Skip to main content
Version: Latest

Google Docs

Proxy for the Google Docs v1 REST API — which is the entire API surface: create_document, get_document, and batch_update. Dual auth by design, like drive and calendar:

  • idp_passthrough mode for human users who want an agent to read or edit documents they own. Each request carries the caller's own OAuth grant.
  • google_sa mode (Workspace service account with domain-wide delegation) for headless workflows that read or write shared documents on a fixed identity's behalf.

Overview

Typical uses:

  • An agent reads a doc's structured content and summarizes it (get_document).
  • A drafting workflow creates a doc and inserts/templates text into it (create_document, then batch_update with insertText / replaceAllText).

Two upstream-shape notes specific to Docs:

  • No list endpoint. The Docs API can't enumerate documents; discover document IDs via the Google Drive connector (filter on mimeType = 'application/vnd.google-apps.document'), then operate on the ID here.
  • Everything mutating is batch_update. All content edits and deletes (insertText, replaceAllText, deleteContentRange, table ops) are request objects on batch_update; deleting an entire document file is the Drive connector's job.

Default policy

The connector ships policy/docs.rego (package pbac.connectors.identos.google_docs). It enforces:

1. IdP-routing subject obligation

subject_obligations contains obl if {
input.resource.type == "urn:connector:identos:google-docs"
input.connector.upstream_auth.type == "idp_passthrough"
input.subject.idp_provider != "google"
obl := { "type": "require_authn_at", "idp": "google", ... }
}

Same pattern as google-drive/gmail — a caller from a non-Google session gets a step-up obligation before any passthrough Docs call succeeds.

2. blocked_document_ids deny (read + write)

A "nuclear" deny: the document is off-limits to this connector entirely, reads and writes both blocked. Use it for a sensitive document the service account can reach but that shouldn't be exposed to LLM-driven workflows.

3. read_only_document_ids deny (write only)

Listed documents allow GET but deny batch_update. Reads still work — useful for agents that should surface but not edit a shared doc.

Supplying operator data

curl -X PUT http://localhost:8080/admin/policy/data/pbac/operator/connectors/identos.google-docs \
-H "X-Admin-API-Key: $PBAC_ADMIN_API_KEY" \
-d '{
"blocked_document_ids": ["1AbcSensitiveDocId"],
"read_only_document_ids": ["1XyzSharedDocId"]
}'

Scope model

ScopeUsed for
PBAC scopes (internal)docs:read, docs:writeRoute authorization
Upstream OAuth scopesdocumentsGoogle-side grant the user consents to (idp_passthrough mode); the service-account flow uses the same scope on the SA

See Google Workspace: multi-connector setup for how docs' scopes compose with drive, gmail, and calendar on a single Google IdP.

Manifest reference

  • ID: identos.google-docs
  • Version: 1.0.0
  • Resource type: urn:connector:identos:google-docs

Supported auth modes

TypeDetails
idp_passthroughrequires IdP google
google_sasetup fields: sa_key_env, domain

Setup fields

IDLabelDefaultSecret?Notes
base_urlAPI base URLhttps://docs.googleapis.comno
upstream_auth.typeAuthenticationidp_passthroughnoidp_passthrough forwards each user's own Google OAuth token (recommended). google_sa uses a Workspace service account with domain-wide delegation impersonating a fixed user.
sa_key_envService account keyyesPick a secret containing the service-account JSON. Required only for the google_sa auth mode. / shown when upstream_auth.type == 'google_sa'
domainWorkspace domainnoplaceholder: example.com / Required only for the google_sa auth mode. / shown when upstream_auth.type == 'google_sa'

Scopes

Scope
docs:read
docs:write

Routes

MethodPatternScopeResource template
POST/v1/documentsdocs:write
GET/v1/documents/{document_id}docs:readdocs://{{document_id}}
POST/v1/documents/{document_id}:batchUpdatedocs:writedocs://{{document_id}}

MCP tools

NameScopeDescription
create_documentdocs:writeCreate a new, empty document. Pass {"title": "..."}. Add content afterward with batch_update.
get_documentdocs:readGet a document's full structured content (body, styles, lists, etc.).
batch_updatedocs:writeApply one or more content edits (insertText, replaceAllText, deleteContentRange, table ops, styling, …) via Docs Request objects. This is also how you DELETE content.

Operator data schema

Keys the operator can supply under data.pbac.operator.connectors["identos.google-docs"].* — consumed by the connector's policy.

KeyTypeDescription
blocked_document_idsarrayDocument IDs that are off-limits to this connector — reads and writes both denied.
read_only_document_idsarrayDocument IDs where batch_update is denied regardless of the caller's scope. Reads still work.