Skip to content

feat: Apps Script fallback for local image insertion in enterprise environments#62

Merged
a-bonus merged 1 commit intoa-bonus:mainfrom
Moling2019:feat/apps-script-image-insertion
Feb 22, 2026
Merged

feat: Apps Script fallback for local image insertion in enterprise environments#62
a-bonus merged 1 commit intoa-bonus:mainfrom
Moling2019:feat/apps-script-image-insertion

Conversation

@Moling2019
Copy link
Copy Markdown
Contributor

@Moling2019 Moling2019 commented Feb 22, 2026

Summary

Enterprise Google Workspace environments often block public file sharing (drive.permissions.create({ type: 'anyone' })), which causes insertImage with localImagePath to fail with "insufficient permissions".

This PR adds an opt-in Apps Script-based fallback that inserts images directly from Drive blobs via DocumentApp, bypassing the public sharing requirement entirely.

How it works

  1. Upload image to Drive (no public sharing)
  2. Insert a [mcp-img-FILEID] marker at the target position via the Docs API
  3. Call a deployed Apps Script function that finds the marker, fetches the image blob from Drive, and replaces the marker with an inline image

Changes

  • src/auth.ts — Added script.external_request OAuth scope
  • src/clients.ts — Added Script API client (google.script('v1')) and getScriptClient() helper
  • src/googleDocsApiHelpers.ts — Added skipPublicSharing option to uploadImageToDrive(), added insertImageViaAppsScript() helper
  • src/tools/docs/insertImage.ts — Uses Apps Script path when APPS_SCRIPT_DEPLOYMENT_ID env var is set; falls back to existing behavior otherwise
  • apps_script/mcp_image_inserter.gs — Ready-to-deploy Apps Script function

Backward compatibility

Fully backward compatible. The Apps Script path only activates when APPS_SCRIPT_DEPLOYMENT_ID is set as an environment variable. Without it, behavior is identical to before.

Setup (for users who need this)

  1. Create an Apps Script project linked to the same Google Cloud project as the OAuth client
  2. Paste the contents of apps_script/mcp_image_inserter.gs
  3. Deploy as API Executable
  4. Set APPS_SCRIPT_DEPLOYMENT_ID env var to the deployment ID

Test plan

  • Tested with corporate Google Workspace that blocks public sharing
  • Local PNG image successfully inserted via Apps Script path
  • URL-based image insertion still works unchanged
  • Server builds cleanly (npm run build)
  • Without APPS_SCRIPT_DEPLOYMENT_ID, existing behavior is unchanged

Made with Cursor

@Moling2019 @cursoragent
feat: add Apps Script fallback for local image insertion in enterpris…
991c9d0 
…e environments

The current insertImage tool requires making uploaded files publicly
readable via drive.permissions.create({ type: 'anyone' }), which is
blocked by many enterprise Google Workspace security policies.

This adds an opt-in Apps Script-based path that bypasses the public
sharing requirement by using DocumentApp to insert images directly
from Drive blobs. The feature is gated behind APPS_SCRIPT_DEPLOYMENT_ID
env var — without it, behavior is completely unchanged.

Changes:
- Add script.external_request OAuth scope
- Add Script API client (google.script v1)
- Refactor uploadImageToDrive() to support skipPublicSharing mode
- Add insertImageViaAppsScript() helper using marker-based insertion
- Modify insertImage tool to use Apps Script path when configured
- Include ready-to-deploy Apps Script in apps_script/

Co-authored-by: Cursor <cursoragent@cursor.com>
@a-bonus a-bonus merged commit c8fd635 into a-bonus:main Feb 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Moling2019 @a-bonus