Add experimental Google Workspace Gmail read#2052
Open
benjaminshafii wants to merge 1 commit into
Open
Conversation
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 7 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/server/src/extensions/google-workspace.ts">
<violation number="1" location="apps/server/src/extensions/google-workspace.ts:730">
P2: Gmail body extraction does not skip attachment parts, so text attachments can be returned as the email body.</violation>
</file>
<file name="apps/app/src/react-app/domains/settings/google-workspace-config.tsx">
<violation number="1" location="apps/app/src/react-app/domains/settings/google-workspace-config.tsx:251">
P2: The new experimental-scope reconnect flow warns users to use their own OAuth credentials, but the client ID input is hidden for already configured accounts, so affected users cannot update credentials from this settings panel.</violation>
</file>
<file name="apps/app/src/components/chat/message-list.tsx">
<violation number="1" location="apps/app/src/components/chat/message-list.tsx:151">
P1: Attachment downloads trust unvalidated URLs; unsafe schemes can be executed when the file card is clicked.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
| function downloadFilePart(part: FileUIPart, title: string) { | ||
| if (!part.url) return | ||
| const anchor = document.createElement("a") | ||
| anchor.href = part.url |
There was a problem hiding this comment.
P1: Attachment downloads trust unvalidated URLs; unsafe schemes can be executed when the file card is clicked.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/app/src/components/chat/message-list.tsx, line 151:
<comment>Attachment downloads trust unvalidated URLs; unsafe schemes can be executed when the file card is clicked.</comment>
<file context>
@@ -144,36 +145,56 @@ interface FileMessageProps {
+function downloadFilePart(part: FileUIPart, title: string) {
+ if (!part.url) return
+ const anchor = document.createElement("a")
+ anchor.href = part.url
+ anchor.download = part.filename || title || "download"
+ anchor.rel = "noopener noreferrer"
</file context>
Comment on lines
+730
to
+731
| if (mimeType === "text/plain") return decodeGmailText(data); | ||
| if (mimeType === "text/html" && !html) html = decodeGmailText(data); |
There was a problem hiding this comment.
P2: Gmail body extraction does not skip attachment parts, so text attachments can be returned as the email body.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/server/src/extensions/google-workspace.ts, line 730:
<comment>Gmail body extraction does not skip attachment parts, so text attachments can be returned as the email body.</comment>
<file context>
@@ -500,6 +689,222 @@ async function googleWorkspaceCreateDraft(config: ServerConfig, args: Record<str
+ const data = readStringField(body, "data");
+ if (!data) continue;
+ const mimeType = readStringField(part, "mimeType");
+ if (mimeType === "text/plain") return decodeGmailText(data);
+ if (mimeType === "text/html" && !html) html = decodeGmailText(data);
+ }
</file context>
Suggested change
| if (mimeType === "text/plain") return decodeGmailText(data); | |
| if (mimeType === "text/html" && !html) html = decodeGmailText(data); | |
| const filename = readStringField(part, "filename"); | |
| if (filename) continue; | |
| if (mimeType === "text/plain") return decodeGmailText(data); | |
| if (mimeType === "text/html" && !html) html = decodeGmailText(data); |
| <ShieldCheck /> | ||
| <AlertTitle>Reconnect for experimental scopes</AlertTitle> | ||
| <AlertDescription> | ||
| Gmail read and Calendar write are experimental, only work with your own Google OAuth credentials for now, and may be removed. Reconnect this account to request the new scopes. |
There was a problem hiding this comment.
P2: The new experimental-scope reconnect flow warns users to use their own OAuth credentials, but the client ID input is hidden for already configured accounts, so affected users cannot update credentials from this settings panel.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/app/src/react-app/domains/settings/google-workspace-config.tsx, line 251:
<comment>The new experimental-scope reconnect flow warns users to use their own OAuth credentials, but the client ID input is hidden for already configured accounts, so affected users cannot update credentials from this settings panel.</comment>
<file context>
@@ -218,7 +239,17 @@ function GoogleWorkspaceConfig({ openworkServerClient, hostOpenworkServerClient,
+ <ShieldCheck />
+ <AlertTitle>Reconnect for experimental scopes</AlertTitle>
+ <AlertDescription>
+ Gmail read and Calendar write are experimental, only work with your own Google OAuth credentials for now, and may be removed. Reconnect this account to request the new scopes.
+ </AlertDescription>
</Alert>
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification
pnpm --filter openwork-server test src/extensions/google-workspace.test.tspnpm --filter openwork-server typecheckpnpm --filter @openwork/app typecheckpnpm --filter openwork-server testfails with existing workspace bootstrap/import/reload expectations, Bunbetter-sqlite3unsupported loading, and serve-node stream error.Daytona E2E
feature/google-workspace-experimental-scopesand confirmed real Electron UA.calendar_create_event,gmail_get_latest_message,gmail_read_message, andgmail_download_attachment.pnpm --filter openwork-server test src/extensions/google-workspace.test.ts.Recording: https://8090-fugzd4hvnd9ibvvm.daytonaproxy01.net/recordings/google-workspace-experimental-scopes.mp4