Secure Google Calendar CLI for AI Agents
Google Calendar's API exposes attendee lists, meeting notes, private events, and location data. The Secure Google Calendar CLI filters every calendar request before any data reaches your AI agents.
Connect PortEden to Google Calendar (CLI)
npx @porteden/cli connect google-calendarHow PortEden Protects You
Six layers of security between AI and your data.
Event Field Filtering
Choose exactly which event fields agents can see, such as title and time only, or descriptions without attendee lists.
Calendar-Level Access Rules
Grant agents access to specific calendars only, so your scheduling agent sees your work calendar but not your personal one.
Attendee Privacy Controls
Strip attendee information from calendar events before agents see them, so meeting times are visible but participant details are not.
Description Redaction
Strip meeting descriptions entirely or redact URLs and email addresses while preserving the meeting title.
Calendar IDs, recurrence rules, and free/busy-only mode
The thing that surprises people about calendar.events.list is that "your calendar" isn't one calendar — it's typically 8 to 15. Subscribed sports schedules, shared team calendars, the holiday calendar, plus any room/resource calendar an admin has shared with you. An agent given Google Calendar OAuth pulls every one of them. Start with discovery:
$ porteden calendars list
ID ROLE SUMMARY
adam@porteden.com owner Adam Hertz
addressbook#contacts@group.v.calendar... reader Contacts
en.usa#holiday@group.v.calendar.google.com reader US Holidays
c_classroom...@group.calendar.google.com owner Team Standup
porteden.com_3d31...@resource.calendar.google.com freeBusyReader Boardroom AThen pin the agent to exactly what it needs in ~/.porteden/google-calendar.yaml:
agents:
scheduling_bot:
calendar_allowlist:
- "adam@porteden.com"
- "c_classroom...@group.calendar.google.com"
fields_visible: ["start", "end", "summary"] # no attendees, no body
recurrence_expand: true # materialize RRULE
time_window: { past: "0d", future: "30d" }
mode: free_busy_only # see /freeBusy, not /eventsRecurrence-rule filtering: the trap
Recurring events return the master event by default, not the materialized instances. An agent asked "am I free Thursday at 2" needs the expanded instances (singleEvents=true) plus the right timeMin/timeMax bounds. The CLI sets these correctly by default and rejects requests where timeMax - timeMin > 90d to stop runaway queries.
Free/busy-only mode vs full events
mode: free_busy_only downgrades every event read to a /freeBusy query. The agent sees blocked time ranges without titles, attendees, or any meeting metadata — useful for scheduling agents that only need to find open slots. The ACL difference: full events require https://www.googleapis.com/auth/calendar.events.readonly, free/busy only requires https://www.googleapis.com/auth/calendar.freebusy. The CLI requests only what your config needs.
Get Started in 3 Steps
Install and Authenticate
Install the PortEden CLI with npm and authenticate with your Google account via OAuth.
Set Calendar Rules
Configure which calendars agents can access, what event fields they see, and what time range they can query.
Connect and Monitor
Route your AI agents through PortEden so every Google Calendar API call is filtered through your rules with full audit logging.
Without vs. With PortEden
Without PortEden
- Calendar API returns full event details including attendees and descriptions
- No way to restrict access to specific calendars per agent
- Shared calendars expose cross-team meeting data to any agent with access
- No audit trail of which calendar events AI agents accessed
With PortEden
- Field-level filtering controls exactly what data agents receive
- Per-calendar access rules limit agents to relevant calendars only
- Cross-team calendar data stays invisible to unauthorized agents
- Full audit log of every calendar event accessed by every agent