Add native Google Sheets tools (list, read, write, create, info)

5 new MCP tools for Google Sheets integration:
- sheets_list: search/list user's spreadsheets via Drive API
- sheets_read: read data as JSON records (compatible with input_json)
- sheets_write: write/append JSON records to a sheet
- sheets_create: create new spreadsheet with optional initial data
- sheets_info: get sheet metadata (title, tabs, dimensions)

Token management supports HTTP mode (OAuth via Supabase with Google
provider tokens stored in Redis) and stdio mode (service account JWT).

Also adds:
- Google token passthrough in OAuth flow (auth.py)
- output_spreadsheet_title option in everyrow_results
- Authenticated Google URL fetches in fetch_csv_from_url
- google_sheets_credentials_json setting for stdio mode

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: RafaelPo

everyrow-mcp/src/everyrow_mcp/auth.py

@@ -116,19 +116,24 @@ class EveryRowAuthorizationCode(AuthorizationCode):
 
     supabase_access_token: str
     supabase_refresh_token: str
+    google_access_token: str = ""
+    google_refresh_token: str = ""
 
 
 class EveryRowRefreshToken(RefreshToken):
     """Extends RefreshToken with the Supabase refresh token."""
 
     supabase_refresh_token: str
+    google_refresh_token: str = ""
 
 
 class SupabaseTokenResponse(BaseModel):
     """Response from Supabase token exchange."""
 
     access_token: str
     refresh_token: str
+    provider_token: str = ""
+    provider_refresh_token: str = ""
 
 
 class PendingAuth(BaseModel):
@@ -236,6 +241,10 @@ def _supabase_redirect_url(supabase_verifier: str) -> str:
                     'flow_type': 'pkce',
                     'code_challenge': supabase_challenge,
                     'code_challenge_method': 's256',
+                    'scopes': (
+                        'https://www.googleapis.com/auth/spreadsheets '
+                        'https://www.googleapis.com/auth/drive.readonly'
+                    ),
                 }
             )
         }"
@@ -380,6 +389,8 @@ async def _create_authorisation_code(
             resource=pending.params.resource,
             supabase_access_token=supa_tokens.access_token,
             supabase_refresh_token=supa_tokens.refresh_token,
+            google_access_token=supa_tokens.provider_token,
+            google_refresh_token=supa_tokens.provider_refresh_token,
         )
         await self._redis.setex(
             name=build_key("authcode", code),
@@ -425,16 +436,27 @@ async def _issue_token_response(
         client_id: str,
         scopes: list[str],
         supabase_refresh_token: str,
+        google_access_token: str = "",
+        google_refresh_token: str = "",
     ) -> OAuthToken:
         jwt_claims = self._UNSAFE_decode_server_jwt(access_token)
         expires_in = max(0, jwt_claims.get("exp", 0) - int(time.time()))
 
+        # Store Google tokens in Redis for Sheets tools
+        if google_access_token:
+            from everyrow_mcp.sheets_client import store_google_token  # noqa: PLC0415
+
+            await store_google_token(
+                "current", google_access_token, google_refresh_token or None
+            )
+
         rt_str = secrets.token_urlsafe(32)
         rt = EveryRowRefreshToken(
             token=rt_str,
             client_id=client_id,
             scopes=scopes,
             supabase_refresh_token=supabase_refresh_token,
+            google_refresh_token=google_refresh_token,
         )
         await self._redis.setex(
             name=build_key("refresh", rt_str),
@@ -459,6 +481,8 @@ async def exchange_authorization_code(
             client_id=client.client_id,
             scopes=authorization_code.scopes,
             supabase_refresh_token=authorization_code.supabase_refresh_token,
+            google_access_token=authorization_code.google_access_token,
+            google_refresh_token=authorization_code.google_refresh_token,
         )
 
     async def load_access_token(self, token: str) -> AccessToken | None:  # noqa: ARG002
@@ -488,11 +512,16 @@ async def exchange_refresh_token(
         supa_tokens = await self._refresh_supabase_token(
             refresh_token.supabase_refresh_token
         )
+        google_refresh = (
+            supa_tokens.provider_refresh_token or refresh_token.google_refresh_token
+        )
         return await self._issue_token_response(
             access_token=supa_tokens.access_token,
             client_id=client.client_id,
             scopes=final_scopes,
             supabase_refresh_token=supa_tokens.refresh_token,
+            google_access_token=supa_tokens.provider_token,
+            google_refresh_token=google_refresh,
         )
 
     async def revoke_token(self, token: AccessToken | EveryRowRefreshToken) -> None:
@@ -522,6 +551,8 @@ async def _supabase_token_request(
         return SupabaseTokenResponse(
             access_token=data["access_token"],
             refresh_token=data["refresh_token"],
+            provider_token=data.get("provider_token", ""),
+            provider_refresh_token=data.get("provider_refresh_token", ""),
         )
 
     async def _exchange_supabase_code(

everyrow-mcp/src/everyrow_mcp/config.py

@@ -62,6 +62,11 @@ class Settings(BaseSettings):
         description="Refresh token TTL in seconds (7 days)",
     )
     everyrow_api_key: str | None = None
+    google_sheets_credentials_json: str | None = Field(
+        default=None,
+        description="Path to a Google service account JSON file or inline JSON. "
+        "Required for Google Sheets tools in stdio mode.",
+    )
 
     @property
     def is_http(self) -> bool:

everyrow-mcp/src/everyrow_mcp/models.py

@@ -388,6 +388,12 @@ class StdioResultsInput(BaseModel):
         ...,
         description="Full absolute path to the output CSV file (must end in .csv).",
     )
+    output_spreadsheet_title: str | None = Field(
+        default=None,
+        description="Create a new Google Sheet with this title and write the full "
+        "results there. Returns the spreadsheet URL. Fails if a sheet with "
+        "this exact title already exists — pick a unique name.",
+    )
 
     @field_validator("output_path")
     @classmethod
@@ -408,6 +414,12 @@ class HttpResultsInput(BaseModel):
         description="Full absolute path to the output CSV file (must end in .csv). "
         "Optional — results are returned as a paginated preview by default.",
     )
+    output_spreadsheet_title: str | None = Field(
+        default=None,
+        description="Create a new Google Sheet with this title and write the full "
+        "results there. Returns the spreadsheet URL. Fails if a sheet with "
+        "this exact title already exists — pick a unique name.",
+    )
     offset: int = Field(
         default=0,
         description="Row offset for pagination. Default 0 returns the first page.",

everyrow-mcp/src/everyrow_mcp/server.py

@@ -8,6 +8,7 @@
 
 from pydantic import BaseModel
 
+import everyrow_mcp.sheets_tools
 import everyrow_mcp.tools  # noqa: F401  — registers @mcp.tool() decorators
 from everyrow_mcp.app import mcp
 from everyrow_mcp.config import settings