feat(gmail): implement Safe Mode (drafts-only) via --safe flag#314
Open
Ishaan453 wants to merge 1 commit intosteipete:mainfrom
Open
feat(gmail): implement Safe Mode (drafts-only) via --safe flag#314Ishaan453 wants to merge 1 commit intosteipete:mainfrom
Ishaan453 wants to merge 1 commit intosteipete:mainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR implements a "Safe Mode" for Gmail interactions, designed to ensure a "Human-in-the-Loop" workflow. When enabled, the CLI can create drafts but is cryptographically restricted from sending emails via the Google API.
Key Changes
New Flag: Added --safe to gog auth add.
Restricted Scopes: Authentication with --safe requests only gmail.insert and gmail.readonly scopes (no gmail.send or gmail.compose).
Security Fix: Patched
internal/googleauth/oauth_flow.go
to support disabling include_granted_scopes. This prevents new tokens from silently inheriting dangerous permissions from previous sessions.
Smart Fallback: Updated gog gmail drafts create to automatically fallback to the messages.insert API if the standard drafts.create permission is missing.
Verification
Authenticate in Safe Mode:
gog auth add <email> --services gmail --safeCreate a Draft (Should Succeed):
gog gmail drafts create --to <email> --subject "Safe Test" --body "Hello"Attempt to Send (Should Fail):
First, get the draft ID
gog gmail drafts listThen try to send
gog gmail drafts send <DRAFT_ID>Expected Result: Google API error (403 insufficientPermissions)
Fixes #239