Build and deploy safety-profiled gogcli binaries with compile-time command removal. Use when setting up gog for an AI agent with restricted permissions — cho...
--- name: gog-safety description: Build and deploy safety-profiled gogcli binaries with compile-time command removal. Use when setting up gog for an AI agent with restricted permissions — choosing between L1 (draft only), L2 (collaborate), or L3 (standard write). Covers building from PR #366, deploying to remote hosts, and verifying blocked commands. --- # gog Safety Profiles Build and deploy `gog` binaries with compile-time command removal. Commands that are disabled don't exist in the binary — no runtime bypass possible. ## Quick Start ### 1. Choose a safety level | Level | Use case | Can send email/chat? | |-------|----------|---------------------| | **L1** | Email triage, drafting, inbox organization | No | | **L2** | L1 + commenting, RSVP, collaborative work | No | | **L3** | Full write access, no dangerous admin ops | Yes | For full details: `references/levels.md` ### 2. Build ```bash # Build for current platform ./scripts/build-gog-safe.sh L1 # Cross-compile for Linux ARM64 (e.g., AWS Graviton) ./scripts/build-gog-safe.sh L1 --arch arm64 --os linux # Custom output ./scripts/build-gog-safe.sh L2 --output /tmp/gog-l2 ``` Requires: Go 1.22+, git. First run clones the PR #366 branch (~30s). ### 3. Deploy ```bash # Deploy to a remote host via SSH ./scripts/deploy-gog-safe.sh spock /tmp/gogcli-safety-build/bin/gog-l1-safe # Deploy with verification (tests blocked + allowed commands) ./scripts/deploy-gog-safe.sh spock /tmp/gogcli-safety-build/bin/gog-l1-safe --verify ``` The deploy script: - Backs up the existing `gog` as `gog-backup` - Installs the new binary - Verifies version output - Optionally tests that blocked commands are gone and allowed commands work ### 4. Rollback ```bash ssh <host> 'sudo mv /usr/local/bin/gog-backup /usr/local/bin/gog' ``` ## How It Works Uses gogcli's compile-time safety profiles feature (PR #366 on `steipete/gogcli`). A YAML file specifies which commands are enabled (`true`) or removed (`false`). The build system generates Go source files with only the enabled commands, then compiles. The resulting binary's version is tagged with `-safe`. ## YAML Profiles In `references/`: - `l1-draft.yaml` — Draft & Organize - `l2-collaborate.yaml` — Draft & Collaborate - `l3-standard.yaml` — Full Write (No Admin) Custom profiles: copy any YAML, edit the `true`/`false` flags, pass to `build-gog-safe.sh`. ## Verification After deployment, verify with: ```bash ssh <host> "gog --version" # Should show -safe suffix ssh <host> "gog gmail send --help 2>&1" # Should fail (L1/L2) ssh <host> "gog gmail drafts create --help" # Should work (all levels) ``` ## Known Edge Cases - **Filter forwarding:** `gmail settings filters create` is allowed at L1+ for inbox organization. A filter with a forward action could auto-forward email. Accepted risk for v1. - **Drive sharing:** `drive share` is allowed at L1+ because sharing grants access without sending a message notification. The shared user sees it in "Shared with me" but doesn't get an email.
don't have the plugin yet? install it then click "run inline in claude" again.
added explicit inputs section documenting go version, ssh/sudo requirements, and build artifacts; expanded procedure into six numbered steps with clear input/output signatures; extracted five decision points covering custom profiles, network failures, ssh auth, sudo permission errors, and misconfigured yaml; documented output contract as three sections (build, deployment, verification); clarified outcome signals with concrete version string and error message expectations.
Build and deploy gog binaries with compile-time command removal for restricted AI agent execution. Choose from three safety levels (L1 draft-only, L2 collaborative, L3 standard write) to lock down which commands exist in the binary itself. Use this skill when you need hard permission boundaries that can't be bypassed at runtime because the commands literally aren't compiled in.
External Dependencies
/usr/local/bin)Repository & Build Artifacts
steipete/gogcli repository with PR #366 branch (auto-cloned on first run)./scripts/build-gog-safe.sh and ./scripts/deploy-gog-safe.shreferences/:l1-draft.yaml (draft and organize only)l2-collaborate.yaml (draft, organize, and collaborative ops)l3-standard.yaml (full write except admin operations)Environment Setup
/tmp/gogcli-safety-build/bin)gog-backup)Select a safety level based on agent use case:
Build the safety-profiled binary by running:
./scripts/build-gog-safe.sh <LEVEL> [--arch <ARCH>] [--os <OS>] [--output <PATH>]
Input: safety level (L1, L2, or L3), optional target architecture (arm64, amd64, etc.), optional target OS (linux, darwin, etc.), optional output directory.
Output: compiled binary at <output-dir>/gog-<LEVEL>-safe (default output: /tmp/gogcli-safety-build/bin/gog-<LEVEL>-safe). Binary tagged with -safe suffix in version output.
Note: First run clones the gogcli repo, takes approx 30 seconds.
Verify the local build by running version check and spot-testing a blocked command:
/tmp/gogcli-safety-build/bin/gog-l1-safe --version
/tmp/gogcli-safety-build/bin/gog-l1-safe gmail send --help 2>&1
Input: path to built binary.
Output: version string should contain -safe; blocked commands should error with "command not found" or similar.
Deploy to remote host by running:
./scripts/deploy-gog-safe.sh <HOST> <BINARY-PATH> [--verify]
Input: target hostname or IP, full path to built binary, optional --verify flag.
Output: binary installed to /usr/local/bin/gog on target host; prior binary backed up as /usr/local/bin/gog-backup.
Verify remote deployment (if --verify flag used during deploy, this is automatic; if not, run manually):
ssh <HOST> "gog --version"
ssh <HOST> "gog gmail send --help 2>&1"
ssh <HOST> "gog gmail drafts create --help"
Input: target hostname.
Output: version shows -safe suffix; blocked commands fail; allowed commands show help text.
Rollback if needed by reversing the backup:
ssh <HOST> 'sudo mv /usr/local/bin/gog-backup /usr/local/bin/gog'
Input: target hostname. Output: prior gog binary restored.
If using a custom safety profile: copy any YAML profile from references/, edit the true/false flags to enable or disable specific commands, then pass the custom file path to the build script via --profile <PATH>. The build system reads the YAML and compiles only enabled commands into the binary.
If the build script cannot clone the gogcli repo (network timeout or auth error): manually clone git clone --branch feature/safety-profiles https://github.com/steipete/gogcli.git to a local directory and point the build script to it using --repo-path <PATH>. The script will use the existing clone instead of fetching.
If deployment to a remote host fails with SSH timeout or connection refused: verify SSH connectivity to the host first (ssh <HOST> echo ok), confirm SSH key is loaded in the agent, and check that the target hostname is correct. Re-run the deploy script once connectivity is confirmed.
If the deploy script fails with "Permission denied" when writing to /usr/local/bin: confirm that the SSH user has sudo privileges without password prompt, or run the deploy with explicit sudo wrapping (requires passwordless sudo configured on the target host).
If a blocked command still executes on the target after deployment (runtime bypass suspected): this indicates the binary was not built with the safety profile applied. Verify the binary file matches the expected output from step 2 and re-run deployment with the --verify flag to test blocked commands.
If the result set is empty (no commands enabled at the chosen level): this is a misconfiguration of the YAML profile. Verify the profile YAML has at least one command set to true and rebuild.
Build Output
<output-dir>/gog-<LEVEL>-safe (e.g., /tmp/gogcli-safety-build/bin/gog-l1-safe)gog-l1-safe --version outputs a version string containing the substring -safeDeployment Output
/usr/local/bin/gog on target host, owned by root, executable by all users/usr/local/bin/gog-backup (same directory)Verification Output (if --verify flag used)
The skill worked when:
gog --version (run on the target host after deployment) outputs a version string that includes -safegog gmail send --help on L1) returns a "command not found" error, not a help messagegog gmail drafts create --help on L1) returns the expected help text without errorgog-backup exists on the target host and can be restored if neededKnown limitations: filter forwarding at L1+ can forward email if a filter with forward action is created (accepted risk). Drive sharing at L1+ grants read access without email notification to the shared user (accepted risk).