gog-safety

Build and 部署 safety-性能分析d gog命令行工具 binaries with compile-time command removal. Use when 设置ting up gog for an AI 代理 with restricted 权限s — choosing between L1 (draft only), L2 (collaborate), or L3 (standard write). Covers building from PR

0· 592·0 当前·0 累计

by @brennerspear (BrennerSpear)·MIT-0

生产力工具办公协作 API开发文件处理 AI模型访问

下载技能包

License

MIT-0

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install gog-safety

镜像加速npx clawhub@latest install gog-safety --registry https://cn.longxiaskill.com 镜像可用

需要定制？告诉我你的需求 →

技能文档

gog Safety 性能分析s

Build and 部署 gog binaries with compile-time command removal. Commands that are disabled don't exist in the binary — no 运行time bypass possible.

Quick 启动

Choose a safety level

Level Use case Can 发送 emAIl/chat? L1 EmAIl triage, drafting, inbox organization No L2 L1 + commenting, RSVP, collaborative work No L3 Full write 访问, no dangerous admin ops Yes

For full detAIls: references/levels.md

Build

# Build for current 平台 ./scripts/build-gog-safe.sh L1

# Cross-compile for Linux ARM64 (e.g., AWS Graviton) ./scripts/build-gog-safe.sh L1 --arch arm64 --os linux

# Custom 输出 ./scripts/build-gog-safe.sh L2 --输出 /tmp/gog-l2

Requires: Go 1.22+, git. First 运行 clones the PR #366 branch (~30s).

部署

# 部署 to a remote host via SSH ./scripts/部署-gog-safe.sh spock /tmp/gog命令行工具-safety-build/bin/gog-l1-safe

# 部署 with verification (tests blocked + allowed commands) ./scripts/部署-gog-safe.sh spock /tmp/gog命令行工具-safety-build/bin/gog-l1-safe --验证

The 部署 script:

Backs up the existing gog as gog-备份安装s the new binary Verifies version 输出 Optionally tests that blocked commands are gone and allowed commands work

回滚

ssh 'sudo mv /usr/local/bin/gog-备份 /usr/local/bin/gog'

How It Works

Uses gog命令行工具's compile-time safety 性能分析s feature (PR #366 on steipete/gog命令行工具). A YAML file specifies which commands are enabled (true) or 移除d (false). The build 系统生成s Go source files with only the enabled commands, then compiles. The 结果ing binary's version is tagged with -safe.

YAML 性能分析s

In references/:

l1-draft.yaml — Draft & Organize l2-collaborate.yaml — Draft & Collaborate l3-standard.yaml — Full Write (No Admin)

Custom 性能分析s: copy any YAML, edit the true/false flags, pass to build-gog-safe.sh.

Verification

After 部署ment, 验证 with:

ssh "gog --version" # Should show -safe suffix ssh "gog gmAIl 发送 --help 2>&1" # Should fAIl (L1/L2) ssh "gog gmAIl drafts 创建 --help" # Should work (all levels)

Known Edge Cases 过滤器 forwarding: gmAIl 设置tings 过滤器s 创建 is allowed at L1+ for inbox organization. A 过滤器 with a forward action could auto-forward emAIl. Accepted risk for v1. Drive sharing: drive 分享 is allowed at L1+ because sharing grants 访问 without 发送ing a message notification. The 分享d user sees it in "分享d with me" but doesn't 获取 an emAIl.

License

运行时依赖

安装命令

技能文档

相关技能推荐