drive-audits.md

Drive Audits

read_when:

• Auditing Drive folder contents, size, or inventory without changing files.
• Reviewing drive tree, drive du, drive inventory, or permission audits.

Drive audit commands are read-only reporting helpers. They are meant for cleanup planning, migration review, and automation that needs stable JSON without writing back to Drive.

Commands

• gog drive tree
• gog drive du
• gog drive inventory
• gog drive audit sharing
• gog drive audit user
• gog drive ls
• gog drive get
• gog drive raw

Folder Tree

Print a readable folder tree:

gog drive tree --parent <folderId> --depth 2

Use JSON when another tool should consume the result:

gog drive tree --parent <folderId> --depth 3 --json

Size Summary

Summarize folder sizes:

gog drive du --parent <folderId> --max 20
gog drive du --parent <folderId> --depth 2 --sort size --json

drive tree and drive inventory emit one row per discovered placement, so legacy items reachable through multiple parents retain each path. drive du aggregates those placements independently and sorts by size, path, or files. Shortcuts count as file placements with zero content bytes; scans do not follow shortcut targets.

Inventory Export

Export a read-only item inventory:

gog drive inventory --parent <folderId> --json
gog drive inventory --parent <folderId> --max 0 --depth 0 --json > drive-inventory.json

Use inventory output when you need a machine-readable list of Drive objects for review, diffing, or downstream cleanup scripts.

Revisions

List revision metadata for a Drive file, then inspect one revision:

gog drive revisions list <fileId> --all --json
gog drive revisions get <fileId> <revisionId> --json

The Drive API exposes revision IDs, timestamps, keep-forever state, and provider export links where available. For native Docs Editors files it does not expose complete editor history or historical document bodies.

Command pages:

• gog drive revisions
• gog drive revisions list
• gog drive revisions get

Permission Audits

Find public or external shares without changing files:

gog drive audit sharing --parent <folderId> --internal-domain example.com --json
gog drive audit sharing --parent <folderId> --public-only --fail-found

Find files shared with a specific user:

gog drive audit user clawdbot@gmail.com --parent <folderId> --json

Bulk permission operations are intentionally separate from audits and require a dry run or confirmation:

gog drive bulk remove-public --parent <folderId> --dry-run
gog drive bulk update-role --parent <folderId> --from writer --to reader --target contractor@example.com --dry-run

Shared Drives

The audit commands include shared drives by default where the underlying Drive API supports it. Pass --no-all-drives to restrict a scan to My Drive:

gog drive inventory --parent root --no-all-drives --json

Custom Fields

For object-level inspection, use drive get --fields:

gog drive get <fileId> --fields 'id,name,mimeType,size,owners,emailAddress' --json

Use gog drive raw when you need the raw Drive API object, with the sensitive-field behavior described in Raw API Dumps.