drive: add write tools and safety controls#31
Open
walac wants to merge 2 commits into
Open
Conversation
walac
force-pushed
the
main
branch
2 times, most recently
from
3adc9d4 to
a1f92db
Compare
sergio-correia
requested changes
May 16, 2026
Contributor
sergio-correia
left a comment
sergio-correia
left a comment
There was a problem hiding this comment.
You need to update context.md for write tools. It currently says the plugin is read-only and "cannot create, modify, or delete files.". Please update it to reflect the write capabilities.
Consider also adding httptest-based tests for the non-dry-run paths of upload, rename, copy, and delete, similar to TestToolCreateFolderActual.
The Google Drive plugin previously only supported read operations. This change introduces write capabilities by adding upload, rename, move, copy, soft-delete, and folder creation tools, expanding the plugin's utility for file management. To support these operations, the OAuth scope is upgraded to full read-write access. A lazy scope probing mechanism is implemented using GenerateIds on the first write attempt. If the token lacks the required scope, the tool returns an error guiding the user to re-authorize. This probe automatically resets upon encountering a 403 error to ensure subsequent attempts re-evaluate the scope. Safety is prioritized across all new operations. All write tools default to a dry-run mode and are marked with write access requirements to trigger user confirmation. Upload paths are strictly confined to the user's home directory, with symlink resolution enforced on both the home directory and target paths to prevent directory traversal escapes. Deletions are implemented as recoverable soft-deletes to the trash. Comprehensive test coverage validates these safety mechanisms, scope gating, and parameter handling. Assisted-by: Claude Code:claude-opus-4-6 [PAL] Signed-off-by: Wander Lairson Costa <wander@redhat.com>
govulncheck identified four vulnerabilities affecting the codebase. Adding the toolchain go1.25.10 directive addresses an html/template XSS via meta content URL escaping bypass (GO-2026-4982), an html/template escaper bypass leading to XSS (GO-2026-4980), and a net package panic triggered by NUL bytes in Dial/LookupPort on Windows (GO-2026-4971). Bumping golang.org/x/net from v0.51.0 to v0.53.0 resolves an HTTP/2 infinite loop caused by a bad SETTINGS_MAX_FRAME_SIZE (GO-2026-4918). The transitive dependency bumps for x/crypto, x/sync, x/sys, x/term, and x/text follow from the x/net upgrade. Assisted-by: Claude Code:claude-opus-4-6 [PAL] Signed-off-by: Wander Lairson Costa <wander@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Google Drive plugin previously only supported read operations. This change introduces write capabilities by adding upload, rename, move, copy, soft-delete, and folder creation tools, expanding the plugin's utility for file management.
To support these operations, the OAuth scope is upgraded to full read-write access. A lazy scope probing mechanism is implemented using GenerateIds on the first write attempt. If the token lacks the required scope, the tool returns an error guiding the user to re-authorize. This probe automatically resets upon encountering a 403 error to ensure subsequent attempts re-evaluate the scope.
Safety is prioritized across all new operations. All write tools default to a dry-run mode and are marked with write access requirements to trigger user confirmation. Upload paths are strictly confined to the user's home directory, with symlink resolution enforced on both the home directory and target paths to prevent directory traversal escapes. Deletions are implemented as recoverable soft-deletes to the trash. Comprehensive test coverage validates these safety mechanisms, scope gating, and parameter handling.
Assisted-by: Claude Code:claude-opus-4-6 [PAL]