## Enriched Shadow Mode — Implementation **Status:** Ready to dispatch **Blocker:** Google Calendar OAuth not yet configured --- ### What We Need The gog skill requires OAuth setup before calendar queries work: ```bash # Step 1: Set credentials (client_secret.json from Google Cloud Console) gog auth credentials /path/to/client_secret.json # Step 2: Add account with calendar scope gog auth add hoffmann.family.manager@gmail.com --services calendar # Step 3: Verify gog auth list ``` ### Security Checklist - [ ] Client ID from Google Cloud Console (project: hoffmann-icarus) - [ ] OAuth consent screen configured (internal/limited) - [ ] `calendar.readonly` scope only (NOT `calendar` read-write) - [ ] API key restricted to Tailscale IPs - [ ] No `events.insert()` or `events.update()` calls in code - [ ] Rate limiting: max 50 queries/day ### What I Need From You 1. **Google Cloud Console access** — Do you have a project set up? Or should I guide you through creating one? 2. **Client Secret file** — Is `client_secret.json` already on the Beelink? If so, where? 3. **Calendar ID** — Which Google Calendar holds the family schedule? (e.g., `hoffmann.family.manager@gmail.com` or a shared calendar ID) ### Alternative Path If OAuth setup is complex, we can use a **service account** with domain-wide delegation (read-only). This avoids the OAuth consent flow but requires: - Google Workspace admin access - Service account key file (JSON) - Domain-wide delegation for `calendar.readonly` ### My Recommendation Use OAuth (not service account) for now — it's the standard path and easier to scope to read-only. Service accounts are overkill for family use and harder to audit. **Next Step:** Get me the `client_secret.json` path or confirm you need help setting it up. --- **Files:** - `services/icarus/docs/ENRICHED-SHADOW-SPEC.md` — Full spec - `~/.npm-global/lib/node_modules/openclaw/skills/gog/SKILL.md` — gog usage **Staging database:** `~/.icarus/shadow/shadow.db` (isolated, no production data) **When OAuth is ready:** I'll dispatch Socrates to implement CalendarValidator class, fuzzy matching, and Admin DM exhaust.