Dog Wizard Project State (Snapshot 2026-05-19)

🏗️ Infrastructure

Local Sheet Script (Interface): 123FP4dnHQ7jrayFK6i-3o_amniw8woE8t6yPkCvFwvHZR5hS9fCtR7Ix
Library Script (Engine): 1ISMBEE_1HfDjARpZhWMjKktnPPjxqWdMObpP8D_P7xZw-8TnjcrwYN3X
GCP Project: tdw-workspace-admin-tools (Project #728349290908)
Service Account (Build): [email protected]
Service Account (Runtime): tdw-sync-engine@tdw-workspace-admin-tools.iam.gserviceaccount.com

Historical state and future notes moved from the active GEMINI.md to the Vault for Thin-Context optimization.

Auth Architecture: Established direct REST API calls using JWT/DWD, bypassing standard Apps Script Service limitations.
License Mapping: Integrated Licensing API to fetch exact SKUs, including Cloud Identity Free.
Data Preservation: Implemented “Stateful Sync” using Email as a primary key to preserve manual columns (exclude, User Notes, Hardware Assigned).
Schema Accuracy: Correctly mapped the Staff_Type custom schema from Directory JSON discovery.
Group Sync: Implemented group synchronization with exclusions for dynamic system groups (e.g., team@, ID: 03s49zyc0tz27jd).

Storage Metrics: Live storage bytes are NOT exposed via the Directory API for this domain. Do not attempt to pull via Directory/Licensing; requires Reports API (currently forbidden).
Environment Inference: Directory uses local .env for GCP_ADMIN_EMAIL and GOOGLE_CLOUD_PROJECT context.
Clasp Authentication (Remote Server): We bypassed the localhost redirect issues by implementing Identity Isolation via Symlinks.
- Seed tokens are stored in 1Password (“Clasp Auth - DogWizard”) and pulled via op CLI.
- The client master key lives at ~/projects/03_clients/dogwizard/.clasprc.json.
- Apps Script sub-projects must symlink to it (ln -s ../.clasprc.json .clasprc.json) so clasp updates the master token on refresh without breaking.
Group Sync Logic: The syncGroupsToEngine script uses array-based grouping (not a 1:1 map) to preserve multi-row group members properly without overwriting dynamic manual columns.