@acedatacloud/skills 2026.504.0 → 2026.504.2

package/README.md

@@ -12,7 +12,7 @@
 
 Compatible with **30+ AI coding agents** via the [agentskills.io](https://agentskills.io/) open standard: Claude Code, GitHub Copilot, Gemini CLI, OpenAI Codex, Cursor, Roo Code, Goose, and more.
 
-## Available Skills (19)
+## Available Skills (30)
 
 ### AI Music & Audio
 
@@ -52,6 +52,24 @@ Compatible with **30+ AI coding agents** via the [agentskills.io](https://agents
 | [short-url](skills/short-url/) | Create and manage short URLs |
 | [acedatacloud-api](skills/acedatacloud-api/) | API usage guide — authentication, SDKs, error handling |
 
+### Connectors
+
+These skills drive third-party connectors users wire up at [auth.acedata.cloud/user/connections](https://auth.acedata.cloud/user/connections). Each declares the OAuth / BYOC connection it needs in `connections:` frontmatter; the [aichat2](https://chat.acedata.cloud) runtime injects the matching access token into the sandbox before the skill's `Bash` calls run.
+
+| Skill | Description | Connection |
+|-------|-------------|------------|
+| [github](skills/github/) | GitHub issues, pull requests, repos, code search, and Actions via `gh` CLI | `github` |
+| [gitlab](skills/gitlab/) | GitLab issues, MRs, projects, pipelines via the `glab` CLI | `gitlab` |
+| [google-drive](skills/google-drive/) | List, search, and read Google Drive files via the Drive v3 REST API | `google/drive` |
+| [google-gmail](skills/google-gmail/) | Read, search, and triage Gmail messages via the Gmail v1 REST API | `google/gmail` |
+| [google-calendar](skills/google-calendar/) | Read calendar events, agenda, and free-busy windows via Calendar v3 | `google/calendar` |
+| [google-tasks](skills/google-tasks/) | List and inspect Google Tasks via the Tasks v1 REST API | `google/tasks` |
+| [microsoft-onedrive](skills/microsoft-onedrive/) | List and read OneDrive files via the Microsoft Graph API | `microsoft/onedrive` |
+| [microsoft-outlook](skills/microsoft-outlook/) | Read Outlook mail, calendar events, and contacts via Microsoft Graph | `microsoft/outlook` |
+| [notion](skills/notion/) | Read and search Notion pages, databases, and blocks | `notion` |
+| [slack](skills/slack/) | Read Slack channels, messages, and user info via Web API | `slack` |
+| [wechat-official-account](skills/wechat-official-account/) | Manage WeChat MP — drafts, publishing, materials, user tags | `wechat` (BYOC) |
+
 ## Prerequisites
 
 Get your API token at [platform.acedata.cloud](https://platform.acedata.cloud):

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@acedatacloud/skills",
-  "version": "2026.504.0",
+  "version": "2026.504.2",
   "description": "Agent Skills for AceDataCloud AI services — music, image, video generation, LLM chat, web search. Compatible with Claude Code, GitHub Copilot, Gemini CLI, OpenAI Codex, and 30+ AI coding agents.",
   "keywords": [
     "agent-skills",

package/skills/github/SKILL.md

@@ -0,0 +1,173 @@
+---
+name: github
+description: GitHub issues, pull requests, repos, code search, and Actions via the gh CLI. Use when the user mentions GitHub, an issue/PR number, a repo, a commit, or code review.
+when_to_use: |
+  Trigger when the user wants to read or write something on GitHub —
+  list / view / create / comment on issues or PRs, search code, view
+  a repo, view CI runs, etc.
+connections: [github]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+
+Use the `gh` CLI for everything. The user's OAuth access token is exported
+as `$GH_TOKEN`; `gh` reads it automatically — `gh auth status` will say
+"not logged in" because gh keeps no config file in the sandbox, but every
+authenticated subcommand works regardless.
+
+`gh --help` and `gh <subcommand> --help` are always current. When unsure,
+read the help first instead of guessing flags.
+
+## Two ways to call gh — prefer subcommands
+
+### Style A: First-class subcommands — START HERE
+
+`gh issue`, `gh pr`, `gh repo`, `gh search`, `gh release`, `gh workflow`,
+`gh run`, `gh status`, `gh project`, `gh label`, `gh secret`,
+`gh variable`, `gh gist`. Use these whenever they cover the task; they
+output formatted text by default and structured JSON via
+`--json <fields> [--jq <expr>]`.
+
+### Style B: Raw REST / GraphQL via `gh api`
+
+`gh api <endpoint>` for REST, `gh api graphql -f query='…'` for GraphQL.
+Useful when no first-class subcommand exists. Notable flags:
+
+- `-X POST|PATCH|PUT|DELETE` — override method (default `GET`, becomes
+  `POST` automatically when `-f`/`-F` is set).
+- `-f key=value` — string field; `-F key=value` — JSON-typed field
+  (`true`/`123`/`@file.json`); both URL-encode for `GET` and JSON-encode
+  for body methods.
+- `-q '<jq>'` — same as `--jq`. With a primitive top-level value (string
+  / number) it prints the raw value (no quotes).
+- `-H 'Accept: application/vnd.github.raw'` — fetch a file's raw bytes
+  instead of the JSON wrapper.
+- `--paginate` — auto-walk `Link: rel="next"`.
+
+## Recipes
+
+### Triage what's on my plate (issues + PRs + reviews + mentions)
+
+```sh
+gh status
+```
+
+### List recent issues in a repo
+
+```sh
+gh issue list --repo OWNER/REPO --limit 20
+gh issue list --repo OWNER/REPO --state all --limit 20 \
+  --json number,title,state,author,updatedAt,labels --jq '.[]'
+```
+
+### View an issue with comments
+
+```sh
+gh issue view 123 --repo OWNER/REPO --comments
+gh issue view 123 --repo OWNER/REPO --json title,body,comments \
+  --jq '{title, body, comments: [.comments[] | {author: .author.login, body, createdAt}]}'
+```
+
+### Create / comment / close an issue
+
+```sh
+gh issue create --repo OWNER/REPO --title "Bug: foo" --body "Repro steps…" --label bug
+gh issue comment 123 --repo OWNER/REPO --body "LGTM"
+gh issue close 123 --repo OWNER/REPO --comment "Fixed in #456"
+```
+
+### List PRs assigned to / authored by me
+
+```sh
+gh search prs --assignee=@me --state=open --json number,title,repository,updatedAt
+gh search prs --author=@me --state=open
+```
+
+### View a PR with diff and CI checks
+
+```sh
+gh pr view 456 --repo OWNER/REPO
+gh pr diff 456 --repo OWNER/REPO
+gh pr checks 456 --repo OWNER/REPO
+```
+
+### Comment / review / merge a PR
+
+```sh
+gh pr comment 456 --repo OWNER/REPO --body "Please rebase on main."
+gh pr review 456 --repo OWNER/REPO --approve --body "LGTM"
+gh pr review 456 --repo OWNER/REPO --request-changes --body "See nits"
+gh pr merge 456 --repo OWNER/REPO --squash --delete-branch
+```
+
+### Search code across GitHub
+
+```sh
+gh search code 'someFunction language:typescript' --limit 20 \
+  --json repository,path,url --jq '.[] | "\(.repository.nameWithOwner) \(.path)"'
+```
+
+### Read a file from a repo (raw bytes, no base64 dance)
+
+```sh
+gh api "repos/OWNER/REPO/contents/path/to/file.ts" \
+  -H 'Accept: application/vnd.github.raw'
+```
+
+### List recent commits on the default branch
+
+```sh
+gh api "repos/OWNER/REPO/commits?per_page=20" \
+  --jq '.[] | "\(.sha[0:7]) \(.commit.author.date) \(.commit.message | split("\n")[0])"'
+```
+
+### Trigger / inspect Actions workflows
+
+```sh
+gh workflow list --repo OWNER/REPO
+gh workflow run ci.yaml --repo OWNER/REPO --ref main -f key=value
+gh run list --repo OWNER/REPO --workflow ci.yaml --limit 5
+gh run view <RUN_ID> --repo OWNER/REPO --log-failed
+```
+
+### View a repo's metadata
+
+```sh
+gh repo view OWNER/REPO
+gh repo view OWNER/REPO --json description,url,stargazerCount,defaultBranchRef
+```
+
+### GraphQL for things REST can't do (e.g. project board items)
+
+```sh
+gh api graphql -f query='
+  query($owner: String!, $repo: String!, $num: Int!) {
+    repository(owner: $owner, name: $repo) {
+      issue(number: $num) {
+        title
+        timelineItems(first: 50) {
+          nodes { __typename ... on CrossReferencedEvent { source { ... on PullRequest { number title state } } } }
+        }
+      }
+    }
+  }' -f owner=OWNER -f repo=REPO -F num=123
+```
+
+## Notes
+
+- For private repos the user MUST have granted `repo` scope when they
+  authorized the connection at `auth.acedata.cloud/user/connections`.
+  A 404 on a repo you know exists usually means missing scope, not a
+  wrong URL.
+- When `--json` rejects a field name, gh prints the full list of valid
+  fields — re-read the error and pick from there.
+- `gh issue list --search` and `gh search issues` use the GitHub search
+  syntax (`is:open`, `assignee:@me`, `repo:owner/name`, etc.). Use
+  `gh search issues` / `gh search prs` for cross-repo queries; use
+  `gh issue list` for one repo.
+- `gh api --paginate` only works on endpoints that emit a `Link` header;
+  for cursor-paginated endpoints you have to follow `pagination.next`
+  yourself.

package/skills/gitlab/SKILL.md

@@ -0,0 +1,147 @@
+---
+name: gitlab
+description: GitLab issues, merge requests, repositories, CI pipelines, and code search via the glab CLI. Use when the user mentions GitLab, an MR/issue number, a project on gitlab.com, or a self-hosted GitLab instance.
+when_to_use: |
+  Trigger when the user wants to read or write something on GitLab —
+  list / view / create / comment on issues or MRs, browse a project,
+  view CI pipelines, etc.
+connections: [gitlab]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+
+Use the `glab` CLI for everything. The user's OAuth access token is
+exported as `$GITLAB_TOKEN`; `glab` reads it automatically (the token
+is also accepted via `GITLAB_ACCESS_TOKEN` and `OAUTH_TOKEN` for tooling
+compatibility). Default host is `gitlab.com` — for self-hosted set
+`GITLAB_HOST` or pass `--hostname <host>` per command.
+
+`glab --help` and `glab <subcommand> --help` are always current.
+
+## Two ways to call glab — prefer subcommands
+
+### Style A: First-class subcommands — START HERE
+
+`glab issue`, `glab mr`, `glab repo`, `glab ci`, `glab job`, `glab pipeline`,
+`glab release`, `glab snippet`, `glab variable`, `glab label`,
+`glab milestone`, `glab schedule`. These print formatted text by default
+and JSON via `--output json`.
+
+### Style B: Raw REST / GraphQL via `glab api`
+
+`glab api <path>` for REST, `glab api graphql -f query='…'` for GraphQL.
+Notable flags:
+
+- `-X POST|PATCH|PUT|DELETE` — override method (default `GET`, becomes
+  `POST` when `--field` / `--raw-field` is set).
+- `-f key=value` — magic-typed (literals `true` / `false` / `null` /
+  integers become JSON types, leading `@filename` reads from a file).
+- `-F key=value` — same as `-f` but always treats the value as a string.
+- `--paginate` — auto-walk `Link: rel="next"`.
+- `--hostname <host>` — target a different GitLab host than default.
+- Path placeholders: when run inside a git checkout, `:fullpath` /
+  `:branch` / `:user` are auto-populated from the repo. From a generic
+  shell, encode the path manually (see recipes).
+
+## Recipes
+
+### List open issues on a project
+
+```sh
+glab issue list --repo OWNER/PROJECT --opened --output json
+glab issue list --repo OWNER/PROJECT --assignee=@me --output json
+```
+
+### View an issue with comments
+
+```sh
+glab issue view 42 --repo OWNER/PROJECT --comments
+glab issue view 42 --repo OWNER/PROJECT --output json
+```
+
+### Create / comment / close an issue
+
+```sh
+glab issue create --repo OWNER/PROJECT --title "Bug: foo" --description "Repro steps…" --label bug
+glab issue note 42 --repo OWNER/PROJECT --message "Acknowledged."
+glab issue close 42 --repo OWNER/PROJECT
+```
+
+### List MRs assigned to / authored by me
+
+```sh
+glab mr list --repo OWNER/PROJECT --assignee=@me --opened --output json
+glab mr list --repo OWNER/PROJECT --author=@me --opened
+```
+
+### View an MR with diff and CI pipeline
+
+```sh
+glab mr view 99 --repo OWNER/PROJECT
+glab mr diff 99 --repo OWNER/PROJECT
+glab ci view --repo OWNER/PROJECT --branch <BRANCH>
+```
+
+### Approve / merge / leave a note on an MR
+
+```sh
+glab mr approve 99 --repo OWNER/PROJECT
+glab mr note 99 --repo OWNER/PROJECT --message "Looks good — ready when CI is green."
+glab mr merge 99 --repo OWNER/PROJECT --squash --remove-source-branch
+```
+
+### Read a file from the default branch (raw bytes)
+
+```sh
+# URL-encode the project path AND the file path because both contain '/'.
+PROJECT=$(printf '%s' 'OWNER/PROJECT' | jq -sRr @uri)
+FILE=$(printf '%s' 'src/main.go' | jq -sRr @uri)
+glab api "projects/${PROJECT}/repository/files/${FILE}/raw?ref=main"
+```
+
+### List the latest pipelines on a branch
+
+```sh
+glab ci list --repo OWNER/PROJECT --status running,success,failed
+glab ci view --repo OWNER/PROJECT --branch main
+glab ci trace --repo OWNER/PROJECT <JOB_ID>     # stream a job log
+```
+
+### Search across a group's issues
+
+```sh
+glab api "groups/GROUP_PATH_OR_ID/issues?state=opened&search=keyword" \
+  --paginate \
+  | jq '.[] | {iid, title, project: .references.full, web_url}'
+```
+
+### GraphQL example: project metadata + open MR count
+
+```sh
+glab api graphql -f query='
+  query($path: ID!) {
+    project(fullPath: $path) {
+      name webUrl
+      mergeRequests(state: opened) { count }
+    }
+  }' -f path=OWNER/PROJECT
+```
+
+## Notes
+
+- `--repo OWNER/PROJECT` accepts `OWNER/PROJECT`, `GROUP/SUBGROUP/PROJECT`,
+  full HTTPS URL, or git URL. The project path goes verbatim (no URL
+  encoding) for `--repo`, but does need `jq @uri` encoding when used
+  inside a `glab api` path.
+- For self-hosted GitLab the user must have authorized the connection
+  with the right `host`. A 404 on a project you know exists usually
+  means the connection is pointing at gitlab.com when the project lives
+  elsewhere — surface that hint to the user.
+- Many `glab` commands have an `--output` flag that takes `text` (default)
+  or `json`. `glab issue list` and `glab mr list` additionally have
+  `--output-format` (`details` / `ids` / `urls`) which is a separate,
+  list-only formatter. Pass the long flag `--output json` to avoid the
+  short-flag confusion (`-O` vs `-F`).

package/skills/google-calendar/SKILL.md

@@ -0,0 +1,195 @@
+---
+name: google-calendar
+description: Read Google Calendar events / agenda / free-busy / invitations via the Calendar v3 REST API. Use when the user mentions Google Calendar events, today's agenda, this week's meetings, finding conflicts, listing invitations, or checking free time on a specific calendar.
+when_to_use: |
+  Trigger when the user wants to read events from their Google
+  Calendar — list / search / inspect events, build today's or this
+  week's agenda, check free / busy windows, or pull invite details
+  for a specific meeting. The installed connector grants read-only
+  scope (`calendar.readonly`); creating / updating / cancelling
+  events is out of scope.
+connections: [google/calendar]
+allowed_tools: [Bash]
+license: Apache-2.0
+metadata:
+  author: acedatacloud
+  version: "1.0"
+---
+
+Drive Google Calendar via `curl + jq`. The user's OAuth bearer token
+is in `$GOOGLE_CALENDAR_TOKEN`; every call needs it as
+`Authorization: Bearer $GOOGLE_CALENDAR_TOKEN`. The token already
+carries the `calendar.readonly` scope the user agreed to at install
+plus the identity scopes (`openid email profile`).
+
+The Calendar API returns standard JSON; failures surface as
+`{"error": {"code": 401|403|..., "message": "..."}}` — show that
+error verbatim. `401` means the token expired (re-install). `403
+insufficientPermissions` means the user is asking for a write this
+connector cannot satisfy — say so.
+
+**Always start with `users/me/calendarList`** to learn which calendars
+the account can see (the user's primary plus any subscribed / shared
+ones), AND with `users/me/settings/timezone` so you render times in
+the user's local zone instead of UTC.
+
+## Recipes
+
+### Verify auth + discover calendars (always run first)
+
+```sh
+# Account confirmation + calendars the user can read
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  "https://www.googleapis.com/calendar/v3/users/me/calendarList" \
+  | jq '.items[] | {id, summary, primary, accessRole, timeZone}'
+
+# User's preferred display zone (use this when formatting times)
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  "https://www.googleapis.com/calendar/v3/users/me/settings/timezone" \
+  | jq -r .value
+```
+
+The `id` of each calendar (`primary`, or an email-shaped id like
+`team-monday@group.calendar.google.com`) is what subsequent
+`calendars/{id}/events` calls take.
+
+### Today's agenda on the primary calendar
+
+```sh
+TZ=$(curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  "https://www.googleapis.com/calendar/v3/users/me/settings/timezone" | jq -r .value)
+TODAY=$(TZ=$TZ date +%Y-%m-%d)
+START="${TODAY}T00:00:00Z"
+END="${TODAY}T23:59:59Z"
+
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  --get "https://www.googleapis.com/calendar/v3/calendars/primary/events" \
+  --data-urlencode "timeMin=$START" \
+  --data-urlencode "timeMax=$END" \
+  --data-urlencode 'singleEvents=true' \
+  --data-urlencode 'orderBy=startTime' \
+  --data-urlencode "timeZone=$TZ" \
+  | jq '.items[] | {summary, start: (.start.dateTime // .start.date), end: (.end.dateTime // .end.date), location, attendees: [.attendees[]?.email], hangout: .hangoutLink, status, htmlLink}'
+```
+
+`singleEvents=true` flattens recurring meetings into individual
+instances — almost always what you want for an agenda. Without it,
+you'd get the recurrence rule once and have to expand it client-side.
+
+### This week's meetings (Mon–Sun)
+
+```sh
+TZ=$(curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  "https://www.googleapis.com/calendar/v3/users/me/settings/timezone" | jq -r .value)
+# Bash date math: Monday-of-this-week
+MON=$(TZ=$TZ date -d "$(TZ=$TZ date +%Y-%m-%d) -$(($(TZ=$TZ date +%u) - 1)) days" +%Y-%m-%d 2>/dev/null \
+  || TZ=$TZ date -v-mondayw +%Y-%m-%d)  # macOS fallback
+SUN=$(TZ=$TZ date -d "$MON +6 days" +%Y-%m-%d 2>/dev/null \
+  || TZ=$TZ date -v+6d -j -f %Y-%m-%d "$MON" +%Y-%m-%d)
+
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  --get "https://www.googleapis.com/calendar/v3/calendars/primary/events" \
+  --data-urlencode "timeMin=${MON}T00:00:00Z" \
+  --data-urlencode "timeMax=${SUN}T23:59:59Z" \
+  --data-urlencode 'singleEvents=true' \
+  --data-urlencode 'orderBy=startTime' \
+  | jq -r '.items[] | "\(.start.dateTime // .start.date)\t\(.summary)\t\((.attendees // []) | length) attendees"'
+```
+
+### Search events by query
+
+```sh
+Q='quarterly review'
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  --get "https://www.googleapis.com/calendar/v3/calendars/primary/events" \
+  --data-urlencode "q=$Q" \
+  --data-urlencode 'singleEvents=true' \
+  --data-urlencode 'maxResults=20' \
+  | jq '.items[] | {start: .start.dateTime, summary, htmlLink}'
+```
+
+`q` matches against summary, description, location, attendee emails,
+and creator/organizer.
+
+### Get one event's full details (incl. attendees, location, link)
+
+```sh
+EVENT_ID='abc123def4567890ghijklmnop'
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  "https://www.googleapis.com/calendar/v3/calendars/primary/events/$EVENT_ID" \
+  | jq '{summary, start, end, location, description, attendees, organizer, hangoutLink, conferenceData}'
+```
+
+### Free / busy across multiple calendars (next 7 days)
+
+```sh
+TZ=$(curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  "https://www.googleapis.com/calendar/v3/users/me/settings/timezone" | jq -r .value)
+NOW=$(TZ=$TZ date -u +%Y-%m-%dT%H:%M:%SZ)
+NEXT_WEEK=$(TZ=$TZ date -u -d "+7 days" +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \
+  || TZ=$TZ date -u -v+7d +%Y-%m-%dT%H:%M:%SZ)
+
+cat > /tmp/freebusy.json <<JSON
+{
+  "timeMin": "$NOW",
+  "timeMax": "$NEXT_WEEK",
+  "timeZone": "$TZ",
+  "items": [
+    {"id": "primary"},
+    {"id": "team-monday@group.calendar.google.com"}
+  ]
+}
+JSON
+
+curl -sS -X POST -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  -H 'Content-Type: application/json' \
+  --data @/tmp/freebusy.json \
+  "https://www.googleapis.com/calendar/v3/freeBusy" \
+  | jq '.calendars'
+```
+
+Each calendar's response is `{"busy": [{"start": "...", "end": "..."}]}`
+— gaps between are free.
+
+### List events on a non-primary calendar
+
+```sh
+CAL_ID='team-monday@group.calendar.google.com'
+# URL-encode the @ in the path
+CAL_ENCODED=$(printf %s "$CAL_ID" | jq -sRr @uri)
+curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+  --get "https://www.googleapis.com/calendar/v3/calendars/$CAL_ENCODED/events" \
+  --data-urlencode 'singleEvents=true' \
+  --data-urlencode 'orderBy=startTime' \
+  --data-urlencode 'maxResults=20' \
+  | jq '.items[] | {start: .start.dateTime, summary}'
+```
+
+### Pagination
+
+```sh
+PAGE_TOKEN=''
+while : ; do
+  RESP=$(curl -sS -H "Authorization: Bearer $GOOGLE_CALENDAR_TOKEN" \
+    --get "https://www.googleapis.com/calendar/v3/calendars/primary/events" \
+    --data-urlencode 'singleEvents=true' \
+    --data-urlencode 'orderBy=startTime' \
+    --data-urlencode 'maxResults=250' \
+    ${PAGE_TOKEN:+--data-urlencode "pageToken=$PAGE_TOKEN"})
+  echo "$RESP" | jq -c '.items[]?'
+  PAGE_TOKEN=$(echo "$RESP" | jq -r '.nextPageToken // empty')
+  [ -z "$PAGE_TOKEN" ] && break
+done
+```
+
+## Common error codes
+
+| HTTP | meaning | what to tell the user |
+|---|---|---|
+| `401 UNAUTHENTICATED` | token expired / revoked | "Reconnect the Google Calendar connector on the Connections page." |
+| `403 insufficientPermissions` | scope missing | "This connector is read-only — creating or modifying events isn't possible." |
+| `403 forbidden` | calendar id not visible to this account | check `calendarList` first; if it's a shared calendar, the owner needs to share it. |
+| `404 notFound` | wrong event / calendar id | double-check the id and try `calendarList` to confirm the calendar exists. |
+| `429 quotaExceeded` | quota / throttling | back off ~5s, then retry once. |
+
+Never log or echo `$GOOGLE_CALENDAR_TOKEN` — treat it as a secret.