googleworkspace · dumko2001 · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
diff --git a/.changeset/gmail-draft-only-hardening.md b/.changeset/gmail-draft-only-hardening.md
@@ -0,0 +1,5 @@
+---
+"@googleworkspace/cli": patch
+---
+
+Implement robust Gmail draft-only mode with centralized policy enforcement in the executor layer to prevent bypasses.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -34,7 +34,7 @@ path = "src/main.rs"
 [dependencies]
 aes-gcm = "0.10"
 anyhow = "1"
-clap = { version = "4", features = ["derive", "string"] }
+clap = { version = "4", features = ["derive", "string", "env"] }
 dirs = "5"
 dotenvy = "0.15"
 hostname = "0.4"
@@ -80,5 +80,6 @@ inherits = "release"
 lto = "thin"
 
 [dev-dependencies]
+assert_cmd = "2"
 serial_test = "3.4.0"
 tempfile = "3"
@@ -33,6 +33,15 @@ pub fn build_cli(doc: &RestDescription) -> Command {
                 .value_name("TEMPLATE")
                 .global(true),
         )
+        .arg(
+            clap::Arg::new("draft-only")
+                .long("draft-only")
+                .help("Gmail draft-only mode: block sending and strictly allow only draft creation/updates. Also reads GOOGLE_WORKSPACE_GMAIL_DRAFT_ONLY env var.")
+                .action(clap::ArgAction::SetTrue)
+                .env("GOOGLE_WORKSPACE_GMAIL_DRAFT_ONLY")
+                .global(true),
+        )
+
         .arg(
             clap::Arg::new("dry-run")
                 .long("dry-run")

@@ -217,8 +217,7 @@ async fn build_http_request(
 async fn handle_json_response(
     body_text: &str,
     pagination: &PaginationConfig,
-    sanitize_template: Option<&str>,
-    sanitize_mode: &crate::helpers::modelarmor::SanitizeMode,
+    policy: &crate::helpers::modelarmor::ExecutionPolicy,
     output_format: &crate::formatter::OutputFormat,
     pages_fetched: &mut u32,
     page_token: &mut Option<String>,
@@ -229,7 +228,7 @@ async fn handle_json_response(
         *pages_fetched += 1;
 
         // Run Model Armor sanitization if --sanitize is enabled
-        if let Some(template) = sanitize_template {
+        if let Some(ref template) = policy.template {
             let text_to_check = serde_json::to_string(&json_val).unwrap_or_default();
             match crate::helpers::modelarmor::sanitize_text(template, &text_to_check).await {
                 Ok(result) => {
@@ -238,7 +237,7 @@ async fn handle_json_response(
                         eprintln!("⚠️  Model Armor: prompt injection detected (filterMatchState: MATCH_FOUND)");
                     }
 
-                    if is_match && *sanitize_mode == crate::helpers::modelarmor::SanitizeMode::Block
+                    if is_match && policy.mode == crate::helpers::modelarmor::SanitizeMode::Block
                     {
                         let blocked = serde_json::json!({
                             "error": "Content blocked by Model Armor",
@@ -377,13 +376,13 @@ pub async fn execute_method(
     upload_content_type: Option<&str>,
     dry_run: bool,
     pagination: &PaginationConfig,
-    sanitize_template: Option<&str>,
-    sanitize_mode: &crate::helpers::modelarmor::SanitizeMode,
+    policy: &crate::helpers::modelarmor::ExecutionPolicy,
     output_format: &crate::formatter::OutputFormat,
     capture_output: bool,
 ) -> Result<Option<Value>, GwsError> {
     let input = parse_and_validate_inputs(doc, method, params_json, body_json, upload_path)?;
 
+
     if dry_run {
         let dry_run_info = json!({
             "dry_run": true,
@@ -470,8 +469,7 @@ pub async fn execute_method(
             let should_continue = handle_json_response(
                 &body_text,
                 pagination,
-                sanitize_template,
-                sanitize_mode,
+                policy,
                 output_format,
                 &mut pages_fetched,
                 &mut page_token,

diff --git a/src/helpers/calendar.rs b/src/helpers/calendar.rs
@@ -151,7 +151,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(matches) = matches.subcommand_matches("+insert") {
@@ -182,8 +182,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &executor::PaginationConfig::default(),
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )

diff --git a/src/helpers/chat.rs b/src/helpers/chat.rs
@@ -63,7 +63,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         // We use `Box::pin` to create a pinned future on the heap.
         // This is necessary because the `Helper` trait returns a generic `Future`,
@@ -112,8 +112,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &pagination,
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )

diff --git a/src/helpers/docs.rs b/src/helpers/docs.rs
@@ -63,7 +63,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(matches) = matches.subcommand_matches("+write") {
@@ -102,8 +102,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &pagination,
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )

diff --git a/src/helpers/drive.rs b/src/helpers/drive.rs
@@ -70,7 +70,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(matches) = matches.subcommand_matches("+upload") {
@@ -113,8 +113,7 @@ TIPS:
                     None,
                     matches.get_flag("dry-run"),
                     &executor::PaginationConfig::default(),
-                    None,
-                    &crate::helpers::modelarmor::SanitizeMode::Warn,
+                    _policy,
                     &crate::formatter::OutputFormat::default(),
                     false,
                 )

diff --git a/src/helpers/events/mod.rs b/src/helpers/events/mod.rs
@@ -174,7 +174,7 @@ TIPS:
         &'a self,
         doc: &'a crate::discovery::RestDescription,
         matches: &'a ArgMatches,
-        _sanitize_config: &'a crate::helpers::modelarmor::SanitizeConfig,
+        _policy: &'a crate::helpers::modelarmor::ExecutionPolicy,
     ) -> Pin<Box<dyn Future<Output = Result<bool, GwsError>> + Send + 'a>> {
         Box::pin(async move {
             if let Some(sub_matches) = matches.subcommand_matches("+subscribe") {

diff --git a/src/helpers/gmail/forward.rs b/src/helpers/gmail/forward.rs
@@ -18,6 +18,7 @@ use super::*;
 pub(super) async fn handle_forward(
     doc: &crate::discovery::RestDescription,
     matches: &ArgMatches,
+    policy: &crate::helpers::modelarmor::ExecutionPolicy,
 ) -> Result<(), GwsError> {
     let config = parse_forward_args(matches);
     let dry_run = matches.get_flag("dry-run");
@@ -54,6 +55,7 @@ pub(super) async fn handle_forward(
         &raw,
         Some(&original.thread_id),
         token.as_deref(),
+        policy,
     )
     .await
 }