
     try:
         with open(client_secrets_path, 'r') as f:
             client_config = json.load(f)
             # The file usually contains a top-level key like "web" or "installed"
             if "web" in client_config:
+                logger.info(f"Loaded OAuth client credentials from file: {client_secrets_path}")
                 return client_config["web"]
             elif "installed" in client_config:
-                 return client_config["installed"]
+                logger.info(f"Loaded OAuth client credentials from file: {client_secrets_path}")
+                return client_config["installed"]
             else:
                  logger.error(f"Client secrets file {client_secrets_path} has unexpected format.")
                  raise ValueError("Invalid client secrets file format")
     except (IOError, json.JSONDecodeError) as e:
         logger.error(f"Error loading client secrets file {client_secrets_path}: {e}")
         raise
+def check_client_secrets() -> Optional[str]:
+    """
+    Checks for the presence of OAuth client secrets, either as environment
+    variables or as a file.
+
+    Returns:
+        An error message string if secrets are not found, otherwise None.
+    """
+    env_config = load_client_secrets_from_env()
+    if not env_config and not os.path.exists(CONFIG_CLIENT_SECRETS_PATH):
+        logger.error(f"OAuth client credentials not found. No environment variables set and no file at {CONFIG_CLIENT_SECRETS_PATH}")
+        return f"OAuth client credentials not found. Please set GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET environment variables or provide a client secrets file at {CONFIG_CLIENT_SECRETS_PATH}."
+    return None
+
+def create_oauth_flow(scopes: List[str], redirect_uri: str, state: Optional[str] = None) -> Flow:
+    """Creates an OAuth flow using environment variables or client secrets file."""
+    # Try environment variables first
+    env_config = load_client_secrets_from_env()
+    if env_config:
+        # Use client config directly
+        flow = Flow.from_client_config(
+            env_config,
+            scopes=scopes,
+            redirect_uri=redirect_uri,
+            state=state
+        )
+        logger.debug("Created OAuth flow from environment variables")
+        return flow
+
+    # Fall back to file-based config
+    if not os.path.exists(CONFIG_CLIENT_SECRETS_PATH):
+        raise FileNotFoundError(f"OAuth client secrets file not found at {CONFIG_CLIENT_SECRETS_PATH} and no environment variables set")
+
+    flow = Flow.from_client_secrets_file(
+        CONFIG_CLIENT_SECRETS_PATH,
+        scopes=scopes,
+        redirect_uri=redirect_uri,
+        state=state
+    )
+    logger.debug(f"Created OAuth flow from client secrets file: {CONFIG_CLIENT_SECRETS_PATH}")
+    return flow
 
 # --- Core OAuth Logic ---
 
@@ -206,8 +312,7 @@ async def start_auth_flow(
             OAUTH_STATE_TO_SESSION_ID_MAP[oauth_state] = mcp_session_id
             logger.info(f"[start_auth_flow] Stored mcp_session_id '{mcp_session_id}' for oauth_state '{oauth_state}'.")
 
-        flow = Flow.from_client_secrets_file(
-            CONFIG_CLIENT_SECRETS_PATH, # Use module constant
+        flow = create_oauth_flow(
             scopes=SCOPES, # Use global SCOPES
             redirect_uri=redirect_uri, # Use passed redirect_uri
             state=oauth_state
@@ -240,7 +345,7 @@ async def start_auth_flow(
         return "\n".join(message_lines)
 
     except FileNotFoundError as e:
-        error_text = f"OAuth client secrets file not found: {e}. Please ensure '{CONFIG_CLIENT_SECRETS_PATH}' is correctly configured."
+        error_text = f"OAuth client credentials not found: {e}. Please either:\n1. Set environment variables: GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET\n2. Ensure '{CONFIG_CLIENT_SECRETS_PATH}' file exists"
         logger.error(error_text, exc_info=True)
         raise Exception(error_text)
     except Exception as e:
@@ -249,12 +354,12 @@ async def start_auth_flow(
         raise Exception(error_text)
 
 def handle_auth_callback(
-    client_secrets_path: str,
     scopes: List[str],
     authorization_response: str,
-    redirect_uri: str, # Made redirect_uri a required parameter
+    redirect_uri: str,
     credentials_base_dir: str = DEFAULT_CREDENTIALS_DIR,
-    session_id: Optional[str] = None
+    session_id: Optional[str] = None,
+    client_secrets_path: Optional[str] = None  # Deprecated: kept for backward compatibility
 ) -> Tuple[str, Credentials]:
     """
     Handles the callback from Google, exchanges the code for credentials,
@@ -262,12 +367,12 @@ def handle_auth_callback(
     and returns them.
 
     Args:
-        client_secrets_path: Path to the Google client secrets JSON file.
         scopes: List of OAuth scopes requested.
         authorization_response: The full callback URL from Google.
         redirect_uri: The redirect URI.
         credentials_base_dir: Base directory for credential files.
         session_id: Optional MCP session ID to associate with the credentials.
+        client_secrets_path: (Deprecated) Path to client secrets file. Ignored if environment variables are set.
 
     Returns:
         A tuple containing the user_google_email and the obtained Credentials object.
@@ -278,13 +383,16 @@ def handle_auth_callback(
         HttpError: If fetching user info fails.
     """
     try:
+        # Log deprecation warning if old parameter is used
+        if client_secrets_path:
+            logger.warning("The 'client_secrets_path' parameter is deprecated. Use GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET environment variables instead.")
+
         # Allow HTTP for localhost in development
         if 'OAUTHLIB_INSECURE_TRANSPORT' not in os.environ:
             logger.warning("OAUTHLIB_INSECURE_TRANSPORT not set. Setting it for localhost development.")
             os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
 
-        flow = Flow.from_client_secrets_file(
-            client_secrets_path,
+        flow = create_oauth_flow(
             scopes=scopes,
             redirect_uri=redirect_uri
         )

{workspace_mcp-1.0.1 → workspace_mcp-1.0.3}/auth/oauth_callback_server.py

@@ -15,7 +15,7 @@ import socket
 from fastapi import FastAPI, Request
 import uvicorn
 
-from auth.google_auth import handle_auth_callback, CONFIG_CLIENT_SECRETS_PATH
+from auth.google_auth import handle_auth_callback, check_client_secrets
 from auth.scopes import OAUTH_STATE_TO_SESSION_ID_MAP, SCOPES
 from auth.oauth_responses import create_error_response, create_success_response, create_server_error_response
 
@@ -59,6 +59,11 @@ class MinimalOAuthServer:
                 return create_error_response(error_message)
 
             try:
+                # Check if we have credentials available (environment variables or file)
+                error_message = check_client_secrets()
+                if error_message:
+                    return create_server_error_response(error_message)
+
                 logger.info(f"OAuth callback: Received code (state: {state}). Attempting to exchange for tokens.")
 
                 mcp_session_id: Optional[str] = OAUTH_STATE_TO_SESSION_ID_MAP.pop(state, None)
@@ -69,7 +74,6 @@ class MinimalOAuthServer:
 
                 # Exchange code for credentials
                 verified_user_id, credentials = handle_auth_callback(
-                    client_secrets_path=CONFIG_CLIENT_SECRETS_PATH,
                     scopes=SCOPES,
                     authorization_response=str(request.url),
                     redirect_uri=f"{self.base_uri}:{self.port}/oauth2callback",
@@ -106,7 +110,7 @@ class MinimalOAuthServer:
             hostname = parsed_uri.hostname or 'localhost'
         except Exception:
             hostname = 'localhost'
-            
+
         try:
             with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                 s.bind((hostname, self.port))

{workspace_mcp-1.0.1 → workspace_mcp-1.0.3}/auth/service_decorator.py

@@ -193,29 +193,37 @@ def require_google_service(
             # Original authentication logic is handled automatically
     """
     def decorator(func: Callable) -> Callable:
+        # Inspect the original function signature
+        original_sig = inspect.signature(func)
+        params = list(original_sig.parameters.values())
+
+        # The decorated function must have 'service' as its first parameter.
+        if not params or params[0].name != 'service':
+            raise TypeError(
+                f"Function '{func.__name__}' decorated with @require_google_service "
+                "must have 'service' as its first parameter."
+            )
+
+        # Create a new signature for the wrapper that excludes the 'service' parameter.
+        # This is the signature that FastMCP will see.
+        wrapper_sig = original_sig.replace(parameters=params[1:])
+
         @wraps(func)
         async def wrapper(*args, **kwargs):
-            # Extract user_google_email from function parameters
-            sig = inspect.signature(func)
-            param_names = list(sig.parameters.keys())
+            # Note: `args` and `kwargs` are now the arguments for the *wrapper*,
+            # which does not include 'service'.
 
-            # Find user_google_email parameter
-            user_google_email = None
-            if 'user_google_email' in kwargs:
-                user_google_email = kwargs['user_google_email']
-            else:
-                # Look for user_google_email in positional args
-                try:
-                    user_email_index = param_names.index('user_google_email')
-                    if user_email_index < len(args):
-                        user_google_email = args[user_email_index]
-                except ValueError:
-                    pass
+            # Extract user_google_email from the arguments passed to the wrapper
+            bound_args = wrapper_sig.bind(*args, **kwargs)
+            bound_args.apply_defaults()
+            user_google_email = bound_args.arguments.get('user_google_email')
 
             if not user_google_email:
-                raise Exception("user_google_email parameter is required but not found")
+                # This should ideally not be reached if 'user_google_email' is a required parameter
+                # in the function signature, but it's a good safeguard.
+                raise Exception("'user_google_email' parameter is required but was not found.")
 
-            # Get service configuration
+            # Get service configuration from the decorator's arguments
             if service_type not in SERVICE_CONFIGS:
                 raise Exception(f"Unknown service type: {service_type}")
 
@@ -226,7 +234,7 @@ def require_google_service(
             # Resolve scopes
             resolved_scopes = _resolve_scopes(scopes)
 
-            # Check cache first if enabled
+            # --- Service Caching and Authentication Logic (largely unchanged) ---
             service = None
             actual_user_email = user_google_email
 
@@ -236,7 +244,6 @@ def require_google_service(
                 if cached_result:
                     service, actual_user_email = cached_result
 
-            # If not cached, authenticate
             if service is None:
                 try:
                     tool_name = func.__name__
@@ -247,30 +254,22 @@ def require_google_service(
                         user_google_email=user_google_email,
                         required_scopes=resolved_scopes,
                     )
-
-                    # Cache the service if caching is enabled
                     if cache_enabled:
                         cache_key = _get_cache_key(user_google_email, service_name, service_version, resolved_scopes)
                         _cache_service(cache_key, service, actual_user_email)
-
                 except GoogleAuthenticationError as e:
                     raise Exception(str(e))
 
-            # Inject service as first parameter
-            if 'service' in param_names:
-                kwargs['service'] = service
-            else:
-                # Insert service as first positional argument
-                args = (service,) + args
-
-            # Call the original function with refresh error handling
+            # --- Call the original function with the service object injected ---
             try:
-                return await func(*args, **kwargs)
+                # Prepend the fetched service object to the original arguments
+                return await func(service, *args, **kwargs)
             except RefreshError as e:
-                # Handle token refresh errors gracefully
                 error_message = _handle_token_refresh_error(e, actual_user_email, service_name)
                 raise Exception(error_message)
 
+        # Set the wrapper's signature to the one without 'service'
+        wrapper.__signature__ = wrapper_sig
         return wrapper
     return decorator
 

workspace_mcp-1.0.3/core/context.py

@@ -0,0 +1,22 @@
+# core/context.py
+import contextvars
+from typing import Optional
+
+# Context variable to hold injected credentials for the life of a single request.
+_injected_oauth_credentials = contextvars.ContextVar(
+    "injected_oauth_credentials", default=None
+)
+
+def get_injected_oauth_credentials():
+    """
+    Retrieve injected OAuth credentials for the current request context.
+    This is called by the authentication layer to check for request-scoped credentials.
+    """
+    return _injected_oauth_credentials.get()
+
+def set_injected_oauth_credentials(credentials: Optional[dict]):
+    """
+    Set or clear the injected OAuth credentials for the current request context.
+    This is called by the service decorator.
+    """
+    _injected_oauth_credentials.set(credentials)