Chrome Enterprise Premium MCP Server

Name: chrome-enterprise-premium-mcp
Author: google

A Model Context Protocol (MCP) server for
Chrome Enterprise Premium
(CEP). CEP extends Chrome's built-in security with Data Loss Prevention (DLP),
real-time threat protection (phishing and malware scanning), and Context-Aware
Access controls. This server exposes CEP's DLP rules, content detectors,
connector policies, browser telemetry, and license management as MCP tools —
letting any MCP-compatible AI agent inspect and configure a Chrome Enterprise
environment.

Important security consideration: Indirect Prompt Injection Risk

When exposing any language model to untrusted data, there's a risk of an
indirect prompt injection attack.
Agentic tools like Gemini CLI, connected to MCP servers, have access to a wide
array of tools and APIs.

This MCP server grants the agent the ability to read, modify, and delete your
Google Account data, as well as other data shared with you.

Never connect this server to untrusted tools.
Never feed untrusted content into the model context, including mail,
documents, or other resources from unverified sources.
Attackers can hide instructions inside untrusted content and use a
hijacked CLI session to modify, steal, or destroy your data.
Always review the actions Gemini CLI takes on your behalf and confirm
they match what you asked for.

Quick start

git clone https://github.com/google/chrome-enterprise-premium-mcp.git
cd chrome-enterprise-premium-mcp
npm install

1. Authenticate with Google Cloud

Install the Google Cloud CLI if you
don't have it, then create
Application Default Credentials
(ADC) with the scopes needed by each API:

gcloud auth application-default login \
--scopes=openid,\
https://www.googleapis.com/auth/userinfo.email,\
https://www.googleapis.com/auth/chrome.management.policy,\
https://www.googleapis.com/auth/chrome.management.reports.readonly,\
https://www.googleapis.com/auth/chrome.management.profiles.readonly,\
https://www.googleapis.com/auth/admin.reports.audit.readonly,\
https://www.googleapis.com/auth/admin.directory.orgunit.readonly,\
https://www.googleapis.com/auth/admin.directory.customer.readonly,\
https://www.googleapis.com/auth/apps.licensing,\
https://www.googleapis.com/auth/cloud-identity.policies,\
https://www.googleapis.com/auth/service.management,\
https://www.googleapis.com/auth/service.management.readonly,\
https://www.googleapis.com/auth/cloud-platform

These scopes map to the underlying APIs:

Scope	API	Used for
`openid`, `userinfo.email`	OpenID Connect	Identifies the principal in startup banner output
`chrome.management.policy`	Chrome Policy	Reading and writing connector policies, extension install policies
`chrome.management.reports.readonly`	Chrome Management	Browser version counts
`chrome.management.profiles.readonly`	Chrome Management	Listing managed browser profiles
`admin.reports.audit.readonly`	Admin SDK Reports	Chrome activity logs
`admin.directory.orgunit.readonly`	Admin SDK Directory	Organizational unit hierarchy
`admin.directory.customer.readonly`	Admin SDK Directory	Customer ID resolution
`apps.licensing`	Enterprise License Manager	CEP subscription and per-user license checks
`cloud-identity.policies`	Cloud Identity	DLP rules and content detectors (CRUD)
`service.management`, `service.management.readonly`, `cloud-platform`	Service Usage	Checking and enabling required APIs

Then set a quota project (identifies which GCP project's API enablement and
quotas to use):

gcloud auth application-default set-quota-project YOUR_PROJECT_ID

Scopes must be provided at login time. You cannot add scopes to
existing ADC credentials. If you get "insufficient scopes" errors,
delete ~/.config/gcloud/application_default_credentials.json and re-run
the gcloud auth application-default login command from the previous step.

The quota project is required. Without it you'll see a "quota project
not set" error on the first API call.

Restricted Workspace environments: If your organization restricts third-party
app access, an admin must trust the gcloud OAuth app
before you can authenticate with sensitive Workspace scopes.
Alternative to ADC: run mcp auth login for an OAuth-flow setup.
Setup walkthrough at docs/auth-bring-your-own-oauth-client.md.
Auth-method matrix at docs/configuration.md#authenticating-to-google-apis.

2. Enable Required APIs

These APIs must be enabled on your GCP project:

gcloud services enable \
  admin.googleapis.com \
  chromemanagement.googleapis.com \
  chromepolicy.googleapis.com \
  cloudidentity.googleapis.com \
  licensing.googleapis.com \
  serviceusage.googleapis.com

Or enable them from the
API Library in Cloud Console.

Propagation delay: Newly enabled APIs can take 1–5 minutes to become
available. The server handles this automatically by retrying
PERMISSION_DENIED errors with exponential backoff. If you see retry messages
on first run, wait; don't restart.

3. Connect Your MCP Client

The server uses stdio transport; your MCP client launches it as a child
process. Add the config snippet for your client:

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "cep": {
      "command": "npx",
      "args": ["-y", "@google/chrome-enterprise-premium-mcp@latest"],
      "env": { "GCP_STDIO": "true" }
    }
  }
}

Claude Code

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "cep": {
      "command": "npx",
      "args": ["-y", "@google/chrome-enterprise-premium-mcp@latest"],
      "env": { "GCP_STDIO": "true" }
    }
  }
}

VS Code

Add to .vscode/mcp.json:

{
  "servers": {
    "cep": {
      "command": "npx",
      "args": ["-y", "@google/chrome-enterprise-premium-mcp@latest"],
      "env": { "GCP_STDIO": "true" }
    }
  }
}

Gemini CLI

Add to ~/.gemini/settings.json:

{
  "mcpServers": {
    "cep": {
      "command": "npx",
      "args": ["-y", "@google/chrome-enterprise-premium-mcp@latest"],
      "env": { "GCP_STDIO": "true" }
    }
  }
}

Optional: If you are running from a local checkout instead of npx, replace the command with node and args with the absolute path to mcp-server.js. Relative paths might not resolve correctly depending on the client.

4. Verify

Restart your MCP client, then ask:

"What Chrome Enterprise Premium tools do you have access to?"

The agent discovers and lists the available tools. If tools don't
appear, see Troubleshooting.

Configuration

For environment variables and stdio vs. HTTP transport, see
docs/configuration.md.

Prerequisites

Requirement	Details
Node.js	>= 18.0.0 (`node --version` to check)
Google Cloud CLI	`gcloud` installed and on your PATH (`gcloud --version` to check)
Google Workspace	Any edition, plus a Chrome Enterprise Premium license (60-day free trial available)
Admin role	Google Workspace Super Admin, or a delegated admin with Chrome Management and DLP permissions
GCP project	Linked to your Workspace domain, with required APIs enabled
OAuth App Trust	The gcloud CLI must be trusted in the Admin Console for sensitive scopes.

GCP IAM is not enough. Chrome Management and Admin SDK APIs require a
Google Workspace admin role in addition to GCP IAM roles. The user must hold
an admin role in the Admin Console (Super Admin
or delegated with Chrome Management permissions). Having only GCP IAM
permissions produces 403 Permission Denied with no indication that a
Workspace role is missing.

Available tools and prompts

Prompts

Prompt	Description
`cep:health`	Health check of the Chrome Enterprise environment (APIs, DLP, connectors, extensions).
`cep:optimize`	Rule-by-rule review with tuning, enforcement, and cleanup recommendations.
`cep:expert`	Manually re-injects the expert persona and rules (useful if the agent loses context).

Tools

The server exposes tools for reading and managing Chrome Enterprise resources:

Discovery: get customer ID, list org units, count browser versions, list
customer profiles
Licensing: check CEP subscription status, check per-user license
assignment
DLP: list/create/delete DLP rules, list/create/delete detectors (regex,
word list, URL list), create default rule sets
Connectors: get connector policy status, enable Chrome Enterprise
connectors
Extensions: check SEB extension status, install SEB extension
Security: get Chrome activity logs, check and enable required APIs
Knowledge: search the built-in Chrome Enterprise Premium knowledge base

Architecture

The codebase has three layers: API clients in lib/api/ (one interface +
real implementation per Google API), MCP tools and prompts in tools/ and
prompts/, and the server entry point in mcp-server.js. Integration tests
redirect the real API clients at an in-process Express fake under
test/helpers/. For the directory layout, design patterns, and how the test
backends are wired, see docs/architecture.md.

Development

Run npm run presubmit before every PR. It runs unit tests, fake-backend
integration tests, and a smoke test against the in-process fake API server;
no credentials needed. After merge, npm run postsubmit re-runs the full
presubmit suite plus a real-API integration pass.

Presubmit is read-only. If formatting or lint fails, run
npm run format and npm run lint:fix to fix, then re-run. The husky
pre-commit hook auto-fixes staged files through lint-staged, so commits from a
clean working tree usually pass without manual fixup.

GitHub Actions runs the same checks on every pull request as four parallel
jobs (lint, test-unit, test-integration-fake, test-smoke); each
failure shows up as a separate PR check. The workflow is at
.github/workflows/node.js.yml.

npm run presubmit               # Required before every PR
npm run postsubmit              # After merge (real API credentials)
npm run test:unit               # Unit tests only
npm run test:integration:fake   # Integration tests against the fake
npm run test:smoke              # Server starts and responds
npm run mcp-inspector           # Browser UI for invoking tools and prompts
npm run lint                    # Check formatting and lint
npm run lint -- --fix           # Auto-fix
npm run format                  # Prettier on everything

For evaluations (Gemini agent against fake backend, graded by deterministic
checks and an LLM judge), see test/evals/README.md.
For the test runner layout and how to add a test, see
test/README.md. For contributing, see
CONTRIBUTING.md.

Troubleshooting

For known issues with auth, permissions, Node.js setup, and MCP client
integration (including the /mcp reload tip when CEP tools do not show up
right after restart), see
docs/troubleshooting.md.

FAQ

For license requirements, Workspace edition, service-account auth,
experimental features, and other recurring questions, see
docs/faq.md.

Reporting bugs

If something isn't working:

In Gemini CLI, run /bug to capture session diagnostics. Attach the
generated file to your issue.
Run npm run presubmit and paste the output; this lets maintainers tell
environmental problems from real code bugs.
Describe what you expected vs. what actually happened, including the exact
error message.

Contributing

Contributions are welcome. For details on how to contribute, see CONTRIBUTING.md.

Legal

This repository is provided as a reference implementation that customers can explore and adapt under the Apache 2.0 license. It is not an officially supported Google product.

License: Apache License 2.0
Terms of Service: Terms of Service
Privacy Policy: Privacy Policy
Security: Security Policy