ExtraSuite gives AI agents a structured, sandboxable way to read and edit Google Docs, Sheets, Slides, Forms, Gmail, and Calendar — with a dedicated identity per employee, short-lived tokens, and a declarative workflow that keeps costs low.
Open source · MIT License · By Think41
Google Workspace is where your team's real work lives. AI agents that can read and write those files are genuinely useful. The problem is how most tools grant that access.
Tools like gogcli are powerful and useful for human-operated terminal workflows. But they authenticate as you with your OAuth token — which means the agent gets everything your account can do:
This is the lethal trifecta: read sensitive data + take consequential actions + communicate externally.
ExtraSuite is designed specifically for agentic use. The agent gets a minimal, expiring token scoped to exactly what it needs — nothing more.
Instead of handing the agent an OAuth token, the agent declares what operation it intends to perform. The ExtraSuite server issues the minimum required credential for that specific command — and logs the agent's stated reason before doing so.
Alice's agent gets alice-agent@your-project.iam.gserviceaccount.com. Bob's agent gets its own. The service account has no default permissions — it can only see files Alice explicitly shares with it. Edits appear in Drive version history as "Alice's agent", not anonymously.
The client sends a typed command (e.g. sheet.pull or gmail.compose). The server maps the command to the minimum required credential: a service account token for file operations, or a delegated access token scoped to exactly the needed OAuth scope(s) for user-impersonating operations. Tokens expire after 1 hour. A 30-day session token stored locally authenticates against the ExtraSuite server — it never touches the Google API.
Every token request includes a reason field — the agent's stated purpose for the operation (e.g. "User asked me to draft a follow-up to the Q3 review email"). The server logs the user's email, command type, command context, and this reason before issuing any token. You know not just that a token was issued, but why the agent requested it.
ExtraSuite deliberately does not implement the full Google API surface. These restrictions are not limitations — they are the security model.
Agents can compose drafts for your review. Only you can hit send.
Sharing permissions are not delegated. Files stay where you put them.
Gmail read access requires a typed gmail.read command and is only issued when that scope is in the administrator's allowlist.
A malicious email can't trick the agent into sending a reply or forwarding data.
The agent can't exfiltrate a document by sharing it with an attacker-controlled account.
No Google access tokens or private keys are stored client-side. The local session token only authenticates against the ExtraSuite server — compromising it doesn't grant Google API access.
Instead of making API calls back and forth, ExtraSuite converts Google files into plain text on disk. The agent reads and edits local files. Then a single push translates the diff into the correct batch of API calls.
extrasuite sheet pull <url> downloads a Google Sheet and converts it into a folder of human-readable files. The agent can inspect exactly what's in the sheet without consuming thousands of tokens parsing raw API JSON.
A .pristine/ directory captures the original state as a reference point for diff and push.
# The agent runs: $ extrasuite sheet pull https://docs.google.com/spreadsheets/d/abc123/ # Creates a folder structure: abc123/ data.tsv # tab-separated values, human-readable formula.json # formulas per cell format.json # CSS-like factored styles .pristine/ # original state snapshot
The agent edits data.tsv directly — the same way it edits any text file. No API knowledge required. The agent works in a format it already understands.
The agent can also run extrasuite sheet diff ./abc123/ to preview what the resulting API request will look like — before touching any live data.
Month Revenue Target Jan 142000 150000 Feb 158000 150000 Mar 167000 160000 # Agent edits this file directly. # Q2 target was revised upward: Apr 0 175000 May 0 175000 Jun 0 175000
extrasuite sheet push ./abc123/ computes the diff against .pristine/ and translates it into the correct batchUpdate API request. One round-trip. No back-and-forth with the LLM.
The agent's sandbox can be configured to allow only pull and push as outbound calls. Arbitrary API access is never needed.
$ extrasuite sheet push ./abc123/ # ExtraSuite computes the diff: ~ Row 5, Col C: 150000 → 175000 ~ Row 6, Col C: 150000 → 175000 ~ Row 7, Col C: 160000 → 175000 # Applies as a single batchUpdate: ✓ 3 cells updated ✓ Changes attributed to alice-agent@...
| Direct API calls | ExtraSuite pull/push | |
|---|---|---|
| Reviewability | Hard — sequence of API calls with no summary | diff shows exactly what will change before push |
| Sandboxability | Hard — agent needs live API access throughout the task | Agent only edits local files; pull and push are the only network calls |
| LLM token cost | High — raw API JSON is verbose and repetitive | Low — agent works in TSV, readable XML, and plain JSON |
| Recoverability | Manual — hunt through version history | Re-pull to reset; Drive version history for full rollback |
| Audit trail | Depends on your logging setup | Built-in via Google Drive version history with agent identity |
One consistent pull/push workflow across every file type
TSV data, formula.json, format.json
StableSemantic XML, comments
AlphaSML markup per slide
Alphaform.json with all questions
AlphaCompose drafts, read, list
StableView, create, RSVP, freebusy
Stable.js and .html files, one per file
StableList and search shared files
StableDeploy once for your whole team, then onboard each employee with a single command
Deploy the ExtraSuite server on Google Cloud Run. One deployment, one service account pool, one audit log for your whole organization.
gcloud run deploy extrasuite-server \ --image=ghcr.io/think41/extrasuite-server:latest \ --region=us-central1 \ --allow-unauthenticated
Each employee signs in, runs one command to install their agent skill, then shares documents with their dedicated service account — just like sharing with a colleague.
# Install the agent skill extrasuite auth install-skill # Share a doc, then pull it extrasuite sheet pull https://docs.google.com/...
Security-first, token-efficient, and open source.