Skip to content

feat(gmail): add --safe flag to get and thread get commands#238

Closed
urasmutlu wants to merge 2 commits intoopenclaw:mainfrom
urasmutlu:urasmutlu-feat/add-safe-mode-for-email-get
Closed

feat(gmail): add --safe flag to get and thread get commands#238
urasmutlu wants to merge 2 commits intoopenclaw:mainfrom
urasmutlu:urasmutlu-feat/add-safe-mode-for-email-get

Conversation

@urasmutlu
Copy link
Copy Markdown
Contributor

@urasmutlu urasmutlu commented Feb 12, 2026
edited
Loading

Summary

Closes #220

  • Add --safe flag to gmail get and gmail thread get commands that sanitizes email output for secure display
  • Strips HTML using a full parser (not regex), removing scripts, styles, and tags
  • Replaces all HTTP/HTTPS URLs with [url removed] to prevent phishing and tracking
  • Decodes HTML entities to catch obfuscated URLs (e.g. https://...)
  • In JSON mode, provides a sanitized bodies map and clears raw body data from the payload
  • Suppresses List-Unsubscribe header in safe mode to avoid leaking URLs

New flags

  • gog gmail get <messageId> --safe
  • gog gmail thread get <threadId> --safe

Test plan

  • Unit tests for safeExtractTextFromHTML (11 cases including malformed HTML, script/style removal, entities)
  • Unit tests for stripURLs (7 cases)
  • Unit tests for sanitizeBodyText (6 cases including HTML entity obfuscation)
  • Unit tests for sanitizeText (3 cases)
  • Unit tests for clearPayloadBodies (verifies text/* cleared, attachments preserved)
  • Integration-style tests for gmail get --safe in both JSON and text modes
  • Integration-style test for gmail thread get --safe in both JSON and text modes
  • make fmt and make lint pass with 0 issues

🤖 Generated with Claude Code

urasmutlu and others added 2 commits February 11, 2026 00:50
@urasmutlu @claude
feat(gmail): add --safe flag to get and thread get commands
46a2b7e 
Sanitize email output by stripping HTML via a full parser, removing
URLs to prevent phishing/tracking, and decoding HTML entities. In JSON
mode a sanitized bodies map is provided and raw body data is cleared.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@urasmutlu
Merge remote-tracking branch 'origin/main' into urasmutlu-feat/add-sa…
d038e32 
…fe-mode-for-email-get

# Conflicts:
#	internal/cmd/gmail_thread.go
@urasmutlu urasmutlu mentioned this pull request Feb 15, 2026
Closed
@drewburchfield drewburchfield mentioned this pull request Feb 24, 2026
Closed
20 tasks
@steipete
Copy link
Copy Markdown
Collaborator

steipete commented May 4, 2026

Thanks again for the proposal and implementation. I landed the feature on main as a tighter maintainer rewrite in 33284f0.

What changed from this PR:

  • Added gmail get and gmail thread get --sanitize-content, with --safe / --sanitize aliases.
  • Rejects gmail get --format raw --sanitize-content, because raw output cannot be made sanitized.
  • Uses a shared Gmail sanitizer for HTML-to-text, script/style removal, entity decoding, and HTTP(S) URL replacement.
  • In sanitized JSON mode, emits purpose-built safe envelopes instead of returning raw Gmail message / thread payloads, so agents do not accidentally consume unsanitized payload, body data, raw RFC822, or unsubscribe URLs.
  • Added leak-focused regression tests and README/changelog docs.
  • Kept contributor credit via changelog and Co-authored-by: urasmutlu <urasmutlu@gmail.com>.

Proof:

  • local focused sanitizer/get/thread tests
  • local make ci
  • pushed CI run 25304603987 is green on Linux, macOS, Windows, and worker jobs
  • docs site added in 8b8fd09 with generated command pages
  • Pages workflows 25304603983 and 25304603461 are green

Closing this PR as landed/superseded by the safer implementation on main.

@steipete steipete closed this May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: --safe flag for gmail read/get to sanitize email content

2 participants

@urasmutlu @steipete