npm - @squadbase/vite-server - Versions diffs - 0.1.7-dev.7 → 0.1.8-dev.468a970 - Mend

@squadbase/vite-server 0.1.7-dev.7 → 0.1.8-dev.468a970

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/cli/cpufeatures-ORCDQN2Y.node +0 -0
package/dist/cli/index.js +676 -623
package/dist/cli/sshcrypto-P3UBA7BP.node +0 -0
package/dist/connectors/gmail.js +214 -348
package/dist/connectors/google-calendar.js +398 -449
package/dist/connectors/salesforce.js +1 -1
package/dist/cpufeatures-ORCDQN2Y.node +0 -0
package/dist/index.js +676 -623
package/dist/main.js +676 -623
package/dist/sshcrypto-P3UBA7BP.node +0 -0
package/dist/vite-plugin.js +676 -623
package/package.json +4 -3
package/dist/cli/cpufeatures-244TQC2T.node +0 -0
package/dist/cli/sshcrypto-JMJD77BG.node +0 -0
package/dist/cpufeatures-244TQC2T.node +0 -0
package/dist/sshcrypto-JMJD77BG.node +0 -0

package/dist/connectors/google-calendar.js CHANGED Viewed

@@ -42,82 +42,28 @@ var ParameterDefinition = class {
   }
 };
-// ../connectors/src/connectors/google-calendar/sdk/index.ts
-import * as crypto from "crypto";
 // ../connectors/src/connectors/google-calendar/parameters.ts
 var parameters = {
   serviceAccountKeyJsonBase64: new ParameterDefinition({
     slug: "service-account-key-json-base64",
     name: "Google Cloud Service Account JSON",
-    description: "The service account JSON key used to authenticate with Google Cloud Platform. Ensure that the service account has the necessary permissions to access Google Calendar, and that calendars are shared with the service account email.",
+    description: "The service account JSON key. Used for both Domain-wide Delegation (impersonating a Workspace user) and direct service-account access (calendars explicitly shared with the SA email). The authentication path is selected per call by the tool used.",
     envVarBaseKey: "GOOGLE_CALENDAR_SERVICE_ACCOUNT_JSON_BASE64",
     type: "base64EncodedJson",
     secret: true,
     required: true
   })
 };
-var impersonateEmailParameter = new ParameterDefinition({
-  slug: "impersonate-email",
-  name: "User Email Address(es)",
-  description: "The email address(es) of the Google Workspace user(s) whose calendar is accessed via Domain-wide Delegation. Collected during the setup flow.",
-  envVarBaseKey: "GOOGLE_CALENDAR_IMPERSONATE_EMAIL",
-  type: "text",
-  secret: false,
-  required: false
-});
-var calendarIdParameter = new ParameterDefinition({
-  slug: "calendar-id",
-  name: "Default Calendar ID",
-  description: "The default Google Calendar ID to use (e.g., 'primary' or an email address like 'user@example.com'). If not set, 'primary' is used.",
-  envVarBaseKey: "GOOGLE_CALENDAR_CALENDAR_ID",
-  type: "text",
-  secret: false,
-  required: false
-});
 // ../connectors/src/connectors/google-calendar/sdk/index.ts
-var TOKEN_URL = "https://oauth2.googleapis.com/token";
 var BASE_URL = "https://www.googleapis.com/calendar/v3";
-var SCOPE = "https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/calendar.events.readonly";
-function base64url(input) {
-  const buf = typeof input === "string" ? Buffer.from(input) : input;
-  return buf.toString("base64url");
-}
-function buildJwt(clientEmail, privateKey, nowSec, subject) {
-  const header = base64url(JSON.stringify({ alg: "RS256", typ: "JWT" }));
-  const claims = {
-    iss: clientEmail,
-    scope: SCOPE,
-    aud: TOKEN_URL,
-    iat: nowSec,
-    exp: nowSec + 3600
-  };
-  if (subject) {
-    claims.sub = subject;
-  }
-  const payload = base64url(JSON.stringify(claims));
-  const signingInput = `${header}.${payload}`;
-  const sign = crypto.createSign("RSA-SHA256");
-  sign.update(signingInput);
-  sign.end();
-  const signature = base64url(sign.sign(privateKey));
-  return `${signingInput}.${signature}`;
-}
 function createClient(params) {
   const serviceAccountKeyJsonBase64 = params[parameters.serviceAccountKeyJsonBase64.slug];
-  const impersonateEmail = params[impersonateEmailParameter.slug];
-  const defaultCalendarId = params[calendarIdParameter.slug] ?? "primary";
   if (!serviceAccountKeyJsonBase64) {
     throw new Error(
       `google-calendar: missing required parameter: ${parameters.serviceAccountKeyJsonBase64.slug}`
     );
   }
-  if (!impersonateEmail) {
-    throw new Error(
-      `google-calendar: missing required parameter: ${impersonateEmailParameter.slug}`
-    );
-  }
   let serviceAccountKey;
   try {
     const decoded = Buffer.from(
@@ -135,101 +81,48 @@ function createClient(params) {
       "google-calendar: service account key JSON must contain client_email and private_key"
     );
   }
-  const subject = impersonateEmail;
-  let cachedToken = null;
-  let tokenExpiresAt = 0;
-  async function getAccessToken2() {
-    const nowSec = Math.floor(Date.now() / 1e3);
-    if (cachedToken && nowSec < tokenExpiresAt - 60) {
-      return cachedToken;
-    }
-    const jwt = buildJwt(
-      serviceAccountKey.client_email,
-      serviceAccountKey.private_key,
-      nowSec,
-      subject
-    );
-    const response = await fetch(TOKEN_URL, {
-      method: "POST",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: new URLSearchParams({
-        grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
-        assertion: jwt
-      })
-    });
-    if (!response.ok) {
-      const text = await response.text();
-      throw new Error(
-        `google-calendar: token exchange failed (${response.status}): ${text}`
-      );
-    }
-    const data = await response.json();
-    cachedToken = data.access_token;
-    tokenExpiresAt = nowSec + data.expires_in;
-    return cachedToken;
-  }
-  function resolveCalendarId(override) {
-    return override ?? defaultCalendarId;
+  function buildUrl(path2) {
+    return `${BASE_URL}${path2.startsWith("/") ? "" : "/"}${path2}`;
   }
   return {
-    async request(path2, init) {
-      const accessToken = await getAccessToken2();
-      const resolvedPath = path2.replace(
-        /\{calendarId\}/g,
-        defaultCalendarId
-      );
-      const url = `${BASE_URL}${resolvedPath.startsWith("/") ? "" : "/"}${resolvedPath}`;
-      const headers = new Headers(init?.headers);
-      headers.set("Authorization", `Bearer ${accessToken}`);
-      return fetch(url, { ...init, headers });
-    },
-    async listCalendars() {
-      const response = await this.request("/users/me/calendarList", {
-        method: "GET"
+    async requestWithDelegation(path2, { subject, scopes, init }) {
+      const { GoogleAuth } = await import("google-auth-library");
+      const auth = new GoogleAuth({
+        credentials: {
+          client_email: serviceAccountKey.client_email,
+          private_key: serviceAccountKey.private_key
+        },
+        scopes,
+        clientOptions: { subject }
       });
-      if (!response.ok) {
-        const text = await response.text();
-        throw new Error(
-          `google-calendar: listCalendars failed (${response.status}): ${text}`
-        );
-      }
-      const data = await response.json();
-      return data.items ?? [];
-    },
-    async listEvents(options, calendarId) {
-      const cid = resolveCalendarId(calendarId);
-      const searchParams = new URLSearchParams();
-      if (options?.timeMin) searchParams.set("timeMin", options.timeMin);
-      if (options?.timeMax) searchParams.set("timeMax", options.timeMax);
-      if (options?.maxResults)
-        searchParams.set("maxResults", String(options.maxResults));
-      if (options?.q) searchParams.set("q", options.q);
-      if (options?.singleEvents != null)
-        searchParams.set("singleEvents", String(options.singleEvents));
-      if (options?.orderBy) searchParams.set("orderBy", options.orderBy);
-      if (options?.pageToken) searchParams.set("pageToken", options.pageToken);
-      const qs = searchParams.toString();
-      const path2 = `/calendars/${encodeURIComponent(cid)}/events${qs ? `?${qs}` : ""}`;
-      const response = await this.request(path2, { method: "GET" });
-      if (!response.ok) {
-        const text = await response.text();
+      const token = await auth.getAccessToken();
+      if (!token) {
         throw new Error(
-          `google-calendar: listEvents failed (${response.status}): ${text}`
+          `google-calendar: failed to obtain access token (subject=${subject})`
         );
       }
-      return await response.json();
+      const headers = new Headers(init?.headers);
+      headers.set("Authorization", `Bearer ${token}`);
+      return fetch(buildUrl(path2), { ...init, headers });
     },
-    async getEvent(eventId, calendarId) {
-      const cid = resolveCalendarId(calendarId);
-      const path2 = `/calendars/${encodeURIComponent(cid)}/events/${encodeURIComponent(eventId)}`;
-      const response = await this.request(path2, { method: "GET" });
-      if (!response.ok) {
-        const text = await response.text();
+    async request(path2, { scopes, init }) {
+      const { GoogleAuth } = await import("google-auth-library");
+      const auth = new GoogleAuth({
+        credentials: {
+          client_email: serviceAccountKey.client_email,
+          private_key: serviceAccountKey.private_key
+        },
+        scopes
+      });
+      const token = await auth.getAccessToken();
+      if (!token) {
         throw new Error(
-          `google-calendar: getEvent failed (${response.status}): ${text}`
+          "google-calendar: failed to obtain access token (no subject)"
         );
       }
-      return await response.json();
+      const headers = new Headers(init?.headers);
+      headers.set("Authorization", `Bearer ${token}`);
+      return fetch(buildUrl(path2), { ...init, headers });
     }
   };
 }
@@ -381,97 +274,47 @@ var AUTH_TYPES = {
   USER_PASSWORD: "user-password"
 };
-// ../connectors/src/connectors/google-calendar/tools/list-calendars.ts
-import * as crypto2 from "crypto";
+// ../connectors/src/connectors/google-calendar/tools/request.ts
 import { z } from "zod";
-var TOKEN_URL2 = "https://oauth2.googleapis.com/token";
 var BASE_URL2 = "https://www.googleapis.com/calendar/v3";
-var SCOPE2 = "https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/calendar.events.readonly";
 var REQUEST_TIMEOUT_MS = 6e4;
-function base64url2(input) {
-  const buf = typeof input === "string" ? Buffer.from(input) : input;
-  return buf.toString("base64url");
-}
-function buildJwt2(clientEmail, privateKey, nowSec, subject) {
-  const header = base64url2(JSON.stringify({ alg: "RS256", typ: "JWT" }));
-  const payload = base64url2(
-    JSON.stringify({
-      iss: clientEmail,
-      sub: subject,
-      scope: SCOPE2,
-      aud: TOKEN_URL2,
-      iat: nowSec,
-      exp: nowSec + 3600
-    })
-  );
-  const signingInput = `${header}.${payload}`;
-  const sign = crypto2.createSign("RSA-SHA256");
-  sign.update(signingInput);
-  sign.end();
-  const signature = base64url2(sign.sign(privateKey));
-  return `${signingInput}.${signature}`;
-}
-async function getAccessToken(serviceAccount, subject) {
-  const nowSec = Math.floor(Date.now() / 1e3);
-  const jwt = buildJwt2(
-    serviceAccount.client_email,
-    serviceAccount.private_key,
-    nowSec,
-    subject
-  );
-  const response = await fetch(TOKEN_URL2, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
-      assertion: jwt
-    })
-  });
-  if (!response.ok) {
-    const text = await response.text();
-    throw new Error(
-      `token exchange failed for ${subject} (${response.status}): ${text}`
-    );
-  }
-  const data = await response.json();
-  return data.access_token;
+function decodeServiceAccount(keyJsonBase64) {
+  const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
+  return JSON.parse(decoded);
 }
 var inputSchema = z.object({
   toolUseIntent: z.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
   ),
-  connectionId: z.string().describe("ID of the Google Calendar connection to use")
+  connectionId: z.string().describe("ID of the Google Calendar connection to use"),
+  method: z.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
+  path: z.string().describe(
+    "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/users/me/calendarList', '/calendars/team@example.com/events'). Write the calendar ID directly into the path \u2014 there is no placeholder substitution."
+  ),
+  scopes: z.array(z.string()).describe(
+    "OAuth scopes the token must include. This connector currently supports read-only operations only \u2014 pass one of ['https://www.googleapis.com/auth/calendar.readonly'] (calendars + events read), ['https://www.googleapis.com/auth/calendar.events.readonly'] (events read only), or ['https://www.googleapis.com/auth/calendar.freebusy'] (busy/free queries only). Per-endpoint scope reference: https://developers.google.com/calendar/api/auth"
+  ),
+  queryParams: z.record(z.string(), z.string()).optional().describe("Query parameters to append to the URL"),
+  body: z.record(z.string(), z.unknown()).optional().describe("JSON request body for POST/PUT/PATCH")
 });
 var outputSchema = z.discriminatedUnion("success", [
   z.object({
     success: z.literal(true),
-    calendars: z.array(
-      z.object({
-        impersonateEmail: z.string(),
-        id: z.string(),
-        summary: z.string(),
-        primary: z.boolean().optional(),
-        accessRole: z.string()
-      })
-    ),
-    errors: z.array(
-      z.object({
-        impersonateEmail: z.string(),
-        error: z.string()
-      })
-    )
+    status: z.number(),
+    data: z.record(z.string(), z.unknown())
   }),
   z.object({
     success: z.literal(false),
-    error: z.string()
+    error: z.string(),
+    serviceAccountEmail: z.string().optional()
   })
 ]);
-var listCalendarsTool = new ConnectorTool({
-  name: "listCalendars",
-  description: "List Google Calendars accessible via Domain-wide Delegation by impersonating the Google Workspace user(s) configured on the connection's `impersonate-email` parameter (comma-separated list supported). Use during setup to aggregate calendars across the configured emails.",
+var requestTool = new ConnectorTool({
+  name: "request",
+  description: "Call the Google Calendar API as the service account itself (no delegation). Read-only operations only. Only calendars explicitly shared with the service account email are accessible. Pass `scopes` as a read-only Calendar scope (e.g., ['https://www.googleapis.com/auth/calendar.readonly']). Use this tool when the project knowledge records the calendar with `(service-account, ...)` (no `subject`).",
   inputSchema,
   outputSchema,
-  async execute({ connectionId }, connections) {
+  async execute({ connectionId, method, path: path2, scopes, queryParams, body }, connections) {
     const connection2 = connections.find((c) => c.id === connectionId);
     if (!connection2) {
       return {
@@ -479,144 +322,89 @@ var listCalendarsTool = new ConnectorTool({
         error: `Connection ${connectionId} not found`
       };
     }
-    const impersonateEmailRaw = impersonateEmailParameter.getValue(connection2);
-    const emails = impersonateEmailRaw.split(",").map((e) => e.trim()).filter((e) => e.length > 0);
-    if (emails.length === 0) {
-      return {
-        success: false,
-        error: "impersonate-email parameter is empty"
-      };
-    }
-    console.log(
-      `[connector-request] google-calendar/${connection2.name}: listCalendars for ${emails.join(",")}`
-    );
+    const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
     let serviceAccount;
     try {
-      const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
-      const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
-      serviceAccount = JSON.parse(decoded);
+      serviceAccount = decodeServiceAccount(keyJsonBase64);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       return {
         success: false,
-        error: `failed to decode service account key: ${msg}`
+        error: `Failed to decode service account key: ${msg}`
       };
     }
-    if (!serviceAccount.client_email || !serviceAccount.private_key) {
-      return {
-        success: false,
-        error: "service account key JSON must contain client_email and private_key"
-      };
-    }
-    const aggregated = [];
-    const errors = [];
-    for (const email of emails) {
+    const serviceAccountEmail = serviceAccount.client_email;
+    console.log(
+      `[connector-request] google-calendar/${connection2.name}: ${method} ${path2} (service account)`
+    );
+    try {
+      const { GoogleAuth } = await import("google-auth-library");
+      const auth = new GoogleAuth({
+        credentials: {
+          client_email: serviceAccount.client_email,
+          private_key: serviceAccount.private_key
+        },
+        scopes
+      });
+      const token = await auth.getAccessToken();
+      if (!token) {
+        return {
+          success: false,
+          error: "Failed to obtain access token",
+          serviceAccountEmail
+        };
+      }
+      let url = `${BASE_URL2}${path2.startsWith("/") ? "" : "/"}${path2}`;
+      if (queryParams) {
+        const searchParams = new URLSearchParams(queryParams);
+        url += `?${searchParams.toString()}`;
+      }
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
       try {
-        const token = await getAccessToken(serviceAccount, email);
-        const response = await fetch(`${BASE_URL2}/users/me/calendarList`, {
-          method: "GET",
-          headers: { Authorization: `Bearer ${token}` },
+        const hasBody = body != null && ["POST", "PUT", "PATCH"].includes(method);
+        const response = await fetch(url, {
+          method,
+          headers: {
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/json"
+          },
+          body: hasBody ? JSON.stringify(body) : void 0,
           signal: controller.signal
         });
-        const data = await response.json();
+        const data = await response.json().catch(() => ({}));
         if (!response.ok) {
           const errorObj = data?.error;
-          errors.push({
-            impersonateEmail: email,
-            error: errorObj?.message ?? `HTTP ${response.status} ${response.statusText}`
-          });
-          continue;
-        }
-        const items = data.items ?? [];
-        for (const c of items) {
-          aggregated.push({
-            impersonateEmail: email,
-            id: c.id,
-            summary: c.summary,
-            primary: c.primary,
-            accessRole: c.accessRole
-          });
+          const errorMessage = errorObj?.message ?? (typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`);
+          return {
+            success: false,
+            error: errorMessage,
+            serviceAccountEmail
+          };
         }
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        errors.push({ impersonateEmail: email, error: msg });
+        return { success: true, status: response.status, data };
       } finally {
         clearTimeout(timeout);
       }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: msg,
+        serviceAccountEmail
+      };
     }
-    return {
-      success: true,
-      calendars: aggregated,
-      errors
-    };
-  }
-});
-// ../connectors/src/connectors/google-calendar/setup.ts
-var listCalendarsToolName = `google-calendar-service-account_${listCalendarsTool.name}`;
-var googleCalendarOnboarding = new ConnectorOnboarding({
-  connectionSetupInstructions: {
-    ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Calendar\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002\u63A5\u7D9A\u4F5C\u6210\u6642\u306B\u306F\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8JSON\u306E\u307F\u304C\u8A2D\u5B9A\u6E08\u307F\u3067\u3001\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3084\u30AB\u30EC\u30F3\u30C0\u30FCID\u306F\u3053\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u53D6\u5F97\u3057\u307E\u3059\u3002
-1. \`askUserQuestion\` \u3067\u30E6\u30FC\u30B6\u30FC\u306B\u3001\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u304CDomain-wide Delegation\u3067\u4EE3\u7406\u30A2\u30AF\u30BB\u30B9\u3059\u308BGoogle Workspace\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u30D2\u30A2\u30EA\u30F3\u30B0\u3059\u308B:
-   - \`type\`: \`"freeText"\`
-   - \`question\`: \u300C\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u6301\u3064\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u3042\u308B\u5834\u5408\u306F\u30AB\u30F3\u30DE\u533A\u5207\u308A\u3067\u5165\u529B\u53EF\uFF09\u300D
-   - \`placeholder\`: \`"user@example.com, admin@example.com"\`
-2. \u30E6\u30FC\u30B6\u30FC\u304B\u3089\u53D7\u3051\u53D6\u3063\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\uFF08\u30AB\u30F3\u30DE\u533A\u5207\u308A\u5BFE\u5FDC\uFF09\u3092 \`updateConnectionParameters\` \u3067\u4FDD\u5B58\u3059\u308B:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <\u5165\u529B\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u6587\u5B57\u5217>, label: <\u540C\u3058\u5024> }]\`\uFF081\u4EF6\u306E\u307F\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u81EA\u52D5\u9078\u629E\u3055\u308C\u308B\uFF09
-3. \`${listCalendarsToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3001\u4FDD\u5B58\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B\u3002
-   - \`errors\` \u306B\u30A8\u30E9\u30FC\u304C\u3042\u308A \`calendars\` \u304C\u7A7A\u306E\u5834\u5408\uFF08\u3059\u3079\u3066\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3067\u5931\u6557\uFF09\u3001\u5165\u529B\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u5B58\u5728\u3057\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308B\u3002\`askUserQuestion\` \u3067\u300C{\u5165\u529B\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9} \u306E\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u30A2\u30AF\u30BB\u30B9\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u30A2\u30C9\u30EC\u30B9\u306B\u8AA4\u308A\u304C\u3042\u308B\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\u4F3C\u305F\u30A2\u30C9\u30EC\u30B9\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u304B\uFF1F\u300D\u3068\u805E\u304D\u8FD4\u3057\u3001\u30B9\u30C6\u30C3\u30D72\u304B\u3089\u518D\u5EA6\u5B9F\u884C\u3059\u308B
-4. \u8FD4\u5374\u3055\u308C\u305F \`calendars\` \u914D\u5217\uFF08\u5404\u8981\u7D20: \`{ impersonateEmail, id, summary, primary, accessRole }\`\uFF09\u3092\u5143\u306B\u300C\u4F7F\u7528\u3059\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u9078\u629E\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u300D\u3068\u77ED\u304F\u4F1D\u3048\u305F\u4E0A\u3067\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
-   - \`parameterSlug\`: \`"calendar-id"\`
-   - \`options\`: \u5404 option \u306E \`label\` \u306F \`\u30AB\u30EC\u30F3\u30C0\u30FC\u540D (owner: impersonateEmail)\` \u306E\u5F62\u5F0F\u3001\`value\` \u306F\u30AB\u30EC\u30F3\u30C0\u30FCID
-   - \`errors\` \u306B\u5931\u6557\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u3042\u308B\u5834\u5408\u306F\u3001\u305D\u306E\u65E8\u3092\u77ED\u304F\u4F1D\u3048\u308B
-5. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F\u30AB\u30EC\u30F3\u30C0\u30FC\u306E \`label\` \u304B\u3089 owner \u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u62BD\u51FA\u3057\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3057\u3066 \`impersonate-email\` \u3092\u6700\u7D42\u5024\u3067\u4E0A\u66F8\u304D\u3059\u308B:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <ownerEmail>, label: <ownerEmail> }]\`
-#### \u5236\u7D04
-- **\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30C9\u30E1\u30A4\u30F3\u5168\u4F53\u306E\u59D4\u4EFB\u8A2D\u5B9A\u304C\u5FC5\u8981\u3067\u3059**\u3002\`${listCalendarsToolName}\` \u306E \`errors\` \u306B\u6A29\u9650\u30A8\u30E9\u30FC\u304C\u51FA\u308B\u5834\u5408\u3001Google Workspace\u7BA1\u7406\u8005\u306BDomain-wide Delegation\u306E\u8A2D\u5B9A\u78BA\u8A8D\u3092\u4FC3\u3057\u3066\u304F\u3060\u3055\u3044
-- \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
-    en: `Follow these steps to set up the Google Calendar connection. Only the service account JSON is provided at connection creation time \u2014 the target user email and calendar ID are collected during this setup flow.
-1. Call \`askUserQuestion\` to ask the user for the Google Workspace user email the service account will impersonate via Domain-wide Delegation:
-   - \`type\`: \`"freeText"\`
-   - \`question\`: "Please enter the email address of the user whose calendar you want to access (comma-separated list allowed for multiple users)"
-   - \`placeholder\`: \`"user@example.com, admin@example.com"\`
-2. Save the email(s) the user provided (comma-separated supported) via \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <the email string entered>, label: <same value> }]\` (a single option is auto-selected)
-3. Call \`${listCalendarsToolName}\` to list calendars accessible via the saved email(s).
-   - If \`errors\` is non-empty and \`calendars\` is empty (all emails failed), the entered address may not exist. Use \`askUserQuestion\` to ask: "Could not access the calendar for {entered email}. The address may be incorrect \u2014 did you mean a similar address?" Then re-run from step 2 with the new input
-4. Using the returned \`calendars\` array (each item: \`{ impersonateEmail, id, summary, primary, accessRole }\`), briefly say "Please select a calendar." then call \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"calendar-id"\`
-   - \`options\`: Each option's \`label\` should be \`Calendar Name (owner: impersonateEmail)\`, \`value\` should be the calendar ID
-   - If \`errors\` contains failing email addresses, briefly mention them
-5. Extract the owner email from the \`label\` of the user's selected calendar, then call \`updateConnectionParameters\` to overwrite \`impersonate-email\` with the final value:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <ownerEmail>, label: <ownerEmail> }]\`
-#### Constraints
-- **Domain-wide Delegation must be configured on the service account**. If \`${listCalendarsToolName}\` returns permission errors in the \`errors\` field, ask the user to verify the Domain-wide Delegation setup with their Google Workspace administrator
-- Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
-  },
-  dataOverviewInstructions: {
-    en: `1. Call google-calendar-service-account_request with GET /calendars/{calendarId} to get the default calendar's metadata
-2. Call google-calendar-service-account_request with GET /users/me/calendarList to list all accessible calendars
-3. Call google-calendar-service-account_request with GET /calendars/{calendarId}/events with query params timeMin (RFC3339) and maxResults=10 to sample upcoming events`,
-    ja: `1. google-calendar-service-account_request \u3067 GET /calendars/{calendarId} \u3092\u547C\u3073\u51FA\u3057\u3001\u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
-2. google-calendar-service-account_request \u3067 GET /users/me/calendarList \u3092\u547C\u3073\u51FA\u3057\u3001\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7\u3092\u53D6\u5F97
-3. google-calendar-service-account_request \u3067 GET /calendars/{calendarId}/events \u3092\u30AF\u30A8\u30EA\u30D1\u30E9\u30E1\u30FC\u30BF timeMin\uFF08RFC3339\u5F62\u5F0F\uFF09\u3068 maxResults=10 \u3067\u547C\u3073\u51FA\u3057\u3001\u76F4\u8FD1\u306E\u30A4\u30D9\u30F3\u30C8\u3092\u30B5\u30F3\u30D7\u30EA\u30F3\u30B0`
   }
 });
-// ../connectors/src/connectors/google-calendar/tools/request.ts
+// ../connectors/src/connectors/google-calendar/tools/request-with-delegation.ts
 import { z as z2 } from "zod";
 var BASE_URL3 = "https://www.googleapis.com/calendar/v3";
 var REQUEST_TIMEOUT_MS2 = 6e4;
+function decodeServiceAccount2(keyJsonBase64) {
+  const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
+  return JSON.parse(decoded);
+}
 var inputSchema2 = z2.object({
   toolUseIntent: z2.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
@@ -624,13 +412,18 @@ var inputSchema2 = z2.object({
   connectionId: z2.string().describe("ID of the Google Calendar connection to use"),
   method: z2.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
   path: z2.string().describe(
-    "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/calendars/{calendarId}/events'). {calendarId} is automatically replaced."
+    "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/users/me/calendarList', '/calendars/alice@example.com/events'). Write the calendar ID directly into the path \u2014 there is no placeholder substitution."
+  ),
+  subject: z2.string().describe(
+    "Email of the Workspace user to impersonate via Domain-wide Delegation. The token will be issued as this user."
+  ),
+  scopes: z2.array(z2.string()).describe(
+    "OAuth scopes the token must include. This connector currently supports read-only operations only \u2014 pass one of ['https://www.googleapis.com/auth/calendar.readonly'] (calendars + events read), ['https://www.googleapis.com/auth/calendar.events.readonly'] (events read only), or ['https://www.googleapis.com/auth/calendar.freebusy'] (busy/free queries only). Per-endpoint scope reference: https://developers.google.com/calendar/api/auth"
   ),
-  queryParams: z2.record(z2.string(), z2.string()).optional().describe("Query parameters to append to the URL"),
-  body: z2.record(z2.string(), z2.unknown()).optional().describe("Request body (JSON) for POST/PUT/PATCH methods"),
-  subject: z2.string().optional().describe(
-    "Override the email address of the user to impersonate via Domain-wide Delegation. If omitted, the connection's configured user email is used."
-  )
+  queryParams: z2.record(z2.string(), z2.string()).optional().describe(
+    "Query parameters to append to the URL (e.g., { timeMin: '2025-01-01T00:00:00Z', maxResults: '10' })"
+  ),
+  body: z2.record(z2.string(), z2.unknown()).optional().describe("JSON request body for POST/PUT/PATCH")
 });
 var outputSchema2 = z2.discriminatedUnion("success", [
   z2.object({
@@ -640,17 +433,16 @@ var outputSchema2 = z2.discriminatedUnion("success", [
   }),
   z2.object({
     success: z2.literal(false),
-    error: z2.string()
+    error: z2.string(),
+    serviceAccountEmail: z2.string().optional()
   })
 ]);
-var requestTool = new ConnectorTool({
-  name: "request",
-  description: `Send authenticated requests to the Google Calendar API v3.
-Authentication is handled automatically using a service account.
-{calendarId} in the path is automatically replaced with the connection's default calendar ID.`,
+var requestWithDelegationTool = new ConnectorTool({
+  name: "request_with_delegation",
+  description: "Call the Google Calendar API on behalf of the specified Workspace user via Domain-wide Delegation. Read-only operations only. Pass `subject` as the target user email and `scopes` as a read-only Calendar scope (e.g., ['https://www.googleapis.com/auth/calendar.readonly']). Use this tool when the project knowledge records the calendar with `(delegation, subject: <email>, ...)`. Requires DwD to be authorized for the service account in the Workspace admin console.",
   inputSchema: inputSchema2,
   outputSchema: outputSchema2,
-  async execute({ connectionId, method, path: path2, queryParams, body, subject }, connections) {
+  async execute({ connectionId, method, path: path2, subject, scopes, queryParams, body }, connections) {
     const connection2 = connections.find((c) => c.id === connectionId);
     if (!connection2) {
       return {
@@ -658,41 +450,40 @@ Authentication is handled automatically using a service account.
         error: `Connection ${connectionId} not found`
       };
     }
+    const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
+    let serviceAccount;
+    try {
+      serviceAccount = decodeServiceAccount2(keyJsonBase64);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: `Failed to decode service account key: ${msg}`
+      };
+    }
+    const serviceAccountEmail = serviceAccount.client_email;
     console.log(
-      `[connector-request] google-calendar/${connection2.name}: ${method} ${path2}`
+      `[connector-request] google-calendar/${connection2.name}: ${method} ${path2} subject=${subject}`
     );
     try {
       const { GoogleAuth } = await import("google-auth-library");
-      const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
-      const impersonateEmail = impersonateEmailParameter.tryGetValue(connection2);
-      const calendarId = calendarIdParameter.tryGetValue(connection2) ?? "primary";
-      const resolvedSubject = subject ?? impersonateEmail;
-      if (!resolvedSubject) {
-        return {
-          success: false,
-          error: `Missing required parameter: ${impersonateEmailParameter.slug}. Configure the user email for this connection.`
-        };
-      }
-      const credentials = JSON.parse(
-        Buffer.from(keyJsonBase64, "base64").toString("utf-8")
-      );
       const auth = new GoogleAuth({
-        credentials,
-        scopes: [
-          "https://www.googleapis.com/auth/calendar.readonly",
-          "https://www.googleapis.com/auth/calendar.events.readonly"
-        ],
-        clientOptions: { subject: resolvedSubject }
+        credentials: {
+          client_email: serviceAccount.client_email,
+          private_key: serviceAccount.private_key
+        },
+        scopes,
+        clientOptions: { subject }
       });
       const token = await auth.getAccessToken();
       if (!token) {
         return {
           success: false,
-          error: "Failed to obtain access token"
+          error: "Failed to obtain access token",
+          serviceAccountEmail
         };
       }
-      const resolvedPath = path2.replace(/\{calendarId\}/g, calendarId);
-      let url = `${BASE_URL3}${resolvedPath.startsWith("/") ? "" : "/"}${resolvedPath}`;
+      let url = `${BASE_URL3}${path2.startsWith("/") ? "" : "/"}${path2}`;
       if (queryParams) {
         const searchParams = new URLSearchParams(queryParams);
         url += `?${searchParams.toString()}`;
@@ -700,28 +491,24 @@ Authentication is handled automatically using a service account.
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS2);
       try {
+        const hasBody = body != null && ["POST", "PUT", "PATCH"].includes(method);
         const response = await fetch(url, {
           method,
           headers: {
             Authorization: `Bearer ${token}`,
             "Content-Type": "application/json"
           },
-          body: body && ["POST", "PUT", "PATCH"].includes(method) ? JSON.stringify(body) : void 0,
+          body: hasBody ? JSON.stringify(body) : void 0,
           signal: controller.signal
         });
-        if (method === "DELETE" && response.status === 204) {
-          return {
-            success: true,
-            status: 204,
-            data: { message: "Deleted successfully" }
-          };
-        }
-        const data = await response.json();
+        const data = await response.json().catch(() => ({}));
         if (!response.ok) {
           const errorObj = data?.error;
+          const errorMessage = errorObj?.message ?? (typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`);
           return {
             success: false,
-            error: errorObj?.message ?? `HTTP ${response.status} ${response.statusText}`
+            error: errorMessage,
+            serviceAccountEmail
           };
         }
         return { success: true, status: response.status, data };
@@ -730,13 +517,121 @@ Authentication is handled automatically using a service account.
       }
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
-      return { success: false, error: msg };
+      return {
+        success: false,
+        error: msg,
+        serviceAccountEmail
+      };
     }
   }
 });
+// ../connectors/src/connectors/google-calendar/setup.ts
+var requestToolName = `google-calendar-service-account_${requestTool.name}`;
+var requestWithDelegationToolName = `google-calendar-service-account_${requestWithDelegationTool.name}`;
+var READONLY_SCOPES = '["https://www.googleapis.com/auth/calendar.readonly"]';
+var googleCalendarOnboarding = new ConnectorOnboarding({
+  connectionSetupInstructions: {
+    ja: `Google Calendar \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3044\u307E\u3059\u3002\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u30E6\u30FC\u30B6\u30FC\u304B\u3089\u805E\u304D\u3001\u5229\u7528\u53EF\u80FD\u306A\u3082\u306E\u3092\u767A\u898B\u3057\u3066 Project Knowledge \u306B\u8A18\u9332\u3057\u307E\u3059\u3002
+1. \`askUserQuestion\` \u3067\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u805E\u304F:
+   - \`type\`: \`"freeText"\`
+   - \`question\`: \u300C\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u6240\u6709\u8005\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u53EF\u3001\u30AB\u30F3\u30DE\u533A\u5207\u308A\uFF09\u300D
+   - \`placeholder\`: \`"alice@example.com, bob@example.com"\`
+2. \u30E6\u30FC\u30B6\u30FC\u304B\u3089\u53D7\u3051\u53D6\u3063\u305F\u6587\u5B57\u5217\u304B\u3089\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u62BD\u51FA\u3059\u308B\u3002\u4E26\u884C\u3057\u3066\u4E21\u65B9\u306E\u30C4\u30FC\u30EB\u3067\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u767A\u898B\u3059\u308B:
+   a. \`${requestToolName}\` \u3092\u4EE5\u4E0B\u306E\u5F15\u6570\u3067\u547C\u3073\u3001Service Account \u81EA\u8EAB\u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u53D6\u5F97\u3059\u308B\u3002\`success: false\` \u306A\u3089\u305D\u306E\u65E8\u8A18\u9332\u3057\u3066\u6B21\u3078:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+   b. \u5404\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9 \`<email>\` \u306B\u3064\u3044\u3066 \`${requestWithDelegationToolName}\` \u3092\u4EE5\u4E0B\u306E\u5F15\u6570\u3067\u547C\u3073\u3001\u305D\u306E\u30E6\u30FC\u30B6\u30FC\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u53D6\u5F97\u3059\u308B:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`subject\`: \`<email>\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+3. \u30B9\u30C6\u30C3\u30D7 2 \u306E\u767A\u898B\u7D50\u679C (a \u3068 b \u306E\u5168\u30AB\u30EC\u30F3\u30C0\u30FC) \u3092\u7D71\u5408\u3057\u3001\`askUserQuestion\` \u3067\u30AB\u30EC\u30F3\u30C0\u30FC\u9078\u629E\u3092\u6C42\u3081\u308B:
+   - 1 \u4EF6\u3082\u898B\u3064\u304B\u3089\u306A\u304B\u3063\u305F\u5834\u5408: \u5931\u6557\u3057\u305F\u30C4\u30FC\u30EB\u306E\u30A8\u30E9\u30FC\u30EC\u30B9\u30DD\u30F3\u30B9\u304B\u3089 \`serviceAccountEmail\` \u3092\u53D6\u308A\u51FA\u3057\u3001\`askUserQuestion\` \u3067\u6B21\u306E\u9078\u629E\u80A2\u3092\u63D0\u793A\u3059\u308B\u3002\`question\` \u306B\u306F\u6B21\u306E\u6848\u5185\u6587\u3092\u542B\u3081\u308B: \u300C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8 \`<serviceAccountEmail>\` \u3067\u6B21\u306E\u3044\u305A\u308C\u304B\u3092\u884C\u3063\u3066\u304B\u3089\u7D9A\u884C\u3057\u3066\u304F\u3060\u3055\u3044: (1) Workspace \u7BA1\u7406\u8005\u306B Domain-wide Delegation \u306E\u8A2D\u5B9A\u3092\u4F9D\u983C\u3059\u308B\uFF08[\u8A2D\u5B9A\u30AC\u30A4\u30C9](https://support.google.com/a/answer/162106)\uFF09\u3001(2) \u5BFE\u8C61\u30AB\u30EC\u30F3\u30C0\u30FC\u3092 \`<serviceAccountEmail>\` \u306B\u5171\u6709\u8A2D\u5B9A\u3067\u62DB\u5F85\u3059\u308B\uFF08[\u5171\u6709\u624B\u9806](https://support.google.com/calendar/answer/37082)\uFF09\u300D\u3002
+     - \`options\`: \`[{ label: "\u6E96\u5099\u3067\u304D\u305F\u306E\u3067\u30EA\u30C8\u30E9\u30A4", value: "retry" }, { label: "\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u76F4\u3059", value: "restart" }]\`
+     - \u300C\u30EA\u30C8\u30E9\u30A4\u300D: \u76F4\u524D\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u30EA\u30B9\u30C8\u3067\u30B9\u30C6\u30C3\u30D7 2 \u3092\u518D\u5B9F\u884C
+     - \u300C\u5165\u529B\u3057\u76F4\u3059\u300D: \u30B9\u30C6\u30C3\u30D7 1 \u304B\u3089\u518D\u5B9F\u884C
+   - \u5931\u6557\u304C\u3042\u3063\u305F\u5834\u5408: \u305D\u306E\u65E8\u3092 1 \u6587\u3067\u4F1D\u3048\u3066\u304B\u3089\u6B21\u306B\u9032\u3080
+   - \u30AB\u30EC\u30F3\u30C0\u30FC\u9078\u629E:
+     - \`type\`: \`"multiSelect"\`
+     - \`question\`: \u300C\u4F7F\u7528\u3059\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u9078\u629E\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u53EF\uFF09\u300D
+     - \`options\`: \u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u3064\u3044\u3066 \`label\`: \`"<\u30AB\u30EC\u30F3\u30C0\u30FC\u540D> (\u30A2\u30AF\u30BB\u30B9\u7D4C\u8DEF)"\`\u3001\`value\`: \`"<calendarId>"\` \u306E\u5F62\u5F0F\u3067\u69CB\u7BC9\u3002\u30A2\u30AF\u30BB\u30B9\u7D4C\u8DEF\u306F a \u3067\u898B\u3064\u304B\u3063\u305F\u3082\u306E\u306F \`"\u5171\u6709"\`\u3001b \u3067\u898B\u3064\u304B\u3063\u305F\u3082\u306E\u306F \`"DwD: <\u305D\u306E\u3068\u304D\u306E subject>"\` \u306E\u3088\u3046\u306B\u4EBA\u9593\u304C\u5224\u5225\u3067\u304D\u308B\u6587\u5B57\u5217\u306B\u3059\u308B
+4. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F calendarId \u96C6\u5408\u3092\u3001\u30B9\u30C6\u30C3\u30D7 2 \u306E\u30C7\u30A3\u30B9\u30AB\u30D0\u30EA\u7D50\u679C\u3068\u7A81\u304D\u5408\u308F\u305B\u3066\u7D4C\u8DEF\u3068 subject \u3092\u7279\u5B9A\u3059\u308B\u3002\`finalizeSetup\` \u3092\u547C\u3073\u3001\`projectKnowledge\` \u306E \`#### \u30B9\u30B3\u30FC\u30D7\` \u7BC0\u306B\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u3092 1 \u884C\u305A\u3064\u5217\u6319\u3059\u308B:
+   - DwD \u7D4C\u7531\u3067\u30A2\u30AF\u30BB\u30B9\u3059\u308B\u5834\u5408: \`- calendar: <calendarId> (delegation, subject: <subject>, name: "<\u30AB\u30EC\u30F3\u30C0\u30FC\u540D>")\`
+   - Service Account \u81EA\u8EAB\u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B\u5834\u5408: \`- calendar: <calendarId> (service-account, name: "<\u30AB\u30EC\u30F3\u30C0\u30FC\u540D>")\`
+#### \u5236\u7D04
+- \u4E0A\u8A18\u4EE5\u5916\u306E API \u547C\u3073\u51FA\u3057\u3092 setup \u4E2D\u306B\u884C\u308F\u306A\u3044
+- \u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u306E\u9593\u306F 1 \u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057`,
+    en: `Set up the Google Calendar connection. Ask the user which calendars they want to access, discover the available ones, and record them in Project Knowledge.
+1. Call \`askUserQuestion\` to collect target user emails:
+   - \`type\`: \`"freeText"\`
+   - \`question\`: "Enter the email addresses of the calendar owners you want to access (comma-separated for multiple)"
+   - \`placeholder\`: \`"alice@example.com, bob@example.com"\`
+2. Extract individual emails from the response. Discover calendars using both tools in parallel:
+   a. Call \`${requestToolName}\` to list calendars shared directly with the service account. If \`success: false\`, record the failure and continue:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+   b. For each email \`<email>\`, call \`${requestWithDelegationToolName}\` to list calendars accessible by that user via Domain-wide Delegation:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`subject\`: \`<email>\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+3. Aggregate the discovery results from step 2 and call \`askUserQuestion\` for calendar selection:
+   - If no calendars were found: take \`serviceAccountEmail\` from any failed tool response and call \`askUserQuestion\`. Include this guidance in \`question\`: "No accessible calendars found. With service account \`<serviceAccountEmail>\`, please do one of the following before continuing: (1) Ask your Workspace admin to authorize Domain-wide Delegation ([setup guide](https://support.google.com/a/answer/162106)), or (2) Share the target calendars with \`<serviceAccountEmail>\` ([sharing guide](https://support.google.com/calendar/answer/37082))".
+     - \`options\`: \`[{ label: "Ready \u2014 retry", value: "retry" }, { label: "Re-enter the email addresses", value: "restart" }]\`
+     - On "retry" \u2192 re-run step 2 with the previously entered email list
+     - On "Re-enter" \u2192 re-run step 1
+   - If there were partial failures: briefly mention them and proceed.
+   - Calendar selection:
+     - \`type\`: \`"multiSelect"\`
+     - \`question\`: "Select the calendars to use (multiple allowed)"
+     - \`options\`: For each calendar, \`label\`: \`"<calendar name> (access path)"\`, \`value\`: \`"<calendarId>"\`. Make the access path human-readable: \`"shared"\` for calendars found via 2a, \`"DwD: <the subject used>"\` for calendars found via 2b
+4. Cross-reference the selected calendarIds with the step 2 discovery results to recover each calendar's access path and subject. Call \`finalizeSetup\`. Under \`#### \u30B9\u30B3\u30FC\u30D7\` in \`projectKnowledge\`, list each calendar on its own line:
+   - Accessed via Domain-wide Delegation: \`- calendar: <calendarId> (delegation, subject: <subject>, name: "<calendar name>")\`
+   - Shared directly with the service account: \`- calendar: <calendarId> (service-account, name: "<calendar name>")\`
+#### Constraints
+- Do not call any other API endpoints during setup
+- Write at most 1 sentence between tool calls`
+  },
+  dataOverviewInstructions: {
+    en: `For each calendar recorded under \`#### \u30B9\u30B3\u30FC\u30D7\`, fetch metadata and a small sample of upcoming events. The annotation on each line tells you which tool to use:
+- \`(delegation, subject: <email>, ...)\` \u2192 \`${requestWithDelegationToolName}\` with \`subject: <email>\`
+- \`(service-account, ...)\` \u2192 \`${requestToolName}\`
+Pass \`scopes: ${READONLY_SCOPES}\` for every call.
+For each calendar:
+1. \`method=GET\`, \`path=/calendars/<id>\` to fetch metadata.
+2. \`method=GET\`, \`path=/calendars/<id>/events\`, \`queryParams={ timeMin: <RFC3339 now>, maxResults: "10", singleEvents: "true", orderBy: "startTime" }\`.`,
+    ja: `\`#### \u30B9\u30B3\u30FC\u30D7\` \u306E\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u3064\u3044\u3066\u3001\u30E1\u30BF\u30C7\u30FC\u30BF\u3068\u76F4\u8FD1\u306E\u30A4\u30D9\u30F3\u30C8\u3092\u5C11\u91CF\u53D6\u5F97\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u5404\u884C\u306E\u6CE8\u91C8\u3067\u4F7F\u7528\u3059\u308B\u30C4\u30FC\u30EB\u3092\u9078\u3073\u307E\u3059:
+- \`(delegation, subject: <email>, ...)\` \u2192 \`${requestWithDelegationToolName}\` \u3092 \`subject: <email>\` \u4ED8\u304D\u3067\u547C\u3076
+- \`(service-account, ...)\` \u2192 \`${requestToolName}\` \u3092\u547C\u3076
+\`scopes\` \u306F\u6BCE\u56DE \`${READONLY_SCOPES}\` \u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u3064\u3044\u3066:
+1. \`method=GET\`\u3001\`path=/calendars/<id>\` \u3067\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
+2. \`method=GET\`\u3001\`path=/calendars/<id>/events\`\u3001\`queryParams={ timeMin: <RFC3339 \u306E\u73FE\u5728\u6642\u523B>, maxResults: "10", singleEvents: "true", orderBy: "startTime" }\``
+  }
+});
 // ../connectors/src/connectors/google-calendar/index.ts
-var tools = { request: requestTool, listCalendars: listCalendarsTool };
+var tools = {
+  request: requestTool,
+  request_with_delegation: requestWithDelegationTool
+};
 var googleCalendarConnector = new ConnectorPlugin({
   slug: "google-calendar",
   authType: AUTH_TYPES.SERVICE_ACCOUNT,
@@ -749,58 +644,45 @@ var googleCalendarConnector = new ConnectorPlugin({
   systemPrompt: {
     en: `### Tools
-- \`google-calendar-service-account_request\`: The only way to call the Google Calendar API. Use it to list calendars, get events, and manage calendar data. Authentication is handled automatically using a service account with Domain-wide Delegation \u2014 the service account impersonates the user configured on the connection (\`impersonate-email\` parameter). The {calendarId} placeholder in paths is automatically replaced with the configured default calendar ID. Pass an optional \`subject\` only if you need to override the configured user for a specific request.
+This connector exposes two request tools that correspond to the two ways a Service Account can authenticate against the Google Calendar API:
-### Business Logic
+- \`google-calendar-service-account_request_with_delegation\`: Call the Calendar API on behalf of the specified Workspace user via Domain-wide Delegation. Pass \`subject\` as the target user email. Requires DwD to be authorized for the service account in the Workspace admin console.
+- \`google-calendar-service-account_request\`: Call the Calendar API as the service account itself (no delegation). Only calendars explicitly shared with the service account email are accessible.
-The business logic type for this connector is "typescript". Use the connector SDK in your handler. Do NOT read credentials from environment variables.
+Both tools require a \`scopes\` argument.
-SDK methods (client created via \`connection(connectionId)\` \u2014 the connection's \`impersonate-email\` parameter is used automatically for Domain-wide Delegation):
-- \`client.listCalendars()\` \u2014 list all accessible calendars
-- \`client.listEvents(options?, calendarId?)\` \u2014 list events with optional filters
-- \`client.getEvent(eventId, calendarId?)\` \u2014 get a single event by ID
-- \`client.request(path, init?)\` \u2014 low-level authenticated fetch
+### OAuth Scopes (pass as \`scopes\` argument)
-#### Domain-wide Delegation
+This connector is currently read-only. Pass one of:
-The target user email is configured on the connection (\`impersonate-email\` parameter), so \`connection()\` automatically uses it. Pass \`subject\` only to override it:
+- \`https://www.googleapis.com/auth/calendar.readonly\` \u2014 read-only on calendars and events
+- \`https://www.googleapis.com/auth/calendar.events.readonly\` \u2014 read-only on events (no calendar metadata)
+- \`https://www.googleapis.com/auth/calendar.freebusy\` \u2014 busy/free time queries only
-\`\`\`ts
-const calendar = connection("<connectionId>", { subject: "other-user@example.com" });
-\`\`\`
+For \`request_with_delegation\`, the Workspace admin must have authorized the requested scope for the service account in the Domain-wide Delegation settings, otherwise token issuance will fail with \`unauthorized_client\`.
-\`\`\`ts
-import type { Context } from "hono";
-import { connection } from "@squadbase/vite-server/connectors/google-calendar";
+Per-endpoint scope reference: https://developers.google.com/calendar/api/auth
-const calendar = connection("<connectionId>");
+### Choosing the right tool
-export default async function handler(c: Context) {
-  const now = new Date().toISOString();
-  const { items } = await calendar.listEvents({
-    timeMin: now,
-    maxResults: 10,
-    singleEvents: true,
-    orderBy: "startTime",
-  });
+Read \`#### \u30B9\u30B3\u30FC\u30D7\` in the project knowledge for this connection. Each calendar appears as a \`- calendar: <id> (...)\` line whose annotation tells you which tool to use:
-  return c.json(
-    items.map((event) => ({
-      id: event.id,
-      summary: event.summary,
-      start: event.start.dateTime ?? event.start.date,
-      end: event.end.dateTime ?? event.end.date,
-      location: event.location,
-    })),
-  );
-}
-\`\`\`
+- \`(delegation, subject: <email>, name: "...")\` \u2192 use \`request_with_delegation\` and pass \`subject: <email>\`
+- \`(service-account, name: "...")\` \u2192 use \`request\` (no \`subject\`)
+### Path conventions
+Write the calendar ID directly into the path \u2014 there is no placeholder substitution. Examples:
+- \`/users/me/calendarList\` \u2014 list calendars accessible to the authenticated identity
+- \`/calendars/alice@example.com/events\` \u2014 events on alice's primary calendar
+- \`/calendars/c_abc123@group.calendar.google.com/events\` \u2014 events on a secondary calendar
 ### Google Calendar API v3 Reference
 #### Available Endpoints
 - GET \`/calendars/{calendarId}\` \u2014 Get calendar metadata
-- GET \`/users/me/calendarList\` \u2014 List all calendars accessible by the authenticated user
+- GET \`/users/me/calendarList\` \u2014 List all calendars accessible by the authenticated identity
 - GET \`/calendars/{calendarId}/events\` \u2014 List events on a calendar
 - GET \`/calendars/{calendarId}/events/{eventId}\` \u2014 Get a single event
@@ -812,66 +694,93 @@ export default async function handler(c: Context) {
 - \`orderBy=startTime\` \u2014 Order by start time (requires singleEvents=true)
 - \`q\` \u2014 Free text search terms
-#### Tips
-- Use \`{calendarId}\` placeholder in paths \u2014 it is automatically replaced with the configured default calendar ID
-- Set \`singleEvents=true\` to expand recurring events into individual instances
-- When using \`orderBy=startTime\`, you must also set \`singleEvents=true\`
-- Use RFC3339 format for time parameters (e.g., "2024-01-15T09:00:00Z" or "2024-01-15T09:00:00+09:00")
-- The default calendar ID is "primary" if not configured`,
-    ja: `### \u30C4\u30FC\u30EB
-- \`google-calendar-service-account_request\`: Google Calendar API\u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7\u53D6\u5F97\u3001\u30A4\u30D9\u30F3\u30C8\u306E\u53D6\u5F97\u3001\u30AB\u30EC\u30F3\u30C0\u30FC\u30C7\u30FC\u30BF\u306E\u7BA1\u7406\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\uFF0BDomain-wide Delegation\u3067\u8A8D\u8A3C\u304C\u81EA\u52D5\u7684\u306B\u51E6\u7406\u3055\u308C\u3001\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306B\u8A2D\u5B9A\u3055\u308C\u305F\u30E6\u30FC\u30B6\u30FC\uFF08\`impersonate-email\`\u30D1\u30E9\u30E1\u30FC\u30BF\uFF09\u3068\u3057\u3066\u52D5\u4F5C\u3057\u307E\u3059\u3002\u30D1\u30B9\u5185\u306E{calendarId}\u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u306F\u8A2D\u5B9A\u6E08\u307F\u306E\u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FCID\u3067\u81EA\u52D5\u7684\u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059\u3002\u7279\u5B9A\u30EA\u30AF\u30A8\u30B9\u30C8\u3067\u8A2D\u5B9A\u30E6\u30FC\u30B6\u30FC\u3092\u4E0A\u66F8\u304D\u3057\u305F\u3044\u5834\u5408\u306E\u307F\u3001\u30AA\u30D7\u30B7\u30E7\u30F3\u306E\`subject\`\u30D1\u30E9\u30E1\u30FC\u30BF\u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002
 ### Business Logic
-\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u30CF\u30F3\u30C9\u30E9\u5185\u3067\u306F\u30B3\u30CD\u30AF\u30BFSDK\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u8A8D\u8A3C\u60C5\u5831\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
+The business logic type for this connector is "typescript". Use the connector SDK in your handler. Do NOT read credentials from environment variables.
-SDK\u30E1\u30BD\u30C3\u30C9 (\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8 \u2014 \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\`impersonate-email\`\u30D1\u30E9\u30E1\u30FC\u30BF\u304C\u81EA\u52D5\u7684\u306BDomain-wide Delegation\u306Esubject\u3068\u3057\u3066\u4F7F\u308F\u308C\u307E\u3059):
-- \`client.listCalendars()\` \u2014 \u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7\u53D6\u5F97
-- \`client.listEvents(options?, calendarId?)\` \u2014 \u30D5\u30A3\u30EB\u30BF\u30FC\u4ED8\u304D\u30A4\u30D9\u30F3\u30C8\u4E00\u89A7\u53D6\u5F97
-- \`client.getEvent(eventId, calendarId?)\` \u2014 ID\u306B\u3088\u308B\u5358\u4E00\u30A4\u30D9\u30F3\u30C8\u53D6\u5F97
-- \`client.request(path, init?)\` \u2014 \u4F4E\u30EC\u30D9\u30EB\u306E\u8A8D\u8A3C\u4ED8\u304Dfetch
+SDK methods (client created via \`connection(connectionId)\`):
-#### Domain-wide Delegation
+- \`client.requestWithDelegation(path, { subject, scopes, init? })\` \u2014 call the API as the impersonated Workspace user via Domain-wide Delegation
+- \`client.request(path, { scopes, init? })\` \u2014 call the API as the service account itself (only calendars shared with the SA email are accessible)
-\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306F\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\uFF08\`impersonate-email\`\u30D1\u30E9\u30E1\u30FC\u30BF\uFF09\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u308B\u305F\u3081\u3001\`connection()\`\u306F\u81EA\u52D5\u7684\u306B\u305D\u308C\u3092\u4F7F\u3044\u307E\u3059\u3002\u4E0A\u66F8\u304D\u3057\u305F\u3044\u5834\u5408\u306E\u307F\`subject\`\u3092\u6E21\u3057\u307E\u3059\uFF1A
+Both methods take \`scopes\` \u2014 pass the minimum scope(s) for the endpoint. Both return a standard \`Response\`. Read the body with \`.json()\`. Same path conventions as the tools.
-\`\`\`ts
-const calendar = connection("<connectionId>", { subject: "other-user@example.com" });
-\`\`\`
+#### Example
 \`\`\`ts
 import type { Context } from "hono";
 import { connection } from "@squadbase/vite-server/connectors/google-calendar";
 const calendar = connection("<connectionId>");
+const READ = ["https://www.googleapis.com/auth/calendar.readonly"];
 export default async function handler(c: Context) {
   const now = new Date().toISOString();
-  const { items } = await calendar.listEvents({
+  const qs = new URLSearchParams({
     timeMin: now,
-    maxResults: 10,
-    singleEvents: true,
+    maxResults: "10",
+    singleEvents: "true",
     orderBy: "startTime",
   });
-  return c.json(
-    items.map((event) => ({
-      id: event.id,
-      summary: event.summary,
-      start: event.start.dateTime ?? event.start.date,
-      end: event.end.dateTime ?? event.end.date,
-      location: event.location,
-    })),
+  // Project knowledge says: alice@example.com is reachable via delegation
+  const aliceRes = await calendar.requestWithDelegation(
+    \`/calendars/alice@example.com/events?\${qs}\`,
+    { subject: "alice@example.com", scopes: READ },
+  );
+  const alice = await aliceRes.json();
+  // Project knowledge says: team@example.com is shared with the SA
+  const teamRes = await calendar.request(
+    \`/calendars/team@example.com/events?\${qs}\`,
+    { scopes: READ },
   );
+  const team = await teamRes.json();
+  return c.json({ alice: alice.items, team: team.items });
 }
-\`\`\`
+\`\`\``,
+    ja: `### \u30C4\u30FC\u30EB
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u30FC\u306F\u3001Service Account \u304C Google Calendar API \u306B\u8A8D\u8A3C\u3059\u308B 2 \u3064\u306E\u65B9\u6CD5\u306B\u5BFE\u5FDC\u3059\u308B 2 \u3064\u306E request \u30C4\u30FC\u30EB\u3092\u516C\u958B\u3057\u307E\u3059:
+- \`google-calendar-service-account_request_with_delegation\`: \u6307\u5B9A\u3055\u308C\u305F Workspace \u30E6\u30FC\u30B6\u30FC\u306B\u4EE3\u308F\u3063\u3066 Domain-wide Delegation \u7D4C\u7531\u3067 Calendar API \u3092\u547C\u3073\u51FA\u3057\u307E\u3059\u3002\u4EE3\u7406\u5BFE\u8C61\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092 \`subject\` \u3068\u3057\u3066\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002Workspace \u7BA1\u7406\u30B3\u30F3\u30BD\u30FC\u30EB\u3067 Service Account \u306E DwD \u304C\u627F\u8A8D\u3055\u308C\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002
+- \`google-calendar-service-account_request\`: Service Account \u81EA\u8EAB\u3068\u3057\u3066 Calendar API \u3092\u547C\u3073\u51FA\u3057\u307E\u3059\uFF08DwD \u306A\u3057\uFF09\u3002Service Account \u306E\u30E1\u30A2\u30C9\u306B\u660E\u793A\u7684\u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u307F\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u3067\u3059\u3002
+\u4E21\u30C4\u30FC\u30EB\u3068\u3082 \`scopes\` \u5F15\u6570\u304C\u5FC5\u9808\u3067\u3059\u3002
+### OAuth \u30B9\u30B3\u30FC\u30D7 (\`scopes\` \u5F15\u6570\u3067\u6E21\u3059)
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u30FC\u306F\u73FE\u72B6\u8AAD\u307F\u53D6\u308A\u5C02\u7528\u3067\u3059\u3002\u6B21\u306E\u3044\u305A\u308C\u304B\u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044:
+- \`https://www.googleapis.com/auth/calendar.readonly\` \u2014 \u30AB\u30EC\u30F3\u30C0\u30FC\u3068\u30A4\u30D9\u30F3\u30C8\u306E\u8AAD\u307F\u53D6\u308A
+- \`https://www.googleapis.com/auth/calendar.events.readonly\` \u2014 \u30A4\u30D9\u30F3\u30C8\u306E\u307F\u8AAD\u307F\u53D6\u308A\uFF08\u30AB\u30EC\u30F3\u30C0\u30FC\u30E1\u30BF\u30C7\u30FC\u30BF\u4E0D\u53EF\uFF09
+- \`https://www.googleapis.com/auth/calendar.freebusy\` \u2014 \u7A7A\u304D\u72B6\u6CC1\u30AF\u30A8\u30EA\u306E\u307F
+\`request_with_delegation\` \u306E\u5834\u5408\u3001\u8981\u6C42\u3059\u308B scope \u306F Workspace \u7BA1\u7406\u8005\u304C Domain-wide Delegation \u8A2D\u5B9A\u3067\u5F53\u8A72 Service Account \u306B\u5BFE\u3057\u3066\u627F\u8A8D\u3057\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\u627F\u8A8D\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u30C8\u30FC\u30AF\u30F3\u767A\u884C\u304C \`unauthorized_client\` \u3067\u5931\u6557\u3057\u307E\u3059\u3002
+\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u5225\u306E\u6B63\u78BA\u306A scope \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9: https://developers.google.com/calendar/api/auth
+### \u9069\u5207\u306A\u30C4\u30FC\u30EB\u306E\u9078\u3073\u65B9
+\u3053\u306E\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E Project Knowledge \u306E \`#### \u30B9\u30B3\u30FC\u30D7\` \u3092\u8AAD\u3093\u3067\u304F\u3060\u3055\u3044\u3002\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306F \`- calendar: <id> (...)\` \u5F62\u5F0F\u306E\u884C\u3068\u3057\u3066\u8A18\u9332\u3055\u308C\u3066\u304A\u308A\u3001\u6CE8\u91C8\u304C\u3069\u3061\u3089\u306E\u30C4\u30FC\u30EB\u3092\u4F7F\u3046\u3079\u304D\u304B\u3092\u793A\u3057\u307E\u3059:
+- \`(delegation, subject: <email>, name: "...")\` \u2192 \`request_with_delegation\` \u3092\u4F7F\u3044\u3001\`subject: <email>\` \u3092\u6E21\u3059
+- \`(service-account, name: "...")\` \u2192 \`request\` \u3092\u4F7F\u3046\uFF08\`subject\` \u4E0D\u8981\uFF09
+### \u30D1\u30B9\u306E\u66F8\u304D\u65B9
+calendar ID \u3092\u30D1\u30B9\u306B\u76F4\u63A5\u66F8\u3044\u3066\u304F\u3060\u3055\u3044\u3002\u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u306E\u7F6E\u63DB\u306F\u3042\u308A\u307E\u305B\u3093\u3002\u4F8B:
+- \`/users/me/calendarList\` \u2014 \u8A8D\u8A3C\u3055\u308C\u305F\u8B58\u5225\u5B50\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7
+- \`/calendars/alice@example.com/events\` \u2014 alice \u306E\u30D7\u30E9\u30A4\u30DE\u30EA\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30A4\u30D9\u30F3\u30C8
+- \`/calendars/c_abc123@group.calendar.google.com/events\` \u2014 \u4E8C\u6B21\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30A4\u30D9\u30F3\u30C8
 ### Google Calendar API v3 \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
 #### \u5229\u7528\u53EF\u80FD\u306A\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8
 - GET \`/calendars/{calendarId}\` \u2014 \u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
-- GET \`/users/me/calendarList\` \u2014 \u8A8D\u8A3C\u30E6\u30FC\u30B6\u30FC\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7
+- GET \`/users/me/calendarList\` \u2014 \u8A8D\u8A3C\u3055\u308C\u305F\u8B58\u5225\u5B50\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7
 - GET \`/calendars/{calendarId}/events\` \u2014 \u30AB\u30EC\u30F3\u30C0\u30FC\u4E0A\u306E\u30A4\u30D9\u30F3\u30C8\u4E00\u89A7
 - GET \`/calendars/{calendarId}/events/{eventId}\` \u2014 \u5358\u4E00\u30A4\u30D9\u30F3\u30C8\u306E\u53D6\u5F97
@@ -883,12 +792,52 @@ export default async function handler(c: Context) {
 - \`orderBy=startTime\` \u2014 \u958B\u59CB\u6642\u9593\u9806\u306B\u4E26\u3079\u66FF\u3048\uFF08singleEvents=true\u304C\u5FC5\u8981\uFF09
 - \`q\` \u2014 \u30D5\u30EA\u30FC\u30C6\u30AD\u30B9\u30C8\u691C\u7D22\u8A9E
-#### \u30D2\u30F3\u30C8
-- \u30D1\u30B9\u306B \`{calendarId}\` \u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u3092\u4F7F\u7528 \u2014 \u8A2D\u5B9A\u6E08\u307F\u306E\u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FCID\u3067\u81EA\u52D5\u7684\u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059
-- \`singleEvents=true\` \u3092\u8A2D\u5B9A\u3059\u308B\u3068\u3001\u7E70\u308A\u8FD4\u3057\u30A4\u30D9\u30F3\u30C8\u304C\u500B\u5225\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u306B\u5C55\u958B\u3055\u308C\u307E\u3059
-- \`orderBy=startTime\` \u3092\u4F7F\u7528\u3059\u308B\u5834\u5408\u3001\`singleEvents=true\` \u3082\u8A2D\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059
-- \u6642\u9593\u30D1\u30E9\u30E1\u30FC\u30BF\u306B\u306FRFC3339\u5F62\u5F0F\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u4F8B: "2024-01-15T09:00:00Z" \u3084 "2024-01-15T09:00:00+09:00"\uFF09
-- \u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FCID\u306F\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408 "primary" \u304C\u4F7F\u7528\u3055\u308C\u307E\u3059`
+### Business Logic
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u30CF\u30F3\u30C9\u30E9\u5185\u3067\u306F\u30B3\u30CD\u30AF\u30BFSDK\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u8A8D\u8A3C\u60C5\u5831\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
+SDK\u30E1\u30BD\u30C3\u30C9 (\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8):
+- \`client.requestWithDelegation(path, { subject, scopes, init? })\` \u2014 DwD \u3067 Workspace \u30E6\u30FC\u30B6\u30FC\u306B\u306A\u308A\u3059\u307E\u3057\u3066 API \u3092\u547C\u3076
+- \`client.request(path, { scopes, init? })\` \u2014 SA \u81EA\u8EAB\u3068\u3057\u3066 API \u3092\u547C\u3076\uFF08SA \u306B\u5171\u6709\u3055\u308C\u305F\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u307F\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\uFF09
+\u4E21\u30E1\u30BD\u30C3\u30C9\u3068\u3082 \`scopes\` \u3092\u53D7\u3051\u53D6\u308A\u307E\u3059\u3002\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u306B\u5FC5\u8981\u306A\u6700\u5C0F scope \u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u6A19\u6E96\u306E \`Response\` \u3092\u8FD4\u3059\u306E\u3067 \`response.json()\` \u3067\u30DC\u30C7\u30A3\u3092\u53D6\u5F97\u3057\u307E\u3059\u3002\u30D1\u30B9\u306E\u66F8\u304D\u65B9\u306F\u30C4\u30FC\u30EB\u3068\u540C\u3058\u3002
+#### Example
+\`\`\`ts
+import type { Context } from "hono";
+import { connection } from "@squadbase/vite-server/connectors/google-calendar";
+const calendar = connection("<connectionId>");
+const READ = ["https://www.googleapis.com/auth/calendar.readonly"];
+export default async function handler(c: Context) {
+  const now = new Date().toISOString();
+  const qs = new URLSearchParams({
+    timeMin: now,
+    maxResults: "10",
+    singleEvents: "true",
+    orderBy: "startTime",
+  });
+  // Project Knowledge: alice@example.com \u306F delegation \u7D4C\u8DEF\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD
+  const aliceRes = await calendar.requestWithDelegation(
+    \`/calendars/alice@example.com/events?\${qs}\`,
+    { subject: "alice@example.com", scopes: READ },
+  );
+  const alice = await aliceRes.json();
+  // Project Knowledge: team@example.com \u306F SA \u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B
+  const teamRes = await calendar.request(
+    \`/calendars/team@example.com/events?\${qs}\`,
+    { scopes: READ },
+  );
+  const team = await teamRes.json();
+  return c.json({ alice: alice.items, team: team.items });
+}
+\`\`\``
   },
   tools
 });