google-calendarlisted

Drive Google Calendar via `curl + jq`. The user's OAuth bearer token is in `$GOOGLE_CALENDAR_TOKEN`; every call needs it as `Authorization: Bearer $GOOGLE_CALENDAR_TOKEN`. At minimum the token carries `calendar.readonly` plus the identity scopes (`openid email profile`); if the user opted in to write at install time it also carries the broader `calendar` scope (read + write). The Calendar API returns standard JSON; failures surface as `{"error": {"code": 401|403|..., "message": "..."}}` — show that error verbatim. `401` means the token expired (re-install). `403 insufficientPermissions` on a write means the user only granted `calendar.readonly` — ask them to re-install the connector with the read+write box checked. **Always start with `users/me/calendarList`** to learn which calendars the account can see (the user's primary plus any subscribed / shared ones), AND with `users/me/settings/timezone` so you render times in the user's local zone instead of UTC. **Before any destructive write** (creating, moving, or cancelling an event that has attendees) show the exact event details and ask the user to confirm. When attendees are involved, also confirm whether they want Google to email the attendees — that's controlled by the `sendUpdates` query parameter. ## Optional: Google Workspace CLI (`gws`) for agenda + create [`gws`](https://github.com/googleworkspace/cli) is Google's official CLI (not officially supported — community-maintained on the `googleworkspace` org). It dynam