From gaia-ops
Use when installing or configuring the Google Workspace CLI (gws) for a Google account
npx claudepluginhub metraton/gaia --plugin gaia-opsThis skill uses the workspace's default tool permissions.
The gws CLI looks straightforward but breaks in subtle ways -- Google's OAuth flow has undocumented constraints that differ between personal and organizational accounts, and the gws tool itself has open bugs around scopes and multi-account. This procedure captures the working path and the traps discovered through real setup sessions, so you avoid the silent failures that waste hours.
Triggers research for existing libraries, tools, and patterns before coding new features. Searches npm, PyPI, MCP/skills, GitHub; evaluates matches and decides adopt/extend/build.
Audits cross-stack repos (C++/Android/iOS/Web), classifies files as project/third-party/artifacts, detects embedded libraries, assigns module verdicts, generates interactive HTML reports.
Reorganizes X and LinkedIn networks: review-first pruning of low-value follows, priority-based add/follow recommendations, and drafts warm outreach in user's voice.
Share bugs, ideas, or general feedback.
The gws CLI looks straightforward but breaks in subtle ways -- Google's OAuth flow has undocumented constraints that differ between personal and organizational accounts, and the gws tool itself has open bugs around scopes and multi-account. This procedure captures the working path and the traps discovered through real setup sessions, so you avoid the silent failures that waste hours.
Prerequisites: gcloud CLI installed, browser access for OAuth, interactive terminal for auth steps.
~/.local/bin/, chmod +xgws --versiongcloud auth login <email> --no-launch-browser (interactive terminal required)gcloud config set account <work-account>gcloud projects list --account=<email>gcloud projects create gaia-<name> --name="Gaia <Name>" --account=<email>gaia-<identifier>-personal or gaia-<identifier>-workgws auth setup --project <project-id>For safe scopes and blocked scopes by account type, read reference.md in this directory.
Known bug: gws issue #119 -- gws auth login unusable with personal @gmail.com when organizational scopes are included. Google returns 400: invalid_scope.
https://console.cloud.google.com/apis/credentials/consent?project=<project-id>403: access_denied ("app not verified")https://console.cloud.google.com/apis/credentials?project=<project-id>401: invalid_clientclient_secret_*.json -> save to ~/.config/gws/client_secret.jsongws auth login -- opens browser for OAuth consent (interactive terminal required)gws auth status -- confirm token validgws gmail users messages list --params '{"userId":"me","maxResults":5}' -- test Gmailgws gmail users labels list --params '{"userId":"me"}' -- test labelsgcloud config set account <original-work-account>gcloud config get accountgws supports multi-account via gws auth login --account <email>, gws auth list, gws auth default <email>, gws --account <email> <command>.
Known bug: issue #181 -- --account flag doesn't work correctly yet.
400: invalid_scope403: access_denied401: invalid_clientgcloud config set account after setupadmin.*, cloud-identity.*, or directory.* scopes for personal accountsgmail-policy -- operational Gmail security (tiers, labels, no-delete rule)