feat(analytics): initialize Google Analytics MCP server#392
Open
yuriassuncx wants to merge 10 commits into
Open
feat(analytics): initialize Google Analytics MCP server#392yuriassuncx wants to merge 10 commits into
yuriassuncx wants to merge 10 commits into
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
…ation - Replace error: any + .message with instanceof Error guard in all 5 catch blocks (accounts, properties x2, reports x2) - Make metrics required (.min(1)) in runReport and runRealtimeReport schemas Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
yuriassuncx
force-pushed
the
feat/ga4-analytics-mcp
branch
from
feeff43 to
f7838ef
Compare
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The @google-analytics/data and @google-analytics/admin SDKs use google-gax with an internal google-auth-library version that is incompatible with the top-level dependency, causing TS2322 errors on the authClient constructor option. Replace with a plain fetch client (Bearer token via Authorization header) following the same pattern as google-search-console MCP. This removes the OAuth2Client / AnyAuthClient type mismatch entirely. Changes: - ga-client.ts: rewrite as a fetch-based client with GA4 Data API and Admin API methods (no gRPC, no google-auth-library) - accounts/properties/reports/ads tools: update call sites to use the new flat client API (no tuple destructuring) - package.json: remove @google-analytics/admin, @google-analytics/data, google-auth-library; bump @decocms/runtime to 1.3.1 (matches root) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…l GA MCP
Security:
- Add normalizeProperty() with strict /^properties\/\d+$/ validation; prevents
path traversal via ../ in URL segments (fetch normalizes dot-segments per RFC 3986)
- Fix header spread order — Authorization is now last, cannot be overridden by callers
Correctness:
- Fix listAccountSummaries: GA4 defaults to pageSize=50; now loops all pages (max 200)
- Add 204 guard in request() before res.json() to prevent SyntaxError on empty bodies
- Fix limit type: z.number() → z.number().int().positive() (GA4 requires integer)
- Run listCustomDimensions + listCustomMetrics in parallel via Promise.all
Parity with official google-analytics-mcp:
- Add dimensionFilter, metricFilter, orderBys, offset, currencyCode, returnPropertyQuota
to run-report and run-realtime-report
- Add list-property-annotations tool (GET /{property}/propertyAnnotations)
- Property IDs now accept bare numeric strings ("1234567") — auto-normalized to
"properties/1234567" at the client layer
Tooling:
- Add "types": ["bun-types"] to tsconfig.json so IDE resolves Response/fetch globals
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…h official GA MCP - Fix listPropertyAnnotations: was calling non-existent v1beta endpoint; switched to v1alpha + correct resource name (reportingDataAnnotations) - Add pagination to listCustomDimensions, listCustomMetrics, listGoogleAdsLinks via shared listAllPages helper (was silently truncating at 50 results) - Refactor listAccountSummaries to use the same listAllPages helper - Add MAX_PAGES=50 guard to all pagination loops to prevent infinite loops on repeated nextPageToken (GA4 quota events) - Sanitize GA4 API error responses: surface only error.code + error.message, not the full response body which may contain OAuth scope details - Fix token guard in env.ts: strip + trim before the empty-string check so "Bearer " (with no token) is caught as unauthenticated - Remove dead gaPropertyId field from Env (was never read by any tool) - Add run-funnel-report tool: covers the one gap vs official google/analytics-mcp - Fix FunnelStepSchema: typed z.object with required name + filterExpression instead of open z.record (gives LLM actionable field-level guidance) - Update instructions.ts: document funnel report tool and usage tips - Fix app.json icon: replace broken developers.google.com favicon with gstatic.com Analytics SVG (confirmed 200 + CORS-safe) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… reports Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace sites-*.decocache.com → sites-*.deco.site across all app.json files so OAuth redirect URIs and MCP connection endpoints resolve correctly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…deco.site" This reverts commit 0afd03a.
…to deco.site Update connection URLs for all Google-family MCPs to use the new deco.site domain. OAuth redirect URIs (e.g. https://sites-google-analytics.deco.site/oauth/callback) have already been registered in Google Cloud Console. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new official Google Analytics (GA4) MCP integration under the
google-analyticsdirectory. It provides a complete implementation including configuration, authentication, server setup, and a suite of tools for interacting with Google Analytics 4 data and properties. The integration is ready for deployment and includes documentation and template files to help with customization and extension.The most important changes are grouped as follows:
1. New MCP Integration: Core Implementation
google-analyticsMCP package with its ownpackage.json,.gitignore, andREADME.md, establishing the project structure and dependencies. [1] [2] [3]server/main.tsto configure the runtime, set up OAuth for Google Analytics, and register all tools for the MCP.2. Google Analytics Tools and Functionality
run-report,run-realtime-report,get-account-summaries,get-property-details,get-custom-dimensions-and-metrics, andlist-google-ads-links, each implemented in their respective files underserver/tools/. These tools leverage the Google Analytics Data and Admin APIs and are registered intools/index.ts. [1] [2] [3] [4] [5]example-tool.ts.exampleto illustrate how to extend the MCP with custom logic, API calls, database queries, and event publishing.3. Authentication and Environment Handling
server/lib/env.ts) and a client wrapper for the Google Analytics APIs (server/lib/ga-client.ts). [1] [2]4. Configuration and Deployment
app.jsonandapp.json.examplefor MCP metadata, configuration, and deployment customization. [1] [2]deploy.jsonto include the newgoogle-analyticsMCP for deployment on the target platform.5. Documentation and Usage Instructions
README.md, guiding users on configuration, tool implementation, deployment, and testing.server/instructions.tsto guide LLM interactions with the MCP, ensuring correct usage patterns and best practices for querying Analytics data.Summary by cubic
Initialize the GA4 MCP server under
google-analyticswith OAuth and a fetch-based client to remove GA SDKs, simplify auth, and expose tools for reports (including funnels), realtime, accounts, property metadata, Ads links, and annotations. Also migrated Google MCP connection URLs from decocache.com to deco.site for stable endpoints and OAuth redirects.New Features
google-analyticsMCP server with Google OAuth2 (read-only) and runtime setup.deploy.jsonentry.Bug Fixes
google-auth-librarytype conflicts.normalizeProperty(accepts numeric IDs), sanitized GA errors, Authorization header precedence, 204 response guard, improved token parsing, required metrics in report schemas, and integer limits.deco.sitefor correct OAuth redirects and stable connections.Written for commit 5b5f232. Summary will update on new commits.