# Gmail Send Design

## Purpose

Provide a minimal, safe, local email-sending path for OpenClaw workflows.

## Design principles

- least privilege
- deterministic inputs
- explicit user approval for external sends
- simple attachment support
- local logging
- easy failure modes

## Recommended command contract

```bash
python3 scripts/send_gmail.py \
  --to recipient@example.com \
  --subject "Subject here" \
  --body-file /path/to/body.txt \
  --attach /path/to/file.pdf
```

## Inputs

Required:
- `--to`
- `--subject`
- one of:
  - `--body`
  - `--body-file`

Optional:
- `--attach`
- `--cc`
- `--bcc`

## Outputs

On success:
- print JSON with recipient, subject, attachment, timestamp, and Gmail message ID

On failure:
- print a clear error and non-zero exit code

## Logging

Append one line of JSON per send to:
- `logs/gmail-send.log`

Include:
- timestamp
- recipient
- subject
- attachment path if any
- message id if returned
- status

## Safety boundaries

Allowed:
- direct one-off sends explicitly requested by user
- attachments generated locally

Not allowed by default:
- autonomous outreach
- bulk mail
- mailing lists
- silent external actions

## Operational advice

If this later becomes an OpenClaw-exposed tool, the wrapper should remain narrow rather than exposing the whole Gmail API surface.