feat(google-official): wrap BigQuery / GKE / Maps so they actually work in mesh#420
Open
JonasJesus42 wants to merge 1 commit intomainfrom
Open
feat(google-official): wrap BigQuery / GKE / Maps so they actually work in mesh#420JonasJesus42 wants to merge 1 commit intomainfrom
JonasJesus42 wants to merge 1 commit intomainfrom
Conversation
…rk in mesh
The three `google-*-official` MCPs were registered as bare URLs pointing
at Google's MCP endpoints. They couldn't be installed in mesh because
Google doesn't support Dynamic Client Registration (RFC 7591) — the same
gap that motivated the google-workspace wrapper.
This PR:
- Extracts the proxy / json-schema-to-zod / wrap-tool helpers from
google-workspace into a new shared module `@decocms/mcps-shared/google-mcp`.
- Refactors google-workspace to consume the shared helpers (no behavior
change; snapshots gain a `url` field, TOOLS.md wording slightly tweaked).
- Adds `google-bigquery-official` (6 tools, scope `bigquery`),
`google-gke-official` (23 tools, scope `container`) and
`google-maps-official` (3 tools, scope `maps-platform.mapstools`) as
full wrapper MCPs: server/main.ts with `createGoogleOAuth`, snapshot
codegen, dist build, deploy.json entries, TOOLS.md catalog.
- Flips `mesh_unlisted` to `false` on the three apps so they show up in
the registry, and points their connection URL at the new workers
(`sites-google-{name}-official.decocache.com/mcp`).
Each wrapper needs the same `GOOGLE_CLIENT_ID` / `GOOGLE_CLIENT_SECRET`
secrets in K8s (per-MCP) and the redirect URIs added to the OAuth client.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The three
google-*-officialMCPs (google-bigquery-official,google-gke-official,google-maps-official) were registered as bare URLs pointing at Google's MCP endpoints (bigquery.googleapis.com/mcp,container.googleapis.com/mcp,mapstools.googleapis.com/mcp). They didn't work in mesh because Google doesn't support Dynamic Client Registration — same gap that motivated #418 google-workspace.This PR makes them work using the same wrapper pattern.
What changed
Shared module
@decocms/mcps-shared/google-mcp— extracted fromgoogle-workspace/server/lib/:proxy.ts— generic JSON-RPC fetcher with 401/403 re-auth hintsjson-schema-to-zod.ts— minimal converter for Google's schemaswrap-tool.ts— turns a snapshot entry into acreatePrivateToolfactory;wrapBackendSnapshotdedupes upstream duplicatesgenerate-snapshot.ts— reusable codegen that fetchestools/list+ RFC 9728 PRM and writes per-backend JSON + TOOLS.mdRefactor
google-workspaceto consume the shared module. No behavior change — only the snapshots gain aurlfield and TOOLS.md wording is slightly more generic.Three new wrapper MCPs, each one ~30 lines of glue + a snapshot:
google-bigquery-officialhttps://www.googleapis.com/auth/bigquerygoogle-gke-officialhttps://www.googleapis.com/auth/containergoogle-maps-officialhttps://www.googleapis.com/auth/maps-platform.mapstoolsEach one:
app.json(connection URL points at the new worker),package.json,tsconfig.json,shared/deco.gen.ts,server/main.ts,server/scripts/generate-tools.ts, snapshot inserver/tools/generated/, andTOOLS.md.createGoogleOAuthfrom@decocms/mcps-shared/google-oauthand proxies via@decocms/mcps-shared/google-mcp.mesh_unlisted: true→falseso the registry surfaces them again.deploy.json— three newkubernetes-bunentries.Deployment requirements
Each wrapper needs the same secrets the other Google MCPs use:
GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRETAnd the redirect URI of
https://sites-google-{name}-official.decocache.com/...added to the OAuth client in Google Cloud Console.Test plan
bun scripts/check.ts google-bigquery-official google-gke-official google-maps-official google-workspace— all 4 passbun run generate-toolsre-runs cleanly in each MCP, produces deterministic snapshotsbun run buildsucceeds for each MCPtools/listand a sample tool call (e.g.list_dataset_idsfor BigQuery)Adding more
google-*-officialMCPs laterThe pattern is now formalized. To add (say)
google-cloudrun-official:BACKEND_URLto the upstream MCP endpoint.bun run generate-tools.deploy.jsonand rootpackage.jsonworkspaces.🤖 Generated with Claude Code
Summary by cubic
Wrap Google’s official BigQuery, GKE, and Maps MCP servers behind an OAuth + JSON-RPC proxy so they work in mesh. Extract shared wrapper logic into
@decocms/mcps-shared/google-mcpand refactorgoogle-workspaceto use it.New Features
google-bigquery-official(6 tools),google-gke-official(23 tools), andgoogle-maps-official(3 tools); pointapp.jsonURLs tohttps://sites-google-{name}-official.decocache.com/mcpand setmesh_unlisted: false.@decocms/mcps-shared/google-mcpwith proxy,json-schema-to-zod, tool wrapping, and snapshot generator; add per-wrappergenerate-toolsscripts andTOOLS.md.deploy.jsonwith threekubernetes-bunentries and add the new packages to rootpackage.jsonworkspaces.google-workspaceto the shared helpers; no behavior change, snapshots now include aurlfield.Migration
GOOGLE_CLIENT_IDandGOOGLE_CLIENT_SECRETfor each wrapper.https://sites-google-{name}-official.decocache.com/...in Google Cloud Console.tools/listor any sample tool.Written for commit 22f9e58. Summary will update on new commits.