Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audits, execute 43 built-in recipes, and use 10 persona bundles. Use for Google Workspace admin, gws CLI setup, Gmail automation, Drive management, or Calendar scheduling.
Expert guidance and automation for Google Workspace administration using the open-source gws CLI. Covers installation, authentication, 18+ service APIs, 43 built-in recipes, and 10 persona bundles for role-based workflows.
# Verify gws is installed and authenticated
python3 scripts/gws_doctor.py
gws gmail users.messages send me --to "[email protected]" \
--subject "Weekly Update" --body "Here's this week's summary..."
gws drive files list --json --limit 20 | python3 scripts/output_analyzer.py --select "name,mimeType,modifiedTime" --format table
npm install -g @anthropic/gws
gws --version
cargo install gws-cli
gws --version
Download from github.com/googleworkspace/cli/releases for macOS, Linux, or Windows.
python3 scripts/gws_doctor.py
# Checks: PATH, version, auth status, service connectivity
# Step 1: Create Google Cloud project and OAuth credentials
python3 scripts/auth_setup_guide.py --guide oauth
# Step 2: Run auth setup
gws auth setup
# Step 3: Validate
gws auth status --json
# Generate setup instructions
python3 scripts/auth_setup_guide.py --guide service-account
# Configure with key file
export GWS_SERVICE_ACCOUNT_KEY=/path/to/key.json
export [email protected]
gws auth status
# Generate .env template
python3 scripts/auth_setup_guide.py --generate-env
| Variable | Purpose |
|---|---|
GWS_CLIENT_ID | OAuth client ID |
GWS_CLIENT_SECRET | OAuth client secret |
GWS_TOKEN_PATH | Custom token storage path |
GWS_SERVICE_ACCOUNT_KEY | Service account JSON key path |
GWS_DELEGATED_USER | User to impersonate (service accounts) |
GWS_DEFAULT_FORMAT | Default output format (json/ndjson/table) |
python3 scripts/auth_setup_guide.py --validate --json
# Tests each service endpoint
Goal: Automate email operations — send, search, label, and filter management.
# Send a new email
gws gmail users.messages send me --to "[email protected]" \
--subject "Proposal" --body "Please find attached..." \
--attachment proposal.pdf
# Reply to a thread
gws gmail users.messages reply me --thread-id <THREAD_ID> \
--body "Thanks for your feedback..."
# Forward a message
gws gmail users.messages forward me --message-id <MSG_ID> \
--to "[email protected]"
# Search emails
gws gmail users.messages list me --query "from:[email protected] after:2025/01/01" --json \
| python3 scripts/output_analyzer.py --count
# List labels
gws gmail users.labels list me --json
# Create a filter
gws gmail users.settings.filters create me \
--criteria '{"from":"[email protected]"}' \
--action '{"addLabelIds":["Label_123"],"removeLabelIds":["INBOX"]}'
# Archive all read emails older than 30 days
gws gmail users.messages list me --query "is:read older_than:30d" --json \
| python3 scripts/output_analyzer.py --select "id" --format json \
| xargs -I {} gws gmail users.messages modify me {} --removeLabelIds INBOX
Goal: Manage files, create spreadsheets, configure sharing, and export data.
# List files
gws drive files list --json --limit 50 \
| python3 scripts/output_analyzer.py --select "name,mimeType,size" --format table
# Upload a file
gws drive files create --name "Q1 Report" --upload report.pdf \
--parents <FOLDER_ID>
# Create a Google Sheet
gws sheets spreadsheets create --title "Budget 2026" --json
# Download/export
gws drive files export <FILE_ID> --mime "application/pdf" --output report.pdf
# Share with user
gws drive permissions create <FILE_ID> \
--type user --role writer --emailAddress "[email protected]"
# Share with domain (view only)
gws drive permissions create <FILE_ID> \
--type domain --role reader --domain "company.com"
# List who has access
gws drive permissions list <FILE_ID> --json
# Read a range
gws sheets spreadsheets.values get <SHEET_ID> --range "Sheet1!A1:D10" --json
# Write data
gws sheets spreadsheets.values update <SHEET_ID> --range "Sheet1!A1" \
--values '[["Name","Score"],["Alice",95],["Bob",87]]'
# Append rows
gws sheets spreadsheets.values append <SHEET_ID> --range "Sheet1!A1" \
--values '[["Charlie",92]]'
Goal: Schedule events, find available times, and generate standup reports.
# Create an event
gws calendar events insert primary \
--summary "Sprint Planning" \
--start "2026-03-15T10:00:00" --end "2026-03-15T11:00:00" \
--attendees "[email protected]" \
--location "Conference Room A"
# List upcoming events
gws calendar events list primary --timeMin "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--maxResults 10 --json
# Quick event (natural language)
gws helpers quick-event "Lunch with Sarah tomorrow at noon"
# Check free/busy for multiple people
gws helpers find-time \
--attendees "[email protected],[email protected],[email protected]" \
--duration 60 --within "2026-03-15,2026-03-19" --json
# Generate daily standup from calendar + tasks
gws recipes standup-report --json \
| python3 scripts/output_analyzer.py --format table
# Meeting prep (agenda + attendee info)
gws recipes meeting-prep --event-id <EVENT_ID>
Goal: Audit Google Workspace security configuration and generate remediation commands.
# Full audit across all services
python3 scripts/workspace_audit.py --json
# Audit specific services
python3 scripts/workspace_audit.py --services gmail,drive,calendar
# Demo mode (no gws required)
python3 scripts/workspace_audit.py --demo
| Area | Check | Risk |
|---|---|---|
| Drive | External sharing enabled | Data exfiltration |
| Gmail | Auto-forwarding rules | Data exfiltration |
| Gmail | DMARC/SPF/DKIM records | Email spoofing |
| Calendar | Default sharing visibility | Information leak |
| OAuth | Third-party app grants | Unauthorized access |
| Admin | Super admin count | Privilege escalation |
| Admin | 2-Step verification enforcement | Account takeover |
# Review findings
python3 scripts/workspace_audit.py --json | python3 scripts/output_analyzer.py \
--filter "status=FAIL" --select "area,check,remediation"
# Execute remediation (example: restrict external sharing)
gws drive about get --json # Check current settings
# Follow remediation commands from audit output
| Script | Purpose | Usage |
|---|---|---|
gws_doctor.py | Pre-flight diagnostics | python3 scripts/gws_doctor.py [--json] [--services gmail,drive] |
auth_setup_guide.py | Guided auth setup | python3 scripts/auth_setup_guide.py --guide oauth |
gws_recipe_runner.py | Recipe catalog & runner | python3 scripts/gws_recipe_runner.py --list [--persona pm] |
workspace_audit.py | Security/config audit | python3 scripts/workspace_audit.py [--json] [--demo] |
output_analyzer.py | JSON/NDJSON analysis | gws ... --json | python3 scripts/output_analyzer.py --count |
All scripts are stdlib-only, support --json output, and include demo mode with embedded sample data.
--dry-run before bulk destructive operations--json output through output_analyzer.py for filtering and aggregation--format ndjson) for streaming large result setsGWS_DEFAULT_FORMAT=json in your shell profile for scripting--fields to request only needed fields (reduces payload size)--limit to cap results when browsing--page-all only when you need complete datasets| Constraint | Impact |
|---|---|
| OAuth tokens expire after 1 hour | Re-auth needed for long-running scripts |
| API rate limits (per-user, per-service) | Bulk operations may hit 429 errors |
| Scope requirements vary by service | Must request correct scopes during auth |
| Pre-v1.0 CLI status | Breaking changes possible between releases |
| Google Cloud project required | Free, but requires setup in Cloud Console |
| Admin API needs admin privileges | Some audit checks require Workspace Admin role |
# List scopes for specific services
python3 scripts/auth_setup_guide.py --scopes gmail,drive,calendar,sheets
| Service | Key Scopes |
|---|---|
| Gmail | gmail.modify, gmail.send, gmail.labels |
| Drive | drive.file, drive.metadata.readonly |
| Sheets | spreadsheets |
| Calendar | calendar, calendar.events |
| Admin | admin.directory.user.readonly, admin.directory.group |
| Tasks | tasks |