diff --git a/plans/phase-1-workspace-core.md b/plans/phase-1-workspace-core.md
new file mode 100644
index 0000000000..059e98a401
--- /dev/null
+++ b/plans/phase-1-workspace-core.md
@@ -0,0 +1,35 @@
+# Phase 1 Sub-plan: The Workspace Core
+
+## 1. Objective
+Establish the foundational execution environment (Container Image) and the initial management service (Hub API).
+
+## 2. Tasks
+
+### Task 1.1: Define and Build Workspace Image
+Create a Dockerfile that provides a complete, persistent development environment for `gemini-cli`.
+- [ ] Create `packages/grid-manager/docker/Dockerfile`.
+- [ ] Include: `node:20-slim`, `git`, `gh`, `rsync`, `tmux`, `shpool`.
+- [ ] Add the pre-built `gemini-cli` binary.
+- [ ] Define `entrypoint.sh` with secret injection and `shpool` daemon startup.
+- [ ] Verify image build locally: `docker build -t gemini-workspace:v1 .`.
+
+### Task 1.2: Workspace Hub API (v1)
+Implement the core API to manage GCE-based workspaces.
+- [ ] Initialize `packages/grid-manager/src/hub-service/`.
+- [ ] Implement Express or Fastify server for `/workspaces` (List, Create, Delete).
+- [ ] Integrate Firestore to track workspace state (owner, instance_id, status).
+- [ ] Integrate `@google-cloud/compute` for GCE instance lifecycle.
+- [ ] Provision a VM with `Container-on-VM` settings pointing to the `gemini-workspace` image.
+
+### Task 1.3: Cloud Run Deployment (v1)
+Prepare the Hub for self-service deployment.
+- [ ] Create `packages/grid-manager/terraform/` for basic Hub provisioning.
+- [ ] Setup IAP/OAuth authentication on the Cloud Run endpoint.
+
+## 3. Verification & Success Criteria
+- **Image:** A container started from the image must have `gemini --version` and `gh --version` available.
+- **API:** A `POST /workspaces` call must result in a new VM appearing in the specified GCP project with the correct container image.
+- **State:** Firestore must correctly reflect the VM's `PROVISIONING` and `READY` status.
+
+## 4. Next Steps
+- Implement Task 1.1: Build the Dockerfile.
diff --git a/plans/workspaces-implementation.md b/plans/workspaces-implementation.md
new file mode 100644
index 0000000000..14781c69da
--- /dev/null
+++ b/plans/workspaces-implementation.md
@@ -0,0 +1,45 @@
+# Gemini CLI Workspaces: High-Level Implementation Plan
+
+## 1. Objective
+Transform the architectural vision of "Gemini CLI Workspaces" into a production-ready, self-service feature for `gemini-cli`.
+
+## 2. Milestones & Phases
+
+### Milestone 1: The Workspace Core (Phase 1)
+Build the foundational container environment and the core management API.
+- [ ] Define and build the `Workspace Container Image`.
+- [ ] Deploy a basic `Workspace Hub` (Cloud Run) with GCE provisioning.
+- [ ] Implement simple `/create`, `/list`, `/delete` API endpoints.
+
+### Milestone 2: Basic CLI Management (Phase 2)
+Enable developers to manage their remote fleet from the local CLI.
+- [ ] Add `gemini workspace create/list/delete` commands.
+- [ ] Implement Hub authentication (Google OAuth/IAP).
+- [ ] Add local configuration for Hub discovery (`settings.json`).
+
+### Milestone 3: Connectivity & Persistence (Phase 3)
+Enable the "Teleport" experience with session persistence.
+- [ ] Implement `gemini workspace connect`.
+- [ ] Setup `gcloud compute ssh --tunnel-through-iap` logic in the client.
+- [ ] Integrate `shpool` into the container entrypoint for session detachment.
+
+### Milestone 4: Secure Sync & Identity (Phase 4)
+Make the remote workspace "feel like home" with secure credential forwarding.
+- [ ] Implement `~/.gemini/` configuration synchronization.
+- [ ] Implement SSH Agent Forwarding (`-A`) in the connectivity logic.
+- [ ] Implement secure GitHub PAT injection via `/dev/shm`.
+
+### Milestone 5: UI & Advanced Hub Features (Phase 5)
+Polish the developer experience and add enterprise-grade Hub capabilities.
+- [ ] Implement the "Workspaces Ability" in the CLI (interactive React UI).
+- [ ] Implement multi-tenancy models (User, Team, Repo) in the Hub.
+- [ ] Add auto-cleanup (TTL) and resource monitoring to the Hub.
+
+## 3. Implementation Strategy
+- **Surgical Changes:** Each phase will be implemented as a series of small, verified PRs.
+- **Verification:** Every phase must include integration tests (using mocks for GCP if necessary).
+- **Documentation:** Architecture docs will be updated as implementation details evolve.
+
+## 4. Next Steps
+1.  **Phase 1 Sub-plan:** Define the exact Dockerfile and initial Hub API schema.
+2.  **Phase 1.1:** Build and push the initial `gemini-workspace:latest` image.