Unofficial local-first server for Google's new Health API v4, which consolidates Fitbit, Pixel Watch, and partner health data under a single OAuth flow. Exposes read-only tools for identity, profile, settings, data point queries, reconciliation, and daily/weekly rollups across steps, sleep, heart rate, nutrition, and activity domains. The beta ships with a standalone doctor command for setup validation and scope presets that keep consent screens manageable. Tokens never leave your machine. Useful if you're building health agents that need to query reconciled streams from Google's ecosystem without pasting credentials into prompts. Author warns that Google may ship breaking changes before the official v4 launch in May 2026.
⚡ One-command install with Delx Wellness for Hermes:
npx -y delx-wellness-hermes setup— preconfigures this connector and the other 8 in a dedicated Hermes profile.Or wire it standalone into Claude Desktop / Cursor / ChatGPT Desktop — see the install section below.
What's new in 0.5.3 (2026-07-16): endpoint-specific civil-date and date-time validation, visible partial-summary failures, and executable boundary contracts. Full notes in CHANGELOG.md.
Through August 12, 2026, the highest-leverage contribution is a redacted coverage report from a real Fitbit, Pixel Watch, Android or Google Health API v4 account:
npx -y google-health-mcp-unofficial coverage --live --json
Review the output, remove anything you do not want public, then post the report
to issue #3. The
command is read-only and is designed to omit OAuth secrets, local paths and raw
health measurements. A static preflight is available before OAuth with
coverage --json.
Local-first MCP server that gives your AI agent user-authorized Google Health API v4 data — Fitbit, Pixel Watch and partners — over OAuth.
npx -y google-health-mcp-unofficial setupBeta status: Google Health API v4 is live for builders but still evolving. Google's release notes show scope and data-type changes continuing after launch, so this connector stays in early beta and points testers to safe read-only validation paths before public production use.
Unofficial project. Not affiliated with, endorsed by or supported by Google, Fitbit or Alphabet. Not a medical device. Not medical advice.
Google Health API is the successor to Fitbit Web API: new OAuth, new base URL, v4 endpoint schema, standardized data types, reconciled streams and rollups.
This MCP gives agents a clean way to discover the API, check setup, authenticate locally and query data without pasting tokens into prompts or agent configs.
Create a Google Cloud OAuth client, enable the Google Health API, and add the redirect http://127.0.0.1:3000/callback. Then:
npx -y google-health-mcp-unofficial setup --scope-preset full # writes local config
npx -y google-health-mcp-unofficial auth # OAuth, tokens saved locally
npx -y google-health-mcp-unofficial doctor # verifies you're ready
doctor --live calls safe Google Health identity/profile/settings endpoints after auth to prove the API is reachable — the connection proof for this beta. Full install details (scope presets, MFA, recovery) are in the Install section below.
Three things to ask first, based on tools this connector actually ships:
Use google_health_connection_status to check setup, then run
google_health_data_inventory. Tell me which Google Health domains
and scopes I have authorized.
Call google_health_daily_summary for today, then google_health_weekly_summary.
Separate observed data from suggestions and stay non-medical.
Run google_health_privacy_audit, then summarize exactly what is stored
locally and what would be sent to Google on the next call.
Start here:
google_health_connection_status — local config, token, scope and client readinessgoogle_health_data_inventory — supported domains, scopes, data type naming and agent flowgoogle_health_data_type_coverage — static coverage plan, or explicit live read-only validation for issue #3google_health_daily_summary — daily beta summary from rollups and reconciled streamsgoogle_health_weekly_summary — weekly beta reviewgoogle_health_privacy_audit — what is stored locally and what is sent to GoogleThe full tool catalog — Google Health API methods, agent manifest, diagnostics and data-type naming notes (kebab-case endpoints, snake_case filters, source families) — lives in docs/tools.md.
~/.google-health-mcp/tokens.json with 0600 permissions.~/.google-health-mcp/config.json or GOOGLE_HEALTH_* environment variables.GOOGLE_HEALTH_PRIVACY_MODE=structured is the default; raw mode is explicit and should be used only for debugging or deep analysis.YYYY-MM-DD ranges; general rollups preserve exact timezone-aware ISO date-times. Invalid or reversed ranges fail before HTTP.support --redacted prints a copy-paste support bundle for GitHub issues without tokens, secrets, local paths or health measurements.support --feedback --json prints an anonymous setup-feedback bundle for beta testers and MCP client reports.coverage --live --json prints only redacted data-type status and point-count buckets; it never includes raw Google Health payloads.Google OAuth controls which Google account and health scopes this connector can access. It does not authorize individual MCP callers or tools. The intended deployment is one local user running one trusted MCP host; callers that can reach the same process share its tool catalog and local OAuth grant.
There is currently no per-user, per-agent, API-key or per-tool RBAC layer. The
optional HTTP transport binds to 127.0.0.1 by default and must not be exposed
publicly without standards-compliant MCP authentication, isolated per-user
Google credentials and an explicit authorization policy. See the full
authorization model.
Want to see an agent actually reason over this connector alongside the rest of the stack? The shared, reproducible demo answers the anchor question "Should I train hard today?":
npx -y delx-living-body demo
delx-living-body composes whatever connectors it detects locally with rule-based (offline) synthesis — readiness-first and non-medical. For this connector specifically, npx -y google-health-mcp-unofficial doctor --live is the local proof that your Google Health auth is wired correctly.
The highest-leverage contribution right now is real setup feedback from Fitbit, Pixel Watch, Android and Google Health API v4 users.
If you can test with a real account:
npx -y google-health-mcp-unofficial doctor and confirm the OAuth flow is clear.npx -y google-health-mcp-unofficial support --feedback --json and paste the anonymous bundle into issue #4.npx -y google-health-mcp-unofficial coverage --json for the static issue #3 plan.npx -y google-health-mcp-unofficial coverage --live --json and paste the reviewed, redacted report into issue #3.google_health_connection_status, google_health_data_inventory and google_health_daily_summary from your MCP client.Useful links:
Create a Google Cloud OAuth client, enable the Google Health API, and add the local redirect:
http://127.0.0.1:3000/callback
Then run:
npx -y google-health-mcp-unofficial setup --scope-preset full
npx -y google-health-mcp-unofficial auth
npx -y google-health-mcp-unofficial doctor
Scope presets keep OAuth consent easier to reason about — basic, activity, sleep and full. The full preset list, the exact read-only scope URLs and the OAuth endpoints live in docs/oauth.md.
If setup gets stuck:
npx -y google-health-mcp-unofficial doctor --fix # repairs local config/token permissions (chmod 600 where supported)
npx -y google-health-mcp-unofficial doctor --live # calls safe identity/profile/settings endpoints to prove the API is reachable
npx -y google-health-mcp-unofficial coverage --live --json # redacted read-only data-type coverage for issue #3
npx -y google-health-mcp-unofficial support --redacted # copy-paste support bundle, no tokens/secrets/measurements
npx -y google-health-mcp-unofficial support --feedback --json # anonymous setup feedback for issue #4
Standalone MCP config:
{
"mcpServers": {
"google_health": {
"command": "npx",
"args": ["-y", "google-health-mcp-unofficial"]
}
}
}
npx -y google-health-mcp-unofficial setup --client hermes --no-auth
npx -y google-health-mcp-unofficial auth
npx -y google-health-mcp-unofficial doctor --client hermes --fix
npx -y google-health-mcp-unofficial doctor --client hermes --live
hermes mcp test google_health
After config changes, use /reload-mcp or hermes mcp test google_health. Do not restart the gateway for normal data access.
git clone https://github.com/davidmosiah/google-health-mcp.git
cd google-health-mcp
npm install
npm test
The full Delx Wellness connector library:
| Provider | Package | Repo |
|---|---|---|
| WHOOP | whoop-mcp-unofficial | whoop-mcp |
| Oura | oura-mcp-unofficial | ouramcp |
| Garmin | garmin-mcp-unofficial | garmin-mcp |
| Strava | strava-mcp-unofficial | strava-mcp |
| Fitbit | fitbit-mcp-unofficial | fitbitmcp |
| Withings | withings-mcp-unofficial | withingsmcp |
| Apple Health | apple-health-mcp-unofficial | apple-health-mcp |
| Polar | polar-mcp-unofficial | polarmcp |
| Nourish (nutrition) | wellness-nourish | wellness-nourish |
One-command setup for Hermes — preconfigures every connector above plus wellness skills + onboarding: delx-wellness-hermes.
MIT - see LICENSE.
GOOGLE_HEALTH_CLIENT_IDGoogle Cloud OAuth client ID for Google Health API. Optional when configured with google-health-mcp-server setup.
GOOGLE_HEALTH_CLIENT_SECRETsecretGoogle Cloud OAuth client secret. Prefer google-health-mcp-server setup so this secret is stored in ~/.google-health-mcp/config.json instead of MCP client config.
GOOGLE_HEALTH_REDIRECT_URIRedirect URI configured in the Google Cloud OAuth client. Optional when configured with google-health-mcp-server setup.
GOOGLE_HEALTH_TOKEN_PATHOptional local path for OAuth tokens. Defaults to ~/.google-health-mcp/tokens.json.
GOOGLE_HEALTH_PRIVACY_MODEOptional payload mode: summary, structured, or raw. Defaults to structured. raw means full Google Health API payloads, not continuous 24/7 raw sensor telemetry.
GOOGLE_HEALTH_CACHEOptional SQLite cache toggle. Set to true or sqlite to enable.
GOOGLE_HEALTH_CACHE_PATHOptional local SQLite cache path. Defaults to ~/.google-health-mcp/cache.sqlite.
GOOGLE_HEALTH_NO_CACHESet to true to bypass the in-memory HTTP response cache (60s TTL for GET only). POST/PUT/DELETE and 4xx/5xx responses are never cached regardless.