GCP Resource Hierarchy & Cleanup Playbook

This playbook serves as the source of truth for the Google Cloud Platform (GCP) Resource Hierarchy and project organization standards within the waycupcreative.com organization (1030973712304).

💻 Architectural Overview & Best Practices

Google Cloud resources are organized hierarchically, allowing policies (IAM, billing, security) to flow downward from parents to children in a clean tree structure.

Organization Node (Root): Tied directly to the business domain (waycupcreative.com). Serves as the central security and policy administrative anchor.
Folders (Directories): Logical groupings used to partition resources by department, client, project category, or lifecycle stage. IAM policies defined on folders automatically apply to all child folders and projects.
Projects (Nodes): The physical boundary for resources, enabled APIs, and billing associations.
Resources (Leaves): Individual GCP instances, storage buckets, BigQuery datasets, etc.

🏗️ Reorganized Organization Directory Structure

Under the waycupcreative.com organization root, we have established a 5-pillar folder structure to directly mirror local developer filesystems:

graph TD
    Org[Root: waycupcreative.com Organization] --> F0["00_Core (folders/833229793373)"]
    Org --> F1["01_Internal (folders/924701101016)"]
    Org --> F2["02_Labs (folders/431837590484)"]
    Org --> F3["03_Clients (folders/346731300265)"]
    Org --> F4["04_Archive (folders/793977791403)"]
    Org --> FS["system-gsuite (folders/393313894053)"]
    
     Folder Placements
    F0 --> P_KEV[waycup-kevin-sandbox]
    F0 --> P_BRE[waycup-brenn-sandbox]
    
    F1 --> P_KDG[kdock-global]
    
    F2 --> P_POC[cs-poc-3xpctk1x2adh1si8kxohd89]
    
    F3 -.-> P_TDW["[Cross-Org Boundary] thedogwizard-kpi-dashboards"]
    
    F4 --> P_MAT[sys-92741354695527089768366075 Matrix]
    
    FS --> F_APP["apps-script (folders/881466887372)"]
    F_APP --> P_FSW[sys-51604130896683936704544390 Finance Sweep v1]

    style F0 fill:#fcf,stroke:#333,stroke-width:1px
    style F1 fill:#cff,stroke:#333,stroke-width:1px
    style F2 fill:#ffc,stroke:#333,stroke-width:1px
    style F3 fill:#cfc,stroke:#333,stroke-width:1px
    style F4 fill:#ddd,stroke:#333,stroke-width:1px
    style FS fill:#eee,stroke:#333,stroke-width:1px

📂 Directory Directory Mapping

Folder Name	GCP Folder ID	Target Resources / Purpose	Active Projects
Org Root	`1030973712304`	Organization parent node & administrative root	`waycup-admin-hub` (Admin & billing anchor)
`00_Core`	`833229793373`	Core workspace, user-level active developer sandboxes	`waycup-kevin-sandbox`, `waycup-brenn-sandbox`
`01_Internal`	`924701101016`	Internal WayCup company operations, tools, and scripts	`kdock-global` (CTO Toolkit), `waycup-finance-sweep-v2` (planned)
`02_Labs`	`431837590484`	Active research experiments, isolated sandboxes, POCs	`cs-poc-3xpctk1x2adh1si8kxohd89`
`03_Clients`	`346731300265`	Active client KPI dashboards, databases, and assets	(Kept empty for active clients; TDW has cross-org restriction)
`04_Archive`	`793977791403`	Inactive, historical client nodes and projects kept dormant	`sys-92741354695527089768366075` (Matrix)
`system-gsuite`	`393313894053`	Automatically managed folder containing Workspace apps	`apps-script/sys-51604130896683936704544390` (Finance Sweep v1)

🗑️ Projects Scheduled for Deletion

The following projects have been successfully unlinked from billing and transition to a deleted state (DELETE_REQUESTED):

password-bridge-461514 (1Password Bridge)
sys-45274384302266757979046902 (PrepWell Data Engine)
sys-62552360955806740034633079 (Untitled project)
gen-lang-client-0627254626 (Default Gemini Project)
gen-lang-client-0988964297 (Google AI Studio Project)

🛡️ Identity & Organization Boundaries (SOP)

Due to GCP security policies, certain scenarios block automated API/CLI modifications. Below are Standard Operating Procedures for handling these boundaries:

1. Separate Organization Boundary (Personal Accounts)

Case: Project cobalt-passkey-342617 (Google Review Slider) belongs to a separate personal/legacy Organization (943905058230).
Restriction: Corporate users (@waycupcreative.com) lack administrative and owner credentials in this personal org, triggering terminal permission errors.
Resolution: Log in using personal credentials in the browser/terminal, configure GCP context to that account, and delete the project directly.

2. Project Owner IAM Restriction

Case: Project academic-oasis-247120 (HUNKS The Show) is a legacy project where the user is an Editor, but the Owner role is assigned to [email protected].
Restriction: GCP Editor role is blocked from modifying IAM policies (setIamPolicy) and migrating or archiving projects across organizations.
Resolution: The designated Project Owner ([email protected]) must log in and remove the corporate user ([email protected]) from the IAM bindings on the project.

3. Cross-Organization Migration

Case: Project thedogwizard-kpi-dashboards belongs to The Dog Wizard organization (259948277585).
Restriction: Moving active projects across distinct GCP organizations is highly restricted to prevent data leakage and cross-billing compliance issues. Projects must remain under their respective home organization node.
Resolution: Retain under @thedogwizard.com organization where your [email protected] user maintains credentials.

4. Drive Sweep Script Safeguard

Case: Legacy script sys-51604130896683936704544390 (Finance Sweep v1) handles automatic folder and file renaming inside personal Google Drive.
Restriction: Deleting this project before writing the V2 rebuild would cause immediate failures in business operations.
Resolution: Retain under system-gsuite/apps-script folder until waycup-finance-sweep-v2 is fully built and deployed under 01_Internal, then decommission the v1 project.

WayCup Engine

Explorer

GCP Resource Hierarchy Playbook