Added root as a synonnym for '/' in command line

Merge branch 'main' of https://github.com/GAM-team/GAM
Update build.yml
2026-06-09 16:51:36 +00:00 · 2026-03-25 11:33:15 -07:00 · 2026-03-25 10:40:38 -07:00 · 2026-03-24 14:54:02 -04:00 · 2026-03-24 18:24:29 +00:00 · 2026-03-24 11:13:02 -07:00
18 changed files with 441 additions and 97 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,7 +23,7 @@ defaults:

 env:
  SCRATCH_COUNTER: 14
-  OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0
+  OPENSSL_CONFIG_OPTS: no-fips --api=3.0.0 no-docs no-ssl3 no-tls1 no-tls1_1 no-dtls no-comp no-srp no-psk no-engine no-dynamic-engine no-nextprotoneg no-weak-ssl-ciphers no-idea no-seed no-camellia no-sm2 no-sm3 no-sm4 no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-cast no-des no-shared no-tests -O3
  OPENSSL_INSTALL_PATH: ${{ github.workspace }}/bin/ssl
  OPENSSL_SOURCE_PATH: ${{ github.workspace }}/src/openssl
  PYTHON_INSTALL_PATH: ${{ github.workspace }}/bin/python
@@ -156,6 +156,7 @@ jobs:
        with:
          workload_identity_provider: projects/297925809119/locations/global/workloadIdentityPools/gha-pool/providers/gha-provider
          service_account: github-actions-testing-for-gam@gam-project-wyo-lub-ivl.iam.gserviceaccount.com
+          access_token_scopes: https://www.googleapis.com/auth/iam

      - name: Cache multiple paths
        if: matrix.goal == 'build'
@@ -164,7 +165,7 @@ jobs:
        with:
          path: |
            cache.tar.xz
-          key: gam-${{ matrix.jid }}-20260227
+          key: gam-${{ matrix.jid }}-20260323

      - name: Untar Cache archive
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -277,6 +278,8 @@ jobs:
          echo "We are running on ${RUNNER_OS}"
          LD_LIBRARY_PATH="${OPENSSL_INSTALL_PATH}/lib:${PYTHON_INSTALL_PATH}/lib:/usr/local/lib"
          if [[ "${RUNNER_OS}" == "macOS" ]]; then
+            export CFLAGS="-O3 -pipe"
+            export LDFLAGS="-Wl,-dead_strip"
            MAKE=make
            MAKEOPT="-j$(sysctl -n hw.logicalcpu)"
            PERL=perl
@@ -285,6 +288,8 @@ jobs:
            echo "We are running on and targetting MacOS ${MACOSX_DEPLOYMENT_TARGET}"
            echo "PYTHON=${PYTHON_INSTALL_PATH}/bin/python3" >> $GITHUB_ENV
          elif [[ "${RUNNER_OS}" == "Linux" ]]; then
+            export CFLAGS="-O3 -pipe"
+            export LDFLAGS="-Wl,--strip-all"
            MAKE=make
            MAKEOPT="-j$(nproc)"
            PERL=perl
@@ -311,6 +316,8 @@ jobs:
          echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" >> $GITHUB_ENV
          echo "MAKE=${MAKE}" >> $GITHUB_ENV
          echo "MAKEOPT=${MAKEOPT}" >> $GITHUB_ENV
+          echo "CFLAGS=${CFLAGS}" >> $GITHUB_ENV
+          echo "LDFLAGS=${LDFLAGS}" >> $GITHUB_ENV
          echo "PERL=${PERL}" >> $GITHUB_ENV
          echo "PYEXTERNALS_PATH=${PYEXTERNALS_PATH}" >> $GITHUB_ENV

@@ -335,10 +342,6 @@ jobs:
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
        run: |
          cd "${OPENSSL_SOURCE_PATH}"
-          #if ([ "$RUNNER_OS" == "Windows" ] && [ "$RUNNER_ARCH" == "ARM64" ]); then
-            # https://github.com/openssl/openssl/issues/26239
-            export CFLAGS=-DNO_INTERLOCKEDOR64
-          #fi
          # --libdir=lib is needed so Python can find OpenSSL libraries
          "${PERL}" ./Configure --libdir=lib --prefix="${OPENSSL_INSTALL_PATH}" $OPENSSL_CONFIG_OPTS

@@ -352,10 +355,6 @@ jobs:
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit != 'true'
        run: |
          cd "${OPENSSL_SOURCE_PATH}"
-          # TODO: remove this once https://github.com/openssl/openssl/issues/26239 is fixed.
-          if ([ "$RUNNER_OS" == "Windows" ] && [ "$RUNNER_ARCH" == "ARM64" ]); then
-            export CFLAGS=-DNO_INTERLOCKEDOR64
-          fi
          $MAKE "$MAKEOPT"

      - name: Install OpenSSL
@@ -364,20 +363,23 @@ jobs:
          cd "${OPENSSL_SOURCE_PATH}"
          # install_sw saves us ages processing man pages :-)
          $MAKE install_sw
+          #if [[ "${RUNNER_OS}" != "Windows" ]]; then
+          #  echo "LDFLAGS=-L${OPENSSL_INSTALL_PATH}/lib" >> $GITHUB_ENV
+          #fi
+          #echo "CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1" >> $GITHUB_ENV
+          #case $RUNNER_ARCH in
+          #  X64)
+          #    echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
+          #    echo "ARCHFLAGS=-arch x86_64" >> $GITHUB_ENV
+          #    ;;
+          #  ARM64)
+          #    echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
+          #    echo "ARCHFLAGS=-arch arm64" >> $GITHUB_ENV
+          #    ;;
+          #esac
          if [[ "${RUNNER_OS}" != "Windows" ]]; then
-            echo "LDFLAGS=-L${OPENSSL_INSTALL_PATH}/lib" >> $GITHUB_ENV
+            strip "${OPENSSL_INSTALL_PATH}/bin/openssl"
          fi
-          echo "CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1" >> $GITHUB_ENV
-          case $RUNNER_ARCH in
-            X64)
-              echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
-              echo "ARCHFLAGS=-arch x86_64" >> $GITHUB_ENV
-              ;;
-            ARM64)
-              echo "CFLAGS=-I${OPENSSL_INSTALL_PATH}/include ${CFLAGS}" >> $GITHUB_ENV
-              echo "ARCHFLAGS=-arch arm64" >> $GITHUB_ENV
-              ;;
-          esac

      - name: Run OpenSSL
        if: matrix.goal == 'build'
@@ -405,7 +407,9 @@ jobs:
                      --enable-shared \
                      --with-ensurepip=upgrade \
                      --enable-optimizations \
-                      --with-lto || : # exit 0
+                      --with-lto \
+                      --disable-test-modules \
+                      --without-doc-strings || : # exit 0
          cat config.log

      - name: Windows Get External Python deps
@@ -452,8 +456,10 @@ jobs:
        shell: powershell
        run: |
          cd "${env:PYTHON_SOURCE_PATH}"
-          # We need out custom openssl.props which uses OpenSSL 3 DLL names
+          # We need our custom openssl.props which uses OpenSSL 3 DLL names
          Copy-Item -Path "${env:GITHUB_WORKSPACE}\src\tools\openssl.props" -Destination PCBuild\ -Verbose
+          # We need our custom _hashlib.vcxproj
+          Copy-Item -Path "${env:GITHUB_WORKSPACE}\src\tools\_hashlib.vcxproj" -Destination PCBuild\ -Verbose
          if (${env:RUNNER_ARCH} -eq "X64") {
            $env:arch = "x64"
            #PCBuild\build.bat -c Release -p $env:arch --pgo
@@ -480,6 +486,7 @@ jobs:
          cd "${PYTHON_SOURCE_PATH}"
          $MAKE altinstall
          $MAKE bininstall
+          strip "${PYTHON_INSTALL_PATH}/bin/python3"
          export PATH="${PATH}:${PYTHON_INSTALL_PATH}/bin"
          echo "PATH=${PATH}" >> $GITHUB_ENV
          echo "PATH: ${PATH}"
@@ -547,18 +554,19 @@ jobs:
      - name: Install PyInstaller
        if: matrix.goal == 'build'
        run: |
-          git clone https://github.com/pyinstaller/pyinstaller.git
-          cd pyinstaller
-          export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
-          git checkout "${latest_release}"
+          #git clone https://github.com/pyinstaller/pyinstaller.git
+          #cd pyinstaller
+          #export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
+          #git checkout "${latest_release}"
          # git checkout "v6.9.0"
          # remove pre-compiled bootloaders so we fail if bootloader compile fails
-          rm -rvf PyInstaller/bootloader/*-*/*
-          cd bootloader
-          "${PYTHON}" ./waf all
-          cd ..
-          echo "---- Installing PyInstaller ----"
-          "${PYTHON}" -m pip install .
+          #rm -rvf PyInstaller/bootloader/*-*/*
+          #cd bootloader
+          #"${PYTHON}" ./waf all
+          #cd ..
+          #echo "---- Installing PyInstaller ----"
+          #"${PYTHON}" -m pip install .
+          "$PYTHON" -m pip install --upgrade pyinstaller

      - name: Build GAM with PyInstaller
        if: matrix.goal != 'test'
@@ -875,7 +883,7 @@ jobs:
               exit $exit_code # Hard fail the step for unapproved errors
            fi
          }
-          
+
          export gam_user="gam-gha-${JID}@pdl.jaylee.us"
          echo "gam_user=${gam_user}" >> $GITHUB_ENV
          run_gam config customer_id "C03uzfv2s" save
@@ -937,14 +945,16 @@ jobs:
          done
          driveid=$($gam user $gam_user add shareddrive "${newbase}" returnidonly)
          echo "Created shared drive ${driveid}"
-          run_gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password random recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB- ou "${newou}"
-          run_gam user $newuser add license workspaceenterpriseplus
+          run_gam create user $newuser firstname GHA lastname $JID displayname "Github Actions ${JID}" password uniquerandom recoveryphone 12125121110 recoveryemail jay0lee@gmail.com gha.jid $JID languages en+,en-GB- ou "$newou"
          run_gam user $newuser update photo https://dummyimage.com/98x98/000/fff.jpg
          run_gam user $newuser get photo
          run_gam user $newuser delete photo
          run_gam create alias $newalias user $newuser
          run_gam create group $newgroup name "GHA $JID group" description "This is a description" isarchived true
          run_gam user $gam_user sendemail recipient dev-null@pdl.jaylee.us subject "test message $newbase" message "GHA test message"
+          run_gam user $newuser add license workspaceenterpriseplus
+          run_gam update user $newuser ou root # GAM synonym for / root OU 
+          run_gam update user $newuser ou "$newou"
          run_gam config enable_dasa false save
          # don't expose policy output
          run_gam show policies > policies.csv
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -1429,6 +1429,8 @@ gam print addresses [todrive <ToDriveAttribute>*]

 # Authorization

+gam info gcporgid
+
 gam create gcpfolder <String>
 gam create gcpfolder [admin <EmailAddress>] folder <String>

@@ -2990,6 +2992,8 @@ gam [<UserTypeEntity>] show classificationlabelpermissions <ClassificationLabelN
        (combiningfunction <CAACombiningFunction>) |
        (condition <CAAConditionAttribute>+ endcondition)

+gam info gcporgid
+
 gam create caalevel <String> [description <String>] (basic <CAABasicAttribute>+)|(custom <QueryCEL>)|<JSONData>
 gam update caalevel <CAALevelName> [description <String>] (basic <CAABasicAttribute>+)|(custom <QueryCEL>)|<JSONData>
 gam delete caalevel <CAALevelName>
@@ -3544,6 +3548,10 @@ gam info customer [formatjson]

 gam info instance [formatjson]

+gam info customerid
+
+gam info gcporgid
+
 # Data Transfers

 gam print|show transferapps
@@ -4662,6 +4670,8 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
        [event|events <EventNameList>] [ip <String>]
        [gmaileventtypes <NumberRangeList>]
        [groupidfilter <String>] [resourcedetailsfilter <String>]
+        [networkinfofilter <String>] [statusfilter <String>]
+        [applicationinfofilter <String>] [includesensitivedata]
        [notimesort]
        [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
        [countsonly [bydate|summary] [eventrowfilter]]
@@ -5754,7 +5764,7 @@ gam download storagefile <StorageBucketObjectName>
        (language clear|<LanguageList>)|
        (lastname|familyname <String>)|
        (note clear|([text_html|text_plain] <UserNoteContent))|
-        (ou|org|orgunitpath <OrgUnitPath>|<OrgUnitID>)
+        (ou|org|orgunitpath <OrgUnitPath>|<OrgUnitID>|root)
        (password (random [<Integer>])|(uniquerandom [<Integer>])|
                   blocklogin|
                   prompt|uniqueprompt|
@@ -8912,6 +8922,8 @@ gam <UserTypeEntity> show sheetrange <DriveFileEntity>

 gam <UserTypeEntity> delete tokens clientid <ClientID>

+gam info gcporgid
+
 gam <UserTypeEntity> print tokens|token [todrive <ToDriveAttribute>*] [clientid <ClientID>]
        [usertokencounts|(aggregateusersby|orderby clientid|id|appname|displaytext)]
        [delimiter <Character>] [gcpdetails]
--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -1,3 +1,42 @@
+7.38.01
+
+Added `root` as a synonnym for '/' in command line arguments that specify an OU.
+This is to avoid issues where a stand-alone `/` on the command line may be mis-interpreted
+by the command line interpreter as a reference to the file system root.
+
+7.38.00
+
+Added variable `gcp_org_id` to `gam.cfg` that is used by the following commands;
+by setting the value, additional API calls are eliminated.
+```
+gam create project
+gam create gcpfolder
+gam create|update|delete caalevel
+gam print|show caalevels
+gam print|show tokens gcpdetails
+```
+You can get and set the `gam.cfg/gcp_org_id` value with these commands:
+```
+$ gam info gcporgid             
+organizations/906207637890
+$ gam config gcp_org_id organizations/906207637890 save
+```
+
+You can get and set the `gam.cfg/customer_id` value with these commands:
+```
+$ gam info customerid             
+C78abc9de
+$ gam config customer_id C78abc9de save
+```
+
+Added the following options to `gam report <ActivityApplicationName>`.
+```
+applicationinfofilter <String>
+networkinfofilter <String>
+statusfilter <String>
+includesensitivedata
+```
+
 7.37.00

 Added new client access scopes used by `gam print tokens`.
--- a/src/gam/init.py
+++ b/src/gam/init.py
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """

 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.37.00'
+__version__ = '7.38.01'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'

 # pylint: disable=wrong-import-position
@@ -1667,6 +1667,12 @@ def encodeOrgUnitPath(path):
 def getOrgUnitItem(pathOnly=False, absolutePath=True, cd=None):
  if Cmd.ArgumentsRemaining():
    path = Cmd.Current().strip()
+    # Some shells like Bash for Windows interpret / as the filesystem root.
+    # Let user specify "root" instead to indicate /. "/root", "Root" and "ROOT"
+    # will still work for an OU actually named "root" as we are being
+    # case-sensitive here for "root" but Google is not case sensitive about OUs
+    if path == 'root':
+      path = '/'
    if path:
      if pathOnly and (path.startswith('id:') or path.startswith('uid:')) and cd is not None:
        try:
@@ -3771,6 +3777,11 @@ def SetGlobalVariables():
      else:
        _printValueError(sectionName, itemName, api, f'{Msg.EXPECTED}: {",".join(sorted(validAPIs))}')

+  def _validateGCPOrgId(sectionName, itemName, gcpOrgId):
+    mg = re.match(r'organizations/\d+', gcpOrgId)
+    if not mg:
+      _printValueError(sectionName, itemName, gcpOrgId, f'{Msg.EXPECTED}: "organizations/<Number>"')
+
  def _getCfgString(sectionName, itemName):
    value = _stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName))
    if itemName == GC.DOMAIN:
@@ -3781,6 +3792,8 @@ def SetGlobalVariables():
        _validateLicenseSKUs(sectionName, itemName, value)
      elif itemName == GC.DEVELOPER_PREVIEW_APIS and value:
        _validateDeveloperPreviewAPIs(sectionName, itemName, value.lower())
+      elif itemName == GC.GCP_ORG_ID and value:
+        _validateGCPOrgId(sectionName, itemName, value)
      return value
    _printValueError(sectionName, itemName, f'"{value}"', f'{Msg.EXPECTED}: {integerLimits(minLen, maxLen, Msg.STRING_LENGTH)}')
    return ''
@@ -6550,6 +6563,8 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
    qualifier = Msg.DIRECTLY_IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT)) if directlyInOU else Msg.IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT))
    fields = 'nextPageToken,users(primaryEmail,orgUnitPath)' if directlyInOU else 'nextPageToken,users(primaryEmail)'
    for ou in ous:
+      if ou == 'root':
+        ou = '/'
      ou = makeOrgUnitPathAbsolute(ou)
      if ou.startswith('id:'):
        try:
@@ -6731,6 +6746,8 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
    else:
      queries = [None]
    for ou in ous:
+      if ou == 'root':
+        ou = '/'
      ou = makeOrgUnitPathAbsolute(ou)
      oneQualifier = Msg.DIRECTLY_IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT)) if not includeChildOrgunits else Msg.IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT))
      for query in queries:
@@ -11991,20 +12008,45 @@ def _checkForExistingProjectFiles(projectFiles):
    if os.path.exists(a_file):
      systemErrorExit(JSON_ALREADY_EXISTS_RC, Msg.AUTHORIZATION_FILE_ALREADY_EXISTS.format(a_file, Act.ToPerform()))

-def getGCPOrg(crm, login_hint, login_domain):
-  try:
-    getorg = callGAPI(crm.organizations(), 'search',
-                      throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
-                      query=f'domain:{login_domain}',
-                      pageSize=1, fields='organizations/name')
-  except (GAPI.invalidArgument, GAPI.permissionDenied) as e:
-    entityActionFailedExit([Ent.USER, login_hint, Ent.DOMAIN, login_domain], str(e))
-  try:
-    organization = getorg['organizations'][0]['name']
-#    sys.stdout.write(Msg.YOUR_ORGANIZATION_NAME_IS.format(organization))
-    return organization
-  except (KeyError, IndexError):
-    systemErrorExit(3, Msg.YOU_HAVE_NO_RIGHTS_TO_CREATE_PROJECTS_AND_YOU_ARE_NOT_A_SUPER_ADMIN)
+def getCRMOrgId(forceSearch=False):
+  if not GC.Values[GC.GCP_ORG_ID] or forceSearch:
+    setTrueCustomerId()
+    _, crm = buildGAPIServiceObject(API.CLOUDRESOURCEMANAGER, None)
+    results = callGAPI(crm.organizations(), 'search',
+                       query=f'directorycustomerid:{GC.Values[GC.CUSTOMER_ID]}',
+                       pageSize=1, fields='organizations/name')
+    orgs = results.get('organizations')
+    if not orgs:
+      # return nothing and let calling API deal with it
+      # since caller knows what GCP role would serve best
+      return None
+    return orgs[0].get('name')
+  return GC.Values[GC.GCP_ORG_ID]
+
+# gam info customerid
+def doInfoCustomerId():
+  checkForExtraneousArguments()
+  setTrueCustomerId(cd=None, forceUpdate=True)
+  writeStdout(f'{GC.Values[GC.CUSTOMER_ID]}\n')
+
+# gam info gcporgid
+def doInfoGCPOrgId():
+  checkForExtraneousArguments()
+  writeStdout(f'{getCRMOrgId(forceSearch=True)}\n')
+
+def getGCPOrgId(crm, login_hint, login_domain):
+  if not GC.Values[GC.GCP_ORG_ID]:
+    try:
+      results = callGAPI(crm.organizations(), 'search',
+                         throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
+                         query=f'domain:{login_domain}',
+                         pageSize=1, fields='organizations/name')
+      return results['organizations'][0]['name']
+    except (GAPI.invalidArgument, GAPI.permissionDenied) as e:
+      entityActionFailedExit([Ent.USER, login_hint, Ent.DOMAIN, login_domain], str(e))
+    except (KeyError, IndexError):
+      systemErrorExit(3, Msg.YOU_HAVE_NO_RIGHTS_TO_CREATE_PROJECTS_AND_YOU_ARE_NOT_A_SUPER_ADMIN)
+  return GC.Values[GC.GCP_ORG_ID]

 # gam create gcpfolder <String>
 # gam create gcpfolder [admin <EmailAddress] folder <String>
@@ -12028,7 +12070,7 @@ def doCreateGCPFolder():
  login_hint = _getValidateLoginHint(login_hint)
  login_domain = getEmailAddressDomain(login_hint)
  _, crm = getCRMService(login_hint)
-  organization = getGCPOrg(crm, login_hint, login_domain)
+  organization = getGCPOrgId(crm, login_hint, login_domain)
  try:
    result = callGAPI(crm.folders(), 'create',
                      throwReasons=[GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
@@ -12074,7 +12116,7 @@ def doCreateProject():
      if 'error' in status:
        if status['error'].get('message', '') == 'No permission to create project in organization':
          sys.stdout.write(Msg.NO_RIGHTS_GOOGLE_CLOUD_ORGANIZATION)
-          organization = getGCPOrg(crm, login_hint, login_domain)
+          organization = getGCPOrgId(crm, login_hint, login_domain)
          org_policy = callGAPI(crm.organizations(), 'getIamPolicy',
                                resource=organization)
          if 'bindings' not in org_policy:
@@ -13854,6 +13896,14 @@ REPORT_ACTIVITIES_UPPERCASE_EVENTS = {
  'takeout',
  }

+REPORT_ACTIVITIES_FILTER_MAP = {
+  'applicationinfofilter': 'applicationInfoFilter',
+  'groupidfilter': 'groupIdFilter',
+  'networkinfofilter': 'networkInfoFilter',
+  'resourcedetailsfilter': 'resourceDetailsFilter',
+  'statusfilter': 'statusFilter',
+  }
+
 REPORT_ACTIVITIES_TIME_OBJECTS = {'time'}

 # gam report <ActivityApplictionName> [todrive <ToDriveAttribute>*]
@@ -13865,6 +13915,8 @@ REPORT_ACTIVITIES_TIME_OBJECTS = {'time'}
 #	[event|events <EventNameList>] [ip <String>]
 #	[gmaileventtypes <NumberRangeList>]
 #	[groupidfilter <String>] [resourcedetailsfilter <String>]
+#	[networkinfofilter <String>] [statusfilter <String>]
+#	[applicationinfofilter <String>] [includesensitivedata]
 #	[notimesort]
 #	[maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
 #	[countsonly [bydate|summary] [eventrowfilter]]
@@ -14143,6 +14195,12 @@ def doReport():
    else:
      events['accounts:used_quota_in_percentage'] = 0

+  def _getActivitiesFilters(myarg):
+    if myarg in REPORT_ACTIVITIES_FILTER_MAP:
+      kwargs[REPORT_ACTIVITIES_FILTER_MAP[myarg]] = getString(Cmd.OB_STRING)
+      return True
+    return False
+
  # dynamically extend our choices with other reports Google dynamically adds
  rep = buildGAPIObject(API.REPORTS)
  dyn_choices = rep._rootDesc \
@@ -14168,7 +14226,7 @@ def doReport():
  if customerId == GC.MY_CUSTOMER:
    customerId = None
  csvPF = CSVPrintFile()
-  filters = actorIpAddress = groupIdFilter = orgUnit = orgUnitId = resourceDetailsFilter = None
+  filters = actorIpAddress = orgUnit = orgUnitId = None
  showOrgUnit = False
  parameters = set()
  parameterServices = set()
@@ -14205,6 +14263,7 @@ def doReport():
  showNoActivities = False
  if usageReports:
    includeServices = set()
+  kwargs = {}
  while Cmd.ArgumentsRemaining():
    myarg = getArgument()
    if myarg == 'todrive':
@@ -14288,14 +14347,14 @@ def doReport():
      countsSummary = True
    elif activityReports and myarg == 'eventrowfilter':
      eventRowFilter = True
-    elif activityReports and myarg == 'groupidfilter':
-      groupIdFilter = getString(Cmd.OB_STRING)
-    elif activityReports and myarg == 'resourcedetailsfilter':
-      resourceDetailsFilter = getString(Cmd.OB_STRING)
+    elif activityReports and _getActivitiesFilters(myarg):
+      pass
    elif activityReports and (report == 'gmail')  and myarg == 'gmaileventtypes':
      gmailEventTypes = set(getNumberRangeList())
    elif activityReports and myarg == 'userisactor':
      mapAdminUsersToFilter = False
+    elif activityReports and myarg == 'includesensitivedata':
+      kwargs['includeSensitiveData'] = True
    elif myarg == 'addcsvdata':
      getAddCSVData(addCSVData)
    elif activityReports and myarg == 'shownoactivities':
@@ -14616,8 +14675,7 @@ def doReport():
                               applicationName=report, userKey=user, customerId=customerId,
                               actorIpAddress=actorIpAddress, orgUnitID=orgUnitId,
                               startTime=startEndTime.startTime, endTime=startEndTime.endTime,
-                               eventName=eventName, filters=pfilters, groupIdFilter=groupIdFilter,
-                               resourceDetailsFilter=resourceDetailsFilter, maxResults=maxResults)
+                               eventName=eventName, filters=pfilters, maxResults=maxResults, **kwargs)
        except GAPI.badRequest:
          if user != 'all':
            entityUnknownWarning(Ent.USER, user, i, count)
@@ -16732,8 +16790,8 @@ def _showCustomerLicenseInfo(customerInfo, FJQC):
  if not FJQC.formatJSON:
    Ind.Decrement()

-def setTrueCustomerId(cd=None):
-  if GC.Values[GC.CUSTOMER_ID] == GC.MY_CUSTOMER:
+def setTrueCustomerId(cd=None, forceUpdate=False):
+  if GC.Values[GC.CUSTOMER_ID] == GC.MY_CUSTOMER or forceUpdate:
    if not cd:
      cd = buildGAPIObject(API.DIRECTORY)
    try:
@@ -72458,7 +72516,7 @@ def _printShowTokens(entityType, users):
                           throwReasons=[GAPI.PERMISSION_DENIED],
                           projectId=result['project'])
        for ancestor in results.get('ancestor', []):
-          if ancestor.get('resourceId', {}).get('type') == 'organization' and ancestor.get('resourceId', {}).get('id') == org_id:
+          if ancestor.get('resourceId', {}).get('type') == 'organization' and ancestor.get('resourceId', {}).get('id') == GC.Values[GC.GCP_ORG_ID]:
            result['internal'] = True
            internal_projects.add(result['project'])
      except GAPI.permissionDenied:
@@ -72520,7 +72578,7 @@ def _printShowTokens(entityType, users):
    crm1 = buildGAPIObject('cloudresourcemanagerv1')
    admin_email = _getAdminEmail()
    admin_domain = getEmailAddressDomain(admin_email)
-    org_id = getGCPOrg(crm, admin_email, admin_domain).split('/')[1]
+    GC.Values[GC.GCP_ORG_ID] = getGCPOrgId(crm, admin_email, admin_domain).split('/')[1]
  fields = ','.join(TOKENS_FIELDS_TITLES)
  i, count, users = getEntityArgument(users)
  for user in users:
@@ -79624,30 +79682,11 @@ def printShowTagManagerTags(users):
 def printShowTagManagerPermissions(users):
  printShowTagManagerObjects(users, Ent.TAGMANAGER_PERMISSION)

-def getCRMOrgId():
-  setTrueCustomerId()
-  _, crm = buildGAPIServiceObject(API.CLOUDRESOURCEMANAGER, None)
-  results = callGAPI(crm.organizations(), 'search',
-                     query=f'directorycustomerid:{GC.Values[GC.CUSTOMER_ID]}',
-                     pageSize=1, fields='organizations/name')
-  orgs = results.get('organizations')
-  if not orgs:
-    # return nothing and let calling API deal with it
-    # since caller knows what GCP role would serve best
-    return None
-  return orgs[0].get('name')
-
 def CAARoleErrorExit(caa):
  sa_email = caa._http.credentials.signer_email
  systemErrorExit(NO_SA_ACCESS_CONTEXT_MANAGER_EDITOR_ROLE_RC,
                  f'Please grant service account {sa_email} the Access Context Manager Editor role in your GCP organization.')

-def normalizeCAALevelName(caa, name):
-  if name.startswith('accessPolicies/'):
-    return name
-  ap_name = getAccessPolicy(caa)
-  return f'{ap_name}/accessLevels/{name}'
-
 def buildCAAServiceObject():
  _, caa = buildGAPIServiceObject(API.ACCESSCONTEXTMANAGER, None)
  return caa
@@ -79671,7 +79710,13 @@ def getAccessPolicy(caa=None):
  for ap in aps:
    if ap.get('title') == 'Access policy created in Cloud Identity Console':
      return ap['name']
-  systemErrorExit(ACCESS_POLICY_ERROR_RC, ' Could not find a org level access policy. That is odd.')
+  systemErrorExit(ACCESS_POLICY_ERROR_RC, 'Could not find a org level access policy. That is odd.')
+
+def normalizeCAALevelName(caa, name):
+  if name.startswith('accessPolicies/'):
+    return name
+  ap_name = getAccessPolicy(caa)
+  return f'{ap_name}/accessLevels/{name}'

 CAA_OS_TYPE_MAP = {
  'desktopmac': 'DESKTOP_MAC',
@@ -80178,6 +80223,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
      Cmd.ARG_CROSTELEMETRY:	doInfoPrintShowCrOSTelemetry,
      Cmd.ARG_CURRENTPROJECTID:	doInfoCurrentProjectId,
      Cmd.ARG_CUSTOMER:		doInfoCustomer,
+      Cmd.ARG_CUSTOMERID:	doInfoCustomerId,
      Cmd.ARG_DATATRANSFER:	doInfoDataTransfer,
      Cmd.ARG_DEVICE:		doInfoCIDevice,
      Cmd.ARG_DEVICEUSER:	doInfoCIDeviceUser,
@@ -80188,6 +80234,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
      Cmd.ARG_DRIVEFILEACL:	doInfoDriveFileACLs,
      Cmd.ARG_DRIVELABEL:	doInfoDriveLabels,
      Cmd.ARG_INSTANCE:		doInfoInstance,
+      Cmd.ARG_GCPORGID:		doInfoGCPOrgId,
      Cmd.ARG_GROUP:		doInfoGroups,
      Cmd.ARG_GROUPMEMBERS:	doInfoGroupMembers,
      Cmd.ARG_INBOUNDSSOASSIGNMENT:	doInfoInboundSSOAssignment,
--- a/src/gam/gamlib/glcfg.py
+++ b/src/gam/gamlib/glcfg.py
@@ -177,6 +177,8 @@ ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
 EVENT_MAX_RESULTS = 'event_max_results'
 # Path to extra_args.txt
 EXTRA_ARGS = 'extra_args'
+# Google Cloud Project Organization ID
+GCP_ORG_ID = 'gcp_org_id'
 # Gmail CSE certificates directory
 GMAIL_CSE_INCERT_DIR = 'gmail_cse_incert_dir'
 # Gmail CSE KACL wrapped key files
@@ -403,6 +405,7 @@ Defaults = {
  ENABLE_GCLOUD_REAUTH: FALSE,
  EVENT_MAX_RESULTS: '250',
  EXTRA_ARGS: '',
+  GCP_ORG_ID: '',
  GMAIL_CSE_INCERT_DIR: '',
  GMAIL_CSE_INKEY_DIR: '',
  INPUT_DIR: '.',
@@ -577,6 +580,7 @@ VAR_INFO = {
  ENABLE_GCLOUD_REAUTH: {VAR_TYPE: TYPE_BOOLEAN},
  EVENT_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 2500)},
  EXTRA_ARGS: {VAR_TYPE: TYPE_FILE, VAR_SIGFILE: FN_EXTRA_ARGS_TXT, VAR_SFFT: ('', FN_EXTRA_ARGS_TXT), VAR_ACCESS: os.R_OK},
+  GCP_ORG_ID: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},
  GMAIL_CSE_INCERT_DIR: {VAR_TYPE: TYPE_DIRECTORY},
  GMAIL_CSE_INKEY_DIR: {VAR_TYPE: TYPE_DIRECTORY},
  INPUT_DIR: {VAR_TYPE: TYPE_DIRECTORY},
--- a/src/gam/gamlib/glclargs.py
+++ b/src/gam/gamlib/glclargs.py
@@ -830,6 +830,7 @@ class GamCLArgs():
  ARG_CSEKEYPAIRS = 'csekeypairs'
  ARG_CURRENTPROJECTID = 'currentprojectid'
  ARG_CUSTOMER = 'customer'
+  ARG_CUSTOMERID = 'customerid'
  ARG_DATASTUDIOASSET = 'datastudioasset'
  ARG_DATASTUDIOASSETS = 'datastudioassets'
  ARG_DATASTUDIOPERMISSION = 'datastudiopermission'
@@ -913,6 +914,7 @@ class GamCLArgs():
  ARG_FORWARDINGADDRESS = 'forwardingaddress'
  ARG_FORWARDINGADDRESSES = 'forwardingaddresses'
  ARG_GCPFOLDER = 'gcpfolder'
+  ARG_GCPORGID = 'gcporgid'
  ARG_GCPSERVICEACCOUNT = 'gcpserviceaccount'
  ARG_GMAIL = 'gmail'
  ARG_GMAILPROFILE = 'gmailprofile'
--- a/src/gam/gamlib/glentity.py
+++ b/src/gam/gamlib/glentity.py
@@ -242,6 +242,7 @@ class GamEntity():
  FORWARDING_ADDRESS = 'fwda'
  GCP_FOLDER = 'gcpf'
  GCP_FOLDER_NAME = 'gcpn'
+  GCP_ORG_ID = 'gcpo'
  GMAIL_PROFILE = 'gmpr'
  GROUP = 'grou'
  GROUP_ALIAS = 'gali'
@@ -613,6 +614,7 @@ class GamEntity():
    FORWARDING_ADDRESS: ['Forwarding Addresses', 'Forwarding Address'],
    GCP_FOLDER: ['GCP Folders', 'GCP Folder'],
    GCP_FOLDER_NAME: ['GCP Folder Names', 'GCP Folder Name'],
+    GCP_ORG_ID: ['GCP Organization ID', 'GCP Organization ID'],
    GMAIL_PROFILE: ['Gmail Profile', 'Gmail Profile'],
    GROUP: ['Groups', 'Group'],
    GROUP_ALIAS: ['Group Aliases', 'Group Alias'],
--- a/src/tools/_hashlib.vcxproj
+++ b/src/tools/_hashlib.vcxproj
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGInstrument|ARM">
+      <Configuration>PGInstrument</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGInstrument|ARM64">
+      <Configuration>PGInstrument</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGInstrument|Win32">
+      <Configuration>PGInstrument</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGInstrument|x64">
+      <Configuration>PGInstrument</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGUpdate|ARM">
+      <Configuration>PGUpdate</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGUpdate|ARM64">
+      <Configuration>PGUpdate</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGUpdate|Win32">
+      <Configuration>PGUpdate</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="PGUpdate|x64">
+      <Configuration>PGUpdate</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{447F05A8-F581-4CAC-A466-5AC7936E207E}</ProjectGuid>
+    <RootNamespace>_hashlib</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="python.props" />
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>NotSet</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <PropertyGroup>
+    <TargetExt>$(PyStdlibPydExt)</TargetExt>
+  </PropertyGroup>
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="pyproject.props" />
+    <Import Project="openssl.props" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;crypt32.lib;advapi32.lib;user32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\Modules\_hashopenssl.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="..\PC\python_nt.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="pythoncore.vcxproj">
+      <Project>{cf7ac3d1-e2df-41d2-bea6-1e2556cdea26}</Project>
+      <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
--- a/src/tools/openssl.props
+++ b/src/tools/openssl.props
@@ -15,12 +15,14 @@
    <_DLLSuffix Condition="$(Platform) == 'ARM64'">$(_DLLSuffix)-arm64</_DLLSuffix>
    <_DLLSuffix Condition="$(Platform) == 'x64'">$(_DLLSuffix)-x64</_DLLSuffix>
  </PropertyGroup>
+  <!-- GAM Static Build: Disable missing DLL/PDB copy
  <ItemGroup>
    <_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).dll" />
    <_SSLDLL Include="$(opensslOutDir)\libcrypto$(_DLLSuffix).pdb" />
    <_SSLDLL Include="$(opensslOutDir)\libssl$(_DLLSuffix).dll" />
    <_SSLDLL Include="$(opensslOutDir)\libssl$(_DLLSuffix).pdb" />
  </ItemGroup>
+  -->
  <Target Name="_CopySSLDLL" Inputs="@(_SSLDLL)" Outputs="@(_SSLDLL->'$(OutDir)%(Filename)%(Extension)')" AfterTargets="Build">
    <Copy SourceFiles="@(_SSLDLL)" DestinationFolder="$(OutDir)" />
  </Target>
--- a/wiki/Context-Aware-Access-Levels.md
+++ b/wiki/Context-Aware-Access-Levels.md
@@ -3,6 +3,7 @@
 - [Notes](#Notes)
 - [API documentation](#api-documentation)
 - [Grant Service Account Rights to Manage CAA](#grant-service-account-rights-to-manage-caa)
+- [Get Google Cloud organization ID for your workspace](#Get Google Cloud organization ID for your workspace)
 - [Definitions](#definitions)
 - [Parameters for Basic Levels](#parameters-for-basic-levels)
 - [Create an Access Level](#create-an-access-level)
@@ -36,6 +37,15 @@ In order for GAM to manage CAA access levels, you need to grant your service acc
 10. Click `Save`. It may take 15 minutes or more for the role permissions to propagate.
 11. Confirm the role is in place by re-running `gam print caalevels`

+## Get Google Cloud organization ID for your workspace
+This ID is used by the caalevel commands; to eliminate additional API calls,
+you can get the value and store it in the `gam.cfg/gcp_org_id` variable.
+```
+$ gam info gcporgid
+organizations/906207637890
+$ gam config gcp_org_id organizations/906207637890 save
+```
+
 ## Definitions
 ```
 <JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |
--- a/wiki/Customer.md
+++ b/wiki/Customer.md
@@ -4,6 +4,8 @@
 - [Update customer](#update-customer)
 - [Display customer](#display-customer)
 - [Display instance](#display-instance)
+- [Display Customer ID](#display-customer-id)
+- [Display GCP organization ID](#display-gcp-organization-id)

 ## API documentation
 * [Directory API - Customers](https://developers.google.com/admin-sdk/directory/reference/rest/v1/customers)
@@ -45,3 +47,19 @@ gam info instance [formatjson]
 ```
 By default, Gam displays the information as an indented list of keys and values.
 * `formatjson` - Display the fields in JSON format.
+
+## Display Customer ID
+You can get and set the `gam.cfg/customer_id` value with these commands:
+```
+$ gam info customerid             
+C78abc9de
+$ gam config customer_id C78abc9de save
+```
+## Display GCP organization ID
+You can get and set the `gam.cfg/gcp_org_id` value with these commands:
+```
+$ gam info gcporgid             
+organizations/906207637890
+$ gam config gcp_org_id organizations/906207637890 save
+```
+
--- a/wiki/GamUpdates.md
+++ b/wiki/GamUpdates.md
@@ -10,6 +10,49 @@ Add the `-s` option to the end of the above commands to suppress creating the `g

 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation

+### 7.38.00
+
+Added variable `gcp_org_id` to `gam.cfg` that is used by the following commands;
+by setting the value, additional API calls are eliminated.
+```
+gam create project
+gam create gcpfolder
+gam create|update|delete caalevel
+gam print|show caalevels
+gam print|show tokens gcpdetails
+```
+You can get and set the `gam.cfg/gcp_org_id` value with these commands:
+```
+$ gam info gcporgid             
+organizations/906207637890
+$ gam config gcp_org_id organizations/906207637890 save
+```
+
+You can get and set the `gam.cfg/customer_id` value with these commands:
+```
+$ gam info customerid             
+C78abc9de
+$ gam config customer_id C78abc9de save
+```
+
+Added the following options to `gam report <ActivityApplicationName>`.
+```
+applicationinfofilter <String>
+networkinfofilter <String>
+statusfilter <String>
+includesensitivedata
+```
+
+### 7.37.00
+
+Added new client access scopes used by `gam print tokens`.
+```
+[*] 52)  Resource Manager API - Organizations readonly
+[*] 53)  Resource Manager API - Projects readonly
+```
+
+Added option `gcpdetails` to `gam print tokens` that uses these scopes to get additional project information.
+
 ### 7.36.03

 Added command to send email replies that causes Gmail to recognize the message
--- a/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
+++ b/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
@@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 ```
 gamteam@server:/Users/gamteam$ rm -f /Users/gamteam/GAMConfig/oauth2.txt
 gamteam@server:/Users/gamteam$ gam version
-GAM 7.36.03 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.38.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.3 64-bit final
 macOS Tahoe 26.3.1 arm64
@@ -1034,7 +1034,7 @@ writes the credentials into the file oauth2.txt.
 ```
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
-GAM 7.36.03 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.38.00 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.3 64-bit final
 Windows 11 10.0.26200 AMD64
--- a/wiki/Reports.md
+++ b/wiki/Reports.md
@@ -99,6 +99,8 @@ gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
        [event|events <EventNameList>] [ip <String>]
        [gmaileventtypes <NumberRangeList>]
        [groupidfilter <String>] [resourcedetailsfilter <String>]
+        [networkinfofilter <String>] [statusfilter <String>]
+        [applicationinfofilter <String>] [includesensitivedata]
        [notimesort]
        [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
        [countsonly [bydate|summary] [eventrowfilter]]
@@ -154,6 +156,15 @@ Limit to those users that are a member of at least one of a list of groups.
 Limit based on resource details.
 * `resourcedetailsfilter <String>` - See: https://developers.google.com/workspace/admin/reports/reference/rest/v1/activities/list#query-parameters

+Limit based on 'regionCode`.
+* `networkinfofilter <String>` - Format: 'regionCode="IN"'
+
+Limit based on `statusCode`.
+* `statusfilter <String>` - Format: 'statusCode="200"'
+
+Limit based on `oAuthClientId`.
+* `applicationinfofilter <String>` - Format: 'oAuthClientId="clientId"'
+
 You can use `config csv_output_row_filter` to filter the events if the API filter can't produce the results you want.

 Limit to a list of specific events.
--- a/wiki/Users-Chat.md
+++ b/wiki/Users-Chat.md
@@ -37,9 +37,6 @@ gam user user@domain.com update serviceaccount
 [*] 11)  Chat API - User Sections (supports readonly)

 ```
-`Chat API - User Sections` is in Developer Preview; you must have a the following variables set in `gam.cfg` to use these commands.
-* `developer_preview_apis = chat`
-* `developer_preview_api_key = <String>`

 Added `use_chat_admin_access` Boolean variable to `gam.cfg`. 
 ```
--- a/wiki/Users-Tokens.md
+++ b/wiki/Users-Tokens.md
@@ -1,5 +1,6 @@
 # Users - Tokens
 - [API documentation](#api-documentation)
+- [Get Google Cloud organization ID for your workspace](#get-google-cloud-organization-id-for-your-workspace)
 - [Definitions](#definitions)
 - [Delete a user's token](#delete-a-users-token)
 - [Display individual user's tokens](#display-individual-users-tokens)
@@ -9,6 +10,15 @@
 ## API documentation
 * [Directory API - Tokens](https://developers.google.com/admin-sdk/directory/reference/rest/v1/tokens)

+## Get Google Cloud organization ID for your workspace
+This ID is used by `gam print|show token gcpdetails`; to eliminate additional API calls,
+you can get the value and store it in the `gam.cfg/gcp_org_id` variable.
+```
+$ gam info gcporgid
+organizations/906207637890
+$ gam config gcp_org_id organizations/906207637890 save
+```
+
 ## Definitions
 * [`<UserTypeEntity>`](Collections-of-Users)

@@ -23,14 +33,18 @@ gam <UserTypeEntity> delete|del token|tokens clientid <ClientID>
 ```
 gam <UserTypeEntity> print tokens|token [todrive <ToDriveAttributes>*] [clientid <ClientID>]
        [orderby clientid|id|appname|displaytext] [delimiter <Character>]
+        [gcpdetails]
 gam <UserTypeEntity> show tokens|token|3lo|oauth [clientid <ClientID>]
        [orderby clientid|id|appname|displaytext]
+        [gcpdetails]
 gam print tokens|token [todrive <ToDriveAttributes>*] [clientid <ClientID>]
        [orderby clientid|id|appname|displaytext] [delimiter <Character>]
        [<UserTypeEntity>]
+        [gcpdetails]
 gam show tokens|token [clientid <ClientID>]
        [orderby clientid|id|appname|displaytext] [delimiter <Character>]
        [<UserTypeEntity>]
+        [gcpdetails]
 ```
 By default, all client tokens for a user are displayed, use `clientid <ClientID>` to display a specific client token.

@@ -38,6 +52,9 @@ For each user, select the order of token presentation:
 * `orderby clientid|id` - Display each user's tokens ordered by Client ID
 * `orderby appname|displaytext` - Display each user's tokens ordered by App Name

+Use `gcpdetails` to get project information about the client; you get the project number
+and whether it is an internal project. In order to accurately determine if a project is internal, your GAM admin user must have at least the `Browser` [IAM role for the entire GCP organization](https://docs.cloud.google.com/iam/docs/roles-permissions/browser) which allows them to lookup basic metadata about your organization projects. If your admin is not able to see all GCP projects in your organization results may not be accurate.
+
 For `print tokens`:
 * `delimiter <Character>` - Separate `scopes` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.

--- a/wiki/Version-and-Help.md
+++ b/wiki/Version-and-Help.md
@@ -3,7 +3,7 @@
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.36.03 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.38.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.3 64-bit final
 macOS Tahoe 26.3.1 arm64
@@ -15,7 +15,7 @@ Time: 2026-02-15T07:51:00-08:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.36.03 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.38.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.3 64-bit final
 macOS Tahoe 26.3.1 arm64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.36.03 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.38.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.3 64-bit final
 macOS Tahoe 26.3.1 arm64
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/gamteam/bin/gam7
 Version Check:
  Current: 5.35.08
-   Latest: 7.36.03
+   Latest: 7.38.00
 echo $?
 1
 ```
@@ -76,7 +76,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.36.03
+7.38.00
 ```
 In Linux/MacOS you can do:
 ```
@@ -86,7 +86,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.36.03 - https://github.com/GAM-team/GAM
+GAM 7.38.00 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.14.3 64-bit final
 macOS Tahoe 26.3.1 arm64
--- a/wiki/gam.cfg.md
+++ b/wiki/gam.cfg.md
@@ -375,6 +375,21 @@ extra_args
        Path to extra_args.txt
        Default: Blank
        Data file: extra_args.txt
+gcp_org_id
+        The Google Cloud organization ID for your workspace.
+        Default: Blank
+        This value is used by the following commands;
+        by setting the value, additional API calls are eliminated.
+        gam create project
+        gam create gcpfolder
+        gam create|update|delete caalevel
+        gam print|show caalevels
+        gam print|show tokens gcpdetails
+
+        You can get and save the `gcp_org_id` value with these commands:
+        $ gam info gcporgid
+        organizations/906207637890
+        $ gam config gcp_org_id organizations/906207637890 save
 gmail_cse_incert_dir
        Directory for the S/MIME certificate files used by Gmail Client Side Encryption.
        Default: Blank