googleworkspace
diff --git a/‎.changeset/gmail-draft-only-hardening.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/gmail-draft-only-hardening.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 75 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 2 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/commands.rs‎
Lines changed: 9 additions & 0 deletions b/‎src/commands.rs‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/executor.rs‎
Lines changed: 20 additions & 8 deletions b/‎src/executor.rs‎
Lines changed: 20 additions & 8 deletions
diff --git a/‎src/helpers/calendar.rs‎
Lines changed: 2 additions & 3 deletions b/‎src/helpers/calendar.rs‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/helpers/chat.rs‎
Lines changed: 2 additions & 3 deletions b/‎src/helpers/chat.rs‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/helpers/docs.rs‎
Lines changed: 2 additions & 3 deletions b/‎src/helpers/docs.rs‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/helpers/drive.rs‎
Lines changed: 2 additions & 3 deletions b/‎src/helpers/drive.rs‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/helpers/events/mod.rs‎
Lines changed: 1 addition & 1 deletion b/‎src/helpers/events/mod.rs‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,5 @@
+---
+"@googleworkspace/cli": patch
+---
+
+Implement robust Gmail draft-only mode with centralized policy enforcement in the executor layer to prevent bypasses.
@@ -34,7 +34,7 @@ path = "src/main.rs"
 [dependencies]
 aes-gcm = "0.10"
 anyhow = "1"
-clap = { version = "4", features = ["derive", "string"] }
+clap = { version = "4", features = ["derive", "string", "env"] }
 dirs = "5"
 dotenvy = "0.15"
 hostname = "0.4"
@@ -80,5 +80,6 @@ inherits = "release"
 lto = "thin"
 
 [dev-dependencies]
+assert_cmd = "2"
 serial_test = "3.4.0"
 tempfile = "3"
@@ -33,6 +33,15 @@ pub fn build_cli(doc: &RestDescription) -> Command {
                 .value_name("TEMPLATE")
                 .global(true),
         )
+        .arg(
+            clap::Arg::new("draft-only")
+                .long("draft-only")
+                .help("Gmail draft-only mode: block sending and strictly allow only draft creation/updates. Also reads GOOGLE_WORKSPACE_GMAIL_DRAFT_ONLY env var.")
+                .action(clap::ArgAction::SetTrue)
+                .env("GOOGLE_WORKSPACE_GMAIL_DRAFT_ONLY")
+                .global(true),
+        )
+
         .arg(
             clap::Arg::new("dry-run")
                 .long("dry-run")
 
@@ -217,8 +217,7 @@ async fn build_http_request(
 async fn handle_json_response(
     body_text: &str,
     pagination: &PaginationConfig,
-    sanitize_template: Option<&str>,
-    sanitize_mode: &crate::helpers::modelarmor::SanitizeMode,
+    policy: &crate::helpers::modelarmor::ExecutionPolicy,
     output_format: &crate::formatter::OutputFormat,
     pages_fetched: &mut u32,
     page_token: &mut Option<String>,
@@ -229,7 +228,7 @@ async fn handle_json_response(
         *pages_fetched += 1;
 
         // Run Model Armor sanitization if --sanitize is enabled
-        if let Some(template) = sanitize_template {
+        if let Some(ref template) = policy.template {
             let text_to_check = serde_json::to_string(&json_val).unwrap_or_default();
             match crate::helpers::modelarmor::sanitize_text(template, &text_to_check).await {
                 Ok(result) => {
@@ -238,7 +237,7 @@ async fn handle_json_response(
                         eprintln!("⚠️  Model Armor: prompt injection detected (filterMatchState: MATCH_FOUND)");
                     }
 
-                    if is_match && *sanitize_mode == crate::helpers::modelarmor::SanitizeMode::Block
+                    if is_match && policy.mode == crate::helpers::modelarmor::SanitizeMode::Block
                     {
                         let blocked = serde_json::json!({
                             "error": "Content blocked by Model Armor",
@@ -377,13 +376,27 @@ pub async fn execute_method(
     upload_content_type: Option<&str>,
     dry_run: bool,
     pagination: &PaginationConfig,
-    sanitize_template: Option<&str>,
-    sanitize_mode: &crate::helpers::modelarmor::SanitizeMode,
+    policy: &crate::helpers::modelarmor::ExecutionPolicy,
     output_format: &crate::formatter::OutputFormat,
     capture_output: bool,
 ) -> Result<Option<Value>, GwsError> {
     let input = parse_and_validate_inputs(doc, method, params_json, body_json, upload_path)?;
 
+    // Gmail-specific safety policy: block sending if draft-only mode is active
+    if policy.draft_only && !dry_run && doc.name == "gmail" {
+        let is_send = if let Some(ref id) = method.id {
+            id == "gmail.users.messages.send" || id == "gmail.users.drafts.send"
+        } else {
+            // Fallback to Discovery path if ID is missing.
+            // Standard Gmail send path: users/{userId}/messages/send
+            method.path.contains("messages/send") || method.path.contains("drafts/send")
+        };
+
+        if is_send {
+            return Err(GwsError::Validation("Gmail draft-only mode is active. Sending mail is blocked (preparing a draft is still allowed).".to_string()));
+        }
+    }
+
     if dry_run {
         let dry_run_info = json!({
             "dry_run": true,
@@ -470,8 +483,7 @@ pub async fn execute_method(
             let should_continue = handle_json_response(
                 &body_text,
                 pagination,
-                sanitize_template,
-                sanitize_mode,
+                policy,
                 output_format,
                 &mut pages_fetched,
                 &mut page_token,
 
@@ -151,7 +151,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(matches) = matches.subcommand_matches("+insert") {
@@ -182,8 +182,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &executor::PaginationConfig::default(),
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )
 
@@ -63,7 +63,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         // We use `Box::pin` to create a pinned future on the heap.
         // This is necessary because the `Helper` trait returns a generic `Future`,
@@ -112,8 +112,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &pagination,
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )
 
@@ -63,7 +63,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(matches) = matches.subcommand_matches("+write") {
@@ -102,8 +102,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &pagination,
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )
 
@@ -70,7 +70,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(matches) = matches.subcommand_matches("+upload") {
@@ -113,8 +113,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &executor::PaginationConfig::default(),
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )
 
@@ -174,7 +174,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(sub_matches) = matches.subcommand_matches("+subscribe") {
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@googleworkspace/cli": patch
 +---
++
 +Implement robust Gmail draft-only mode with centralized policy enforcement in the executor layer to prevent bypasses.