blob: 52447022c8d3f1c3651ba6c68f529adb5e2040f1 [file] [view]
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)*
- [Tool: Gmail](#tool-gmail)
- [What this tool provides](#what-this-tool-provides)
- [Why this is its own tool](#why-this-is-its-own-tool)
- [When to replace this tool with another](#when-to-replace-this-tool-with-another)
- [Confidentiality](#confidentiality)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
<!-- SPDX-License-Identifier: Apache-2.0
https://www.apache.org/licenses/LICENSE-2.0 -->
# Tool: Gmail
This directory documents the **Gmail** tool adapter — the set of
capabilities the skills use when the adopting project declares Gmail
as its inbound-email / draft-creation backend.
A project opts into this tool by naming it in its manifest under
*Tools enabled*. For the adopting project see
[`../../<project-config>/project.md`](../../<project-config>/project.md#tools-enabled).
## What this tool provides
The skills use Gmail for four capabilities. Each has its own reference
file in this directory:
| Capability | File | What it covers |
|---|---|---|
| MCP operations | [`operations.md`](operations.md) | The `mcp__claude_ai_Gmail__*` tool catalogue (search, read, draft, list) + the no-update / no-delete limitation |
| Drafting backends | [`draft-backends.md`](draft-backends.md) | The two drafting backends (claude.ai Gmail MCP vs OAuth + `curl`), why both exist, and the `tools.gmail.draft_backend` config knob |
| Threading | [`threading.md`](threading.md) | The *"always pass `threadId` when the backend supports it"* rule — how drafts stay on the inbound thread across reporter replies, ASF-security relays, PMC credit questions, follow-ups |
| ASF-security-relay drafting | [`asf-relay.md`](asf-relay.md) | Special-case drafting rules when the inbound report is relayed by the ASF security team rather than sent by the external reporter directly |
| Search queries | [`search-queries.md`](search-queries.md) | Gmail search-operator cheat-sheet + skill-specific query templates (candidate-listing, reporter-thread lookup, CVE-review comments) |
Related, adjacent tool:
| Capability | File | What it covers |
|---|---|---|
| ASF PonyMail archive lookups | [`ponymail-archive.md`](ponymail-archive.md) | URL-construction pattern for the ASF's `lists.apache.org` archive (used by `sync-security-issue` to scan the public `users@` archive for the advisory URL, and by `import-security-issue` to resolve a pastable thread URL for the private `security@` list) |
## Why this is its own tool
Gmail is the security team's **inbox** for the private
`security@<project>.apache.org` mailing list and the **draft queue**
for every outbound reporter reply the skills compose. Gmail's draft
capability is load-bearing and cannot be swapped — this directory
stays in every project's toolchain because PonyMail MCP, the
alternative read path documented at
[`../ponymail/tool.md`](../ponymail/tool.md), is read-only and
cannot compose reporter replies.
**Role when PonyMail MCP is opted into.** When a user sets
`tools.ponymail.enabled: true` in their
[`config/user.md`](../../config/README.md) and authenticates the
MCP, PonyMail becomes the primary read backend for archive
queries (reporter-thread lookups, reviewer-comment searches,
`users@` / `dev@` archive scans, prior-rejection precedents).
Gmail stays as the fallback read path — used when a specific list
is outside the user's `tools.ponymail.private_lists` allowlist,
when PonyMail returns an error, or when inbox latency matters
for just-arrived messages. Gmail remains the **only** backend for
draft composition regardless. When the user has not opted into
PonyMail MCP, Gmail is the sole read backend and the skills run
exactly as before.
## When to replace this tool with another
A project that runs on a different mail stack can swap this directory
for a sibling `tools/<name>/` that provides equivalent capabilities
against its own backend (Fastmail, Microsoft Graph, Mailgun, a
`ponymail-mcp` OAuth flow, …). The contract the generic skills rely
on is:
1. **Search** — given a query and a time window, return matching
thread IDs.
2. **Read** — given a thread ID, return the full message history.
3. **Draft** — given a thread ID, create an unsent reply on the
inbound thread with thread attachment **where the backend
supports it**; otherwise fall back to a subject-matched draft
(`Re: <root subject>` + `In-Reply-To` / `References` headers so
the recipient's client still threads it). The two backends
available today are documented in
[`draft-backends.md`](draft-backends.md).
4. **List drafts** — so stale drafts can be detected before the
skills forward-flag them in every new sync comment.
The threading semantics — *"prefer thread attachment when
available; fall back to same-subject matching, never fabricate a
new subject"* — are non-negotiable regardless of backend; see
[`threading.md`](threading.md).
## Confidentiality
Gmail drafts created by the skills land in the user's personal Gmail
account and are visible only to that user until sent. **Never send** —
the skills only *create* drafts; a human review-and-send step is
required for every outbound message. Confidentiality rules in
[`../../AGENTS.md`](../../AGENTS.md) still bind the draft content:
status updates to the reporter may reference the private tracker URL
(reporter is on the private thread), but any message destined for a
mailing list outside the security circle must be scrubbed.