RFC: Feature Configuration Service — Read/Write Scope-Based Feature Toggles

[allenhutchison]

Summary

We need a configuration mechanism to let users control which services and scopes the extension requests. This solves two problems:

1. Contributor PRs that need new scopes — PRs like feat(tasks): add support for Google Tasks #106 (Google Tasks), fix(slides): enable reliable Slides tool usage and write operations #237/feat(slides): add write tools for Google Slides #235 (Slides write), and Feat sheets insert text  #233 (Sheets write) add features requiring scopes that aren't enabled in the published GCP project. Contributors should be able to develop and test these features with their own GCP projects, while the features remain opt-in for other users.

2. Users want scope control — Issue Gemini CLI Workspace Extension wants additional access to your Google Account #86: users who only need a few services don't want to auth for all scopes. Issue Feature Request: Add Support for Customizable OAuth Scopes to Prevent Unintended Email Operations #111: users want to restrict Gmail to read-only to prevent accidental sends.

Proposed Design: Read/Write Feature Groups

Each service is split into read and write groups. Read groups have no side effects and use readonly scopes. Write groups perform mutations and require elevated scopes.

Service	Group	Scopes	Default
docs	read	documents	✅ ON
docs	write	documents, drive	✅ ON
drive	read	drive.readonly	✅ ON
drive	write	drive	✅ ON
calendar	read	calendar.readonly	✅ ON
calendar	write	calendar	✅ ON
chat	read	chat.spaces.readonly, chat.messages.readonly, chat.memberships.readonly	✅ ON
chat	write	chat.spaces, chat.messages, chat.memberships	✅ ON
gmail	read	gmail.readonly	✅ ON
gmail	write	gmail.modify	✅ ON
people	read	userinfo.profile, directory.readonly	✅ ON
slides	read	presentations.readonly	✅ ON
slides	write	presentations	❌ OFF
sheets	read	spreadsheets.readonly	✅ ON
sheets	write	spreadsheets	❌ OFF
time	read	(none)	✅ ON
tasks	read	tasks.readonly	❌ OFF
tasks	write	tasks	❌ OFF

Key points:

• Services whose write scopes aren't in the published GCP project (Slides write, Sheets write, Tasks) default to OFF
• Disabling a write group keeps the read tools available
• Auth tools (auth.clear, auth.refreshToken) are always registered

Configuration via Environment Variables

# Disable specific feature groups (even if default ON)
WORKSPACE_DISABLED_FEATURES=gmail.write,chat.write

# Enable experimental feature groups (default OFF)
WORKSPACE_ENABLED_FEATURES=slides.write,tasks.read,tasks.write

Rules:

1. WORKSPACE_DISABLED_FEATURES takes precedence — disables even default-ON features
2. WORKSPACE_ENABLED_FEATURES enables default-OFF features
3. Disabling a feature group removes both its tools and its OAuth scopes
4. Re-enabling a previously disabled feature may require re-auth for the new scope

Impact on Contributors

Contributors adding new services would:

1. Define read and write feature group entries in the feature config registry
2. Set their default state (ON for scopes in the published project, OFF otherwise)
3. Gate their tool registrations on the feature config

This lets contributors develop and merge new features without being blocked by the published GCP project's scope configuration.

Questions for the Community

1. Is the read/write split the right granularity? Or would you prefer per-tool toggles?
2. Are environment variables sufficient for configuration, or would you also want a config file?
3. Are there other services or scopes you'd like to see supported?

Related Issues & PRs

• Gemini CLI Workspace Extension wants additional access to your Google Account #86 — Extension requests access to more services than needed
• Feature Request: Add Support for Customizable OAuth Scopes to Prevent Unintended Email Operations #111 — Customizable OAuth scopes for Gmail
• feat(tasks): add support for Google Tasks #106 — Google Tasks support (new scope)
• Feat sheets insert text  #233 — Sheets write support (scope upgrade)
• feat(slides): add write tools for Google Slides #235 — Slides write tools (scope upgrade)
• fix(slides): enable reliable Slides tool usage and write operations #237 — Slides write operations fix (scope upgrade)

[Jefftree]

one feedback: Why not unify into one list since things are already defaulted? WORKSPACE_FEATURE_OVERRIDES="gmail.write:off,slides.write:on".
The read/write split seems sensible.

[raybell-md]

LGTM.

Is the read/write split the right granularity? Or would you prefer per-tool toggles?

Read and write make sense. I assume there will be more ❌ OFF with new defaults at the end of this? If read-only scope are defaults it may help myself and others get this extension added to our google auth allow list. (note: it's currently approved for me as I'm in my own OU). However, I would like to use this tool as a power user and give it full permission to google workspace to maximize it's potential. Why else would I use a workspace MCP server :). Then users could add allows tools and disallow tools in Gemini CLI. Worth noting there are other tools (#196 (comment))

Are there other services or scopes you'd like to see supported?

May as well add keep to the list above (#159)

[bdoyle0182]

Enterprise user here, per tool toggles would be required for us to onboard. Specifically on disabling delete tools, but not other types of writes.