v1.1.2 — Injection hardening + optional persistence

What's new in v1.1.2

• Hardened markdown output in reader save endpoint to reduce Markdown injection risk
• Escapes user-controlled fields before writing reading-list.md
• Sanitizes links to http/https only
• Clarified in SKILL.md that LaunchAgent auto-start is optional convenience (manual run is supported)

Why

Addresses scanner feedback on persistence language and markdown injection concerns.

v1.1.1 — Scope + credentials metadata hardening

What's new in v1.1.1

• Added explicit SKILL metadata for credential/env requirements
• Declared required env: BRIEFED_GMAIL_CLIENT_SECRET
• Declared optional env: BRIEFED_GMAIL_TOKEN_FILE, NEWSLETTER_ACCOUNT
• Added Security & Scope section clarifying read-only Gmail access, local token storage, allowed workspace files, and no external exfiltration
• Tightened cron instructions to limit file writes in summary step

Why

Addresses scanner feedback around instruction scope and credential declaration mismatch.

v1.1.0 — Native Gmail API auth

What's new

• Replaced gog subprocess calls with native Gmail API integration
• Added OAuth token flow using google-auth-oauthlib
• Added Python requirements file for Gmail client dependencies
• Updated setup docs for native OAuth

Why

• Cleaner architecture (no shell-out dependency)
• Better portability for users
• Reduced security-scanner false-positive risk around subprocess execution

Migration

Existing users need one-time OAuth auth run for the new token file.

v1.0.0 — Initial release

First release of the briefed skill for OpenClaw.

What's included:

• Gmail pre-fetch script (filters transactional email)
• Claude Haiku summarisation via OpenClaw cron
• Local Express web reader (port 3001) with voting, notes, bookmarks
• HTML body fetcher for full article reading
• macOS LaunchAgent setup instructions

See SKILL.md for full setup guide.