@xiaotianxt/skills 0.1.0

package/skills/calendar/SKILL.md

@@ -0,0 +1,182 @@
+---
+name: calendar
+description: Govern and maintain the user's personal calendar system across Google Calendar, Apple Calendar.app, school/legacy accounts, and automation. Use when Codex needs to audit calendar state, choose the correct write target, create or verify calendar events, clean up cluttered calendar lists, rename or hide calendars, migrate away from school/Apple/iCloud/legacy sources, prevent non-authoritative accounts from owning personal events, or reason about Google Calendar vs macOS Calendar.app behavior.
+---
+
+# Calendar
+
+## Purpose
+
+Use this as the top-level calendar governance skill. It decides source of truth, write targets, audit depth, and safety level before delegating to lower-level skills such as `gws-calendar`, `gws-calendar-insert`, `gws-calendar-agenda`, and `apple-calendar-event`.
+
+## First Principles
+
+- Treat calendars as data ownership boundaries, not folders. A separate calendar is justified only by a different owner, lifecycle, permission model, visibility need, reminder policy, or read-only source. Otherwise put context in the event title, description, location, guests, or reminders.
+- Make `tianyupeiandy@gmail.com` in Google Calendar the durable source of truth for personal commitments. Default personal writes target calendar ID `tianyupeiandy@gmail.com`.
+- Treat `yupeit@andrew.cmu.edu` and other school calendars as transition sources because the account may expire. Read and migrate from them; avoid new durable writes there unless the user explicitly requests school-owned placement.
+- Treat Apple Calendar.app as a local view and legacy/transition layer. It can reveal defaults, duplicate names, and local sources, but it is not the default automation write path.
+- Treat `1241811980i59@gmail.com`, `yupeigemini@gmail.com`, iCloud, Reminders, Siri Suggestions, subscribed calendars, and browser account defaults as non-authoritative for personal calendar ownership unless the user explicitly overrides this.
+- Do not infer ownership from display names. Use authenticated account, calendar ID, `primary`, `accessRole`, real calendar metadata, and Apple store/account audit output.
+- Prefer reversible changes first: `selected`, `hidden`, `summaryOverride`, and documented renames. Delete, unsubscribe, or bulk-copy only after explicit confirmation, backups, and rollback notes.
+- Optimize for the user's real workflows: fast event capture, reliable agenda reads, low visual clutter, account-lifecycle resilience, and no surprise ownership drift.
+
+## Default Write Policy
+
+For event creation when the user says "my calendar" or gives no target:
+
+1. Use `gws auth status`.
+2. Require `user == "tianyupeiandy@gmail.com"` and `token_valid == true`.
+3. Write to Google Calendar ID `tianyupeiandy@gmail.com`.
+4. State the active account, target calendar ID, title, and exact local start/end before writing.
+5. Use Apple Calendar only when the user explicitly asks for Apple Calendar or Calendar.app.
+
+Do not rely on:
+
+- Google Calendar web UI account switcher default labels.
+- Calendar.app's default calendar.
+- Display names alone when duplicate names exist.
+- `primary` in multi-account or account-confusing contexts.
+
+## Scenario Router
+
+### Read or Agenda
+
+Use `gws-calendar-agenda` or raw `gws calendar events list` against Google first. Include Apple Calendar.app only when the user asks about local Calendar.app state, missing events in Apple, duplicate display names, or default-calendar behavior.
+
+### Create or Edit Personal Events
+
+Use `gws-calendar-insert` or raw `gws calendar +insert` with explicit `--calendar tianyupeiandy@gmail.com`. Before writing, state the active account, calendar ID, title, exact local start/end, time zone, and whether guests/conference/reminders will be created. If the auth account is not `tianyupeiandy@gmail.com`, stop and re-auth instead of writing through another account.
+
+### Diagnose "My Calendar Is Messy"
+
+Inventory Google CalendarList and Apple Calendar.app first. Separate issues into ownership, visibility, naming, duplication, and lifecycle. Produce a proposed table before mutating anything: calendar ID, current label, likely owner/source, role, selected/hidden, recommended taxonomy bucket, proposed action, rollback.
+
+### Rename, Hide, or Reduce Visual Clutter
+
+Prefer view-level changes: `selected`, `hidden`, then `summaryOverride`. Use real `calendars.patch {"summary": ...}` only when the user wants the actual Google Calendar `My calendars` name changed and the calendar is owned/controlled by the intended account. Confirm before renaming shared, external, read-only, school, holiday, birthday, task, or subscribed calendars.
+
+### Migrate Away From School, Apple, iCloud, or Legacy Accounts
+
+Make an inventory first, usually future actionable events only. Compare against the primary calendar by `iCalUID`, normalized title, start time, and location. Treat dedupe previews as advisory: recurrence expansion, changed titles, changed locations, time zones, guests, Meet links, attachments, reminders, privacy, and organizer semantics need explicit review before copying. Keep the source visible but unselected during migration; do not delete or unsubscribe until the user confirms the migrated state.
+
+### Investigate Apple Calendar.app
+
+Use `apple-calendar-event` for local audit and explicit Apple writes only. Run its audit before any Apple write when source or duplicate names matter. Never edit `Calendar.sqlitedb`; treat it as a read-only cache.
+
+### Delete or Unsubscribe
+
+Default to "hide/archive" instead. Delete, unsubscribe, or remove shared calendars only after the user confirms the exact calendar ID/source and a backup exists. Built-ins such as Birthdays and Tasks are not ordinary owned cleanup targets.
+
+## Governance Workflow
+
+### 1. Classify Risk
+
+- **Read-only**: agenda, inventory, audit, explain state. No backup required unless saving a report.
+- **View mutation**: select/unselect, hide/unhide, `summaryOverride`. Backup CalendarList first.
+- **Metadata mutation**: real calendar `summary`, description, time zone, reminders. Backup CalendarList and affected `calendars.get`.
+- **Event mutation**: create, edit, copy, migrate, delete. Verify auth, target ID, exact timestamps, and event semantics.
+- **Destructive mutation**: delete calendar, unsubscribe, bulk delete, remove source after migration. Require explicit confirmation and rollback/backup discussion.
+
+### 2. Build State From Source APIs
+
+Use these checks before decisions that affect ownership or visibility:
+
+```bash
+gws auth status
+gws calendar calendarList list --params '{"showHidden":true,"maxResults":250}' > calendar-list-before.json
+python3 /Users/yupeit/dev/skills/skills/calendar/scripts/calendar_list_review.py --calendar-list calendar-list-before.json --format tsv
+cd /Users/yupeit/dev/skills/skills/apple-calendar-event && python3 scripts/calendar_audit.py --json
+```
+
+Interpretation rules:
+
+- CalendarList `dataOwner` is often absent. Infer ownership from `primary`, calendar ID, `accessRole`, real calendar metadata from `calendars.get`, and Apple audit store/account fields when reconciling with Calendar.app.
+- Google `calendarList.summaryOverride` is a per-user list label. It may not consistently change `My calendars` display names in the web UI.
+- Google `calendars.patch {"summary": ...}` changes the real calendar title and is the right operation when the user wants the left sidebar name itself changed.
+- Real `summary` changes can affect how shared calendars appear to other users. Confirm intent before renaming shared or externally owned calendars.
+- If both `summaryOverride` and real `summary` are present, explain to the user that Google UI may prefer real `summary` in `My calendars` and `summaryOverride` in shared/other list contexts. Use API output to verify the exact state.
+- Google `calendarList.patch {"selected": ..., "hidden": ...}` changes sidebar visibility without deleting calendars or events.
+- Google built-ins such as Birthdays and Tasks are not ordinary user calendars; do not treat them as owned cleanup targets.
+- Apple `Calendar.sqlitedb` is useful for read-only source mapping, duplicate names, and default calendar diagnosis. Never edit it directly.
+
+### 3. Propose Before Mutating
+
+For governance work, present the plan in concrete operations:
+
+- `keep`: authoritative or intentionally visible.
+- `hide`: remove visual clutter without deleting data.
+- `label`: add/change `summaryOverride`.
+- `rename`: change real `summary`.
+- `migrate`: copy reviewed events to `tianyupeiandy@gmail.com`.
+- `archive`: hide legacy source after migration.
+- `delete/unsubscribe`: only after explicit confirmation.
+
+Mention commands you would run and commands you would avoid when the request is a planning/governance request.
+
+### 4. Backup Before Mutations
+
+Before any calendar governance mutation, create a timestamped backup under:
+
+```text
+/Users/yupeit/Desktop/hertz/calendar-governance-backups/<timestamp>-<operation>/
+```
+
+Save at least:
+
+- `gws-auth-status.json`
+- `calendar-list-before.json`
+- affected `calendars.get` JSON files for real summary/metadata edits
+- Apple audit JSON when Apple Calendar.app state is relevant
+- a short `report.md` with scope, changes, and rollback values
+
+### 5. Apply The Least Powerful Change
+
+Use this escalation order:
+
+1. Select/unselect calendars with `calendarList.patch selected`.
+2. Hide/unhide calendars with `calendarList.patch hidden`.
+3. Set `summaryOverride` for list labels where it is sufficient.
+4. Patch real `summary` when the user wants Google UI `My calendars` names to change.
+5. Copy/migrate events only after inventory and dedupe planning.
+6. Delete/unsubscribe only after explicit confirmation.
+
+### 6. Verify And Report
+
+After any write, re-read the affected resource. Report the active account, exact calendar ID, changed fields, backup path, and rollback command. If verification fails, stop and diagnose before retrying.
+
+## Current Governance Model
+
+The user's intended taxonomy is:
+
+- `00 Core - Google 主号`: primary personal commitments; default automation write target.
+- `10 Projects - ...`: active project calendars that need independent visibility.
+- `20 Shared - ...`: other people's calendars or shared views.
+- `30 School Transition - ...`: school-owned or school-lifecycle calendars to migrate away from.
+- `80 Archive - ...`: hidden legacy or inactive calendars.
+- `90 Reference - ...`: holidays and read-only reference calendars.
+
+Current known source-of-truth assumptions:
+
+- Primary Google account: `tianyupeiandy@gmail.com`.
+- Preferred automation target calendar ID: `tianyupeiandy@gmail.com`.
+- School transition source: `yupeit@andrew.cmu.edu`.
+- Apple Calendar.app: view/legacy layer, not default write target.
+
+## Lower-Level Skills
+
+- Use `gws-calendar` for Calendar API discovery, list, patch, event operations, and low-level Google Calendar resources.
+- Use `gws-calendar-insert` for straightforward Google event creation.
+- Use `gws-calendar-agenda` for upcoming event views.
+- Use `apple-calendar-event` for local Apple Calendar.app audits and explicit Apple Calendar event writes.
+
+## OAuth Scope Expectations
+
+- Read/audit operations may work with Calendar read scopes.
+- CalendarList visibility and label changes require CalendarList write scope.
+- Real calendar metadata edits require calendar metadata write scope.
+- Event creation or migration requires calendar event write scope.
+- If scope is missing, re-auth with the narrowest calendar service flow and avoid broad Workspace scopes unless the task needs them.
+
+## Detailed Recipes
+
+For copy-pastable commands, migration dedupe preview, and rollback patterns, read `references/operations.md` only when performing governance mutations, migrations, or Apple/Google reconciliation.

package/skills/calendar/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Calendar"
+  short_description: "Govern Google-first calendars, Apple views, and school migrations."
+  default_prompt: "Use $calendar to audit, govern, migrate, and maintain my Google-first personal calendar system without accidental Apple, school, or secondary-account ownership."

package/skills/calendar/references/operations.md

@@ -0,0 +1,255 @@
+# Calendar Operations
+
+## Contents
+
+- Snapshot and backup
+- Active account verification
+- Read-only inventory and governance review
+- Visibility, labels, and real names
+- Event creation
+- Apple Calendar audit
+- School and legacy migration
+- Commands to avoid
+- Scope expectations and rollback
+
+Use this file for copy-pastable commands. Do not run mutation commands during a planning-only request; show the command and explain the preconditions instead.
+
+## Snapshot
+
+```bash
+backup_dir="/Users/yupeit/Desktop/hertz/calendar-governance-backups/$(date +%Y%m%d-%H%M%S)-calendar"
+mkdir -p "$backup_dir"
+gws auth status > "$backup_dir/gws-auth-status.json"
+gws calendar calendarList list --params '{"showHidden":true,"maxResults":250}' > "$backup_dir/calendar-list-before.json"
+python3 /Users/yupeit/dev/skills/skills/calendar/scripts/calendar_list_review.py \
+  --calendar-list "$backup_dir/calendar-list-before.json" \
+  --format tsv > "$backup_dir/calendar-list-review.tsv"
+cd /Users/yupeit/dev/skills/skills/apple-calendar-event
+python3 scripts/calendar_audit.py --json > "$backup_dir/apple-calendar-audit-before.json"
+```
+
+## Verify Active Account
+
+```bash
+gws auth status | jq -e '.user == "tianyupeiandy@gmail.com" and .token_valid == true'
+```
+
+If this fails, do not write events or patch calendar metadata. Re-auth with the narrowest needed scope, usually:
+
+```bash
+gws auth login --services calendar
+```
+
+## Read-Only Inventory And Governance Review
+
+Use this when the user says the calendar is messy, asks what to rename/hide/migrate, or asks why events are going to the wrong account. These commands do not mutate calendars.
+
+```bash
+gws calendar calendarList list --params '{"showHidden":true,"maxResults":250}' \
+  > "$backup_dir/calendar-list-before.json"
+
+gws calendar calendarList list --params '{"showHidden":true,"maxResults":250}' \
+  | jq -r '.items[] | [
+      .summary,
+      (.summaryOverride // ""),
+      .id,
+      (.primary // false),
+      .accessRole,
+      (.selected // false),
+      (.hidden // false)
+    ] | @tsv'
+
+python3 /Users/yupeit/dev/skills/skills/calendar/scripts/calendar_list_review.py \
+  --calendar-list "$backup_dir/calendar-list-before.json" \
+  --format tsv
+```
+
+When `dataOwner` is blank, do not assume the calendar has no owner. Use:
+
+- `primary == true` and ID `tianyupeiandy@gmail.com` for the primary source.
+- `accessRole` to understand the current account's effective control.
+- `gws calendar calendars get --params '{"calendarId":"CALENDAR_ID"}'` for real metadata.
+- Apple audit `store_name`, `store_owner`, and identity fields when reconciling Calendar.app display entries.
+
+For calendars that might be renamed or migrated, capture real metadata before proposing a final write:
+
+```bash
+gws calendar calendars get --params '{"calendarId":"CALENDAR_ID"}'
+```
+
+## Visibility Governance
+
+Patch `selected` and `hidden` on the user's CalendarList entry. This affects the user's view and does not delete calendars or events.
+
+```bash
+gws calendar calendarList patch \
+  --params '{"calendarId":"CALENDAR_ID"}' \
+  --json '{"selected":true,"hidden":false}'
+```
+
+Hide archive calendars:
+
+```bash
+gws calendar calendarList patch \
+  --params '{"calendarId":"CALENDAR_ID"}' \
+  --json '{"selected":false,"hidden":true}'
+```
+
+## Display Labels vs Real Names
+
+`summaryOverride` is a per-user CalendarList label. It is reversible and low risk, but Google Calendar web UI may still display the real `summary` under `My calendars`.
+
+```bash
+gws calendar calendarList patch \
+  --params '{"calendarId":"CALENDAR_ID"}' \
+  --json '{"summaryOverride":"80 Archive - Old Name"}'
+```
+
+Use real `summary` when the user wants the actual Google Calendar sidebar name changed:
+
+```bash
+gws calendar calendars patch \
+  --params '{"calendarId":"CALENDAR_ID"}' \
+  --json '{"summary":"00 Core - Google 主号"}'
+```
+
+If `summaryOverride` and `summary` conflict, explain this directly: Google Calendar may show the real `summary` in `My calendars`, while API/list contexts can still expose `summaryOverride`. Verify with both `calendarList.list` and `calendars.get`.
+
+Real `summary` edits may affect what shared users see. Confirm before renaming shared calendars or calendars whose owner is not clearly `tianyupeiandy@gmail.com`.
+
+Before real summary edits, save:
+
+```bash
+safe_id="$(printf '%s' 'CALENDAR_ID' | tr '/:@# ' '_____')"
+gws calendar calendars get --params '{"calendarId":"CALENDAR_ID"}' > "$backup_dir/calendar-before-$safe_id.json"
+```
+
+## Default Event Creation
+
+Preflight:
+
+```bash
+gws auth status | jq -e '.user == "tianyupeiandy@gmail.com" and .token_valid == true'
+```
+
+Then write only with an explicit target:
+
+```bash
+gws calendar +insert \
+  --calendar 'tianyupeiandy@gmail.com' \
+  --summary 'TITLE' \
+  --start 'YYYY-MM-DDTHH:MM:SS-07:00' \
+  --end 'YYYY-MM-DDTHH:MM:SS-07:00' \
+  --location 'LOCATION_OR_URL' \
+  --description 'NOTES'
+```
+
+Always use exact local timestamps. Do not rely on relative phrases after the planning step.
+
+Avoid these for default personal writes:
+
+```bash
+# Do not use the current browser account.
+# Do not use Calendar.app's default calendar.
+# Do not use --calendar primary in account-confusing contexts.
+# Do not write to yupeit@andrew.cmu.edu, iCloud, or another Google account unless explicitly requested.
+```
+
+## Apple Calendar Audit
+
+```bash
+cd /Users/yupeit/dev/skills/skills/apple-calendar-event
+python3 scripts/calendar_audit.py
+python3 scripts/calendar_audit.py --json
+```
+
+Use this to detect:
+
+- duplicate display names
+- Calendar.app default policy and default UUID
+- store/account ownership such as Google, iCloud, school CalDAV, subscribed calendars, Reminders, and system sources
+
+Do not edit `Calendar.sqlitedb`.
+
+## School Migration Planning
+
+Before copying school events into the primary Google calendar:
+
+1. Inventory future events from the school calendar with `events.list`.
+2. Compare against existing primary events by `iCalUID`, title, start time, and location.
+3. Keep the school calendar visible but unselected while migration is in progress.
+4. Prefer copying/importing only future actionable events.
+5. Do not delete the school source until the user confirms the migrated state.
+
+Example inventory:
+
+```bash
+gws calendar events list \
+  --params '{"calendarId":"yupeit@andrew.cmu.edu","timeMin":"YYYY-MM-DDT00:00:00-07:00","singleEvents":true,"showDeleted":false,"maxResults":2500,"orderBy":"startTime"}' \
+  > "$backup_dir/school-source-events.json"
+
+gws calendar events list \
+  --params '{"calendarId":"tianyupeiandy@gmail.com","timeMin":"YYYY-MM-DDT00:00:00-07:00","singleEvents":true,"showDeleted":false,"maxResults":2500,"orderBy":"startTime"}' \
+  > "$backup_dir/primary-target-events.json"
+```
+
+Preview source events that do not appear in the target by `iCalUID` or normalized `summary + start + location`:
+
+```bash
+python3 /Users/yupeit/dev/skills/skills/calendar/scripts/event_dedupe_preview.py \
+  --source "$backup_dir/school-source-events.json" \
+  --target "$backup_dir/primary-target-events.json" \
+  --format tsv
+```
+
+Treat the preview as advisory. Review ambiguous events before copying.
+
+Before copying events, decide which fields to preserve and which to drop:
+
+- Usually preserve: summary, start, end, location, description, and intentional reminders.
+- Review carefully: recurrence rules, conferenceData/Meet links, attendees, organizer, attachments, visibility/transparency, and private fields.
+- Avoid blindly recreating attendees or conference links unless the user wants invitations or meeting changes to propagate.
+
+## Commands To Avoid Unless Explicitly Requested
+
+```bash
+# Avoid defaulting to Apple Calendar for personal event creation.
+# Avoid using "primary" where multiple Google accounts may be authenticated or visible.
+# Avoid deleting calendars, unsubscribing, or bulk-deleting events during cleanup planning.
+# Avoid direct writes to ~/Library/Group Containers/group.com.apple.calendar/Calendar.sqlitedb.
+# Avoid real summary changes for shared/read-only/school/system calendars without owner confirmation.
+# Avoid copying attendees/conferenceData during migration unless the user wants invitations or meeting updates.
+```
+
+## Scope Expectations
+
+Use the narrowest calendar authorization that satisfies the operation:
+
+- Read/audit: Calendar read access is enough.
+- CalendarList `selected`, `hidden`, `summaryOverride`: CalendarList write access.
+- Real `summary`: calendar metadata write access.
+- Event creation/migration: event write access.
+
+When scope is insufficient, prefer:
+
+```bash
+gws auth login --services calendar
+```
+
+## Rollback Pattern
+
+Every mutation report should include exact rollback commands. For real `summary` edits:
+
+```bash
+gws calendar calendars patch \
+  --params '{"calendarId":"CALENDAR_ID"}' \
+  --json '{"summary":"PREVIOUS_SUMMARY"}'
+```
+
+For visibility edits:
+
+```bash
+gws calendar calendarList patch \
+  --params '{"calendarId":"CALENDAR_ID"}' \
+  --json '{"selected":PREVIOUS_SELECTED,"hidden":PREVIOUS_HIDDEN}'
+```

package/skills/calendar/scripts/calendar_list_review.py

@@ -0,0 +1,157 @@
+#!/usr/bin/env python3
+
+import argparse
+import json
+import sys
+from pathlib import Path
+from typing import Any
+
+
+PRIMARY_ACCOUNT = "tianyupeiandy@gmail.com"
+SCHOOL_ACCOUNT = "yupeit@andrew.cmu.edu"
+
+
+def load_items(path: Path) -> list[dict[str, Any]]:
+    with path.open(encoding="utf-8") as handle:
+        payload = json.load(handle)
+    if isinstance(payload, dict):
+        items = payload.get("items", [])
+    elif isinstance(payload, list):
+        items = payload
+    else:
+        raise SystemExit(f"Unsupported JSON shape in {path}")
+    if not isinstance(items, list):
+        raise SystemExit(f"Expected items array in {path}")
+    return [item for item in items if isinstance(item, dict)]
+
+
+def text_blob(item: dict[str, Any]) -> str:
+    values = [
+        item.get("id"),
+        item.get("summary"),
+        item.get("summaryOverride"),
+        item.get("description"),
+    ]
+    return " ".join(str(value or "") for value in values).casefold()
+
+
+def classify(item: dict[str, Any]) -> dict[str, Any]:
+    calendar_id = str(item.get("id") or "")
+    summary = str(item.get("summary") or "")
+    role = str(item.get("accessRole") or "")
+    blob = text_blob(item)
+    primary = bool(item.get("primary")) or calendar_id == PRIMARY_ACCOUNT
+    selected = bool(item.get("selected"))
+    hidden = bool(item.get("hidden"))
+
+    if primary:
+        bucket = "00 Core - Google 主号"
+        action = "keep selected; use as default write target"
+        reason = "primary Google source of truth"
+    elif is_school_calendar(blob, summary):
+        bucket = "30 School Transition - review"
+        action = "inventory future events; migrate reviewed items; then hide"
+        reason = "school lifecycle risk"
+    elif is_reference_calendar(blob, summary):
+        bucket = "90 Reference - review"
+        action = "keep or hide; do not rename/delete as owned calendar"
+        reason = "system, holiday, task, birthday, or subscribed reference source"
+    elif role in {"reader", "freeBusyReader"}:
+        bucket = "20 Shared - review"
+        action = "keep visible only if useful; do not rename as owner"
+        reason = f"current account has {role} access"
+    elif hidden:
+        bucket = "80 Archive - review"
+        action = "keep hidden unless needed"
+        reason = "already hidden from CalendarList"
+    elif role in {"owner", "writer"}:
+        bucket = "10 Projects - review"
+        action = "confirm owner/lifecycle; label, hide, or keep"
+        reason = f"current account can modify calendar ({role})"
+    else:
+        bucket = "Review"
+        action = "inspect metadata before changing"
+        reason = "ownership and lifecycle are unclear"
+
+    return {
+        "bucket": bucket,
+        "action": action,
+        "reason": reason,
+        "id": calendar_id,
+        "summary": summary,
+        "summaryOverride": item.get("summaryOverride") or "",
+        "primary": primary,
+        "accessRole": role,
+        "selected": selected,
+        "hidden": hidden,
+    }
+
+
+def is_reference_calendar(blob: str, summary: str) -> bool:
+    known_summary = summary.casefold() in {
+        "birthdays",
+        "tasks",
+        "reminders",
+        "siri suggestions",
+    }
+    return (
+        known_summary
+        or "holiday" in blob
+        or "#holiday@group.v.calendar.google.com" in blob
+        or "birthday" in blob
+        or "contacts" in blob
+        or "task" in blob
+        or "subscribed" in blob
+    )
+
+
+def is_school_calendar(blob: str, summary: str) -> bool:
+    summary_tokens = {
+        token.strip(" -_:/()[]{}").casefold()
+        for token in summary.replace("|", " ").split()
+    }
+    return (
+        SCHOOL_ACCOUNT in blob
+        or "andrew.cmu.edu" in blob
+        or "carnegie mellon" in blob
+        or "cmu" in summary_tokens
+    )
+
+
+def print_tsv(rows: list[dict[str, Any]]) -> None:
+    fields = [
+        "bucket",
+        "action",
+        "summary",
+        "summaryOverride",
+        "id",
+        "primary",
+        "accessRole",
+        "selected",
+        "hidden",
+        "reason",
+    ]
+    print("\t".join(fields))
+    for row in rows:
+        print("\t".join(str(row.get(field, "")) for field in fields))
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(
+        description="Create an advisory governance review table from Google Calendar calendarList JSON."
+    )
+    parser.add_argument("--calendar-list", required=True, help="JSON from gws calendar calendarList list.")
+    parser.add_argument("--format", choices=["json", "tsv"], default="tsv")
+    args = parser.parse_args()
+
+    rows = [classify(item) for item in load_items(Path(args.calendar_list))]
+    if args.format == "json":
+        json.dump(rows, sys.stdout, ensure_ascii=False, indent=2)
+        print()
+    else:
+        print_tsv(rows)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())