Google Drive

Setup

1. Google Cloud OAuth client

Scopes:

• https://www.googleapis.com/auth/drive.file — files created by the app
• https://www.googleapis.com/auth/drive.readonly — read any file the user shares
• https://www.googleapis.com/auth/drive — full access (only if needed)

Redirect: https://tappass.example.com/providers/gdrive/callback

2. Configure TapPass

Reuses the same GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET as Gmail.

3. Authorise

tappass provider connect gdrive --agent research-bot

Operations

Operation	Op group	Description
list	read	List files / folders (with query)
get_metadata	read	File metadata
download	read	Download file bytes
create	write	Upload a new file
delete	write	Delete (GDPR erasure support)

Usage

# List files
files = agent.call_provider(
    provider="gdrive",
    operation="list",
    params={"q": "mimeType='application/pdf' and trashed=false"},
)

# Download
content = agent.call_provider(
    provider="gdrive",
    operation="download",
    params={"file_id": "1a2b3c..."},
)

# Create
agent.call_provider(
    provider="gdrive",
    operation="create",
    params={
        "name": "Q4-summary.md",
        "mime_type": "text/markdown",
        "content": "# Q4 Summary\n...",
        "parents": ["root"],
    },
)

PII handling for ingestion

When agents download files, the content is scanned for PII before being returned to the agent. Configure what happens to detections:

detection:
  inbound:
    - provider: gdrive
      action: redact  # strips detected PII from the returned bytes
      categories: [pii.email, pii.phone, pii.financial, pii.id]

GDPR erasure

The delete operation is wired to a standard erasure workflow — audit records, download caches, and any chunks in the RAG pipeline that referenced the file are marked for deletion.