The hook_token was printed in plaintext via `gmail watch status`, which
could leak the bearer token through terminal scrollback, CI logs, or
screen sharing. Token is now masked by default (first 4 chars + length)
in both text and JSON output. A new `--show-secrets` flag on the status
subcommand reveals the full value when explicitly requested.
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Implements Google Admin SDK Directory API support for Workspace user and
group management with domain-wide delegation.
New commands:
- gog admin users list --domain example.com
- gog admin users get user@example.com
- gog admin users create user@example.com --given John --family Doe
- gog admin users suspend user@example.com
- gog admin groups list --domain example.com
- gog admin groups members list group@example.com
- gog admin groups members add group@example.comuser@example.com --role MEMBER
- gog admin groups members remove group@example.comuser@example.comCloses#340
Note: This is a focused implementation of core user/group management.
For full GAM feature parity (PR #179), additional work would be needed
for: alerts, licenses, org units, printers, reports, vault, SSO, etc.
Adds a new `sheets named-ranges` command group to list/get/add/update/delete
named ranges via Sheets batchUpdate.
Extends range handling so `sheets format` and data-validation copy can target
named ranges, improves A1 parsing for GridRange-backed operations, and includes
reviewed safety/regression updates for range resolution and SheetId force-send.
Add CLI support for the People API relations field (spouse, child,
friend, etc.) via --relation type=person. Extract shared parseKeyValuePairs
helper to reduce duplication with --custom parsing.
Also fix pre-existing compile error in contactsApplyPersonName and
contactsApplyPersonOrganization parameter signatures.
Adds `gog gmail messages modify <messageId> --add <labels> --remove <labels>`
so users can add/remove labels on individual messages, not just threads.
Previously only `gmail thread modify` (all messages in a thread) and
`gmail batch modify` (multiple message IDs) were available. This fills the
gap for single-message label operations like trash, archive, or custom
label assignment.
Fixes#277
Co-Authored-By: Claude <noreply@anthropic.com>
The existing `notes` command reads cell notes but cannot write them.
Add `update-note` (alias: `set-note`) to set or clear notes via
batchUpdate with updateCells + fields: "note".
Supports --note for inline text, --note-file for file content,
single cells and ranges. Naming follows slides update-notes pattern.
Closes#429
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Skip setting cfg.Subject when the subject matches the service account's
own client_email. This lets a service account access only resources
explicitly shared with it, without requiring Domain-Wide Delegation.
Closessteipete/gogcli#346✍️ Author: Claude Code with @carrotRakko (AI-written, human-approved)
* docs: brew official formula
* docs(install): note official Homebrew formula (#361) (thanks @zeldrisho)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* test(gmail): add regression coverage for cc output in gmail get metadata
* fix(gmail): preserve cc metadata output in plain get (#343) (thanks @salmonumbrella)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat(root): show help if no args were provided
* fix(root): show help when no args are provided (#342) (thanks @cstenglein)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(sheets): use tableWriter helper in metadata to respect --plain TSV output
The `sheets metadata` command was using `tabwriter.NewWriter` directly
instead of the `tableWriter` helper, which converts tab characters to
spaces for visual alignment. This broke `--plain` mode, which documents
stable TSV output for piping to external tools.
Changes:
- Replace direct `tabwriter.NewWriter` in `SheetsMetadataCmd` with
`tableWriter(ctx)` helper (which already respects `IsPlain`)
- Remove unused `text/tabwriter` import from sheets.go
- Fix type mismatch in `contactsApplyPersonName` and
`contactsApplyPersonOrganization` function signatures (#285)
- Add tests for plain TSV output in both `sheets get` and
`sheets metadata` commands
Fixes#209Fixes#285
* fix(sheets): respect plain TSV output in metadata (#298) (thanks @mahsumaktas)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
On macOS, the Keychain can silently write 0-byte entries when it is
locked in a headless/server environment, even though Set returns no
error. The pre-flight check (EnsureKeychainAccess) does not catch
every case because the Keychain can appear unlocked yet still drop
data.
Add a read-back verification after SetToken writes the primary token.
If the read-back fails or returns empty data, return an actionable
error that suggests switching to the file-based keyring backend.
Fixes#206
Co-Authored-By: Claude <noreply@anthropic.com>
