jason/google-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement --read-only mode with tool filtering

Browse Source 
- Adds --read-only CLI flag to restrict OAuth scopes to read-only permissions
- Implements dynamic tool filtering to disable tools requiring write permissions when in read-only mode
- Updates auth/scopes.py to manage read-only scope mappings
- Enhances @require_google_service and handle_http_errors decorators to propagate scope metadata
- Updates documentation in README.md
This commit is contained in:
Dmytro Dziuma
2025-12-24 00:19:28 +00:00
parent a446b72104
commit 0d4394ae27
6 changed files with 113 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
auth/service_decorator.py
View File

@@ -636,6 +636,9 @@ def require_google_service(
if func.__doc__:
wrapper.__doc__ = _remove_user_email_arg_from_docstring(func.__doc__)
# Attach required scopes to the wrapper for tool filtering
wrapper._required_google_scopes = _resolve_scopes(scopes)
return wrapper
return decorator
@@ -774,6 +777,12 @@ def require_multiple_services(service_configs: List[Dict[str, Any]]):
if func.__doc__:
wrapper.__doc__ = _remove_user_email_arg_from_docstring(func.__doc__)
# Attach all required scopes to the wrapper for tool filtering
all_scopes = []
for config in service_configs:
all_scopes.extend(_resolve_scopes(config["scopes"]))
wrapper._required_google_scopes = all_scopes
return wrapper
return decorator