Google has quietly released a command-line interface that wraps Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, and basically every other Workspace API into a single tool called gws. You install it via npm, it is written in Rust, and the GitHub repo already has over 6,000 stars. The kicker: the README includes a disclaimer that this is "not an officially supported Google product."
Which is a fascinating thing to say about a tool published under the googleworkspace GitHub organization.
How it actually works
The interesting engineering decision here is that gws doesn't ship with a static list of commands. It reads Google's Discovery Service at runtime and builds its entire command surface dynamically. So when Google adds an API endpoint tomorrow, gws picks it up automatically without a release. That is a neat trick for maintainability, though one Hacker News commenter called it "an anti-pattern" for a CLI, since your available commands can change underneath you. Fair point. But when your primary audience is AI agents rather than humans typing from memory, maybe stability of the command surface matters less.
Everything returns structured JSON. Auto-pagination is handled with a --page-all flag that streams results as newline-delimited JSON. There is a --dry-run flag for previewing HTTP requests before execution. Standard stuff for a well-designed CLI, and the kind of thing that took the community years of third-party wrappers to approximate.
The agent play
Let's be honest about what this is for. The tool supports MCP server mode out of the box: run gws mcp -s drive,gmail,calendar and it exposes those Workspace APIs as structured tools for any MCP-compatible client. Claude Desktop, Gemini CLI, VS Code, whatever. Each service adds roughly 10 to 80 tools, and the docs warn you to keep the list narrow so you don't blow past your client's tool limit.
The repo ships with over 100 pre-built "agent skills" covering common workflows, and there is a Gemini CLI extension that lets Google's own agent inherit gws credentials directly. Google also includes a git-style pull/push workflow for editing Sheets, Docs, and Slides: pull converts the Google file into a local folder with agent-friendly files (a Sheet becomes a .tsv plus a formula.json), the agent edits the files, then pushes changes back. That is a clever abstraction, and probably the part that will get the most use in practice.
Model Armor, or: the prompt injection problem nobody solved
Here is where I got curious. The CLI integrates with Google Cloud's Model Armor service, which scans API responses for prompt injection before they reach your agent. The scenario is real: if you point an LLM at your Gmail inbox, an attacker could embed instructions in an email body telling the agent to forward password reset emails to an external address. Justin Poehnelt from Google DevRel wrote about this exact scenario back in December.
The integration is a --sanitize flag that points to a Model Armor template. In warn mode (the default), it flags suspicious content. In block mode, it stops it. That is better than nothing, and better than what most MCP setups offer today. But Model Armor is a paid Google Cloud service, it requires its own setup, and the prompt injection detection runs on confidence thresholds that you tune yourself. I'm not sure how many individual developers connecting gws to Claude Desktop are going to bother.
The "not officially supported" question
The Hacker News thread is split on what to make of this. One commenter who appears to be a Google employee described it as a DevRel project, not an engineering product, meaning it could be abandoned since DevRel teams aren't graded on ongoing maintenance. Another pointed out it's published under the official googleworkspace org on GitHub. A third noted that the project has already disabled non-collaborator pull requests, linking to a discussion thread about it.
The version is 0.7.0. The repo warns to expect breaking changes before v1.0. And you still need a Google Cloud project with OAuth credentials to use it, which means walking through the consent screen setup, enabling APIs individually, and dealing with the 25-scope limit on unverified apps. That is not a five-minute onboarding.
Why now?
The timing makes sense if you look at the agent tooling landscape. Third-party MCP servers for Google Workspace have been proliferating for months, all building their own wrappers around the same REST APIs, handling pagination differently, authenticating differently. Google releasing an official (well, semi-official) CLI that does all of this and also happens to speak MCP is a way to standardize the interface without committing to full product support.
VentureBeat's analysis frames it as Google choosing CLI as the base interface with MCP layered on top. There is some logic to that. An AI agent that can call shell commands and parse JSON doesn't strictly need MCP at all. But then again, Google ships the MCP mode anyway.
GCP Next is scheduled for April 22 to 24. Whether gws gets promoted to something with real support or quietly stays in its current limbo should become clear then. For now, it is a useful tool with an asterisk, which is pretty much Google's specialty.
