Skip to content
Gatelet
GitHub

Gmail

The Gmail provider connects to the Gmail API via OAuth2 using the googleapis library. It includes a content filter pipeline for protecting sensitive email content.

Tools

Section titled “Tools”
Section titled “gmail_search”

Search Gmail messages using Gmail search syntax.

Policy operation: search

ParameterTypeRequiredDescription
qstringnoGmail search query. Omit to list recent inbox messages.
maxResultsnumbernoNumber of messages to return (1-50, default 10)

Supports Gmail search syntax: is:unread, from:person@example.com, subject:meeting, after:2026/01/01, has:attachment, in:inbox.

Returns message IDs and snippets. Search results are filtered by content filters when guards are configured. Use gmail_read_message to get full content.

gmail_read_message

Section titled “gmail_read_message”

Read the full content of a Gmail message by ID.

Policy operation: read_message

ParameterTypeRequiredDescription
messageIdstringyesGmail message ID (from gmail_search results)

Returns parsed headers (from, to, subject, date) and plaintext body. Messages may be blocked by content filters (2FA codes, password resets, etc.).

gmail_create_draft

Section titled “gmail_create_draft”

Create a new draft email. The draft is saved but NOT sent — the user must review and send manually.

Policy operation: create_draft

ParameterTypeRequiredDescription
tostringyesRecipient email address(es), comma-separated
subjectstringyesEmail subject line
bodystringyesEmail body in plain text
ccstringnoCC address(es), comma-separated
bccstringnoBCC address(es), comma-separated
inReplyTostringnoMessage-ID header of the message being replied to
threadIdstringnoThread ID to associate the draft with (for replies)

gmail_list_drafts

Section titled “gmail_list_drafts”

List existing draft emails.

Policy operation: list_drafts

ParameterTypeRequiredDescription
maxResultsnumbernoNumber of drafts to return (1-50, default 10)

gmail_send

Section titled “gmail_send”

Send an email directly. The email is sent immediately.

Policy operation: send

ParameterTypeRequiredDescription
tostringyesRecipient email address(es), comma-separated
subjectstringyesEmail subject line
bodystringyesEmail body in plain text
fromstringnoSender address (alias). If omitted, uses account default.
ccstringnoCC address(es), comma-separated
bccstringnoBCC address(es), comma-separated

gmail_reply

Section titled “gmail_reply”

Reply to an existing email. Fetches the original message to build correct threading headers. The reply is sent immediately.

Policy operation: reply

ParameterTypeRequiredDescription
messageIdstringyesGmail message ID to reply to
bodystringyesReply body in plain text
replyAllbooleannoIf true, reply to all recipients (default: false)

gmail_label

Section titled “gmail_label”

Add or remove labels from a Gmail message. To move a message to a folder, use gmail_move instead.

Policy operation: label

ParameterTypeRequiredDescription
messageIdstringyesGmail message ID
addLabelIdsarraynoLabel IDs to add (e.g. ["STARRED", "IMPORTANT"])
removeLabelIdsarraynoLabel IDs to remove

The default policy includes a protected_labels guard that prevents applying TRASH and SPAM labels.

gmail_archive

Section titled “gmail_archive”

Archive a Gmail message by removing the INBOX label. The message remains accessible via search and labels.

Policy operation: archive

ParameterTypeRequiredDescription
messageIdstringyesGmail message ID to archive

gmail_move

Section titled “gmail_move”

Move a Gmail message to a label/folder. Adds the target label and removes INBOX in a single operation. Use gmail_list_labels to discover available label IDs.

Policy operation: move

ParameterTypeRequiredDescription
messageIdstringyesGmail message ID to move
labelIdstringyesDestination label ID (from gmail_list_labels results)

The default policy includes a protected_labels guard that prevents moving messages to TRASH and SPAM.

gmail_list_labels

Section titled “gmail_list_labels”

List all labels in the Gmail account. Returns label IDs, names, and types (system vs user). Use the returned label IDs with gmail_move or gmail_label to organize messages.

Policy operation: list_labels

This tool takes no parameters.

Content filters

Section titled “Content filters”

The search and read_message operations support a content filter pipeline configured via guards. See Content Filters for full documentation.

Default policy

Section titled “Default policy”
provider: google_gmail
account: "{account}"


operations:
  search:
    allow: true
    mutations:
      - field: maxResults
        action: cap
        value: 50
    guards:
      block_subjects:
        - password reset
        - reset your password
        - verification code
        - security code
        - two-factor
        - 2FA
        - one-time password
        - one-time pin
        - one-time code
        - OTP
        - sign-in attempt
        - login alert
        - security alert
        - confirm your identity
        - einmalcode
        - sicherheitswarnung
        - sicherheitscode
      block_sender_domains:
        - accounts.google.com
        - accountprotection.microsoft.com
      redact_patterns:
        - pattern: "\\b\\d{3}-\\d{2}-\\d{4}\\b"
          replace: "[REDACTED-SSN]"
        - pattern: "\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b"
          replace: "[REDACTED-CC]"
        - pattern: "\\b\\d{4}[\\s-]?\\d{6}[\\s-]?\\d{5}\\b"
          replace: "[REDACTED-CC]"
        - pattern: "\\bCVV[:\\s]*\\d{3,4}\\b"
          replace: "CVV [REDACTED]"
        - pattern: "\\b[A-Z]{1,2}\\d{6,9}\\b"
          replace: "[REDACTED-PASSPORT]"
        - pattern: "\\brouting[:\\s#]*\\d{9}\\b"
          replace: "routing [REDACTED]"
        - pattern: "\\baccount[:\\s#]*\\d{8,17}\\b"
          replace: "account [REDACTED]"


  read_message:
    allow: true
    guards:
      block_subjects:
        - password reset
        - reset your password
        - verification code
        - security code
        - two-factor
        - 2FA
        - one-time password
        - one-time pin
        - one-time code
        - OTP
        - sign-in attempt
        - login alert
        - security alert
        - confirm your identity
        - einmalcode
        - sicherheitswarnung
        - sicherheitscode
      block_sender_domains:
        - accounts.google.com
        - accountprotection.microsoft.com
      redact_patterns:
        - pattern: "\\b\\d{3}-\\d{2}-\\d{4}\\b"
          replace: "[REDACTED-SSN]"
        - pattern: "\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b"
          replace: "[REDACTED-CC]"
        - pattern: "\\b\\d{4}[\\s-]?\\d{6}[\\s-]?\\d{5}\\b"
          replace: "[REDACTED-CC]"
        - pattern: "\\bCVV[:\\s]*\\d{3,4}\\b"
          replace: "CVV [REDACTED]"
        - pattern: "\\b[A-Z]{1,2}\\d{6,9}\\b"
          replace: "[REDACTED-PASSPORT]"
        - pattern: "\\brouting[:\\s#]*\\d{9}\\b"
          replace: "routing [REDACTED]"
        - pattern: "\\baccount[:\\s#]*\\d{8,17}\\b"
          replace: "account [REDACTED]"


  create_draft:
    allow: true
    constraints:
      - field: to
        rule: must_not_be_empty
      - field: subject
        rule: must_not_be_empty
    mutations:
      - field: cc
        action: delete
      - field: bcc
        action: delete


  list_drafts:
    allow: true
    mutations:
      - field: maxResults
        action: cap
        value: 50


  send:
    allow: false
    constraints:
      - field: to
        rule: must_not_be_empty
      - field: subject
        rule: must_not_be_empty
    mutations:
      - field: cc
        action: delete
      - field: bcc
        action: delete


  reply:
    allow: false
    constraints:
      - field: messageId
        rule: must_not_be_empty
      - field: body
        rule: must_not_be_empty
    mutations:
      - field: replyAll
        action: set
        value: false


  label:
    allow: true
    guards:
      protected_labels:
        - TRASH
        - SPAM


  archive:
    allow: true


  move:
    allow: true
    guards:
      protected_labels:
        - TRASH
        - SPAM


  list_labels:
    allow: true

Not implemented

Section titled “Not implemented”

delete_message is not implemented. There is no code path to permanently delete a Gmail message through Gatelet.

Example: full agent with alias-restricted sending

Section titled “Example: full agent with alias-restricted sending”
provider: google_gmail
account: me@gmail.com


operations:
  search:
    allow: true
    guards:
      block_subjects:
        - password reset
        - verification code
        - 2FA
      block_sender_domains:
        - accounts.google.com


  read_message:
    allow: true
    guards:
      block_subjects:
        - password reset
        - verification code
        - 2FA


  create_draft:
    allow: true


  list_drafts:
    allow: true


  send:
    allow: true
    constraints:
      - field: from
        rule: must_match
        value: ".*\\+agent@.*"
      - field: to
        rule: must_not_be_empty
      - field: subject
        rule: must_not_be_empty
    mutations:
      - field: cc
        action: delete
      - field: bcc
        action: delete


  reply:
    allow: true
    mutations:
      - field: replyAll
        action: set
        value: false


  label:
    allow: true
    guards:
      protected_labels:
        - TRASH
        - SPAM


  archive:
    allow: true


  move:
    allow: true
    guards:
      protected_labels:
        - TRASH
        - SPAM


  list_labels:
    allow: true