Verified Google-managed MCP inventory

Google MCP Provider Warehouse

Aweb treats Google MCP as one governed provider family. The catalog is generated from official Google MCP supported-products documentation and the MCP Warehouse Google provider projections, with runtime access limited to reviewed read-only slices.

Executable runtime34L0/L1 governed read-only slices

Catalog only18Official but not callable yet

Observed catalog-only18Tool names sampled or reference-listed

Official-reference12Workspace tool lists from Google docs

Pending discovery0No reviewed live snapshot yet

Executable tools166No writes or destructive tools

Observed tools707All official entries combined

Official Source Boundary

The official count is not a marketing claim and is not inferred from community MCP projects. Aweb currently verifies 52 entries from Google Cloud MCP supported products.

Open Google source

Runtime Governance

1Prometheus mission

2Maestro plan

3MCP Warehouse capability routing

4Google MCP provider genome

5OS9 / Mission Contract policy gate

6Google-managed MCP invocation

7Receipt and Neon audit event

8Leonardo operator visibility

Maestro never receives direct unrestricted Google MCP access.

Generic invokeCapability fan-out has zero official Google MCP handlers.

Prometheus never calls Google MCP directly.

Aweb Code receives only L0/L1 read-only tools unless a Mission Contract approves more.

L2+ sensitive reads require a Mission Contract.

L4/L5 side-effect, destructive, IAM, billing, and production-deploy tools are disabled by default.

OAuth tokens, service account keys, and secrets are not published in docs or catalog JSON.

Risk Taxonomy

L0Safe metadata/read-only public docssafe metadata

L1Authenticated read-onlyauthenticated read

L2Sensitive readsensitive read

L3Non-destructive write candidatecandidate write

L4External side effectexternal side effect

L5Destructive, privileged, financial, or securitydestructive privileged

Inventory Summary

Groups

google cloud40

google7

google workspace5

Runtime state

registered executable34

catalog only18

Support state

read only candidate35

disabled by policy2

inventory only10

planned5

Governed Runtime Slices

These entries have registered MCP Warehouse genomes and adapters. They expose only reviewed L0/L1 tools; write, deploy, database-row, email-body, IAM, billing, and delete operations remain blocked unless later promoted through Mission Contract policy.

Server	Group	Max risk	Executable tools	Mission contract
Design MCPgoogle.design	Google	L4 External side effect	generate_color_scheme, search_icons, icons_instructions, search_fonts, describe_font	optional public docs context
Developer Knowledge APIgoogle.developer.developer_knowledge	Google	L0 Safe metadata/read-only public docs	search_documents, answer_query, get_documents	optional public docs context
Maps Code Assistgoogle.maps.code_assist	Google	L3 Non-destructive write candidate	retrieve-instructions, retrieve-google-maps-platform-docs	optional public docs context
Maps Grounding Litegoogle.maps.grounding_lite	Google	L2 Sensitive read	search_places, lookup_weather, compute_routes	optional public docs context
Agent Registrygoogle.cloud.agent_registry	Google Cloud	L5 Destructive, privileged, financial, or security	list_agents, search_agents, list_mcp_servers, search_mcp_servers, list_services, get_operation	read only integration scope
AlloyDB for PostgreSQLgoogle.databases.alloydb	Google Cloud	L5 Destructive, privileged, financial, or security	list_clusters, list_instances, get_operation	read only integration scope
Apigee API hubgoogle.apigee.api_hub	Google Cloud	L5 Destructive, privileged, financial, or security	search_resources, get_api, list_apis, get_version, list_versions, get_spec, list_specs, get_api_operation, list_api_operations, get_deployment, list_deployments, get_attribute, list_attributes, get_dependency, list_dependencies	read only integration scope
BigQuerygoogle.cloud.bigquery	Google Cloud	L5 Destructive, privileged, financial, or security	list_dataset_ids, get_dataset_info, list_table_ids, get_table_info	read only integration scope
BigQuery Data Transfer Servicegoogle.cloud.bigquery_data_transfer	Google Cloud	L5 Destructive, privileged, financial, or security	list_data_sources, get_data_source	read only integration scope
Bigtablegoogle.databases.bigtable	Google Cloud	L5 Destructive, privileged, financial, or security	list_instances, get_instance, list_tables, get_table	read only integration scope
Cloud Asset Inventorygoogle.cloud.asset_inventory	Google Cloud	L5 Destructive, privileged, financial, or security	list_assets	read only integration scope
Cloud Logginggoogle.cloud.logging	Google Cloud	L5 Destructive, privileged, financial, or security	list_log_names, list_buckets, get_bucket, list_views, get_view	sensitive read contract
Cloud Monitoringgoogle.cloud.monitoring	Google Cloud	L5 Destructive, privileged, financial, or security	list_metric_descriptors, list_dashboards, get_dashboard, list_alert_policies, get_alert_policy	read only integration scope
Cloud Product Registrygoogle.cloud.product_registry	Google Cloud	L5 Destructive, privileged, financial, or security	list_product_suites, get_product_suite, list_logical_products, get_logical_product, list_logical_product_variants, get_logical_product_variant, lookup_entity_by_name	read only integration scope
Cloud Rungoogle.cloud.run	Google Cloud	L5 Destructive, privileged, financial, or security	list_services, get_service	read only integration scope
Cloud SQLgoogle.databases.cloud_sql	Google Cloud	L5 Destructive, privileged, financial, or security	list_instances, get_operation	read only integration scope
Cloud Storagegoogle.cloud.storage	Google Cloud	L5 Destructive, privileged, financial, or security	list_buckets, list_objects, get_object_metadata	read only integration scope
Compute Enginegoogle.cloud.compute	Google Cloud	L5 Destructive, privileged, financial, or security	list_instances, get_instance_basic_info, list_instance_attached_disks, list_disks, get_disk_basic_info, get_disk_performance_config, list_machine_types, list_accelerator_types, list_images, get_zone_operation	read only integration scope
Database Centergoogle.cloud.database_center	Google Cloud	L5 Destructive, privileged, financial, or security	list_products, list_fleet_inventory, list_fleet_health_issues, list_fleet_issues, list_fleet_resource_groups	read only integration scope
Database Migration Servicegoogle.cloud.database_migration_service	Google Cloud	L5 Destructive, privileged, financial, or security	list_migration_jobs, list_static_ips, get_operation	read only integration scope
Datastreamgoogle.cloud.datastream	Google Cloud	L5 Destructive, privileged, financial, or security	list_streams, list_static_ips, get_operation	read only integration scope
Firestoregoogle.databases.firestore	Google Cloud	L5 Destructive, privileged, financial, or security	list_databases, get_database, list_indexes, get_index	read only integration scope
Gemini Enterprise Agent Platformgoogle.ai.gemini_enterprise_agent_platform	Google Cloud	L5 Destructive, privileged, financial, or security	get_endpoint, list_endpoints, list_models, get_model, get_operation	read only integration scope
GKEgoogle.cloud.gke	Google Cloud	L5 Destructive, privileged, financial, or security	list_clusters, get_cluster, list_operations, get_operation, list_node_pools, get_node_pool	read only integration scope
Knowledge Cataloggoogle.cloud.dataplex_knowledge_catalog	Google Cloud	L5 Destructive, privileged, financial, or security	search_entries, list_data_products, get_data_product, list_data_assets, get_data_asset, lookup_context, lookup_entry, get_operation	read only integration scope
Managed Service for Apache Airflowgoogle.cloud.composer	Google Cloud	L5 Destructive, privileged, financial, or security	list_environments, get_operation	read only integration scope
Managed Service for Apache Kafkagoogle.cloud.managed_kafka	Google Cloud	L5 Destructive, privileged, financial, or security	get_cluster, list_clusters, get_operation, get_topic, list_topics, get_consumer_group, list_consumer_groups, get_connect_cluster, list_connect_clusters, get_connector, list_connectors	read only integration scope
Managed Service for Apache Sparkgoogle.cloud.dataproc	Google Cloud	L5 Destructive, privileged, financial, or security	list_clusters, get_cluster, get_operation	read only integration scope
Memorystoregoogle.databases.memorystore	Google Cloud	L5 Destructive, privileged, financial, or security	list_instances, get_instance, list_clusters, get_cluster, list_backup_collections, get_backup_collection, list_backups, get_backup	read only integration scope
Network Intelligence Centergoogle.cloud.network_intelligence_center	Google Cloud	L5 Destructive, privileged, financial, or security	list_connectivity_tests, get_connectivity_test	read only integration scope
Oracle Database@Google Cloudgoogle.databases.oracle_database	Google Cloud	L5 Destructive, privileged, financial, or security	list_autonomous_databases, list_exadata_infrastructures, list_db_servers, list_cloud_vm_clusters, list_exascale_db_storage_vaults, list_exadb_vm_clusters, list_db_systems, list_odb_networks, list_odb_subnets, get_operation	read only integration scope
Pub/Subgoogle.cloud.pubsub	Google Cloud	L5 Destructive, privileged, financial, or security	list_topics, get_topic, list_subscriptions, get_subscription, list_snapshots, get_snapshot	read only integration scope
Resource Managergoogle.cloud.resource_manager	Google Cloud	L5 Destructive, privileged, financial, or security	search_projects	read only integration scope
Spannergoogle.databases.spanner	Google Cloud	L5 Destructive, privileged, financial, or security	list_instances, get_instance, list_configs, get_config, list_databases, get_database_ddl, get_operation	read only integration scope

Catalog-Only Official Entries

These servers are official Google-managed MCP entries but are not callable in Aweb yet. Tool names may be visible where safe discovery sampled them; full schema capture, risk mapping, fixtures, and policy tests are required before runtime registration.

Server	Group	Status	Observed tools	Support state
Android Management APIgoogle.android.management	Google	official supported-products row, no explicit lifecycle badge	9	Disabled by policy
Google Pay and Walletgoogle.payments_wallet.pay_wallet	Google	Preview	10	Disabled by policy
Stitchgoogle.stitch	Google	Beta	14	Inventory only
Agent Searchgoogle.ai.agent_search	Google Cloud	official supported-products row, no explicit lifecycle badge	2	Inventory only
App Lifecycle Managergoogle.cloud.app_lifecycle_manager	Google Cloud	Preview	40	Read-only candidate
BigQuery Migration Servicegoogle.cloud.bigquery_migration	Google Cloud	official supported-products row, no explicit lifecycle badge	5	Inventory only
Cloud Tracegoogle.cloud.trace	Google Cloud	official supported-products row, no explicit lifecycle badge	2	Inventory only
Customer Experience Agent Studiogoogle.cloud.customer_experience_agent_studio	Google Cloud	official supported-products row, no explicit lifecycle badge	60	Inventory only
Database Insightsgoogle.cloud.database_insights	Google Cloud	official supported-products row, no explicit lifecycle badge	2	Inventory only
Error Reportinggoogle.cloud.error_reporting	Google Cloud	official supported-products row, no explicit lifecycle badge	1	Inventory only
Filestoregoogle.cloud.filestore	Google Cloud	official supported-products row, no explicit lifecycle badge	8	Inventory only
Gemini Cloud Assistgoogle.ai.gemini_cloud_assist	Google Cloud	Preview	5	Inventory only
Google Security Operationsgoogle.cloud.security_operations	Google Cloud	official supported-products row, no explicit lifecycle badge	68	Inventory only
Calendargoogle.workspace.calendar	Google Workspace	Developer Preview	8	Planned
Chatgoogle.workspace.chat	Google Workspace	Developer Preview	4	Planned
Drivegoogle.workspace.drive	Google Workspace	Developer Preview	8	Planned
Gmailgoogle.workspace.gmail	Google Workspace	Developer Preview	12	Planned
People APIgoogle.workspace.people	Google Workspace	Developer Preview	3	Planned

Workspace OAuth Boundary

Gmail, Drive, Calendar, Chat, and People are official Workspace MCP servers, but Aweb keeps them catalog-only until OS9-bound user OAuth subject binding, revocation, credential-boundary receipts, adapters, schema fixtures, and sanitizer tests are in place.

Runtime

Statusrequired not implemented

Evidence lanesevidence lanes ready runtime blocked

Runtime-enabled Workspace providers0

Runtime promotion allowedNo

Tool classes

L1 metadata candidates5

L2+ blocked tools30

Official setup

Workspace MCP providers5

Open Workspace MCP configuration

Subject binding

Runtime enabledNo

Revocation receiptsRequired

Runtime-review readinessRequired

Prior revoked bindingRequired

Submitted booleans trustedNo

Implemented evidence lanes6

Disabled runtime lanes7

Server	Planning-only L1 candidates
Drivegoogle.workspace.drive	get_file_metadata, list_recent_files, search_files
Gmailgoogle.workspace.gmail	list_labels
Calendargoogle.workspace.calendar	list_calendars
Chatgoogle.workspace.chat	None yet
People APIgoogle.workspace.people	None yet

All Official Google MCP Servers

Explicit Non-Official Findings

Cloud Build

Not present in the verified Google-managed MCP supported-products list; do not expose as an official Google MCP server until Google lists it.

Artifact Registry

Not present in the verified Google-managed MCP supported-products list; do not expose as an official Google MCP server until Google lists it.

Aweb Gmail REST adapter

The local `gmail` provider is not the Google-managed Gmail MCP endpoint. The official Gmail MCP entry is `google.workspace.gmail` and remains catalog-only until user OAuth and Mission Contract controls are complete.

Aweb Drive REST adapter

The local `google_drive` provider is not the Google-managed Drive MCP endpoint. The official Drive MCP entry is `google.workspace.drive` and remains catalog-only until user OAuth and Mission Contract controls are complete.

Aweb GCP Inventory wrapper

The local `gcp_inventory` provider is a Warehouse-native Google Cloud inventory wrapper, not a Google-managed remote MCP server and not part of the 51-entry official Google MCP count.

Request Access

Google MCP access starts as an OS9 access request, not an OAuth launch. Operators choose the required risk tier, review scopes or IAM roles, bind the request to a Mission Contract, and only then issue eligible approvals for runtime use. Side-effect approvals are source-run-bound from a live blocked Maestro run, and destructive Google MCP approvals are not issued by the standard OS9 route. The access-plan API prepares the approval shape without issuing authority or executing Google tools.

Select Google MCP family and provider scope.Choose read-only, sensitive read, candidate write, or side-effect tier.Review Google APIs, OAuth scopes, or IAM roles.Create exact OS9 evidence; use run-bound approval only for side effects.

OS9 API docs Access-plan API Approval API

Catalog Integration

The same projection is available at /api/v2/integrations/google-mcp and is also embedded in /api/v2/integrations/catalog under googleMcp. Access requests are planned at /api/v2/integrations/google-mcp/access-request before any OS9 approval token, OAuth credential, or Google MCP runtime is used. General provider cards route Google MCP entries here so the public catalog cannot imply unrestricted Gmail, Drive, Cloud, database, IAM, billing, or deploy access.

MCP docs Provider Warehouse Google MCP JSON Catalog JSON