OpenClicky connects to Google Workspace throughDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/jasonkneen/openclicky/llms.txt
Use this file to discover all available pages before exploring further.
gogcli, a local CLI installed as gog. Rather than adding hosted OAuth, a cloud key-sync flow, or a server-side Google login to OpenClicky itself, all Google authentication lives entirely on your machine inside gogcli’s own keyring. The bundled google-workspace-gogcli skill teaches Clicky how to read Gmail, Calendar, Drive, Contacts, Docs, Sheets, Slides, Chat, Tasks, and more — and how to gate any write action behind explicit approval.
Why gogcli?
OpenClicky deliberately avoids a hosted Google login because it would require OpenClicky to hold OAuth tokens on a server and add a cloud dependency to a product designed to run locally. gogcli stores credentials in your macOS Keychain (or an encrypted file keyring), so Google tokens never leave your machine. The tradeoff is a one-time CLI setup, but that setup gives you full control over which scopes are granted and which accounts are active.Installation
Install gogcli with Homebrew:Checking Status
OpenClicky’s Settings → Google panel shows live gogcli status. You can also check from the terminal using the bundled script:Setting Up an OAuth Client
Google Workspace access requires a Desktop OAuth client JSON from a Google Cloud project you control (or that your Workspace organization controls). gogcli stores the client credentials locally — do not commit them to this repository. Store a downloaded client JSON in gogcli:If the Google OAuth consent screen shows the app name “Clicky”, that branding comes from the local OAuth client stored in
~/Library/Application Support/gogcli/credentials.json. Replace that file with an OpenClicky-owned Desktop OAuth client JSON and re-authenticate to change the consent-screen app name.Adding Accounts with Scopes
Authorize accounts using the least-privilege scopes required for the task. OpenClicky agents will not request scopes beyond what you authorize here.Workspace-Specific Clients
If you work across multiple Google Cloud projects or Workspace domains, use named clients with aliases:--account work or set GOG_ACCOUNT=work in subsequent commands to target the aliased account.
Common Read Commands
Use--json for structured output and --account to target a specific account or alias.
Gmail
Calendar
Drive
Contacts
Write Safety
For write operations, the agent will summarize the target account and the exact mutation before proceeding. Email drafts are shown for approval before any send is attempted. If you haveGOG_GMAIL_NO_SEND=1 set in your environment, the agent respects it and bypasses it only for the one approved send:
Keyring Password
If gogcli is configured to use its encrypted file keyring (rather than the macOS Keychain backend), OpenClicky agents need the keyring password non-interactively. Add it to your local secrets file:Troubleshooting
| Symptom | Fix |
|---|---|
credentials_exists: false | Run gog auth credentials list --json. If empty, use OpenClicky Settings → Google or run gog auth credentials <client-json>. |
No accounts in gog auth list | Use OpenClicky Settings → Google or run gog auth add <email> --services .... |
| Re-auth or missing scopes | Use OpenClicky Settings → Google or run gog auth add <email> --services ... --force-consent. |
| Keyring needs passphrase | Run gog auth doctor. Set GOG_KEYRING_PASSWORD in secrets.env or migrate to the macOS Keychain backend. |
| Command not found | Run GOG_HELP=full gog --help or gog <group> --help to inspect available subcommands. |
Supported Services
Thegoogle-workspace-gogcli skill covers Gmail, Calendar, Drive, Docs, Sheets, Slides, Chat, Contacts, Tasks, Groups, Workspace Admin, Classroom, Forms, Apps Script, People, and Keep — any service supported by gogcli and the scopes you authorize. Use OpenClicky Settings → Google as the primary status check for day-to-day use.