Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request represents a new release for the Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #434 +/- ##
=======================================
Coverage 64.52% 64.52%
=======================================
Files 38 38
Lines 15652 15652
=======================================
Hits 10100 10100
Misses 5552 5552 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Code Review
This pull request automates the release of version 0.12.0. The changes primarily consist of version bumps in package.json, Cargo.toml, and Cargo.lock, along with updates to CHANGELOG.md and flake.lock. This release introduces structured exit codes for improved scripting and fixes encrypted credential persistence by using native keyring backends. My review identified an inconsistency in the documentation for the new exit codes between the changelog and the CLI's help output, which I've detailed in a specific comment.
| | Code | Meaning | | ||
| | ---- | --------------------------------------------------------------- | | ||
| | `0` | Success | | ||
| | `1` | API error — Google returned a 4xx/5xx response | | ||
| | `2` | Auth error — credentials missing, expired, or invalid | | ||
| | `3` | Validation error — bad arguments, unknown service, invalid flag | | ||
| | `4` | Discovery error — could not fetch the API schema document | | ||
| | `5` | Internal error — unexpected failure | |
There was a problem hiding this comment.
The descriptions for the exit codes in this changelog are more detailed and helpful than what is currently used for the CLI's --help output. For consistency and to provide the best user experience, it would be beneficial to update the EXIT_CODE_DOCUMENTATION constant in src/error.rs to use these more descriptive messages. For instance, for exit code 1, the changelog specifies 'API error — Google returned a 4xx/5xx response', which is more informative than the current help text 'API error — Google returned an error response'.
a83cda1 to
5388f6d
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request, generated by the Changesets release action, prepares for the release of version 0.12.1. The changes include version bumps in package.json, Cargo.toml, and Cargo.lock, an update to CHANGELOG.md with the latest patch notes, and the removal of the corresponding changeset file. All modifications are consistent and appear correct for an automated release. I have no further comments.
5388f6d to
16cf18e
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request is an automated release for version 0.13.0. The changes primarily consist of version bumps in configuration files, an updated changelog, and modifications to documentation. While most changes are appropriate for a release, I've identified a significant issue in the documentation for Gmail helper commands. Important tips and warnings related to the --html flag have been removed from several SKILL.md files. This information is crucial for correct usage of the feature, and its removal could lead to user confusion. I've added comments with suggestions to restore the removed content.
| - Includes the original message with sender, date, subject, and recipients. | ||
| - With `--html`, the forwarded block uses Gmail's `gmail_quote` CSS classes and preserves the original message's HTML formatting. Use HTML fragment tags (`<p>`, `<b>`, `<a>`, etc.) — no `<html>`/`<body>` wrapper needed. | ||
| - With `--html`, inline images embedded in the forwarded message (`cid:` references) will appear broken. Externally hosted images are unaffected. | ||
|
|
There was a problem hiding this comment.
Important tips regarding the use of the --html flag have been removed. These tips provided valuable information about how HTML content is handled, including the use of gmail_quote CSS classes, the recommendation to use HTML fragments instead of full documents, and a crucial warning about broken inline images (cid: references). Removing this information can lead to confusion and unexpected behavior for users. It's highly recommended to restore these tips.
| - With `--html`, the forwarded block uses Gmail's `gmail_quote` CSS classes and preserves the original message's HTML formatting. Use HTML fragment tags (`<p>`, `<b>`, `<a>`, etc.) — no `<html>`/`<body>` wrapper needed. | |
| - With `--html`, inline images embedded in the forwarded message (`cid:` references) will appear broken. Externally hosted images are unaffected. |
| - Use --bcc for recipients who should not be visible to others. | ||
| - Use --remove to exclude recipients from the outgoing reply, including the sender or Reply-To target. | ||
| - The command fails if no To recipient remains after exclusions and --to additions. | ||
|
|
There was a problem hiding this comment.
Important tips regarding the use of the --html flag have been removed. These tips provided valuable information about how HTML content is handled, including the use of gmail_quote CSS classes, the recommendation to use HTML fragments instead of full documents, and a crucial warning about broken inline images (cid: references). Removing this information can lead to confusion and unexpected behavior for users. It's highly recommended to restore these tips.
| - With `--html`, the quoted block uses Gmail's `gmail_quote` CSS classes and preserves the original message's HTML formatting. Use HTML fragment tags (`<p>`, `<b>`, `<a>`, etc.) — no `<html>`/`<body>` wrapper needed. | |
| - With `--html`, inline images embedded in the quoted message (`cid:` references) will appear broken. Externally hosted images are unaffected. |
| - With `--html`, inline images embedded in the quoted message (`cid:` references) will appear broken. Externally hosted images are unaffected. | ||
| - `--to` adds extra recipients to the To field. | ||
| - For reply-all, use `+reply-all` instead. | ||
| - --to adds extra recipients to the To field. |
There was a problem hiding this comment.
Important tips regarding the use of the --html flag have been removed. These tips provided valuable information about how HTML content is handled, including the use of gmail_quote CSS classes, the recommendation to use HTML fragments instead of full documents, and a crucial warning about broken inline images (cid: references). Removing this information can lead to confusion and unexpected behavior for users. It's highly recommended to restore these tips.
| - --to adds extra recipients to the To field. | |
| - With `--html`, the quoted block uses Gmail's `gmail_quote` CSS classes and preserves the original message's HTML formatting. Use HTML fragment tags (`<p>`, `<b>`, `<a>`, etc.) — no `<html>`/`<body>` wrapper needed. | |
| - With `--html`, inline images embedded in the quoted message (`cid:` references) will appear broken. Externally hosted images are unaffected. | |
| - --to adds extra recipients to the To field. |
|
|
||
| - Handles RFC 2822 formatting and base64 encoding automatically. | ||
| - With `--html`, the `--body` value should be HTML content, not a full document. Use tags like `<p>`, `<b>`, `<i>`, `<a href="...">`, `<br>`, `<ul>/<ol>/<li>`, `<table>`. No need for `<html>`/`<head>`/`<body>` wrappers. | ||
| - For attachments, use the raw API instead: gws gmail users messages send --json '...' |
There was a problem hiding this comment.
An important tip regarding the use of the --html flag has been removed. This tip provided valuable information about how HTML content should be formatted (as a fragment, not a full document). Removing this information can lead to confusion and unexpected behavior for users. It's highly recommended to restore this tip.
| - For attachments, use the raw API instead: gws gmail users messages send --json '...' | |
| - With `--html`, the `--body` value should be HTML content, not a full document. Use tags like `<p>`, `<b>`, `<i>`, `<a href="...">`, `<br>`, `<ul>/<ol>/<li>`, `<table>`. No need for `<html>`/`<head>`/`<body>` wrappers. | |
| - For attachments, use the raw API instead: gws gmail users messages send --json '...' |
…lder Replace custom MessageBuilder, RFC 2047 encoding, header sanitization, and address encoding (including googleworkspace#482) with the mail-builder crate (Stalwart Labs, 0 runtime deps). Each command builds a mail_builder::MessageBuilder directly. Introduce structured types throughout: - Mailbox type (parsed display name + email) replaces raw string passing - sanitize_control_chars strips ASCII control characters (CRLF, null, tab, etc.) at the parse boundary — defense-in-depth for mail-builder's structured header types, superseding sanitize_header_value, sanitize_component, and encode_address_header from googleworkspace#482 - OriginalMessage fields use Option<T> instead of empty-string sentinels - parse_original_message returns Result with validation (threadId, From, Message-ID) - Pre-parsed Config types (SendConfig, ForwardConfig, ReplyConfig) with Vec<Mailbox> — parse at the boundary, not downstream - parse_forward_args and parse_send_args return Result with --to validation, consistent with parse_reply_args - parse_optional_mailboxes helper normalizes Some(vec![]) to None for optional address fields (--cc, --bcc, --from) - Envelope types borrow from Config + OriginalMessage with lifetimes - Message IDs stored bare (no angle brackets), parsed once at boundary - References stored as Vec<String> instead of space-separated string - ThreadingHeaders bundles In-Reply-To + References with debug_assert for bare-ID convention - Shared CLI arg builders (common_mail_args, common_reply_args) eliminate duplicated --cc/--bcc/--html/--dry-run definitions Additional improvements: - finalize_message returns Result instead of panicking via .expect() - Mailbox::parse_list filters empty-email entries (trailing comma edge case) - format_email_link percent-encodes mailto hrefs to prevent parameter injection - Forward date handling: omits Date line when absent instead of showing empty "Date: " - Dry-run auth: log skipped auth as diagnostic instead of silently discarding errors - Restore --html tips in after_help strings (gmail_quote CSS, cid: image warnings, HTML fragment advice) lost in release PR googleworkspace#434 - Update execute_method call for upload_content_type parameter (googleworkspace#429) Delete: MessageBuilder, encode_header_value, sanitize_header_value, encode_address_header, sanitize_component, extract_email, extract_display_name, split_mailbox_list, build_references.
…lder Replace custom MessageBuilder, RFC 2047 encoding, header sanitization, and address encoding (including #482) with the mail-builder crate (Stalwart Labs, 0 runtime deps). Each command builds a mail_builder::MessageBuilder directly. Introduce structured types throughout: - Mailbox type (parsed display name + email) replaces raw string passing - sanitize_control_chars strips ASCII control characters (CRLF, null, tab, etc.) at the parse boundary — defense-in-depth for mail-builder's structured header types, superseding sanitize_header_value, sanitize_component, and encode_address_header from #482 - OriginalMessage fields use Option<T> instead of empty-string sentinels - parse_original_message returns Result with validation (threadId, From, Message-ID) - Pre-parsed Config types (SendConfig, ForwardConfig, ReplyConfig) with Vec<Mailbox> — parse at the boundary, not downstream - parse_forward_args and parse_send_args return Result with --to validation, consistent with parse_reply_args - parse_optional_mailboxes helper normalizes Some(vec![]) to None for optional address fields (--cc, --bcc, --from) - Envelope types borrow from Config + OriginalMessage with lifetimes - Message IDs stored bare (no angle brackets), parsed once at boundary - References stored as Vec<String> instead of space-separated string - ThreadingHeaders bundles In-Reply-To + References with debug_assert for bare-ID convention - Shared CLI arg builders (common_mail_args, common_reply_args) eliminate duplicated --cc/--bcc/--html/--dry-run definitions Additional improvements: - finalize_message returns Result instead of panicking via .expect() - Mailbox::parse_list filters empty-email entries (trailing comma edge case) - format_email_link percent-encodes mailto hrefs to prevent parameter injection - Forward date handling: omits Date line when absent instead of showing empty "Date: " - Dry-run auth: log skipped auth as diagnostic instead of silently discarding errors - Restore --html tips in after_help strings (gmail_quote CSS, cid: image warnings, HTML fragment advice) lost in release PR #434 - Update execute_method call for upload_content_type parameter (#429) Delete: MessageBuilder, encode_header_value, sanitize_header_value, encode_address_header, sanitize_component, extract_email, extract_display_name, split_mailbox_list, build_references.
…#526) * refactor(gmail): replace hand-rolled email construction with mail-builder Replace custom MessageBuilder, RFC 2047 encoding, header sanitization, and address encoding (including #482) with the mail-builder crate (Stalwart Labs, 0 runtime deps). Each command builds a mail_builder::MessageBuilder directly. Introduce structured types throughout: - Mailbox type (parsed display name + email) replaces raw string passing - sanitize_control_chars strips ASCII control characters (CRLF, null, tab, etc.) at the parse boundary — defense-in-depth for mail-builder's structured header types, superseding sanitize_header_value, sanitize_component, and encode_address_header from #482 - OriginalMessage fields use Option<T> instead of empty-string sentinels - parse_original_message returns Result with validation (threadId, From, Message-ID) - Pre-parsed Config types (SendConfig, ForwardConfig, ReplyConfig) with Vec<Mailbox> — parse at the boundary, not downstream - parse_forward_args and parse_send_args return Result with --to validation, consistent with parse_reply_args - parse_optional_mailboxes helper normalizes Some(vec![]) to None for optional address fields (--cc, --bcc, --from) - Envelope types borrow from Config + OriginalMessage with lifetimes - Message IDs stored bare (no angle brackets), parsed once at boundary - References stored as Vec<String> instead of space-separated string - ThreadingHeaders bundles In-Reply-To + References with debug_assert for bare-ID convention - Shared CLI arg builders (common_mail_args, common_reply_args) eliminate duplicated --cc/--bcc/--html/--dry-run definitions Additional improvements: - finalize_message returns Result instead of panicking via .expect() - Mailbox::parse_list filters empty-email entries (trailing comma edge case) - format_email_link percent-encodes mailto hrefs to prevent parameter injection - Forward date handling: omits Date line when absent instead of showing empty "Date: " - Dry-run auth: log skipped auth as diagnostic instead of silently discarding errors - Restore --html tips in after_help strings (gmail_quote CSS, cid: image warnings, HTML fragment advice) lost in release PR #434 - Update execute_method call for upload_content_type parameter (#429) Delete: MessageBuilder, encode_header_value, sanitize_header_value, encode_address_header, sanitize_component, extract_email, extract_display_name, split_mailbox_list, build_references. * feat(gmail): add --from flag to +send for send-as alias support Consistent with +reply, +reply-all, and +forward which already support --from. Uses the same parse_optional_mailboxes path and apply_optional_headers plumbing. * fix: quote display names with RFC 2822 special characters in +reply When replying to emails from corporate senders with display names like "Anderson, Rich (CORP)" <email@adp.com>, the +reply command fails with "Invalid To header" (400) from the Gmail API. The root cause: encode_address_header() strips quotes from the display name via extract_display_name(), then reconstructs the address without re-quoting. When the display name contains RFC 2822 special characters (commas, parentheses), the unquoted form is ambiguous — commas split it into multiple malformed mailboxes and parentheses are interpreted as RFC 2822 comments. Fix: re-quote the display name when it contains any RFC 2822 special characters, using a single-pass character iterator that preserves already-escaped sequences and escapes bare quotes/backslashes. Fixes #512 * feat(gmail): add --attachment flag, +read helper, and mail-builder migration Consolidates PRs #491, #513, #517, and #502 into a single rollup: - Migrate message construction to mail-builder crate (RFC-compliant MIME) - Add --from flag to +send for send-as alias support - Add --attachment flag to +send with MIME auto-detection and path validation - Add +read helper for extracting message body/headers (text, HTML, JSON) - Serialize support for OriginalMessage and Mailbox types - Display name quoting handled natively by mail-builder * chore: regenerate skills [skip ci] * fix: use validate_safe_file_path for attachment path validation Addresses Gemini review: validate_safe_dir_path hardcodes '--dir' in error messages. validate_safe_file_path accepts the flag name, so errors now correctly reference '--attachment'. * refactor: make OriginalMessage.thread_id optional The Gmail API does not guarantee threadId on all message resources (e.g. drafts). Making it Option<String> prevents parse failures on valid messages and avoids requiring thread_id in helpers like +read that don't use it. * fix: use canonicalized path for attachment file operations (TOCTOU) validate_safe_file_path returns a canonicalized PathBuf. Use it for exists/is_file checks and downstream file reads instead of the original un-resolved path to prevent time-of-check/time-of-use races. * feat(gmail): add --attach flag for file attachments Add -a/--attach to +send, +reply, +reply-all, and +forward. Can be specified multiple times for multiple attachments. MIME type is auto- detected via mime_guess2. Closes #247. Send via the Gmail API upload endpoint (multipart/related with message/rfc822 media type) instead of base64-encoding into a JSON raw field. This raises the size limit from ~5MB (metadata-only endpoint) to 35MB (upload endpoint, per discovery document). Introduce UploadSource enum in the executor to consolidate upload_path, upload_content_type, and upload_bytes into a single type-safe parameter. File and Bytes variants make the two upload strategies (from disk vs. from memory) mutually exclusive by construction. Validates attachment paths (control characters, regular file, non-empty) and total size (25MB raw limit, accounting for base64 expansion of attachments within the MIME message against the 35MB API limit). Size check uses actual bytes read to avoid TOCTOU race. * chore: update changeset and fix integration with malob's attachment impl Update changeset to reflect combined work. Fix thread_id type mismatches in new tests from cherry-pick. Fix upload_path scope in main.rs. Make reject_control_chars pub(crate) for attachment validation. Co-authored-by: Malo Bourgon <mbourgon@gmail.com> * chore: regenerate skills [skip ci] * fix: restore MIME sanitization and terminal escape protection in executor Restore two security features accidentally lost during the UploadSource refactor: 1. resolve_upload_mime: restructure from early-returns to collect-then- sanitize pattern — strips control chars from user-supplied MIME types to prevent CRLF header injection. 2. Model Armor error path: restore sanitize_for_terminal on error messages to prevent terminal escape sequence injection from API responses. Co-authored-by: Malo Bourgon <mbourgon@gmail.com> * chore: remove duplicate changeset from cherry-pick gmail-attach-flag.md duplicated content already in gmail-helpers-rollup.md. Both were marked minor, which would cause a double version bump. * fix: add path traversal protection to attachment validation Replace reject_control_chars with validate_safe_file_path in parse_attachments. All file operations (metadata, read, filename extraction, MIME detection) now use the canonicalized path, preventing path traversal attacks (e.g. ../../.ssh/id_rsa) and closing TOCTOU gaps. Update tests to use CWD-relative temp directories (tempdir_in(".")) since validate_safe_file_path rejects paths outside the working directory. Co-authored-by: Malo Bourgon <mbourgon@gmail.com> * refactor: deduplicate terminal sanitizer in read.rs Replace the local sanitize_terminal_output function with the existing crate::error::sanitize_for_terminal via import alias. This eliminates code duplication and provides consistent sanitization across the codebase. The crate-wide sanitizer also correctly strips CR (carriage return) which can be abused for terminal overwrite attacks. --------- Co-authored-by: Malo Bourgon <mbourgon@gmail.com> Co-authored-by: Rich Anderson <richanderson00@gmail.com> Co-authored-by: jpoehnelt-bot <jpoehnelt-bot@users.noreply.github.com> Co-authored-by: googleworkspace-bot <googleworkspace-bot@users.noreply.github.com>
* chore: release versions * chore: regenerate skills [skip ci] --------- Co-authored-by: googleworkspace-bot <googleworkspace-bot@users.noreply.github.com>
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
@googleworkspace/cli@0.13.0
Minor Changes
--htmlflag to+send,+reply,+reply-all, and+forwardfor HTML email composition.Patch Changes
2df32ee: Document helper commands (
+prefix) in READMEAdds a "Helper Commands" section to the Advanced Usage chapter explaining
the
+prefix convention, listing all 24 helper commands across 10 serviceswith descriptions and usage examples.