Skip to main content
Glama

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
GAM_CFG_DIRNoThe absolute path to the directory containing your GAM configuration and authentication files (e.g. oauth2.txt, client_secrets.json). If left unset, GAM will use its default configuration paths.
GAM_EXECUTABLE_PATHNoThe absolute path to your local gam executable. If gam is already in your PATH, you can leave this unset.

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
run_gam_commandA

Escape hatch for GAM commands not covered by a dedicated tool. Prefer the specific semantic tools when available.

validate_gam_commandA

Validates the structure of a proposed GAM command before execution. Checks executable availability, known top-level verbs, and bulk command structural rules. Does NOT execute the command. Returns 'VALID' or a descriptive error/warning message.

build_bulk_gam_commandA
Constructs a GAM bulk processing command from structured inputs without executing it.
Returns the full command string for review. Pass the args to validate_gam_command,
then run_gam_command if valid.

gam_command_template uses ~ColumnName for standalone column values and
~~ColumnName~~ when embedded within a larger string argument.
Example: ["update", "user", "~primaryEmail", "ou", "/Staff/~~Department~~"]

Use processing_mode 'loop' for rate-sensitive or ordered operations.
Use 'csv' for parallelized operations. Use 'tbatch' when nesting 'gam csv' inside a batch file.
configure_todrive_noemailA
    Step 1 of the MyDrive → Shared Drive migration workflow.

    Sets the GAM configuration flag `todrive_noemail` to true so that
    emails are NOT sent to impersonated users when GAM writes output
    to Google Sheets via todrive.

    Run this ONCE before starting any audit steps.

    GAM command:
        gam config todrive_noemail true
    
audit_file_inventoryA
    Step 2 — Master file/folder inventory.

    Prints every file and folder under the source folder with full
    metadata and resolved file paths, then writes the results to the
    specified Google Sheet tab.

    Fields returned: id, name, mimeType, owners, parents, size,
    modifiedTime, createdTime, trashed.  `filepath` resolves the full
    path from root.  `excludetrashed` omits deleted content.

    NOTE: If the user has not yet created a Google Sheet, instruct them
    to create one named "Migration Audit" with tabs: file_audit,
    all_permissions, file_count, own, not_owner, external_owner,
    public_files, shortcuts, shared_drive_members, migration_log,
    post_migration_permissions.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder to audit.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name to write to (default: "file_audit").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            fields "id,name,mimeType,owners,parents,size,modifiedTime,
            createdTime,trashed" filepath excludetrashed
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_file_countsA
    Step 3 — File count and storage summary.

    Produces a per-MIME-type breakdown of file counts and storage used
    inside the source folder.  Useful for capacity planning on the
    destination Shared Drive.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "file_count").

    GAM command:
        gam user <user_email> print filecounts query "'<folder_id>' in parents"
            showsize showmimetypesize excludetrashed
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_owned_filesA
    Step 4 — Files owned by the migrating user.

    Only files owned by the user can be *moved* (not just copied) to a
    Shared Drive.  This audit isolates those items.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "own").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            showownedby me
            fields "id,name,mimeType,owners,modifiedTime"
            filepath excludetrashed
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_not_owned_filesA
    Step 5 — Files owned by others.

    Files owned by other users inside this folder structure will NOT
    transfer with a standard move to a Shared Drive.  The host should
    inform the requesting user which folders/files are affected and
    that those items cannot be migrated.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "not_owner").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            showownedby others
            fields "id,name,mimeType,owners,sharingUser,modifiedTime"
            filepath excludetrashed
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_all_permissionsA
    Step 6 — Full Access Control List audit.

    Lists every permission entry (one row per ACL) for every file and
    folder under the source.  This sheet is the master reference used
    by the permission-reapplication steps (12–14) after migration.

    basicpermissions returns: allowFileDiscovery, deleted, domain,
    emailAddress, expirationTime, id, role, type.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "all_permissions").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            fields "id,name,mimeType,basicpermissions,owners"
            filepath excludetrashed oneitemperrow pmfilter
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_external_permissionsA
    Step 7 — Files shared with users outside your organisation.

    Flags files that have at least one permission entry for a user NOT
    in the specified domain.  These may require cleanup or
    re-evaluation before migrating to a Shared Drive with different
    sharing policies.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        domain: Your organisation's domain (e.g. "company.com").
        sheet_name: The tab name (default: "external_owner").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            fields "id,name,mimeType,basicpermissions,owners"
            filepath excludetrashed
            permissionmatch type user notdomainlist <domain> endmatch
            pmfilter oneitemperrow
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_public_filesA
    Step 8 — Files accessible to "anyone with the link" or publicly.

    These are the highest-risk files from a security stand-point.
    Shared Drives can restrict this behaviour at the drive level, so
    you need to know what you are inheriting.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "public_files").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            fields "id,name,mimeType,basicpermissions,owners"
            filepath excludetrashed
            permissionmatch type anyone endmatch
            pmfilter oneitemperrow
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_shortcutsA
    Step 9 — Identify Google Drive shortcuts.

    Shortcuts pointing to files outside the migration scope will break
    after the move since they reference the original file's location.
    shortcutDetails returns the targetId and targetMimeType so you can
    determine whether the target will also be in the Shared Drive
    post-migration.

    Args:
        user_email: The email of the user who owns the source folder.
        folder_id: The ID of the source folder.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "shortcuts").

    GAM command:
        gam user <user_email> print filelist select <folder_id>
            showmimetype gshortcut
            fields "id,name,shortcutDetails,parents,owners"
            filepath excludetrashed
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
audit_shared_drive_membersA
    Step 10 — List existing Shared Drives and their members.

    Confirms the destination Shared Drive exists and who has what level
    of access.  The migrating user must be a Manager on the Shared
    Drive to move files into it.

    Args:
        user_email: The email of the admin user running the query.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "shared_drive_members").

    GAM command:
        gam user <user_email> print teamdriveacls
            fields "id,name,role,type,emailAddress"
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle 
    
execute_migration_moveA
    Step 11 — Move the source folder tree to the Shared Drive.

    DESTRUCTIVE — requires confirmed=True to execute.

    Recursively moves the folder tree into the destination Shared Drive,
    merging duplicate folders and overwriting older duplicate files.
    Folder permissions are copied for both merged and newly created folders.

    NOTE: Run ALL audit steps (1–10) before executing this step.

    NOTE: CSV/todrive logging is not supported by `move drivefile`. To retain
    a record of the move, redirect stdout/stderr to a log file at the shell
    level, or run a `print filelist` audit step before and after migration.

    Args:
        user_email: The email of the folder owner (must be a Shared Drive
                    Manager/Organizer of the destination).
        folder_id: The ID of the source folder.
        shared_drive_id: The ID of the destination Shared Drive.
        confirmed: Must be True to execute. False returns a preview.

    GAM command:
        gam user <user_email> move drivefile <folder_id>
            teamdriveparentid <shared_drive_id>
            duplicatefiles overwriteolder
            duplicatefolders merge
            copymergedtopfolderpermissions true
            copymergedsubfolderpermissions true
            summary
    
reapply_user_group_permissionsA
    Step 12 — Reapply user and group permissions from the audit sheet.

    DESTRUCTIVE — requires confirmed=True to execute.

    Reads the all_permissions sheet and re-creates every user/group ACL
    on the corresponding file in the Shared Drive.  Processes only
    rows where permission.type is "user" or "group".

    INFO: Ownership cannot be transferred via ACL on a Shared Drive.
    In Shared Drives the drive itself is the owner — owner-role rows
    from the audit sheet will be silently ignored.

    Args:
        user_email: The admin email executing the command.
        sheet_id: The ID of the Google Sheet containing the audit.
        sheet_name: The tab containing ACL data (default: "all_permissions").
        confirmed: Must be True to execute. False returns a preview.

    GAM command:
        gam config csv_input_row_filter "permission.type:regex:user|group"
            redirect stdout ./reapply_user_group_perms.txt multiprocess
            redirect stderr stdout
            csv gsheet <user_email> <sheet_id> <sheet_name>
            gam user <user_email> create drivefileacl "~id"
            "~permission.type" "~permission.emailAddress"
            role "~permission.role" nodetails
    
reapply_domain_permissionsA
    Step 13 — Reapply domain-wide permissions from the audit sheet.

    DESTRUCTIVE — requires confirmed=True to execute.

    Reads the all_permissions sheet and re-creates every domain ACL on
    the corresponding file in the Shared Drive.  Includes the
    allowFileDiscovery setting so domain-wide visibility is preserved.

    Args:
        user_email: The admin email executing the command.
        sheet_id: The ID of the Google Sheet containing the audit.
        sheet_name: The tab containing ACL data (default: "all_permissions").
        confirmed: Must be True to execute. False returns a preview.

    GAM command:
        gam config csv_input_row_filter "permission.type:regex:domain"
            redirect stdout ./reapply_domain_perms.txt multiprocess
            redirect stderr stdout
            csv gsheet <user_email> <sheet_id> <sheet_name>
            gam user <user_email> create drivefileacl "~id"
            "~permission.type" "~permission.domain"
            role "~permission.role"
            allowfilediscovery "~permission.allowFileDiscovery"
            nodetails
    
reapply_anyone_permissionsA
    Step 14 — Reapply "anyone" (public) permissions from the audit sheet.

    DESTRUCTIVE — requires confirmed=True to execute.

    If the audit captured any "anyone with the link" ACLs, this step
    reapplies them.  Consider whether public access is appropriate on
    the destination Shared Drive before confirming.

    Args:
        user_email: The admin email executing the command.
        sheet_id: The ID of the Google Sheet containing the audit.
        sheet_name: The tab containing ACL data (default: "all_permissions").
        confirmed: Must be True to execute. False returns a preview.

    GAM command:
        gam config csv_input_row_filter "permission.type:regex:anyone"
            redirect stdout ./reapply_anyone_perms.txt multiprocess
            redirect stderr stdout
            csv gsheet <user_email> <sheet_id> <sheet_name>
            gam user <user_email> create drivefileacl "~id"
            anyone role "~permission.role"
            allowfilediscovery "~permission.allowFileDiscovery"
            nodetails
    
audit_post_migration_permissionsA
    Step 15 — Post-migration permissions audit on the Shared Drive.

    After reapplying permissions (steps 12–14), run this final audit
    against the Shared Drive to confirm the ACLs match what was
    recorded pre-migration.  Compare this tab against the
    all_permissions tab to verify correctness.

    Args:
        user_email: The admin email executing the command.
        shared_drive_id: The ID of the destination Shared Drive.
        sheet_id: The ID of the Google Sheet for output.
        sheet_name: The tab name (default: "post_migration_permissions").

    GAM command:
        gam user <user_email> print filelist select <shared_drive_id>
            fields "id,name,mimeType,basicpermissions,owners"
            filepath excludetrashed oneitemperrow pmfilter
            todrive tdfileid <sheet_id> tdsheet "<sheet_name>"
            tdupdatesheet tdretaintitle
    
transfer_calendar_eventA
    Transfers a calendar event from one user to another.
    Note: GAM7 v7.31.03+ removed the direct calendar transfer command
    due to Calendar API changes. This tool will update the event's organizer field
    and add the destination user as an organizer-level attendee.
    
    WARNING: The Meet link may break if the original organizer leaves the org.
    
    Args:
        source_user_email: The original organizer of the event.
        destination_user_email: The new organizer for the event.
        event_id: The ID of the calendar event.
        confirmed: Must be True to execute. If False, returns a preview.
        
    GAM pattern:
        gam calendar <source_user_email> update event id <event_id>
            organizer <destination_user_email>
    
create_collaborative_inbox_groupA
    Creates a new Google Group configured as a Collaborative Inbox.
    
    Args:
        group_email: The email address for the new group.
        group_name: The display name for the new group.
        initial_member_emails: List of email addresses to add as members.
        who_can_post: Posting permission setting. Defaults to "ALL_MEMBERS_CAN_POST".
        confirmed: Must be True to execute. If False, returns a preview.
        
    GAM pattern:
        1. gam create group <group_email> name <group_name>
        2. gam update group <group_email> setting isArchived false whoCanPostMessage <who_can_post> enableCollaborativeInbox true
        3. for each member: gam update group <group_email> add member <member_email>
    
get_group_permissions_to_sheetA
    Retrieves group members and their roles, outputting to a Google Sheet.
    Uses multiprocess redirect to quickly gather many groups.
    
    Args:
        group_emails: List of group email addresses to query.
        output_sheet_id: ID of the Google Sheet for output.
        output_sheet_name: Tab name for the output sheet.
        
    GAM pattern:
        gam redirect csv - multiprocess todrive tdfileid <id> tdsheet <name> tdupdatesheet 
        print group-members group <email1> <email2> ...
    
create_gws_userA
    Creates a new Google Workspace user.
    
    Args:
        first_name: The first name of the user.
        last_name: The last name of the user.
        primary_email: The primary email address for the new user.
        org_unit_path: The organizational unit path (e.g., '/Staff/Engineering').
        password: The initial password for the user.
        change_password_at_next_login: Whether to force password change on first login.
        confirmed: Must be True to execute. If False, returns a preview.
        
    GAM pattern:
        gam create user <primary_email> firstname <first_name> lastname <last_name>
            org <org_unit_path> password <password> changepassword <true/false>
    
identify_workspace_entityA
    Identifies a Workspace entity (user, group, alias, etc.) by its email or ID.
    
    Args:
        identifier: The email address or resource identifier to query.
        
    GAM pattern:
        gam whatis <identifier>
    
get_gmail_log_eventsB
    Retrieves Gmail log events and optionally writes them to a Google Sheet.
    
    Args:
        actor_email: Optional email to filter logs for a specific actor.
        start_date: Optional start date (YYYY-MM-DD).
        end_date: Optional end date (YYYY-MM-DD).
        event_name: Optional event name to filter.
        output_sheet_id: Optional Sheet ID for output. Strongly recommended.
        output_sheet_name: Tab name for sheet output.
        
    GAM pattern:
        gam report gmail [actor <actor_email>] [start <start_date>]
            [end <end_date>] [event <event_name>] [todrive ...]
    
get_user_email_count_to_sheetA
    Retrieves email counts for specific labels across multiple users.
    Uses multiprocess redirect if outputting to a sheet.
    
    Args:
        user_emails: List of user emails to query.
        label: The Gmail label to count (e.g., 'INBOX', 'TRASH').
        output_sheet_id: Optional Sheet ID for output.
        output_sheet_name: Tab name for sheet output.
        
    GAM pattern:
        gam [redirect csv - multiprocess todrive ...]
        user <email1>,<email2> show messages label <label> countsonly
    
bulk_process_from_sheetA
    Executes a GAM bulk command using a Google Sheet as the data source.
    
    Args:
        operator_email: The email of the admin running the command (needs access to the sheets).
        sheet_file_id: The ID of the source Google Sheet.
        sheet_name: The tab name containing the source data.
        gam_command_template: List of command template fragments using ~ColumnName syntax.
        match_field: Optional column name to filter on.
        match_pattern: Optional regex pattern to match against match_field.
        redirect_to_sheet_id: Optional Sheet ID to write results to.
        redirect_to_sheet_name: Tab name for results.
        confirmed: Must be True to execute. If False, returns a preview.
        
    GAM pattern:
        [redirect csv - multiprocess todrive tdfileid <id> tdsheet "<name>" tdupdatesheet]
        csv gsheet <operator_email> <sheet_file_id> "<sheet_name>"
        [matchfield <match_field> <match_pattern>]
        gam <gam_command_template...>
    

Prompts

Interactive templates invoked by user choice

NameDescription
drive_migration Returns a step-by-step guide for migrating a MyDrive folder to a Shared Drive using the GAMCP migration tools. Provide any known parameters up-front; leave blank if unknown and the guide will tell you what to ask the user for.

Resources

Contextual data attached and managed by the client

NameDescription
bulk_processing_guide Reference guide for constructing GAM bulk processing commands. Consult this resource when building a bulk operation to select the correct source type, processing mode, and column substitution syntax.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ktibbs9417/gamcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server