n8n Drive Workflows, Pure Phoenix Phase 4.6¶
The forge-side CLI for Drive operations is shipped: forge_gdrive_{search,read,write,move,index_extend}.py. These scripts live on Console (192.168.86.50) and use Justin's existing rclone gdrive: remote (full drive OAuth scope).
This README documents how to expose those operations through n8n. Only gdrive-search.json is shipped as a scaffold; the rest follow the same shape.
Two integration paths¶
| Path | Pros | Cons |
|---|---|---|
| Execute Command + SSH to Console (scaffold uses this) | reuses forge scripts + rclone tokens; one source of truth | requires n8n LXC to have an SSH key trusted on Console; harder to debug from n8n UI |
| Native n8n Google Drive node | first-class n8n UI, easier to debug, no SSH needed | requires Justin to attach Google OAuth credentials inside n8n; second token to manage; n8n node has bugs around exports |
Justin's call. Recommend native node for simple list/read/write; SSH path for things needing complex post-processing (e.g. extraction via pandoc).
Prerequisites for the SSH path¶
- Generate an SSH key inside the n8n LXC:
ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 - Copy public key to Justin's
~/.ssh/authorized_keyson Console (or to a dedicatedforge-n8n-runneruser) - Verify:
ssh -o StrictHostKeyChecking=no console hostname - All forge_gdrive_*.py scripts should already be executable (chmod +x)
Workflows to build¶
| Workflow | Body fields | Forge script invocation |
|---|---|---|
gdrive-search |
drive_path, name, ext, max |
forge_gdrive_search.py --in <path> [--name N] [--ext E] --max M --files-only --recursive |
gdrive-read |
drive_path OR id, optional as |
forge_gdrive_read.py <path> [--id ID] [--as md\|pdf\|...] returns body |
gdrive-write |
drive_path, content (base64 or text), import_as |
echo $content \| forge_gdrive_write.py --stdin --as-name $name <dest_dir> |
gdrive-move |
src, dst, mkdir_parents |
forge_gdrive_move.py <src> <dst> [--mkdir-parents] |
gdrive-create-folder |
path |
forge_gdrive_write.py --stdin --as-name .keep <path> --mkdir-parents (or rclone mkdir directly) |
gdrive-share |
path, email |
not in current scope; rclone link or service-account share required |
Auth header¶
Every webhook validates X-Forge-Auth against $env.FORGE_WEBHOOK_SECRET. The forge caller side already does this; see scripts/forge_n8n_call.sh.
Calling from forge¶
forge_n8n_call.sh gdrive-search '{"drive_path":"Inbox","ext":"docx","max":20}'
forge_n8n_call.sh gdrive-read '{"drive_path":"Inbox/foo.md"}'
Status¶
gdrive-search.jsonshipped as scaffold (uses Execute Command + SSH path).- Other workflows DEFERRED. Either Justin imports the scaffold and clones for read/write/move OR builds via native Drive node, his choice.
[Claude Code, Pure Phoenix Phase 4.6]