How do I see exactly what Grok asked for and what was returned?

Open the Audit Trail in my.porteden.com. Every tool call from Grok is logged with the requested action, the decision (allow, redact, block), and the response shape. You can export to SIEM.

Grok × Google Calendar 5 min setup

Secure Grok Google Calendar Connection with PortEden

This guide sets up a secure Grok and Google Calendar connection using PortEden as the data firewall. You add one Custom MCP URL in Grok, sign in, and Grok can read events, look up free/busy windows, and (optionally) create or update meetings through scoped permissions. Attendee names and email addresses are redacted before they reach xAI, and every tool call is recorded in the PortEden audit log. No prior PortEden signup needed.

Google Calendar to Grok with PortEden as the data firewall in the middle.

In short

Start in Grok. Add one Custom MCP URL: https://mcp.porteden.com/calendar
PortEden's auth window opens. Sign in or sign up in one click. No prior PortEden setup required.
If Google Calendar is already connected to your PortEden account, the authorization step is skipped automatically.
Verify with a read prompt. Tighten permissions, redaction, and contact rules later from my.porteden.com.

What you get

When the connection is live, Grok can answer scheduling questions and (with the right permissions) take action on your calendar. Every tool call routes through PortEden, which applies:

Event search and read

Query by date range, attendee, subject, or location. Read titles, descriptions, locations, and attendee lists with redaction.

Free/busy lookup

Check availability across your own calendars or other people's, when their free/busy is shared with you. Useful for finding meeting slots.

Event create, update, delete

Create meetings, reschedule, change attendees, add Google Meet links, or cancel. Confirm-before-write is on by default for destructive actions.

Audit trail

Every tool call from Grok is logged: the requested action, the decision (allow, redact, or block), and the response shape returned. SIEM-exportable.

Prerequisites

A Grok account at grok.com on a plan that supports Connectors and Custom MCP.
A Google account with Calendar access. You will authorize it during the flow if your PortEden account does not already have Google connected.

No PortEden account yet? That is fine.

You do not need to create a PortEden account in advance. When Grok opens the PortEden auth window in Step 2, you can sign up with Google one-click or with email in the same flow.

Step 1: Add the PortEden MCP Connector in Grok

Start in Grok. PortEden runs a hosted MCP server you can connect with one URL. Nothing to install, nothing to deploy.

Open grok.com/connectors .

Click New Connector, then select Custom.

Fill out the form using the values in the table below.

Click Save, then Enable the connector. Grok will open the PortEden auth window automatically. Continue to Step 2.

Connector values

Field	Value
Connector name	Google Calendar
MCP server URL	https://mcp.porteden.com/calendar
Authentication	OAuth (handled by PortEden)

Grok Custom Connector dialog with Name field set to Google Calendar and Server URL field set to https://mcp.porteden.com/calendar — Step 1 in Grok: the Custom Connector form filled in for Google Calendar through PortEden.

When Grok enables the connector, it opens a PortEden auth window. This is the single setup screen you will see.

If you do not have a PortEden account: click Continue with Google for one-click signup, or use the email option. Your account is created in the same flow.

If you already have a PortEden account: sign in. If you are already logged in to my.porteden.com in this browser, the window detects the session and skips ahead.

Approve the connection request from Grok. PortEden creates a scoped Access Token for this connector automatically.

What the token looks like

The token PortEden issues to Grok is scoped to calendar only, with redaction on for attendee emails, contact rules empty, and confirm-before-write enabled for create, update, and delete. You can see and tighten it at any time in my.porteden.com under Access Tokens.

Step 3: Connect Google Calendar (first-time only)

This step runs only if your PortEden account does not already have Google connected. If it does, PortEden reuses the existing connection and you jump to Step 4.

If Google is not connected yet

PortEden will prompt you to Connect Google. Click it.

Complete Google's OAuth consent screen. Approve the calendar scopes (read by default; create and modify are requested too so Grok can schedule when allowed).

The window closes and returns to Grok. The connector now shows Active.

If Google is already connected to PortEden

You will not see a Google authorization prompt at all. PortEden detects the existing connection, attaches it to the new Grok token, and returns you to Grok in a couple of seconds.

Workspace accounts

If your Google account is part of Google Workspace, your admin may need to enable third-party OAuth access. PortEden requests standard Calendar scopes only. Required scopes are calendar.readonly, plus calendar.events if Grok will create or modify events. See the Google OAuth Setup guide for a custom OAuth app.

Step 4: Verify the connection

Open a new Grok chat and run a low-risk read prompt. Then check the PortEden audit log to confirm the request shows up.

Try one of these

What meetings do I have today?

Show me my schedule for tomorrow and flag any back-to-back conflicts.

Find a free 30-minute slot in the next 3 working days, between 9am and 5pm.

List the events on my calendar this week that include "review" in the title.

What to confirm

Grok returns real events from your Google Calendar, not a refusal or an error.
Attendee email addresses appear redacted or tokenized if you left redaction enabled.
The PortEden audit log at my.porteden.com shows the request with a green allow decision.

No data yet? Ask Grok to introspect

If the response is empty or vague, send Grok this prompt:

List every tool you have available from the Google Calendar connector, with a one-line description each.

A working connection will show tools like list_events, search_events, get_freebusy, and create_event.

Step 5: Tighten what Grok can do (optional)

The token PortEden created in Step 2 already uses conservative defaults: calendar scope only, attendee email redaction on, and confirm-before-write for create, update, and delete. Once the connection works end-to-end, you can tighten or relax it from my.porteden.com under Access Tokens.

Permission presets for Grok

Pick the action set that matches what you want Grok to do

Preset	What Grok can do	What it cannot do
read_only	List, search, and read events; check free/busy	Create, update, delete, or invite
read_and_freebusy (default)	Read events plus query free/busy across calendars	Modify events
read_and_create	Read plus create new events with attendees	Delete or modify existing events
full_calendar	All event actions including delete and recurring updates	Touch other PortEden capabilities (email, drive)

Recommended rules for a Grok token

Attendee redaction: Leave on. PortEden tokenizes attendee email addresses by default; Grok still sees who is invited but not where to reach them.
Calendar scope: Limit Grok to the primary calendar, or specify a list. Personal calendars often hold sensitive titles.
Time window: A rolling 30 to 60 day window is enough for most assistant tasks. Avoid granting all-history access.
Contact blocklist: Add board members, legal contacts, or therapists you do not want Grok touching.
Confirm before write: Keep on for delete and update. Optional for create if you trust the workflow.

Changes apply immediately

PortEden re-evaluates the token on every tool call from Grok. There is no reconnect, no reload, no token rotation. Save the change in the dashboard and the very next Grok request uses the new rules.

Suggested prompts for everyday use

Once verified, these prompts are good starting points. Each maps to a single PortEden tool call, so behavior is predictable and the audit log stays clean.

Triage

"Summarize my day. Group meetings into focus blocks, syncs, and externals."

Find a slot

"Find three free 30-minute slots next week between 10am and 4pm, excluding Fridays."

Reschedule

"Move my 3pm Thursday meeting with the design team to 11am Friday. Confirm before sending the update."

Recurring

"List my recurring meetings, how often they meet, and the total hours per week they take."

Conflict check

"Do I have any back-to-back meetings tomorrow with no break? If yes, propose a 15-minute buffer."

Create

"Schedule a 30-minute kickoff next Tuesday at 2pm with the engineering list. Title: "Q3 planning". Confirm before sending."

Troubleshooting and error handling

PortEden returns structured errors that Grok surfaces in its replies. Match the message to the table below.

MCP_UNREACHABLE

Grok cannot reach the PortEden MCP server

Symptoms

Grok says "I could not reach the connector" or "Custom MCP server unavailable".
No request appears in the PortEden audit log.

Checks

Confirm the MCP URL in the Grok Custom Connector is exactly https://mcp.porteden.com/calendar.
Make sure the connector is Enabled in your Grok workspace, not just Saved.
Check Grok's connector status page for any global xAI incident.

Debug prompt for Grok

Run a connection test against the Google Calendar MCP connector and report any HTTP status, error code, or response body you receive.

AUTH_WINDOW_BLOCKED

PortEden auth window did not appear

Symptoms

You enabled the connector in Grok but no PortEden sign-in window opened.
The connector stays in a Pending or Needs auth state.

Checks

Allow pop-ups for grok.com in your browser, then click Enable on the connector again.
Close any duplicate Grok tabs so the auth callback finds the right window.
Open my.porteden.com in another tab and sign in there first.

Debug prompt for Grok

Tell me the current status of the Google Calendar connector and any error message Grok received during the OAuth handshake.

PERMISSION_DENIED

403 Permission denied on a specific event or action

Symptoms

Grok says "I do not have permission to do that" or returns an accessInfo string explaining the rejection.
Audit log shows a block decision with a rule name.

Checks

Open the Access Token in PortEden and confirm the action Grok tried (e.g. create_event, delete_event) is in the permission set.
Check the calendar scope. A token limited to the primary calendar will deny requests against a secondary one.
Look at the time window. Requests outside the allowed window are blocked.
Adjust the token, save, then ask Grok to retry.

Debug prompt for Grok

Show me the full accessInfo field from the last error response, then summarize which permission, contact rule, or time window blocked the call.

RECURRING_AMBIGUOUS

Grok did not specify single instance vs series

Symptoms

An update or delete on a recurring meeting fails with a recurring_target_required error.
Audit log shows the request was blocked because the target (single, future, or all) was not specified.

Checks

Ask Grok to clarify which instance or which scope the change applies to.
Re-run the request with explicit language like 'this Friday's instance only' or 'this and all future occurrences'.
If you want Grok to default to single instance, set the recurring_default option on the token in PortEden.

Debug prompt for Grok

Quote the last recurring_target_required response from the Google Calendar connector and propose three retry phrasings I can paste back.

RATE_LIMIT

429 Too Many Requests or quota exceeded

Symptoms

Bursts of tool calls start failing after the first few succeed.
Audit log shows rate_limited or quota_exceeded entries.

Checks

Check your PortEden plan limits at my.porteden.com.
Spread bursty work over time, or ask Grok to batch (e.g. list a week of events in one call instead of per-day).
Google Calendar API also throttles per project. PortEden surfaces Google 403 rateLimitExceeded errors with a graph_throttled flag.

Debug prompt for Grok

Quote the last rate_limit or quota_exceeded response from the Google Calendar connector, including the retry_after value if present.

CONNECTION_DROPPED

Google returned reauth required

Symptoms

Calls were working, then all Calendar tool calls start failing.
Audit log shows a provider_reauth_required entry.

Checks

Open Connections in PortEden. Google will show a yellow Needs reauth badge.
Click Reconnect and complete the Google OAuth flow again. This usually follows a password change or a Google security event.

Debug prompt for Grok

Quote the last provider_reauth_required error from PortEden and tell me which provider needs to be reconnected.

Debug prompts for Grok

When something is wrong but the error message is vague, paste one of these prompts into Grok. They make Grok self-report the structured response from PortEden so you can pinpoint the cause without leaving the chat.

Nothing is happening

"List every connector you can see in this conversation and mark whether each one is reachable."

Tool exists but fails

"Call the Google Calendar connector's whoami or health tool. Quote the full JSON response, including any error code."

Permission denied

"Re-run the last failing call. From the response, quote the accessInfo field verbatim and tell me which rule blocked it."

Recurring edits failing

"Tell me which recurring_target the last update used. If it was not specified, suggest a phrasing for single-instance, future, and all variants."

Strange data back

"Show me the raw JSON of the last successful Google Calendar tool response, truncated to the first 1000 characters."

Quota or limits

"Quote the last response that mentioned quota, rate_limit, or retry_after, including all numeric fields."

Pair every debug prompt with the audit log

PortEden's audit log shows the raw decision for every tool call. If Grok's answer disagrees with what PortEden recorded, trust the audit log.

Security best practices

✓

One token per AI per use case. Do not reuse a token across Grok, Claude, and ChatGPT. Per-AI tokens let you revoke just the one that misbehaves.

✓

Start with read_and_freebusy and add create or delete only after you trust the workflow.

✓

Keep attendee email redaction on. Grok still sees who is in the meeting, just not their address. Useful for assistant tasks, safer for sharing.

✓

Restrict to your primary calendar unless Grok genuinely needs the others. Personal calendars (medical, family) usually do not belong in an AI workflow.

✓

Keep Confirm-before-write on for delete. Cancelling a meeting by mistake is loud and painful.

✓

Review the audit log weekly. Filter by the Grok token to see what events were inspected and what changes were attempted.

FAQ

Do I need a PortEden account before I start?

No. Start in Grok. When you add the PortEden MCP URL as a Custom Connector and Grok opens the auth window, you can sign up at that moment with Google one-click or with email. If you already have an account, it signs you in instead.

I already have a PortEden account with Google Calendar connected. Do I need to reauthorize?

No. PortEden detects your existing Google connection during the Grok auth flow and skips the OAuth step automatically. Grok comes back to the chat ready to use.

Can Grok see multiple calendars?

Yes. By default PortEden exposes the primary calendar plus any secondary calendars the user has access to. You can scope a token to a specific calendar list from my.porteden.com if you want Grok limited to just one.

Can Grok create or move events on my behalf?

Yes, if you grant the create or update permissions in the token. Confirm-before-write is on by default for create, update, and delete, so Grok surfaces a preview before any change.

What about recurring meetings?

Grok can read recurring events including instances. To modify a recurring meeting, Grok must specify whether the change applies to a single instance, all future occurrences, or the whole series. PortEden enforces this distinction and the audit log records which mode was used.

Does Grok see free/busy for other people?

Only when the other person has shared their free/busy with you through Google. PortEden does not bypass Google's sharing rules. If the data is not in your view, it is not in Grok's.

In short

What you get

Event search and read

Free/busy lookup

Event create, update, delete

Audit trail

Prerequisites

Step 1: Add the PortEden MCP Connector in Grok

Connector values

Step 2: Sign in to PortEden

Step 3: Connect Google Calendar (first-time only)

If Google is not connected yet

If Google is already connected to PortEden

Step 4: Verify the connection

Try one of these

What to confirm

Step 5: Tighten what Grok can do (optional)

Permission presets for Grok

Recommended rules for a Grok token

Suggested prompts for everyday use

Troubleshooting and error handling

Grok cannot reach the PortEden MCP server

PortEden auth window did not appear

403 Permission denied on a specific event or action

Grok did not specify single instance vs series

429 Too Many Requests or quota exceeded

Google returned reauth required

Debug prompts for Grok

Security best practices

FAQ

Do I need a PortEden account before I start?

I already have a PortEden account with Google Calendar connected. Do I need to reauthorize?

Can Grok see multiple calendars?

Can Grok create or move events on my behalf?

What about recurring meetings?

Does Grok see free/busy for other people?

Next steps

Connect Gmail to Grok

PortEden for Grok

MCP Calendar tool reference

Risks of connecting calendar to AI