# google-workspace-mcp - Doramagic AI Context Pack

> 定位：安装前体验与判断资产。它帮助宿主 AI 有一个好的开始，但不代表已经安装、执行或验证目标项目。

## 充分原则

- **充分原则，不是压缩原则**：AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源；它可以分层组织，但不以最短摘要为目标。
- **压缩策略**：只压缩噪声和重复内容，不压缩会影响判断和开工质量的上下文。

## 给宿主 AI 的使用方式

你正在读取 Doramagic 为 google-workspace-mcp 编译的 AI Context Pack。请把它当作开工前上下文：帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。

## Claim 消费规则

- **事实来源**：Repo Evidence + Claim/Evidence Graph；Human Wiki 只提供显著性、术语和叙事结构。
- **事实最低状态**：`supported`
- `supported`：可以作为项目事实使用，但回答中必须引用 claim_id 和证据路径。
- `weak`：只能作为低置信度线索，必须要求用户继续核实。
- `inferred`：只能用于风险提示或待确认问题，不能包装成项目事实。
- `unverified`：不得作为事实使用，应明确说证据不足。
- `contradicted`：必须展示冲突来源，不得替用户强行选择一个版本。

## 它最适合谁

- **正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**：README 或插件配置提到多个宿主 AI。 证据：`README.md` Claim：`clm_0004` supported 0.86
- **希望把专业流程带进宿主 AI 的用户**：仓库包含 Skill 文档。 证据：`skills/managing-google-workspace/SKILL.md` Claim：`clm_0005` supported 0.86

## 它能做什么

- **AI Skill / Agent 指令资产库**（可做安装前预览）：项目包含可被宿主 AI 读取的 Skill 或 Agent 指令文件，可用于把专业流程带入 Claude、Codex、Cursor 等宿主。 证据：`skills/managing-google-workspace/SKILL.md` Claim：`clm_0001` supported 0.86
- **多宿主安装与分发**（需要安装后验证）：项目包含插件或 marketplace 配置，说明它面向一个或多个 AI 宿主的安装和分发。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json` Claim：`clm_0002` supported 0.86
- **命令行启动或安装流程**（需要安装后验证）：项目文档中存在可执行命令，真实使用需要在本地或宿主环境中运行这些命令。 证据：`README.md` Claim：`clm_0003` supported 0.86

## 怎么开始

- `pip install "workspace-mcp[gcs]"` 证据：`README.md` Claim：`clm_0006` supported 0.86
- `claude mcp add --transport http workspace-mcp http://localhost:8000/mcp` 证据：`README.md` Claim：`clm_0007` supported 0.86
- `git clone https://github.com/taylorwilsdon/google_workspace_mcp.git` 证据：`README.md` Claim：`clm_0008` supported 0.86

## 继续前判断卡

- **当前建议**：需要管理员/安全审批
- **为什么**：继续前可能涉及密钥、账号、外部服务或敏感上下文，建议先经过管理员或安全审批。

### 30 秒判断

- **现在怎么做**：需要管理员/安全审批
- **最小安全下一步**：先跑 Prompt Preview；若涉及凭证或企业环境，先审批再试装
- **先别相信**：工具权限边界不能在安装前相信。
- **继续会触碰**：命令执行、宿主 AI 配置、本地环境或项目文件

### 现在可以相信

- **适合人群线索：正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`README.md` Claim：`clm_0004` supported 0.86
- **适合人群线索：希望把专业流程带进宿主 AI 的用户**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`skills/managing-google-workspace/SKILL.md` Claim：`clm_0005` supported 0.86
- **能力存在：AI Skill / Agent 指令资产库**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`skills/managing-google-workspace/SKILL.md` Claim：`clm_0001` supported 0.86
- **能力存在：多宿主安装与分发**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json` Claim：`clm_0002` supported 0.86
- **能力存在：命令行启动或安装流程**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`README.md` Claim：`clm_0003` supported 0.86
- **存在 Quick Start / 安装命令线索**（supported）：可以相信项目文档出现过启动或安装入口；不要因此直接在主力环境运行。 证据：`README.md` Claim：`clm_0006` supported 0.86

### 现在还不能相信

- **工具权限边界不能在安装前相信。**（unverified）：MCP/tool 类项目通常会触碰文件、网络、浏览器或外部 API，必须真实检查权限和日志。
- **真实输出质量不能在安装前相信。**（unverified）：Prompt Preview 只能展示引导方式，不能证明真实项目中的结果质量。
- **宿主 AI 版本兼容性不能在安装前相信。**（unverified）：Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。
- **不会污染现有宿主 AI 行为，不能直接相信。**（inferred）：Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json`, `skills/managing-google-workspace/SKILL.md`
- **可安全回滚不能默认相信。**（unverified）：除非项目明确提供卸载和恢复说明，否则必须先在隔离环境验证。
- **真实安装后是否与用户当前宿主 AI 版本兼容？**（unverified）：兼容性只能通过实际宿主环境验证。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json`
- **项目输出质量是否满足用户具体任务？**（unverified）：安装前预览只能展示流程和边界，不能替代真实评测。
- **安装命令是否需要网络、权限或全局写入？**（unverified）：这影响企业环境和个人环境的安装风险。 证据：`README.md`

### 继续会触碰什么

- **命令执行**：包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因：运行第一条命令就可能产生环境改动；必须先判断是否值得跑。 证据：`README.md`
- **宿主 AI 配置**：Claude/Codex/Cursor/Gemini/OpenCode 等宿主的 plugin、Skill 或规则加载配置。 原因：宿主配置会改变 AI 后续工作方式，可能和用户已有规则冲突。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json`, `skills/managing-google-workspace/SKILL.md`
- **本地环境或项目文件**：安装结果、插件缓存、项目配置或本地依赖目录。 原因：安装前无法证明写入范围和回滚方式，需要隔离验证。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json`, `README.md`
- **环境变量 / API Key**：项目入口文档明确出现 API key、token、secret 或账号凭证配置。 原因：如果真实安装需要凭证，应先使用测试凭证并经过权限/合规判断。 证据：`.claude-plugin/plugin.json`, `README.md`, `README_NEW.md`, `auth/google_auth.py` 等
- **宿主 AI 上下文**：AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因：导入上下文会影响宿主 AI 后续判断，必须避免把未验证项包装成事实。

### 最小安全下一步

- **先跑 Prompt Preview**：用安装前交互式试用判断工作方式是否匹配，不需要授权或改环境。（适用：任何项目都适用，尤其是输出质量未知时。）
- **只在隔离目录或测试账号试装**：避免安装命令污染主力宿主 AI、真实项目或用户主目录。（适用：存在命令执行、插件配置或本地写入线索时。）
- **先备份宿主 AI 配置**：Skill、plugin、规则文件可能改变 Claude/Cursor/Codex 的默认行为。（适用：存在插件 manifest、Skill 或宿主规则入口时。）
- **不要使用真实生产凭证**：环境变量/API key 一旦进入宿主或工具链，可能产生账号和合规风险。（适用：出现 API、TOKEN、KEY、SECRET 等环境线索时。）
- **安装后只验证一个最小任务**：先验证加载、兼容、输出质量和回滚，再决定是否深用。（适用：准备从试用进入真实工作流时。）

### 退出方式

- **保留安装前状态**：记录原始宿主配置和项目状态，后续才能判断是否可恢复。
- **准备移除宿主 plugin / Skill / 规则入口**：如果试装后行为异常，可以把宿主 AI 恢复到试装前状态。
- **记录安装命令和写入路径**：没有明确卸载说明时，至少要知道哪些目录或配置需要手动清理。
- **准备撤销测试 API key 或 token**：测试凭证泄露或误用时，可以快速止损。
- **如果没有回滚路径，不进入主力环境**：不可回滚是继续前阻断项，不应靠信任或运气继续。

## 哪些只能预览

- 解释项目适合谁和能做什么
- 基于项目文档演示典型对话流程
- 帮助用户判断是否值得安装或继续研究

## 哪些必须安装后验证

- 真实安装 Skill、插件或 CLI
- 执行脚本、修改本地文件或访问外部服务
- 验证真实输出质量、性能和兼容性

## 边界与风险判断卡

- **把安装前预览误认为真实运行**：用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式：明确区分 prompt_preview_can_do 与 runtime_required。 Claim：`clm_0009` inferred 0.45
- **宿主 AI 插件或 Skill 规则冲突**：新规则可能改变用户现有宿主 AI 的工作方式。 处理方式：安装前先检查插件 manifest 和 Skill 文件，必要时隔离测试。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json` Claim：`clm_0010` supported 0.86
- **命令执行会修改本地环境**：安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式：先在隔离环境或测试账号中运行。 证据：`README.md` Claim：`clm_0011` supported 0.86
- **待确认**：真实安装后是否与用户当前宿主 AI 版本兼容？。原因：兼容性只能通过实际宿主环境验证。
- **待确认**：项目输出质量是否满足用户具体任务？。原因：安装前预览只能展示流程和边界，不能替代真实评测。
- **待确认**：安装命令是否需要网络、权限或全局写入？。原因：这影响企业环境和个人环境的安装风险。

## 开工前工作上下文

### 加载顺序

- 先读取 how_to_use.host_ai_instruction，建立安装前判断资产的边界。
- 读取 claim_graph_summary，确认事实来自 Claim/Evidence Graph，而不是 Human Wiki 叙事。
- 再读取 intended_users、capabilities 和 quick_start_candidates，判断用户是否匹配。
- 需要执行具体任务时，优先查 role_skill_index，再查 evidence_index。
- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时，转入 risk_card 和 boundaries.runtime_required。

### 任务路由

- **AI Skill / Agent 指令资产库**：先基于 role_skill_index / evidence_index 帮用户挑选可用角色、Skill 或工作流。 边界：可做安装前 Prompt 体验。 证据：`skills/managing-google-workspace/SKILL.md` Claim：`clm_0001` supported 0.86
- **多宿主安装与分发**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`.claude-plugin/marketplace.json`, `.claude-plugin/plugin.json` Claim：`clm_0002` supported 0.86
- **命令行启动或安装流程**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`README.md` Claim：`clm_0003` supported 0.86

### 上下文规模

- 文件总数：124
- 重要文件覆盖：40/124
- 证据索引条目：77
- 角色 / Skill 条目：1

### 证据不足时的处理

- **missing_evidence**：说明证据不足，要求用户提供目标文件、README 段落或安装后验证记录；不要补全事实。
- **out_of_scope_request**：说明该任务超出当前 AI Context Pack 证据范围，并建议用户先查看 Human Manual 或真实安装后验证。
- **runtime_request**：给出安装前检查清单和命令来源，但不要替用户执行命令或声称已执行。
- **source_conflict**：同时展示冲突来源，标记为待核实，不要强行选择一个版本。

## Prompt Recipes

### 适配判断

- 目标：判断这个项目是否适合用户当前任务。
- 预期输出：适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。

```text
请基于 google-workspace-mcp 的 AI Context Pack，先问我 3 个必要问题，然后判断它是否适合我的任务。回答必须包含：适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。
```

### 安装前体验

- 目标：让用户在安装前感受核心工作流，同时避免把预览包装成真实能力或营销承诺。
- 预期输出：一段带边界标签的体验剧本、安装后验证清单和谨慎建议；不含真实运行承诺或强营销表述。

```text
请把 google-workspace-mcp 当作安装前体验资产，而不是已安装工具或真实运行环境。

请严格输出四段：
1. 先问我 3 个必要问题。
2. 给出一段“体验剧本”：用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。
3. 给出安装后验证清单：列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。
4. 给出谨慎建议：只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”，不得替项目背书。

硬性边界：
- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。
- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。
- 如果描述安装后的工作方式，必须使用“如果安装成功且宿主正确加载 Skill，它可能会……”这种条件句。
- 体验剧本只能写成“示例台词/假设流程”：使用“可能会询问/可能会建议/可能会展示”，不要写“已写入、已生成、已通过、正在运行、正在生成”。
- Prompt Preview 不负责给安装命令；如用户准备试装，只能提示先阅读 Quick Start 和 Risk Card，并在隔离环境验证。
- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths；inferred/unverified 只能作风险或待确认项。

```

### 角色 / Skill 选择

- 目标：从项目里的角色或 Skill 中挑选最匹配的资产。
- 预期输出：候选角色或 Skill 列表，每项包含适用场景、证据路径、风险边界和是否需要安装后验证。

```text
请读取 role_skill_index，根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。
```

### 风险预检

- 目标：安装或引入前识别环境、权限、规则冲突和质量风险。
- 预期输出：环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。

```text
请基于 risk_card、boundaries 和 quick_start_candidates，给我一份安装前风险预检清单。不要替我执行命令，只说明我应该检查什么、为什么检查、失败会有什么影响。
```

### 宿主 AI 开工指令

- 目标：把项目上下文转成一次对话开始前的宿主 AI 指令。
- 预期输出：一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。

```text
请基于 google-workspace-mcp 的 AI Context Pack，生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true，不能声称项目已经安装、运行或产生真实结果。
```


## 角色 / Skill 索引

- 共索引 1 个角色 / Skill / 项目文档条目。

- **managing-google-workspace**（skill）： 激活提示：当用户任务与“managing-google-workspace”描述的流程高度相关时，先用它做安装前体验，再决定是否安装。 证据：`skills/managing-google-workspace/SKILL.md`

## 证据索引

- 共索引 77 条证据。

- **Google Workspace MCP Server**（documentation）：! License: MIT https://img.shields.io/badge/License-MIT-yellow.svg https://opensource.org/licenses/MIT ! Python 3.10+ https://img.shields.io/badge/Python-3.10%2B-blue.svg https://www.python.org/downloads/ ! PyPI https://img.shields.io/pypi/v/workspace-mcp.svg https://pypi.org/project/workspace-mcp/ ! PyPI Downloads https://static.pepy.tech/personalized-badge/workspace-mcp?period=total&units=INTERNATIONAL SYSTEM&left color=GREY&right color=BLUE&left text=pypi+downloads https://pepy.tech/projects/workspace-mcp ! Website https://img.shields.io/badge/Website-workspacemcp.com-green.svg https://workspacemcp.com 证据：`README.md`
- **Google Apps Script MCP Tools**（documentation）：This module provides Model Context Protocol MCP tools for interacting with Google Apps Script API, enabling AI agents to create, manage, and execute Apps Script projects programmatically. 证据：`gappsscript/README.md`
- **Google Workspace MCP Server Helm Chart**（documentation）：Google Workspace MCP Server Helm Chart 证据：`helm-chart/workspace-mcp/README.md`
- **Google Workspace -- Tool Router**（skill_instruction）：Detect which mode is available and use it. 证据：`skills/managing-google-workspace/SKILL.md`
- **Marketplace**（structured_config）：{ "name": "google-workspace-mcp", "owner": { "name": "taylorwilsdon" }, "plugins": { "name": "google-workspace-mcp", "source": "./", "description": "Complete Google Workspace integration -- Gmail, Drive, Calendar, Docs, Sheets, Slides, Forms, Tasks, Contacts, Chat, Apps Script, and Custom Search via MCP with workflow guidance." } } 证据：`.claude-plugin/marketplace.json`
- **Plugin**（structured_config）：{ "name": "google-workspace-mcp", "description": "Complete Google Workspace integration -- Gmail, Drive, Calendar, Docs, Sheets, Slides, Forms, Tasks, Contacts, Chat, Apps Script, and Custom Search via MCP with workflow guidance.", "author": { "name": "taylorwilsdon" }, "userConfig": { "google oauth client id": { "title": "Google OAuth Client ID", "description": "OAuth 2.0 Client ID from Google Cloud Console. Tip: if typing 'n' closes this prompt, paste from clipboard instead.", "type": "string", "sensitive": false, "required": true }, "google oauth client secret": { "title": "Google OAuth Client Secret", "description": "OAuth 2.0 Client Secret from Google Cloud Console. Tip: if typing 'n'… 证据：`.claude-plugin/plugin.json`
- **License**（source_file）：Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software" , to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 证据：`LICENSE`
- **Fall back to GOOGLE MCP CREDENTIALS DIR for backward compatibility**（source_file）：logger = logging.getLogger name ⋮---- class CredentialStore ABC ⋮---- FILE EXTENSION = ".json" ⋮---- @abstractmethod def get credential self, user email: str - Optional Credentials ⋮---- @abstractmethod def store credential self, user email: str, credentials: Credentials - bool ⋮---- @abstractmethod def delete credential self, user email: str - bool ⋮---- @abstractmethod def list users self - List str ⋮---- class LocalDirectoryCredentialStore CredentialStore ⋮---- def init self, base dir: Optional str = None ⋮---- workspace creds dir = os.getenv "WORKSPACE MCP CREDENTIALS DIR" google creds dir = os.getenv "GOOGLE MCP CREDENTIALS DIR" ⋮---- base dir = os.path.expanduser workspace creds dir ⋮… 证据：`auth/credential_store.py`
- **Constants**（source_file）：get fastmcp context = None ⋮---- logger = logging.getLogger name ⋮---- def session id log fingerprint session id: Optional str - str ⋮---- Constants def get default credentials dir ⋮---- """Get the default credentials directory path, preferring user-specific locations. Environment variable priority: 1. WORKSPACE MCP CREDENTIALS DIR preferred 2. GOOGLE MCP CREDENTIALS DIR backward compatibility 3. ~/.google workspace mcp/credentials default """ Check WORKSPACE MCP CREDENTIALS DIR first preferred workspace creds dir = os.getenv "WORKSPACE MCP CREDENTIALS DIR" ⋮---- expanded = os.path.expanduser workspace creds dir ⋮---- Fall back to GOOGLE MCP CREDENTIALS DIR for backward compatibility google… 证据：`auth/google_auth.py`
- **Skip non-MCP paths**（source_file）：logger = logging.getLogger name ⋮---- class MCPSessionMiddleware BaseHTTPMiddleware ⋮---- async def dispatch self, request: Request, call next: Callable - Any ⋮---- Skip non-MCP paths ⋮---- session context = None ⋮---- Extract session information headers = dict request.headers session id = extract session from headers headers ⋮---- Try to get OAuth 2.1 auth context from FastMCP auth context = None user email = None mcp session id = None Check for FastMCP auth context ⋮---- auth context = request.state.auth ⋮---- user email = auth context.claims.get "email" ⋮---- mcp session id = request.state.session id ⋮---- SECURITY: Do not decode JWT without verification User email must come from verifie… 证据：`auth/mcp_session_middleware.py`
- **Check if we have credentials available environment variables or file**（source_file）：logger = logging.getLogger name ⋮---- class MinimalOAuthServer ⋮---- def init self, port: int = 8000, base uri: str = "http://localhost" ⋮---- def setup callback route self ⋮---- @self.app.get "/oauth2callback" async def oauth callback request: Request ⋮---- code = request.query params.get "code" error = request.query params.get "error" ⋮---- error message = ⋮---- Check if we have credentials available environment variables or file error message = check client secrets ⋮---- Session ID tracking removed - not needed ⋮---- Exchange code for credentials redirect uri = get oauth redirect uri ⋮---- Return success page using shared template ⋮---- error message detail = f"Error processing OAuth cal… 证据：`auth/oauth_callback_server.py`
- **External URL for reverse proxy scenarios**（source_file）：class OAuthConfig ⋮---- def init self ⋮---- External URL for reverse proxy scenarios ⋮---- raw domains = os.getenv "DWD ALLOWED DOMAINS", "" ⋮---- Transport mode will be set at runtime ⋮---- def get redirect uri self - str ⋮---- explicit uri = os.getenv "GOOGLE OAUTH REDIRECT URI" ⋮---- @staticmethod def get redirect path uri: str - str ⋮---- parsed = urlparse uri ⋮---- path = parsed.path or "/oauth2callback" ⋮---- path = uri if uri.startswith "/" else f"/{uri}" ⋮---- def apply fastmcp google env self - None ⋮---- def set if absent key: str, value: Optional str - None ⋮---- def is public client self - bool ⋮---- def get redirect uris self - List str ⋮---- uris = ⋮---- custom uris = os.geten… 证据：`auth/oauth_config.py`
- **Port Resolver**（source_file）：logger = logging.getLogger name ⋮---- DEFAULT PREFERRED PORT = 8000 DEFAULT FALLBACK COUNT = 4 RESOLVED PORT ENV = "WORKSPACE MCP RESOLVED PORT" ⋮---- class NoAvailablePortError RuntimeError ⋮---- class PortConfigError RuntimeError ⋮---- def candidate ports preferred: int, fallback count: int - List int ⋮---- def is port free host: str, port: int - bool ⋮---- raw = os.getenv ⋮---- preferred = int raw ⋮---- env name = "PORT" if os.getenv "PORT" else "WORKSPACE MCP PORT" ⋮---- fallback count = int raw ⋮---- host = os.getenv "WORKSPACE MCP HOST", "0.0.0.0" ⋮---- candidates = candidate ports preferred, fallback count 证据：`auth/port_resolver.py`
- **Granular permissions mode overrides both full and read-only scope maps.**（source_file）：logger = logging.getLogger name ⋮---- ENABLED TOOLS = None ⋮---- USERINFO EMAIL SCOPE = "https://www.googleapis.com/auth/userinfo.email" USERINFO PROFILE SCOPE = "https://www.googleapis.com/auth/userinfo.profile" OPENID SCOPE = "openid" CALENDAR SCOPE = "https://www.googleapis.com/auth/calendar" CALENDAR READONLY SCOPE = "https://www.googleapis.com/auth/calendar.readonly" CALENDAR EVENTS SCOPE = "https://www.googleapis.com/auth/calendar.events" ⋮---- DRIVE SCOPE = "https://www.googleapis.com/auth/drive" DRIVE READONLY SCOPE = "https://www.googleapis.com/auth/drive.readonly" DRIVE FILE SCOPE = "https://www.googleapis.com/auth/drive.file" ⋮---- DOCS READONLY SCOPE = "https://www.googleapis.co… 证据：`auth/scopes.py`
- **When OAuth 2.1 is enabled globally, ALWAYS use OAuth 2.1 for authenticated users**（source_file）：logger = logging.getLogger name ⋮---- def release google service cycles - None ⋮---- def get configured user google email - Optional str ⋮---- ctx = get context ⋮---- authenticated user = await ctx.get state "authenticated user email" auth method = await ctx.get state "authenticated via" mcp session id = ctx.session id if hasattr ctx, "session id" else None ⋮---- """ Detect whether to use OAuth 2.1 based on configuration and context. Returns: True if OAuth 2.1 should be used, False otherwise """ ⋮---- When OAuth 2.1 is enabled globally, ALWAYS use OAuth 2.1 for authenticated users ⋮---- If FastMCP protocol-level auth is enabled, a validated access token should be available even if middlewar… 证据：`auth/service_decorator.py`
- **Api Enablement**（source_file）：API ENABLEMENT LINKS: Dict str, str = { ⋮---- SERVICE NAME TO API: Dict str, str = { ⋮---- INTERNAL SERVICE TO API: Dict str, str = { ⋮---- api pattern = r"https://console\.developers\.google\.com/apis/api/ ^/ + /overview" project pattern = r"project =\s + a-zA-Z0-9- + " ⋮---- api match = re.search api pattern, error details project match = re.search project pattern, error details ⋮---- api service = api match.group 1 if api match else None project id = project match.group 1 if project match else None ⋮---- Returns: 证据：`core/api_enablement.py`
- **Generate unique file ID for metadata tracking**（source_file）：logger = logging.getLogger name ⋮---- DEFAULT EXPIRATION SECONDS = 3600 ⋮---- default dir = str Path.home / ".workspace-mcp" / "attachments" STORAGE DIR = ⋮---- WINDOWS RESERVED FILENAME CHARS = re.compile r' < :"/\\ ? \x00-\x1f ' WINDOWS RESERVED NAMES = { ⋮---- def ensure storage dir - None ⋮---- """Create the storage directory on first use, not at import time.""" ⋮---- def sanitize attachment filename filename: Optional str - str ⋮---- """Return a filesystem-safe attachment filename.""" ⋮---- filename = "".join ⋮---- sanitized = WINDOWS RESERVED FILENAME CHARS.sub " ", filename .rstrip " ." ⋮---- stem = sanitized.split ".", 1 0 ⋮---- sanitized = f" {sanitized}" ⋮---- class SavedAttachmen… 证据：`core/attachment_storage.py`
- **Cli**（source_file）：logger = logging.getLogger name ⋮---- DEFAULT URL = "http://localhost:8000/mcp" CLI HOME = os.path.expanduser "~/.workspace-mcp" TOKEN DIR = os.path.join CLI HOME, "cli-tokens" KEY PATH = os.path.join CLI HOME, ".cli-encryption-key" ⋮---- def get token storage - FernetEncryptionWrapper ⋮---- fd = os.open KEY PATH, os.O WRONLY os.O CREAT os.O EXCL, 0o600 ⋮---- key = fh.read ⋮---- key = Fernet.generate key ⋮---- def build oauth - OAuth ⋮---- storage = get token storage ⋮---- async def list tools url: str - None ⋮---- auth = build oauth ⋮---- tools = await client.list tools ⋮---- desc = tool.description or "" .split "\n" 0 ⋮---- async def call tool url: str, tool name: str, raw args: list str… 证据：`core/cli.py`
- **Use full Drive scope so comment operations remain visible to collaborators.**（source_file）：logger = logging.getLogger name ⋮---- READ COMMENT ANNOTATIONS = ToolAnnotations ⋮---- MANAGE COMMENT ANNOTATIONS = ToolAnnotations ⋮---- action lower = action.lower .strip ⋮---- def create comment tools app name: str, file id param: str ⋮---- """ Factory function to create comment management tools for a specific Google Workspace app. Args: app name: Name of the app e.g., "document", "spreadsheet", "presentation" file id param: Parameter name for the file ID e.g., "document id", "spreadsheet id", "presentation id" Returns: Dict containing the comment management functions with unique names List all comments from a Google Document.""" ⋮---- Use full Drive scope so comment operations remain vi… 证据：`core/comments.py`
- **Resolve relative redirects against the current URL**（source_file）：logger = logging.getLogger name ⋮---- class SSRFFetchError RuntimeError ⋮---- def redact url url: str - str ⋮---- parsed url = urlparse url ⋮---- path = parsed url.path or "/" ⋮---- async def resolve and validate host hostname: str - list str ⋮---- """ Resolve a hostname to IP addresses and validate none are private/internal. Uses getaddrinfo to handle both IPv4 and IPv6. Fails closed on DNS errors. Returns: list str : Validated resolved IP address strings. Raises: ValueError: If hostname resolves to private/internal IPs or DNS fails. """ ⋮---- loop = asyncio.get running loop addr infos = await loop.run in executor ⋮---- resolved ips: list str = seen ips: set str = set ⋮---- ip str = sockad… 证据：`core/http_utils.py`
- **ASCII-safe prefixes for different services**（source_file）：class SuppressStatelessTransportTerminationFilter logging.Filter ⋮---- def filter self, record: logging.LogRecord - bool ⋮---- def install noisy log filters - None ⋮---- target logger = logging.getLogger "mcp.server.streamable http" ⋮---- class EnhancedLogFormatter logging.Formatter ⋮---- COLORS = { ⋮---- def init self, use colors: bool = True, args, kwargs ⋮---- def format self, record: logging.LogRecord - str ⋮---- service prefix = self. get ascii prefix record.name, record.levelname ⋮---- formatted msg = self. enhance message record.getMessage ⋮---- color = self.COLORS.get record.levelname, "" reset = self.COLORS "RESET" ⋮---- def get ascii prefix self, logger name: str, level name: str… 证据：`core/log_formatter.py`
- **Custom FastMCP that adds secure middleware stack for OAuth 2.1**（source_file）：logger = logging.getLogger name ⋮---- auth provider: Optional GoogleProvider = None legacy callback registered = False ⋮---- session middleware = Middleware MCPSessionMiddleware ⋮---- def normalize origin origin: str - Optional str ⋮---- parsed = urlparse origin ⋮---- port = parsed.port ⋮---- host = f" {parsed.hostname} " if ":" in parsed.hostname else parsed.hostname netloc = f"{host}:{port}" if port is not None else host ⋮---- def is loopback origin origin: str - bool ⋮---- def get allowed http origins - set str ⋮---- config = get oauth config origins = set ⋮---- normalized = normalize origin origin ⋮---- normalized = normalize origin config.external url ⋮---- def is origin allowed origin… 证据：`core/server.py`
- **Always apply the original decorator to register the tool**（source_file）：logger = logging.getLogger name ⋮---- enabled tools: Optional Set str = None ⋮---- def set enabled tools tool names: Optional Set str ⋮---- enabled tools = tool names ⋮---- def get enabled tools - Optional Set str ⋮---- def is tool enabled tool name: str - bool ⋮---- def conditional tool server, tool name: str ⋮---- def decorator func: Callable - Callable ⋮---- def wrap server tool method server ⋮---- """ Track tool registrations and filter them post-registration. """ original tool = server.tool ⋮---- def tracking tool args, kwargs ⋮---- original decorator = original tool args, kwargs ⋮---- def wrapper decorator func: Callable - Callable ⋮---- tool name = func. name ⋮---- Always apply the o… 证据：`core/tool_registry.py`
- **If no services specified, use all available services**（source_file）：logger = logging.getLogger name ⋮---- TierLevel = Literal "core", "extended", "complete" ⋮---- class ToolTierLoader ⋮---- def init self, config path: Optional str = None ⋮---- config path = Path file .parent / "tool tiers.yaml" ⋮---- def load config self - Dict ⋮---- def get available services self - List str ⋮---- """Get list of all available services defined in the configuration.""" config = self. load config ⋮---- """ Get all tools for a specific tier level. Args: tier: The tier level core, extended, complete services: Optional list of services to filter by. If None, includes all services. Returns: List of tool names for the specified tier level """ ⋮---- tools = ⋮---- If no services spe… 证据：`core/tool_tier_loader.py`
- **Tool Tiers**（source_file）：gmail: core: - search gmail messages - get gmail message content - get gmail messages content batch - send gmail message extended: - get gmail attachment content - get gmail thread content - modify gmail message labels - list gmail labels - manage gmail label - draft gmail message - list gmail filters - manage gmail filter complete: - get gmail threads content batch - batch modify gmail message labels - start google auth drive: core: - search drive files - get drive file content - get drive file download url - create drive file - create drive folder - import to google doc - import to google slides - import to google sheets - get drive shareable link extended: - list drive items - copy drive… 证据：`core/tool_tiers.yaml`
- **Block sensitive file patterns regardless of allowlist**（source_file）：logger = logging.getLogger name ⋮---- GOOGLE API WRITE RETRIES = 3 ⋮---- class TransientNetworkError Exception ⋮---- class UserInputError Exception ⋮---- def coerce json str to type v: Any, expected type: type - Any ⋮---- parsed = json.loads v ⋮---- def coerce json str to list v: Any - Any ⋮---- StringList = Annotated List str , BeforeValidator coerce json str to list ⋮---- DictList = Annotated List dict str, Any , BeforeValidator coerce json str to list ⋮---- ObjectList = Annotated List object , BeforeValidator coerce json str to list ⋮---- def coerce json str to dict v: Any - Any ⋮---- JsonDict = Annotated dict str, Any , BeforeValidator coerce json str to dict ⋮---- ALLOWED FILE DIRS ENV… 证据：`core/utils.py`
- **Docker Compose**（source_file）：services: gws mcp: build: . container name: gws mcp ports: - "8000:8000" environment: - GOOGLE MCP CREDENTIALS DIR=/app/store creds volumes: - ./client secret.json:/app/client secret.json:ro - store creds:/app/store creds:rw env file: - .env volumes: store creds: 证据：`docker-compose.yml`
- **Suppress googleapiclient discovery cache warning**（source_file）：dotenv path = os.path.join os.path.dirname os.path.abspath file , ".env" ⋮---- def enforce fastmcp cloud defaults ⋮---- enforced = ⋮---- required = { defaults = { ⋮---- current = os.environ.get key normalized = current or "" .lower ⋮---- fastmcp cloud overrides = enforce fastmcp cloud defaults ⋮---- Suppress googleapiclient discovery cache warning ⋮---- logger = logging.getLogger name ⋮---- def configure safe logging ⋮---- class SafeEnhancedFormatter EnhancedLogFormatter ⋮---- def format self, record ⋮---- service prefix = self. get ascii prefix record.name, record.levelname safe msg = ⋮---- Replace all console handlers' formatters with safe enhanced ones ⋮---- Only apply to console/stream… 证据：`fastmcp_server.py`
- **Search for Apps Script files using Drive API**（source_file）：logger = logging.getLogger name ⋮---- Search for Apps Script files using Drive API query = "mimeType='application/vnd.google-apps.script' and trashed=false" request params = { ⋮---- response = await asyncio.to thread service.files .list request params .execute ⋮---- files = response.get "files", ⋮---- output = f"Found {len files } Apps Script projects:" ⋮---- title = file.get "name", "Untitled" script id = file.get "id", "Unknown ID" create time = file.get "createdTime", "Unknown" update time = file.get "modifiedTime", "Unknown" ⋮---- Get project metadata and content concurrently independent requests ⋮---- title = project.get "title", "Untitled" project script id = project.get "scriptId", "… 证据：`gappsscript/apps_script_tools.py`
- **Validate reminders**（source_file）：logger = logging.getLogger name ⋮---- reminders = json.loads reminders input ⋮---- reminders = reminders input ⋮---- Validate reminders ⋮---- reminders = reminders :5 ⋮---- validated reminders = ⋮---- method = reminder "method" .lower ⋮---- minutes = reminder "minutes" ⋮---- valid transparency values = "opaque", "transparent" ⋮---- valid visibility values = "default", "public", "private", "confidential" ⋮---- VALID AUTO DECLINE MODES = { ⋮---- VALID FOCUS TIME CHAT STATUSES = { ⋮---- def validate auto decline mode mode: Optional str , function name: str - str ⋮---- """ Helper function to preserve existing event fields when not explicitly provided. Args: event body: The event body being buil… 证据：`gcalendar/calendar_tools.py`
- **Final fallback**（source_file）：logger = logging.getLogger name ⋮---- SENDER CACHE MAX SIZE = 256 sender name cache: Dict str, str = {} SEARCH MESSAGES MAX CONCURRENT SPACE FETCHES = 1 SEARCH MESSAGES SSL RETRIES = 3 SEARCH MESSAGES RETRY BASE DELAY SECONDS = 1 ⋮---- def cache sender user id: str, name: str - None ⋮---- to remove = list sender name cache.keys : SENDER CACHE MAX SIZE // 2 ⋮---- async def resolve sender people service, sender obj: dict - str ⋮---- display name = sender obj.get "displayName" ⋮---- user id = sender obj.get "name", "" e.g. "users/123456789" ⋮---- people resource = user id.replace "users/", "people/", 1 ⋮---- person = await asyncio.to thread names = person.get "names", ⋮---- resolved = names 0… 证据：`gchat/chat_tools.py`
- **Names**（source_file）：logger = logging.getLogger name ⋮---- DEFAULT PERSON FIELDS = "names,nicknames,emailAddresses,phoneNumbers,organizations" ⋮---- DETAILED PERSON FIELDS = ⋮---- CONTACT GROUP FIELDS = "name,groupType,memberCount,metadata" ⋮---- search cache warmed up: Dict str, bool = {} ⋮---- KNOWN PHONE TYPES = { ⋮---- class PhoneInput BaseModel ⋮---- model config = ConfigDict extra="forbid" ⋮---- number: Optional str = Field value: Optional str = Field type: Optional str = Field ⋮---- class EmailInput BaseModel ⋮---- address: Optional str = Field ⋮---- class OrganizationInput BaseModel ⋮---- name: Optional str = Field default=None, description="Organization name." title: Optional str = Field default=None,… 证据：`gcontacts/contacts_tools.py`
- **Precompiled regex patterns for Drive query detection**（source_file）：logger = logging.getLogger name ⋮---- VALID SHARE ROLES = {"reader", "commenter", "writer"} VALID SHARE TYPES = {"user", "group", "domain", "anyone"} ⋮---- def check public link permission permissions: List Dict str, Any - bool ⋮---- def format public sharing error file name: str, file id: str - str ⋮---- def get drive image url file id: str - str ⋮---- def validate share role role: str - None ⋮---- """ Validate that the role is valid for sharing. Args: role: The permission role to validate Raises: ValueError: If role is not reader, commenter, or writer """ ⋮---- def validate share type share type: str - None ⋮---- """ Validate that the share type is valid. Args: share type: The type of sha… 证据：`gdrive/drive_helpers.py`
- **Check if the query looks like a structured Drive query or free text**（source_file）：logger = logging.getLogger name ⋮---- SHARED DRIVE ORGANIZER CONCURRENCY LIMIT = 10 ⋮---- IMPORT FORMATS BY GOOGLE MIME TYPE = { ⋮---- Check if the query looks like a structured Drive query or free text Look for Drive API operators and structured query patterns is structured query = any pattern.search query for pattern in DRIVE QUERY PATTERNS ⋮---- final query = query ⋮---- For free text queries, wrap in fullText contains escaped query = query.replace "'", "\\'" final query = f"fullText contains '{escaped query}'" ⋮---- mime = resolve file type mime file type final query = f" {final query} and mimeType = '{mime}'" ⋮---- list params = build drive list params ⋮---- results = await asyncio.to… 证据：`gdrive/drive_tools.py`
- **Internal implementation function for testing**（source_file）：logger = logging.getLogger name ⋮---- def extract option values options: List Dict str, Any - List Dict str, Any ⋮---- def get question type question: Dict str, Any - str ⋮---- choice question = question.get "choiceQuestion" ⋮---- text question = question.get "textQuestion" ⋮---- def serialize form item item: Dict str, Any , index: int - Dict str, Any ⋮---- serialized item: Dict str, Any = { ⋮---- question = item.get "questionItem", {} .get "question", {} ⋮---- question id = question.get "questionId" ⋮---- question group = item.get "questionGroupItem", {} columns = extract option values ⋮---- rows = ⋮---- row: Dict str, Any = { row question id = question.get "questionId" ⋮---- form body: Di… 证据：`gforms/forms_tools.py`
- **Apply site restriction if sites are provided**（source_file）：logger = logging.getLogger name ⋮---- api key = os.environ.get "GOOGLE PSE API KEY" ⋮---- cx = os.environ.get "GOOGLE PSE ENGINE ID" ⋮---- Apply site restriction if sites are provided ⋮---- site query = " OR ".join f"site:{site}" for site in sites q = f"{q} {site query} " ⋮---- Build the request parameters params = { ⋮---- result = await asyncio.to thread service.cse .list params .execute ⋮---- search info = result.get "searchInformation", {} total results = search info.get "totalResults", "0" search time = search info.get "searchTime", 0 ⋮---- items = result.get "items", ⋮---- confirmation message = f"""Search Results for {user google email}: ⋮---- title = item.get "title", "No title" link… 证据：`gsearch/search_tools.py`
- **Only suggest re-authentication for auth-related errors 401, 403**（source_file）：logger = logging.getLogger name ⋮---- LIST TASKS MAX RESULTS DEFAULT = 20 LIST TASKS MAX RESULTS MAX = 10 000 LIST TASKS MAX POSITION = "99999999999999999999" ⋮---- def format reauth message error: Exception, user google email: str - str ⋮---- base = f"API error: {error}" ⋮---- Only suggest re-authentication for auth-related errors 401, 403 ⋮---- hint = ⋮---- class StructuredTask ⋮---- def init self, task: Dict str, str , is placeholder parent: bool - None ⋮---- def add subtask self, subtask: "StructuredTask" - None ⋮---- def repr self - str ⋮---- def adjust due max for tasks api due max: str - str ⋮---- """ Compensate for the Google Tasks API treating dueMax as an exclusive bound. The API… 证据：`gtasks/tasks_tools.py`
- **Replace all console handlers' formatters with safe enhanced ones**（source_file）：original stdout = sys.stdout ⋮---- def load startup dependencies ⋮---- dotenv path = os.path.join os.path.dirname os.path.abspath file , ".env" ⋮---- logger = logging.getLogger name ⋮---- def resolve stdio callback port - None ⋮---- def resolve callback port for transport transport: str - None ⋮---- """Apply callback port fallback only to legacy stdio transport.""" ⋮---- def resolve bind host for transport transport: str - str ⋮---- configured host = os.getenv "WORKSPACE MCP HOST" host = configured host or "0.0.0.0" ⋮---- config = get oauth config ⋮---- def validate streamable http auth transport: str - None ⋮---- SERVICE MODULES = { VALID SERVICES = frozenset SERVICE MODULES ⋮---- def safe… 证据：`main.py`
- **Google Workspace MCP Server**（documentation）：! License: MIT https://img.shields.io/badge/License-MIT-yellow.svg https://opensource.org/licenses/MIT ! Python 3.10+ https://img.shields.io/badge/Python-3.10%2B-blue.svg https://www.python.org/downloads/ ! PyPI https://img.shields.io/pypi/v/workspace-mcp.svg https://pypi.org/project/workspace-mcp/ 证据：`README_NEW.md`
- **Security Policy**（documentation）：Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests. 证据：`SECURITY.md`
- **Google Apps Script Tools Reference**（documentation）：MCP tools for Google Apps Script via the Google Workspace MCP server. All tools require user google email string, required except generate trigger code . 证据：`skills/managing-google-workspace/references/apps-script.md`
- **Google Calendar Tools Reference**（documentation）：MCP tools for Google Calendar event management and availability queries. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/calendar.md`
- **Google Chat Tools Reference**（documentation）：MCP tools for Google Chat spaces, messages, reactions, and attachments. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/chat.md`
- **Google Contacts Tools Reference**（documentation）：MCP tools for managing Google Contacts and contact groups. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/contacts.md`
- **Create Google Doc with Proper Layout**（documentation）：Create Google Doc with Proper Layout 证据：`skills/managing-google-workspace/references/docs-layout-workflow.md`
- **Google Docs Tools Reference**（documentation）：MCP tools for reading, creating, editing, and managing Google Docs. All tools require user google email string, required . The document id parameter accepts a doc ID or a full Google Docs URL. 证据：`skills/managing-google-workspace/references/docs.md`
- **Google Drive Tools Reference**（documentation）：MCP tools for Google Drive file management, search, content retrieval, and permission control. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/drive.md`
- **Google Forms Tools Reference**（documentation）：MCP tools for creating, reading, and updating Google Forms and their responses. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/forms.md`
- **Google Gmail Tools Reference**（documentation）：MCP tools for Gmail message search, sending, drafting, labels, and filters. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/gmail.md`
- **Google Custom Search Tools Reference**（documentation）：Google Custom Search Tools Reference 证据：`skills/managing-google-workspace/references/search.md`
- **Server Options Reference**（documentation）：These mirror the MCP server's own flags. Default setup : use stdio transport with OAuth 2.0 no flags needed . Only change these for specific deployment requirements. 证据：`skills/managing-google-workspace/references/server-options.md`
- **Google Sheets Tools Reference**（documentation）：MCP tools for reading, writing, formatting, and managing Google Sheets. All tools require user google email string, required . The spreadsheet id parameter accepts a spreadsheet ID or a full Google Sheets URL. 证据：`skills/managing-google-workspace/references/sheets.md`
- **Google Slides Tools Reference**（documentation）：MCP tools for reading, creating, and updating Google Slides presentations. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/slides.md`
- **Google Tasks Tools Reference**（documentation）：MCP tools for managing Google Tasks lists and task items. All tools require user google email string, required . 证据：`skills/managing-google-workspace/references/tasks.md`
- **Fastmcp**（structured_config）：{ "$schema": "https://gofastmcp.com/public/schemas/fastmcp.json/v1.json", "source": { "path": "fastmcp server.py", "entrypoint": "mcp" }, "environment": { "python": " =3.10", "project": "." }, "deployment": { "transport": "http", "host": "0.0.0.0", "port": 8000, "log level": "INFO", "env": { "MCP ENABLE OAUTH21": "true", "OAUTHLIB INSECURE TRANSPORT": "1" } } } 证据：`fastmcp.json`
- **Glama**（structured_config）：{ "$schema": "https://glama.ai/mcp/schemas/server.json", "maintainers": "taylorwilsdon" } 证据：`glama.json`
- **Manifest**（structured_config）：{ "manifest version": "0.4", "name": "workspace-mcp", "display name": "Google Workspace MCP", "version": "1.21.1", "description": "Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, Chat and Custom Search through all MCP clients, AI assistants and developer tools", "long description": "A production-ready MCP server that integrates all major Google Workspace services with AI assistants. Includes Google PSE integration for custom web searches.", "author": { "name": "Taylor Wilsdon", "email": "taylor@taylorwilsdon.com", "url": "https://taylorwilsdon.com" }, "homepage": "https://workspacemcp.com/", "documentation": "https://github.com/taylorwil… 证据：`manifest.json`
- **Server**（structured_config）：{ "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "io.github.taylorwilsdon/workspace-mcp", "description": "Google Workspace MCP server for Gmail, Drive, Calendar, Docs, Sheets, Slides, Forms, Tasks, Chat.", "status": "active", "version": "1.21.1", "packages": { "registryType": "pypi", "identifier": "workspace-mcp", "transport": { "type": "stdio" }, "version": "1.21.1" } } 证据：`server.json`
- **Edit Doc**（structured_config）：{ "skills": "managing-google-workspace" , "query": "Add a heading 'Summary' to the top of my doc https://docs.google.com/document/d/abc123/edit", "expected behavior": "Calls inspect doc structure to get current indices", "Calls modify doc text or insert doc elements to insert the heading", "Calls update paragraph style to apply heading formatting", "Calls get doc as markdown to verify the result" } 证据：`skills/managing-google-workspace/evaluations/edit_doc.json`
- **Search Email**（structured_config）：{ "skills": "managing-google-workspace" , "query": "Check my email for anything from Alice this week", "expected behavior": "Calls search gmail messages with a query combining from:alice and newer than:7d", "Reads message content with get gmail message content or get gmail messages content batch", "Summarizes results to the user" } 证据：`skills/managing-google-workspace/evaluations/search_email.json`
- 其余 17 条证据见 `AI_CONTEXT_PACK.json` 或 `EVIDENCE_INDEX.json`。

## 宿主 AI 必须遵守的规则

- **把本资产当作开工前上下文，而不是运行环境。**：AI Context Pack 只包含证据化项目理解，不包含目标项目的可执行状态。 证据：`README.md`, `gappsscript/README.md`, `helm-chart/workspace-mcp/README.md`
- **回答用户时区分可预览内容与必须安装后才能验证的内容。**：安装前体验的消费者价值来自降低误装和误判，而不是伪装成真实运行。 证据：`README.md`, `gappsscript/README.md`, `helm-chart/workspace-mcp/README.md`

## 用户开工前应该回答的问题

- 你准备在哪个宿主 AI 或本地环境中使用它？
- 你只是想先体验工作流，还是准备真实安装？
- 你最在意的是安装成本、输出质量、还是和现有规则的冲突？

## 验收标准

- 所有能力声明都能回指到 evidence_refs 中的文件路径。
- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。
- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。

---

## Doramagic Context Augmentation

下面内容用于强化 Repomix/AI Context Pack 主体。Human Manual 只提供阅读骨架；踩坑日志会被转成宿主 AI 必须遵守的工作约束。

## Human Manual 骨架

使用规则：这里只是项目阅读路线和显著性信号，不是事实权威。具体事实仍必须回到 repo evidence / Claim Graph。

宿主 AI 硬性规则：
- 不得把页标题、章节顺序、摘要或 importance 当作项目事实证据。
- 解释 Human Manual 骨架时，必须明确说它只是阅读路线/显著性信号。
- 能力、安装、兼容性、运行状态和风险判断必须引用 repo evidence、source path 或 Claim Graph。

- **项目概述**：importance `high`
  - source_paths: README.md, core/tool_tiers.yaml, main.py
- **快速入门指南**：importance `high`
  - source_paths: README.md, Dockerfile, docker-compose.yml
- **系统架构**：importance `high`
  - source_paths: core/server.py, core/tool_registry.py, core/tool_tier_loader.py, fastmcp_server.py
- **认证与授权系统**：importance `high`
  - source_paths: auth/google_auth.py, auth/oauth_callback_server.py, auth/scopes.py, auth/credential_store.py, auth/mcp_session_middleware.py
- **Gmail 集成**：importance `high`
  - source_paths: gmail/gmail_tools.py, gmail/gmail_helpers.py, core/attachment_storage.py
- **Drive 集成**：importance `high`
  - source_paths: gdrive/drive_tools.py, gdrive/drive_helpers.py
- **Docs/Sheets/Slides 集成**：importance `high`
  - source_paths: gdocs/docs_tools.py, gdocs/docs_markdown.py, gdocs/managers/batch_operation_manager.py, gsheets/sheets_tools.py, gslides/slides_tools.py
- **Calendar/Contacts/Chat 及其他服务**：importance `medium`
  - source_paths: gcalendar/calendar_tools.py, gcontacts/contacts_tools.py, gchat/chat_tools.py, gtasks/tasks_tools.py, gforms/forms_tools.py

## Repo Inspection Evidence / 源码检查证据

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `ae88c01796c95f463e0ea3c11a7f506b45b7f22d`
- inspected_files: `pyproject.toml`, `Dockerfile`, `README.md`, `docker-compose.yml`, `uv.lock`

宿主 AI 硬性规则：
- 没有 repo_clone_verified=true 时，不得声称已经读过源码。
- 没有 repo_inspection_verified=true 时，不得把 README/docs/package 文件判断写成事实。
- 没有 quick_start_verified=true 时，不得声称 Quick Start 已跑通。

## Doramagic Pitfall Constraints / 踩坑约束

这些规则来自 Doramagic 发现、验证或编译过程中的项目专属坑点。宿主 AI 必须把它们当作工作约束，而不是普通说明文字。

### Constraint 1: 来源证据：[Feature Request] Add import_to_google_slides tool for PPTX conversion

- Trigger: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：[Feature Request] Add import_to_google_slides tool for PPTX conversion
- Host AI rule: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Why it matters: 可能增加新用户试用和生产接入成本。
- Evidence: community_evidence:github | cevd_f871a29d45124aa7b0a5ddf0927e595a | https://github.com/taylorwilsdon/google_workspace_mcp/issues/568 | 来源类型 github_issue 暴露的待验证使用条件。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 2: 失败模式：security_permissions: Add content replacement support to `update_drive_file` (re-import with format conversion)

- Trigger: Developers should check this security_permissions risk before relying on the project: Add content replacement support to `update_drive_file` (re-import with format conversion)
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Add content replacement support to `update_drive_file` (re-import with format conversion). Context: Observed during version upgrade or migration.
- Why it matters: Developers may expose sensitive permissions or credentials: Add content replacement support to `update_drive_file` (re-import with format conversion)
- Evidence: failure_mode_cluster:github_issue | fmev_3c8303e858d6e3babf62908a594c01d5 | https://github.com/taylorwilsdon/google_workspace_mcp/issues/604 | Add content replacement support to `update_drive_file` (re-import with format conversion)
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 3: 来源证据：Add content replacement support to `update_drive_file` (re-import with format conversion)

- Trigger: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：Add content replacement support to `update_drive_file` (re-import with format conversion)
- Host AI rule: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Why it matters: 可能影响升级、迁移或版本选择。
- Evidence: community_evidence:github | cevd_80d9501239cf445d97725797177e9bee | https://github.com/taylorwilsdon/google_workspace_mcp/issues/604 | 来源类型 github_issue 暴露的待验证使用条件。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 4: 来源证据：Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callback port (8000-8004 exhaus…

- Trigger: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callback port (8000-8004 exhausted after 5 crashes)
- Host AI rule: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Why it matters: 可能阻塞安装或首次运行。
- Evidence: community_evidence:github | cevd_36a1aade8bf74121947b6fbe430ec6a1 | https://github.com/taylorwilsdon/google_workspace_mcp/issues/816 | 来源讨论提到 python 相关条件，需在安装/试用前复核。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 5: 仓库名和安装名不一致

- Trigger: 仓库名 `google_workspace_mcp` 与安装入口 `workspace-mcp` 不完全一致。
- Host AI rule: 在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。
- Why it matters: 用户照着仓库名搜索包或照着包名找仓库时容易走错入口。
- Evidence: identity.distribution | github_repo:973788136 | https://github.com/taylorwilsdon/google_workspace_mcp | repo=google_workspace_mcp; install=workspace-mcp
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 6: 失败模式：installation: Unregistered scope aliases `drive_full` and `script_full` cause permanent auth-failure on `de...

- Trigger: Developers should check this installation risk before relying on the project: Unregistered scope aliases `drive_full` and `script_full` cause permanent auth-failure on `delete_script_project` and `create_version`
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Unregistered scope aliases `drive_full` and `script_full` cause permanent auth-failure on `delete_script_project` and `create_version`. Context: Observed when using python
- Why it matters: Developers may fail before the first successful local run: Unregistered scope aliases `drive_full` and `script_full` cause permanent auth-failure on `delete_script_project` and `create_version`
- Evidence: failure_mode_cluster:github_issue | fmev_e7cb2e2b3e59870680f53a03ba2ecf81 | https://github.com/taylorwilsdon/google_workspace_mcp/issues/809 | Unregistered scope aliases `drive_full` and `script_full` cause permanent auth-failure on `delete_script_project` and `create_version`
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 7: 失败模式：installation: v1.17.1

- Trigger: Developers should check this installation risk before relying on the project: v1.17.1
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v1.17.1. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Upgrade or migration may change expected behavior: v1.17.1
- Evidence: failure_mode_cluster:github_release | fmev_212825a3c03db512b74b1674278bd9c0 | https://github.com/taylorwilsdon/google_workspace_mcp/releases/tag/v1.17.1 | v1.17.1
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 8: 失败模式：configuration: Re-auth loop: OAuth callback stores credentials under `google-<state>` session, never bound t...

- Trigger: Developers should check this configuration risk before relying on the project: Re-auth loop: OAuth callback stores credentials under `google-<state>` session, never bound to the live MCP session — every tool call after re-auth re-prompts
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Re-auth loop: OAuth callback stores credentials under `google-<state>` session, never bound to the live MCP session — every tool call after re-auth re-prompts. Context: Observed when using python
- Why it matters: Developers may misconfigure credentials, environment, or host setup: Re-auth loop: OAuth callback stores credentials under `google-<state>` session, never bound to the live MCP session — every tool call after re-auth re-prompts
- Evidence: failure_mode_cluster:github_issue | fmev_6c9d034c0e1c92375af2d9eaa8490794 | https://github.com/taylorwilsdon/google_workspace_mcp/issues/810 | Re-auth loop: OAuth callback stores credentials under `google-<state>` session, never bound to the live MCP session — every tool call after re-auth re-prompts
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 9: 失败模式：configuration: Scary Mode

- Trigger: Developers should check this configuration risk before relying on the project: Scary Mode
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Scary Mode. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Upgrade or migration may change expected behavior: Scary Mode
- Evidence: failure_mode_cluster:github_release | fmev_f7ece854c6d958a3a069caa7373df268 | https://github.com/taylorwilsdon/google_workspace_mcp/releases/tag/v1.18.0 | Scary Mode
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 10: 失败模式：configuration: Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callb...

- Trigger: Developers should check this configuration risk before relying on the project: Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callback port (8000-8004 exhausted after 5 crashes)
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callback port (8000-8004 exhausted after 5 crashes). Context: Observed when using python, windows, macos
- Why it matters: Developers may misconfigure credentials, environment, or host setup: Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callback port (8000-8004 exhausted after 5 crashes)
- Evidence: failure_mode_cluster:github_issue | fmev_c2dc89d9e3e849d9cddbb644aa4b75c1 | https://github.com/taylorwilsdon/google_workspace_mcp/issues/816 | Windows: workspace-mcp Python child survives ungraceful parent termination, leaks OAuth callback port (8000-8004 exhausted after 5 crashes)
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。