Google Docs MCP Server: Secure AI Agent Access to Google Docs
Connect Claude, ChatGPT, and Cursor to Google Docs through PortEden's remote MCP server. OAuth, per-document controls, and a data firewall that controls every read and edit.
Free tier · No credit card required
What is the Google Docs MCP server?
The Google Docs MCP server lets AI agents read, edit, and search documents through the Model Context Protocol. Connect a client like Claude, ChatGPT, or Cursor to one remote endpoint at https://mcp.porteden.com/google-docs and the agent works with your Docs directly, with no copy and paste.
PortEden's server exposes tools to search, read, edit, rename, and delete Google Docs. What makes it different from a generic Google Docs MCP is the data firewall in front of those tools: PortEden inspects every tool-call request, applies your access policy, and redacts sensitive content in the response before the agent ever sees it.
The result is secure Google Docs access for AI agents. You decide whether a client can only read or can also edit, scope it to specific documents, redact sensitive passages, and review every call in an audit log. OAuth handles authentication, so there is no static key to leak.
Google Docs MCP tools
Every tool can be allowed or denied per client. Access levels are enforced at the firewall on each call.
These are the 5 tools documented today. PortEden's live Google Docs server is expanding, and newer tools will appear here as they are documented.
| Tool | Access | What it does |
|---|---|---|
google_docs_search | read | Search Google Docs across connected drives. |
google_docs_read | read | Read a Doc's content as plain text or structured paragraphs. |
google_docs_edit | write | Edit a Doc with insert, append, and replace operations. |
google_docs_rename | write | Rename a Doc. |
google_docs_delete | delete | Send a Doc to trash. |
Connect Google Docs to Claude, ChatGPT, Cursor, and more
Point any MCP-compatible client at the remote URL and sign in to PortEden once with OAuth.
# Claude Web or Desktop, then Settings, Connectors, Add custom connectorhttps://mcp.porteden.com/google-docs # Authenticate to PortEden once with OAuth. Claude can now call the# Google Docs tools under the access policy you set.Available on Claude Pro, Team, and Enterprise. The same flow works for Claude Cowork.
The security-first Google Docs MCP
PortEden is the data firewall for AI.
Granular access control
Decide exactly what each AI client can do with your documents. Keep an agent read-only, allow edits but never deletes, or scope a connection to specific documents, so an agent only touches what policy allows.
- Read-only by default: deny google_docs_edit, google_docs_rename, and google_docs_delete for a research agent.
- Edit but never delete: allow google_docs_edit while denying google_docs_delete.
- Per-document scope: limit a client to a named set of Docs and block the rest.
Data redaction
PortEden runs a redaction pass on every tool response before it leaves the firewall. Sensitive passages are replaced with stable placeholders, so the agent can summarize or rewrite a document without the raw content entering the model's context.
- Strip PII, PAN (card numbers), and secrets from document text before the agent sees them.
- Mask names and contact details in a contract while keeping the structure readable.
- Round-trip edits are de-redacted server-side, so an edit aimed at a placeholder lands on the right text.
Audit trail
Every Google Docs tool call is recorded: which client, which user, which tool, the arguments passed, the policy decision, and the redacted response. Export it or stream it to your SIEM for review.
- See exactly which documents an agent read and which it edited, with timestamps.
- Reconstruct any tool call: the request, the rule that fired, and the response returned.
- Stream to Splunk, Datadog, or S3 for retention and review.
RBAC and policy groups
Bind each MCP connection to a user or role with a scoped, revocable token. Group policies by team so a new hire inherits the right document access on day one, and revocation is instant and server-side.
- Issue per-user tokens scoped to the verbs and documents that role needs.
- Apply one policy group across a team instead of editing rules client by client.
- Revoke a token server-side the moment a contract ends, with no Google account round-trip.
Set up the secure Google Docs MCP in minutes
Add the connector
In your AI client, add a custom connector or HTTP MCP server pointing at https://mcp.porteden.com/google-docs.
Authenticate with OAuth
Sign in to PortEden once and connect your Google account. The client never holds your Google refresh token.
Set your Docs policy
Choose read-only or read-write, scope to specific documents, and turn on redaction for sensitive passages.
Verify in the audit log
Run a prompt, then watch the tool calls land in your PortEden audit log with the rule that fired on each one.
Google Docs MCP FAQ
What is the Google Docs MCP server?
How do I connect Claude to Google Docs using MCP?
Is the Google Docs MCP server secure?
Can I give an AI agent read-only access to Google Docs?
Does redaction stop the agent from editing a document?
What Google Docs tools does the MCP server expose?
Which AI clients work with the Google Docs MCP server?
Does it cost anything to use the Google Docs MCP server?
Keep Exploring
Connect Google Docs to AI, without leaking the underlying data.
Five-minute setup over OAuth. The free tier covers 1,000 tool calls per month.