Connect PortEden to Google Gemini

Prerequisites

• A PortEden account at my.porteden.com with at least one service connected
• A PortEden API key with the permissions your agent needs (see token permissions)
• One of the Gemini surfaces below (you don't need all three):
  • Gemini API key from Google AI Studio (for the function-calling path)
  • A Google Cloud project with Vertex AI enabled (for Vertex)
  • Workspace admin access (for the side-panel + Apps Script path)

Path 1 — Function calling (Gemini API or Vertex AI)

Gemini supports OpenAI-style function calling. You declare a small set of PortEden tools to Gemini; when Gemini decides to call one, your code runs the corresponding porteden CLI command and feeds the JSON result back into the conversation. PortEden enforces redaction and access rules on every call.

1. Install the PortEden CLI

brew install porteden/tap/porteden 

2. Authenticate

porteden auth login 

3. Declare a tool to Gemini

from google import genai 
from google.genai import types 
import subprocess, json 
 
client = genai.Client(api_key="YOUR_GEMINI_KEY") 
 
list_today_emails = types.FunctionDeclaration( 
    name="list_today_emails", 
    description="List today's unread emails (PortEden enforces redaction).", 
    parameters={ 
        "type": "OBJECT", 
        "properties": {"limit": {"type": "INTEGER"}}, 
    }, 
) 
 
def run_tool(name, args): 
    if name == "list_today_emails": 
        out = subprocess.run( 
            ["porteden", "email", "messages", "--today", "--unread", "-jc"], 
            capture_output=True, text=True, check=True, 
        ) 
        return json.loads(out.stdout) 
    raise ValueError(f"unknown tool {name}") 
 
response = client.models.generate_content( 
    model="gemini-2.0-pro", 
    contents="What unread emails do I have today?", 
    config=types.GenerateContentConfig( 
        tools=[types.Tool(function_declarations=[list_today_emails])], 
    ), 
) 

The CLI returns redacted JSON. Gemini never sees raw email bodies, attendee email addresses, or any field your access rules block.

Path 2 — Workspace Gemini side panel (Apps Script)

The Gemini side panel inside Gmail, Docs, Sheets, and Drive can invoke Apps Script functions through the UrlFetchApp API. Wire those functions to PortEden's REST API so Gemini drives the firewall, not the raw Workspace data.

// In your Apps Script project bound to a Workspace add-on 
const PE_API_KEY = PropertiesService.getScriptProperties() 
  .getProperty('PE_API_KEY'); 
 
function listTodayEmails() { 
  const res = UrlFetchApp.fetch( 
    'https://api.porteden.com/v1/email/messages?today=1&unread=1', 
    { headers: { Authorization: 'Bearer ' + PE_API_KEY } } 
  ); 
  return JSON.parse(res.getContentText()); 
} 

Store PE_API_KEY in Script Properties (never in the source). Restrict the key's permissions at my.porteden.com before deploying the add-on.

Path 3 — Vertex AI agents

Vertex AI Agents (and Agent Builder) accept tool definitions that point at HTTP endpoints. Point them at https://api.porteden.com with a Bearer token from my.porteden.com. Each tool the agent calls passes through PortEden's redaction and RBAC layer before any data is returned.

See the REST API reference for the endpoints — Email, Calendar, Drive, Docs, Sheets, and Tasks all map 1:1 to the tools you would expose in the agent.

Recommended Permissions

• Use a dedicated API key per Gemini agent — never share keys across surfaces
• Set masterAccessLevel to view_only for read-only assistants
• Limit time windows with timeframePastDays and timeframeFutureDays
• Block specific contacts or domains with access rules

Troubleshooting

Next Steps