Skip to content

feat: add preflight check command to validate API permissions and project setup #38

New issue
New issue
Closed
Closed
feat: add preflight check command to validate API permissions and project setup#38
@aliwatters

Description

@aliwatters
aliwatters
opened on Mar 16, 2026

Summary

Add a gsuite-mcp check (or gsuite-mcp doctor) CLI command that validates the full setup: OAuth client config, token validity, and API enablement for all 7 Google APIs.

Motivation

When switching GCP projects or re-authenticating, it's tedious to discover which APIs are missing one-by-one through runtime errors. A single command should verify everything upfront.

Proposed Behavior

$ gsuite-mcp check

Checking configuration...
  ✓ client_secret.json found
  ✓ OAuth client ID: 305...rv (project: 305192952884)

Checking accounts...
  ✓ ali@loyal.com — token valid, expires 2026-03-16T11:00:00Z

Checking API access for ali@loyal.com...
  ✓ Gmail API
  ✓ Google Calendar API
  ✓ Google Drive API
  ✓ Google Docs API
  ✓ Google Sheets API
  ✓ Google Tasks API
  ✓ People API (Contacts)

All checks passed!

On failure:

$ gsuite-mcp check

Checking configuration...
  ✓ client_secret.json found
  ✓ OAuth client ID: 305...rv (project: 305192952884)

Checking accounts...
  ✓ ali@loyal.com — token valid

Checking API access for ali@loyal.com...
  ✓ Gmail API
  ✓ Google Calendar API
  ✗ Google Drive API — not enabled
    Enable at: https://console.developers.google.com/apis/api/drive.googleapis.com/overview?project=305192952884
  ✓ Google Docs API
  ✗ Google Sheets API — not enabled
    Enable at: https://console.developers.google.com/apis/api/sheets.googleapis.com/overview?project=305192952884
  ✓ Google Tasks API
  ✓ People API (Contacts)

2 issues found. Fix the above and re-run.

Implementation Notes

  • Extract project number from client_id prefix for the enable URLs
  • For each API, make a minimal API call (e.g., files.list with maxResults=1 for Drive)
  • Check token validity by attempting a refresh
  • Could also verify redirect URI configuration by checking the OAuth client metadata (if possible via API)

Acceptance Criteria

  • gsuite-mcp check validates client_secret.json exists and is parseable
  • Checks each account's token is valid
  • Tests all 7 APIs with minimal calls
  • Prints actionable enable URLs on failure
  • Exit code 0 on success, 1 on failure

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions