{"id":"pouyanafisi-gtm-mcp","name":"gtm-mcp","homepage":null,"repo_url":"https://github.com/pouyanafisi/gtm-mcp","category":"devtools","subcategories":[],"tags":["mcp","google-tag-manager","oauth","typescript","server-side-tagging","analytics","automation"],"what_it_does":"Provides an MCP server (Node/TypeScript) that exposes Google Tag Manager API v2 operations for reading and managing GTM accounts/containers/workspaces/tags/triggers/variables and for publishing/auditing version changes. Uses OAuth 2.0 credentials to authenticate and supports configuration via environment variables and a separate auth helper to obtain/refresh tokens.","use_cases":["Programmatically audit GTM configuration (tags/triggers/variables) and workspace/container state","Create/update/revert GTM entities (tags, triggers, variables) via an agent workflow","Publish GTM container version changes and manage version headers/environments","Automate common server-side tagging workflows (e.g., GA4/Facebook Pixel/form tracking templates)"],"not_for":["Public, unauthenticated access to GTM management","Browser-based interactive usage (it is a local/hosted MCP server/CLI tool)","Use cases requiring a stable REST/GraphQL API surface for direct application integration without MCP"],"best_when":"You want an agent-friendly way to manage GTM through the MCP tool interface, with OAuth-based access to your own Google Cloud project and Tag Manager accounts.","avoid_when":"You cannot securely store/use OAuth client credentials and refresh tokens, or you need strict operational guarantees (e.g., idempotent safe writes) without additional safeguards.","alternatives":["Direct Google Tag Manager API v2 integration (googleapis) in your own service","Community/off-the-shelf GTM CLI tools/scripts (where available) for container version publishing","Build a thin custom wrapper over GTM API + OpenAPI/SDK for your agent platform"],"af_score":57.5,"security_score":61.8,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:41:30.251350+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["TypeScript","JavaScript"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.0 (Desktop application) via credentials.json and token.json with auto-refresh"],"oauth":true,"scopes":false,"notes":"README describes OAuth 2.0 credentials flow (Desktop app type) and token storage in token.json; it does not detail OAuth scopes or least-privilege configuration."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided in README; as an open-source npm package, cost is primarily related to Google Cloud/Google API usage and your infrastructure."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":57.5,"security_score":61.8,"reliability_score":27.5,"mcp_server_quality":70.0,"documentation_accuracy":60.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":40.0,"tls_enforcement":90.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"Uses OAuth 2.0 and stores tokens in token.json; README advises saving credentials.json and token.json to disk and does not indicate whether tokens are ever logged. It does not document OAuth scope granularity, token storage hardening (encryption/permissions), or redaction behavior. TLS is assumed for Google API calls but not explicitly stated.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":"The README lists many mutating operations (create/update/delete/publish) but does not describe idempotency guarantees or safe-retry semantics for writes.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Mutating operations (create/update/delete/publish) may not be safely idempotent; agents should confirm targets before executing.","Uses numeric GTM IDs (account/container/workspace) and may fail if given public/container IDs in the wrong format.","Authentication requires running a separate auth command and providing credentials/token files; failures may be due to missing/invalid files or insufficient container permissions."]}}