Google AI Releases a CLI Software (gws) for Workspace APIs: Offering a Unified Interface for People and AI Brokers

Integrating Google Workspace APIs—comparable to Drive, Gmail, Calendar, and Sheets—into functions and knowledge pipelines sometimes requires writing boilerplate code to deal with REST endpoints, pagination, and OAuth 2.0 flows. Google AI crew simply launched a CLI Software (gws) for Google Workspace. The open-source googleworkspace/cli (invoked through the gws command) gives a unified, dynamic command-line interface to handle these companies.

Designed for each human builders and AI brokers, gws eliminates the necessity for customized wrapper scripts by offering structured JSON outputs, native Mannequin Context Protocol (MCP) help, and automatic authentication workflows.

Dynamic API Discovery Structure

In contrast to conventional CLI instruments that compile a static checklist of instructions, gws builds its command floor dynamically at runtime.

When executed, gws makes use of a two-phase parsing technique:

1. It reads the primary argument to determine the goal service (e.g., drive).
2. It fetches that service’s Google Discovery Doc (cached for twenty-four hours).
3. It builds a command tree from the doc’s assets and strategies.
4. It parses the remaining arguments, authenticates, and executes the HTTP request.

Due to this structure, gws robotically helps new Google Workspace API endpoints the second they’re added to the Discovery Service.

Core Options for Software program Engineers and Knowledge Scientists

The CLI could be put in through npm (npm set up -g @googleworkspace/cli) or constructed from supply (cargo set up --path .). As soon as put in, it presents a number of built-in utilities for knowledge extraction and automation:

• Introspection and Preview: Each useful resource contains --help documentation generated from the Discovery API. You possibly can view the schema of any methodology (e.g., gws schema drive.recordsdata.checklist) or use the --dry-run flag to preview the precise HTTP request earlier than execution.
• Structured Knowledge Extraction: By default, each response—together with errors and metadata—is returned as structured JSON.
• Auto-Pagination: For devs pulling massive datasets, the --page-all flag robotically handles API cursors. It streams paginated outcomes as NDJSON (Newline Delimited JSON), which could be piped immediately into command-line JSON processors:Bashgws drive recordsdata checklist --params '{"pageSize": 100}' --page-all | jq -r '.recordsdata[].title'

Integration with AI Brokers and MCP

A major use case for gws is serving as a tool-calling backend for Giant Language Fashions (LLMs).

• Mannequin Context Protocol (MCP) Server: By operating gws mcp -s drive,gmail,calendar, the CLI begins an MCP server over stdio. This exposes Workspace APIs as structured instruments that any MCP-compatible shopper (like Claude Desktop or VS Code) can natively name.
• Pre-built Agent Abilities: The repository contains over 100 Agent Abilities masking all supported APIs and customary workflows. AI Engineers can set up these immediately into agent environments utilizing npx abilities add github:googleworkspace/cli.
• Gemini CLI Extension: Builders utilizing the Gemini CLI can set up the gws extension (gemini extensions set up https://github.com/googleworkspace/cli), permitting the native Gemini agent to inherit gws credentials and handle Workspace assets natively.
• Mannequin Armor (Response Sanitization): To mitigate immediate injection dangers when feeding API knowledge to an LLM, gws helps Google Cloud Mannequin Armor. Passing the --sanitize flag scans API responses for malicious payloads earlier than the info reaches your agent.

Authentication Workflows

The CLI handles authentication securely throughout completely different environments, changing the necessity for handbook token administration in customized scripts. Priority is given to specific tokens, adopted by credentials recordsdata, and at last native keyring storage.

• Native Desktop: Working gws auth setup initiates an interactive movement to configure a Google Cloud venture, allow crucial APIs, and deal with OAuth login. Credentials are encrypted at relaxation utilizing AES-256-GCM and saved within the OS keyring.
• Headless / CI/CD: For server environments, builders can full the interactive auth regionally and export the plaintext credentials:Bashgws auth export --unmasked > credentials.json On the headless machine, level the CLI to this file utilizing an atmosphere variable: export GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/credentials.json.
• Service Accounts: gws natively helps server-to-server Service Account key recordsdata and Area-Vast Delegation through the GOOGLE_WORKSPACE_CLI_IMPERSONATED_USER variable.

Try the Repo here. Additionally, be at liberty to observe us on Twitter and don’t neglect to affix our 120k+ ML SubReddit and Subscribe to our Newsletter. Wait! are you on telegram? now you can join us on telegram as well.