원클릭으로
gws-setup
Use when installing or configuring the Google Workspace CLI (gws) for a Google account
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Use when installing or configuring the Google Workspace CLI (gws) for a Google account
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Use when constructing or interpreting the approval handoff envelope between subagent and orchestrator -- sealed_payload schema, approval_id format, APPROVAL_REQUEST contract shape, and reading a granted approval from the DB
Use when producing any agent response
Use when classifying any operation before executing it, or deciding whether user approval is required
Use when a mutative command was blocked by the hook and you need to request user approval, or when presenting a plan for a T3 operation before executing it
Use when the user wants to build, design, or extend a diagram — an architecture overview, a timeline, a planner board, a flow diagram, a presentation, a comparison, or a mind-map — as a portable, data-driven deck rendered from plain YAML. Triggers — "build a diagram", "architecture diagram", "diagram deck", "timeline", "flow diagram", "planner board", "add a page/section/component to the diagram".
Use when the user wants something to run routinely / on a schedule rather than once now -- "tarea programada", "rutinariamente", "cada mañana", "cada N horas", "todas las noches", "schedule", "cron". Covers mounting, structuring, and running an unattended headless task that reports back, plus consuming its reports. NOT for a live in-session agentic loop (that is agentic-loop).
| name | gws-setup |
| description | Use when installing or configuring the Google Workspace CLI (gws) for a Google account |
| metadata | {"user-invocable":false,"type":"technique"} |
The gws CLI looks straightforward but breaks in subtle ways -- Google's OAuth flow has undocumented constraints that differ between personal and organizational accounts, and the gws tool itself has open bugs around scopes and multi-account. This procedure captures the working path and the traps discovered through real setup sessions, so you avoid the silent failures that waste hours.
Prerequisites: gcloud CLI installed, browser access for OAuth, interactive terminal for auth steps.
~/.local/bin/, chmod +xgws --versiongcloud auth login <email> --no-launch-browser (interactive terminal required)gcloud config set account <work-account>gcloud projects list --account=<email>gcloud projects create gaia-<name> --name="Gaia <Name>" --account=<email>gaia-<identifier>-personal or gaia-<identifier>-workgws auth setup --project <project-id>For safe scopes and blocked scopes by account type, read reference.md in this directory.
Known bug: gws issue #119 -- gws auth login unusable with personal @gmail.com when organizational scopes are included. Google returns 400: invalid_scope.
https://console.cloud.google.com/apis/credentials/consent?project=<project-id>403: access_denied ("app not verified")https://console.cloud.google.com/apis/credentials?project=<project-id>401: invalid_clientclient_secret_*.json -> save to ~/.config/gws/client_secret.jsongws auth login -- opens browser for OAuth consent (interactive terminal required)gws auth status -- confirm token validgws gmail users messages list --params '{"userId":"me","maxResults":5}' -- test Gmailgws gmail users labels list --params '{"userId":"me"}' -- test labelsgcloud config set account <original-work-account>gcloud config get accountgws supports multi-account via gws auth login --account <email>, gws auth list, gws auth default <email>, gws --account <email> <command>.
Known bug: issue #181 -- --account flag doesn't work correctly yet.
400: invalid_scope403: access_denied401: invalid_clientgcloud config set account after setupadmin.*, cloud-identity.*, or directory.* scopes for personal accountsgmail-policy -- operational Gmail security (tiers, labels, no-delete rule)