0.27.0

Added

• Gmail: add first-class gmail reply and gmail reply-all commands with inherited Re: subjects, quoted originals by default, preserved display names and CID inline images, additive recipient placement, automatic moves between To/Cc/Bcc, and repeatable --remove; reply-mode gmail send also inherits omitted subjects, while forwards preserve inline images without incorrectly claiming the original reply thread.
• YouTube: add playlists items list for public and private playlist contents with pagination, and videos list --my-rating like|dislike for authenticated rating history. (#787) — thanks @coeur-de-loup.

Fixed

• Docs: reject ambiguous docs cat --tab ... --all-tabs and MCP docs_get requests before contacting the Docs API. (#801) — thanks @kiranmagic7.

Contributors

• @coeur-de-loup
• @kiranmagic7

0.26.0

Added

• YouTube: add subscription listing and management plus playlist create, add, remove, and delete commands with least-privilege OAuth, dry-run support, structured output, and destructive-operation confirmation. (#767) — thanks @beezly.
• Calendar: add unsubscribe for removing calendar-list entries and delete-calendar for deleting owned secondary calendars, with dry-run, confirmation, and structured output.

Fixed

• Contacts: remove the nonfunctional contacts other delete command; the public People API has no delete operation for Other Contacts, and its copy-then-delete workaround reported success without removing the source. Existing invocations now return unknown-command usage.
• Meet: return empty history and participant collections as JSON arrays, and make participants --fail-empty control the no-conference exit instead of misclassifying it as invalid usage.
• MCP: validate typed tool calls against their closed schemas before command execution, rejecting unknown fields, wrong types, and missing required fields.
• CLI: classify malformed OAuth token imports as usage errors and missing Gmail tracking setup as configuration errors.
• CLI: classify invalid Docs batch IDs and incomplete Gmail filter definitions as usage errors with exit code 2.
• Docs: keep batch list/show, batch target validation, and batch end dry-runs read-only without creating state directories or lock files.
• Docs: persist successful split and individual batch submissions before reporting a missing response revision, preventing retries from submitting already-applied requests again.
• Gmail: make watch status read atomic watch state without creating state directories or lock files.
• Gmail: make watch serve --dry-run return a secret-free daemon plan without creating/locking/updating watch state, saving hook settings, creating clients, or opening a socket.
• Backup: make status, verify, cat, and export use read-only repository setup and file-free dry-run plans, support pre-created empty repository directories, keep failed clones clean, disable Git credential prompts under --no-input, redact credentials from Git errors, preserve clone failures instead of initializing a new repository, and give status/verify the existing --no-pull flags while retaining hidden compatibility for legacy write-only options.
• Auth: make auth manage --dry-run preview the browser flow without touching the keyring or server, and fail fast when real execution uses --no-input.
• Docs: make docs cell-style table, row, and column coordinates one-based like adjacent table commands, with negative table indexes counting from the end.
• Docs: make positional docs sed image selectors deterministic by ordering anchored positioned images with document content and unanchored positioned images by object ID.
• Docs: make addressed docs sed substitutions honor nth-match flags, use UTF-16 document indices, and ignore table or table-of-contents preview text instead of producing invalid mutation ranges.
• Docs: keep docs sed formatting, footnote, break, and structural targets aligned when earlier image or text replacements change document length.
• Docs: avoid overlapping deletes when a docs sed addressed range includes the final paragraph.
• Docs: make docs sed table-cell substitutions use UTF-16 indices, honor nth-match flags, expand captures independently per wildcard cell, refetch before repeated same-cell expressions, and report the exact replacement count.
• Docs: make docs sed table-creation placeholders use UTF-16 indices and share cell-fill Markdown range planning with table-cell replacement.
• Docs: validate unaddressed docs sed delete/insert/append regexes before fetching and keep their top-level paragraph selection and reverse mutation ordering consistent with addressed commands.
• Auth: clarify that auth import always requires a refresh-token source and only optionally accepts a current access token plus expiry.
• Calendar: make alias set/unset dry-runs preview config changes without writing config.json.
• Dry-run safety: keep Drive, Contacts, Slides thumbnail, backup plaintext, OAuth token, Gmail filter, Photos, and Photos Picker downloads/exports offline and prevent local file or secret output.
• Auth: make auth credentials set --dry-run preview credential and domain writes without opening the keyring or changing files, and validate every domain before storing credentials.
• CLI: replace the stale hard-coded --account service list with concise email, alias, and auto-selection guidance that applies across authenticated Google API commands.
• Calendar: remove the dead calendar appointments command, which could only report an API limitation; existing invocations now return unknown-command usage, while the limitation remains documented.
• Drive: preserve repeated folder placements in tree, inventory, and size summaries; reject cyclic folder graphs instead of collapsing paths or scanning indefinitely.
• Backup: bind configuration, legacy fallback, and home expansion to the selected runtime layout instead of process-global path state.
• Backup: require the exact Gmail message selection and run identity before reusing or promoting encrypted checkpoints, preventing stale same-count mailbox checkpoints from becoming the completed snapshot.
• Classroom: require an archived course before deletion with actionable lifecycle guidance, and prevent live tests from leaving consumer-account courses behind.
• Classroom: wait for course state changes to become readable before reporting success, so immediate archive-then-delete workflows do not fail on stale state.
• Forms: validate scale question bounds locally and document the Forms API's accepted minimum and maximum values.
• Groups and Calendar team: reject consumer accounts and stored user OAuth before Cloud Identity API calls, require an explicit account for identity-based direct-token/ADC searches, keep ADC precedence consistent across services, and provide recovery guidance for service-account, direct-token, and ADC auth.
• Gmail: bind watch state to the selected runtime state directory and serialize atomic updates across concurrent watch processes.
• Gmail: bind tracking configuration to the selected runtime state directory and preserve concurrent account updates with shared atomic locking.
• Gmail: bind tracking encryption and admin keys to the active runtime secret store instead of reopening the ambient keyring.
• Auth: avoid repeated macOS Keychain prompts during token export and auth listing by keeping exports read-only and stopping fallback reads after keyring timeouts. (#772) — thanks @lox.
• Gmail: add --body-html-file to draft create and update, including stdin support, for parity with send. (#774, #776) — thanks @TurboTheTurtle.
• Zoom: bind credential metadata and encrypted secret/token storage to the selected runtime layout, with consistent alias canonicalization.
• Auth: bind temporary manual OAuth state to the selected runtime config directory and reject unsafe redirect state values before filesystem access.
• Auth: bind renamed-account alias, client, and default-account migration to the active runtime config store.
• Auth: bind OAuth client credential commands to the active runtime secret store instead of reopening the ambient keyring.
• Auth: bind Google API and OAuth flows to the active runtime credential and token repositories instead of reopening ambient config and keyring state.
• Auth: capture keyring backend, password, service, platform, D-Bus, terminal, and lock policy once per runtime instead of rereading ambient process state.
• Auth: bind service-account lookup, storage, listing, and legacy Keep fallback to the active runtime repository; bound raw legacy paths and treat case-insensitive same-principal Keep credentials as pure service-account auth.
• Time: honor the runtime-selected default_timezone in time now, Gmail timestamps, watch output, Calendar time, and generated email Date headers instead of reading ambient config.
• Config: bind account and calendar alias management and resolution to the active runtime config store.
• Docs: document publishing personal External OAuth apps before authorization to avoid Google's seven-day Testing refresh-token expiry.

Contributors

• @lox
• @beezly
• @TurboTheTurtle

0.25.0

Added

• Photos: add an explicit-opt-in Google Photos Picker workflow for creating selection sessions, waiting for completion, listing chosen media, and downloading selected files. (#754)
• Docs: add persisted, revision-locked request batches for composing supported mutations locally and submitting them atomically, with explicit split and partial-recovery modes. (#755)
• CLI: remove the separate gog agent and exit-codes helpers; expose stable exit codes and effective automation safety state through gog schema --json, and summarize the contract in root help. (#677)
• CLI: add Git-style gog help <command>, make explicit output flags override environment defaults, validate color and JSON-only transforms before command execution, report early usage errors on stderr, and reject contradictory schema plain output.
• Docs: prevent multi-paragraph Markdown range replacements from inheriting the matched paragraph's heading or list style. (#756) — thanks @sebsnyk.
• Docs: preserve nested Markdown list levels as native bullets inside imported and updated table cells. (#749) — thanks @sebsnyk.
• Gmail: add explicit gmail archive --thread semantics so IDs from thread search can archive every message in each thread. (#752) — thanks @sebsnyk.
• Drive/Docs: add persisted polling for Drive changes and Docs comments, with bounded runs, filters, retry-safe cursors, and sequential JSON hooks. (#690, #751)
• Drive: expose shortcut targets in JSON and human-readable folder reports without changing stable --plain columns, classify shortcuts distinctly, keep tree scans from following folder targets, and add drive shortcut create. (#763)
• Drive: add a secure push-notification receiver with persisted cursors, authenticated callbacks, sequential hooks, and optional channel auto-renewal. (#689, #764)

Fixed

• Docs: recognize valid one-column Markdown tables, while preserving separator-shaped rows after the delimiter as table data.
• Docs: scope default-tab named-range replace and delete requests correctly in multi-tab documents.

Contributors

• @sebsnyk

0.24.0

Added

• Calendar: add repeatable --attachment to calendar update for replacing or clearing event attachments. (#738) — thanks @TreyLawrence.
• Sheets: add sheets validation get/set/clear commands for dropdown, checkbox, number, date, range, and custom-formula rules, and preserve table-managed dropdowns during validation-only copy/paste. (#710) — thanks @chrischall.
• Sheets: add table-aware sheets delete-dimension for deleting row or column spans while preserving intersecting table objects and remaining data. (#711) — thanks @chrischall.
• Docs: add direct docs table-row, docs table-column, docs table-merge, and docs table-unmerge commands with index, header-text, all-table, and tab-aware selection. (#686) — thanks @sebsnyk.
• Docs: add docs named-range create/list/delete/replace commands for durable, tab-aware document anchors. (#692) — thanks @sebsnyk.
• Gmail: report attached filenames and byte sizes in JSON results for send and draft create/update. (#716) — thanks @chrischall.
• Gmail: add gmail watch pull for Pub/Sub pull subscription consumers with hook retry support. (#700) — thanks @joshp123.
• Docs: add --tab and --all-tabs to docs raw for inspecting specific or complete multi-tab document content. (#697) — thanks @sebsnyk.
• Docs: add tab-aware table, image, heading, and paragraph enumerators with structured and plain output. (#719) — thanks @sebsnyk.
• Docs: style locally rendered fenced Markdown blocks with Roboto Mono, dark-green text, and existing paragraph shading. (#676, #724) — thanks @TurboTheTurtle.
• Docs: add docs insert-image --url for inserting public HTTPS images directly without Drive upload or temporary public sharing. (#675) — thanks @sebsnyk.
• Docs: expose paragraph emptiness and text-run ranges, styles, and links in docs paragraphs list --json. (#734) — thanks @sebsnyk.
• Docs: add opt-in --check-orphans to Markdown replacement writes so open comments whose quoted text would disappear block the mutation with orphaned exit code 11. (#691) — thanks @sebsnyk.
• Drive: add drive revisions list|get for paged revision metadata and provider export links. (#672) — thanks @aaroneden.

Fixed

• Auth: bind browser, manual, remote, and account-manager OAuth exchanges with S256 PKCE; unfinished pre-PKCE manual flows must restart at step 1. (#693, #725) — thanks @TurboTheTurtle.
• Docs: reset inherited text styles before applying Markdown find-replace formatting so leading bold spans and later inline styles stay paired correctly. (#735) — thanks @sebsnyk.
• Docs: accept leading-dash Markdown list values in docs cell-update --content and reject nonempty Markdown that produces no editable cell text. (#733) — thanks @sebsnyk.
• Docs: keep inline Markdown find-replace fragments inside their existing paragraph unless the replacement explicitly ends with a newline. (#736) — thanks @sebsnyk.
• Docs: render HTML <br> variants as line breaks inside Markdown table cells while preserving protected literals. (#730) — thanks @sebsnyk.
• Docs: avoid duplicate empty paragraphs adjacent to Markdown headings while preserving body paragraph spacing. (#717, #720) — thanks @TurboTheTurtle.
• Auth: repair duplicate macOS Keychain writes for legacy and subject token aliases without weakening primary token persistence. (#718, #721) — thanks @TurboTheTurtle.

Contributors

• @TreyLawrence
• @joshp123
• @chrischall
• @aaroneden
• @TurboTheTurtle
• @sebsnyk

0.23.0

Added

• CI: enforce a pinned Go dead-code check and remove the unreachable helpers it identified. (#714) — thanks @vincentkoc.
• Chat: add repeatable --attach to chat messages send for sending local files with Google Chat messages. (#694) — thanks @omothm.
• Docs: add docs comments locate to resolve comment quotes to Docs API index ranges and report orphaned comments. (#687) — thanks @sebsnyk.
• Docs: add docs find-range to map matched text to Docs API UTF-16 index ranges. (#682) — thanks @sebsnyk.
• Docs: add --at, --occurrence, and --match-case anchors to docs insert, docs delete, docs update, docs insert-person, and docs insert-page-break. (#683) — thanks @sebsnyk.
• Docs: add --link and --no-link to docs format for setting or clearing hyperlinks on matched text. (#684) — thanks @sebsnyk.
• Sheets: add sheets links set to write single-cell, multi-link rich-text, and batch hyperlinks. (#713) — thanks @chrischall.
• Slides: add slides insert-image to place a positioned, sized local image on an existing slide. (#695) — thanks @Czaruno.

Fixed

• Docs: avoid duplicate empty paragraphs around Markdown tables written into a specific tab. (#715) — thanks @sebsnyk.
• Sheets: prevent accidental table data loss by requiring explicit --discard-data for sheets table delete, matching the Sheets API's destructive table-delete semantics. (#709) — thanks @chrischall.

Contributors

• @vincentkoc
• @chrischall
• @Czaruno
• @omothm
• @sebsnyk

0.22.0

Added

• Docs: add --code to docs format and plain-text docs write for the existing monospace grey code style. (#685) — thanks @sebsnyk.
• Drive/Docs: add --since to drive comments list and docs comments list for server-side comment modified-time filtering. (#688) — thanks @sebsnyk.
• Gmail: add --thread-id to gmail drafts create and gmail drafts update so drafts can reply within a thread using the latest message headers. (#673, #674) — thanks @chrischall.

Fixed

• Docs: preserve nested list levels when writing markdown into a specific tab with docs write --replace --markdown --tab. (#696)
• Docs: fix docs export --tab tab resolution against the live Docs API field mask. (#696)
• Docs: strip Pandoc-style explicit heading anchors like {#slug} from rendered markdown headings and resolve matching same-document links. (#703)
• Docs: render GFM ~~strikethrough~~ spans in the local markdown writer used by docs write --tab --markdown. (#702)
• Docs: batch table-cell writes for docs write --tab --markdown to avoid per-cell Docs API quota bursts on table-heavy documents. (#699) — thanks @sebsnyk.
• Gmail: preserve existing gmail drafts update attachments when --attach is omitted, add --clear-attachments for intentional removal, and keep --attach as explicit replacement. (#680, #681) — thanks @chrischall.

Contributors

• @chrischall
• @sebsnyk

0.21.0

Added

• MCP: add a typed, allowlisted gog mcp stdio server with read-only defaults and explicit write-tool opt-in. (#637) — thanks @auroracapital.
• Docs: add docs table-column-width to set fixed native table column widths or reset columns to evenly distributed sizing. (#631) — thanks @sebsnyk.

Fixed

• Agent/MCP: fix command-allowlist docs so examples include mcp, keep wildcard tool selectors shell-safe, and report public dry-run op paths for service-account, Calendar, Forms, Meet, Sheets named ranges, and Docs/Sheets/Slides copy commands.
• Auth/credentials: return usage errors for unknown --services values and invalid service-account key JSON, keep auth keep --dry-run file-free, and make zoom auth setup --dry-run emit a redacted no-write plan.
• Backup/config: make backup init/export/push validation fail before repository or OAuth side effects, keep backup init --dry-run and --no-push offline/local-only, preserve semantic manifest counts during verify/export, and return usage errors for invalid config keys or values.
• CLI: preserve command-local --fields API masks, keep open --type shortcuts from rewriting unsupported URLs into malformed Google editor links, and stop advertising ads as an API command service while retaining it as an auth-only scope.
• Validation: consistently return usage exit code 2 before auth, API-key lookup, dry-run success, or mutation for invalid list limits, empty IDs/queries, malformed dates/timezones/recurrence, invalid enum flags, invalid resource paths, malformed JSON, unsupported formats, immutable labels, and unsafe local-file Markdown image references across Admin, Calendar, Chat, Contacts, Docs, Drive, Drive Activity, Drive Labels, Forms, Gmail, Groups, Keep, Maps, People, Photos, Search Console, Sheets, Slides, Tasks, Time, and YouTube.
• Dry-run safety: validate Gmail/Contacts/Chat/Admin email inputs, Drive share targets, Drive changes watch URLs/expiration, Docs comment anchors, Sheets chart anchors/ranges, and Search Console sitemap URLs before reporting dry-run success.
• JSON output: return empty arrays instead of null for empty Calendar conflicts, Classroom lists, Forms responses/watches, Gmail settings/filter/thread-attachment results, People relations, blank Sheets ranges, blank Slides text/image lists, and empty YouTube list responses.
• Calendar: make calendar conflicts check all calendars by default, reject explicit one-calendar conflict checks, reject unsupported all-day/date-only Out of Office payloads locally, and return usage errors when response/propose-time actions cannot be applied.
• Contacts: warm the People API contact-search cache before contact, other-contact, and Gmail --from-contact searches; resolve contacts raw <email> and people raw <email> to contact resources; and use an other-contact-safe read mask for other-contact list/search.
• Classroom: reject unfiltered classroom invitations list locally, report the canonical hyphenated dry-run op for guardian-invitations create, and normalize empty list output.
• Docs: validate docs sed, docs cell-style, and docs table-column-width table targets locally; reject malformed sed expressions; and fail Markdown writes with local image references that must be public HTTPS URLs.
• Drive: validate download/export/upload combinations before API calls, validate comment/permission limits, validate reporting/audit/bulk scan bounds, and reject invalid Drive Label field values including fractional integers, malformed dates/users, malformed --fields-json, and trailing JSON tokens.
• Gmail: validate vacation, auto-forward, forwarding, send-as, delegation, filter forwarding, compose headers, message formats, batch-modify labels, history cursors, tracked-send setup options, and immutable label operations locally; keep gmail track setup --dry-run offline and make tracking setup/status/key rotation honor --json without leaking generated secrets.
• Maps: validate mode, units, and reverse-geocode coordinates before API-key lookup, and share a generic Maps/Places API-key setup error with Calendar Places commands.
• Sheets: infer sheets format --format-fields from --format-json, validate update/append/table values and JSON specs locally, reject invalid field masks/ranges/anchors/type flags, and reject explicit negative freeze counts instead of treating -1 as an unset sentinel.
• Slides: make local-image insertion/replacement use stable Drive download URLs and retry while sharing propagates, avoid invalid speaker-notes deleteText requests on blank notes pages, make notes/slide deletion commands return valid JSON, and require --force for non-interactive slide deletion.
• YouTube: let activities list --channel-id, playlists list --channel-id, and channels list --id honor --account OAuth; filter youtube search list --type to requested resource kinds; and validate blank IDs/type lists/chart regions before auth or API-key setup.

Contributors

• @sebsnyk
• @auroracapital

0.20.0

Fixed

• Gmail: keep label IDs case-sensitive during label resolution and duplicate-name checks while still matching label names case-insensitively.
• Gmail: clarify that gmail drafts delete permanently deletes drafts and cannot be recovered. (#656, #659) — thanks @chrischall.
• Sheets: add --inherit-from-before to sheets insert so callers can choose whether inserted rows/columns inherit formatting from the preceding or following neighbor. (#655, #658) — thanks @chrischall.
• Sheets: add sheets copy-paste / fill for range-level CopyPasteRequest fills of values, formulas, formatting, and related paste types. (#661, #663) — thanks @chrischall.
• CLI: add --enable-commands-exact / GOG_ENABLE_COMMANDS_EXACT for strict command allowlists without prefix expansion. (#652) — thanks @jason-allen-oneal.
• Auth: update stored OAuth scope metadata from observed granted scopes during refresh so auth list reflects newly usable services. (#649)
• Docs: preserve paragraph-separating blank lines when replacing a single tab from Markdown. (#644)
• Docs: add docs cell-update for non-destructive table-cell content replacement by table, row, and column. (#646)
• Docs: add docs update --markdown and --replace-range for formatted insertion and range replacement. (#642) — thanks @rel.
• Gmail: pause watch push Gmail API fetches per account while a 429 Retry-After circuit is open. (#643)
• YouTube: let videos list and comments list use OAuth when --account is supplied, preserving the API-key fallback for unauthenticated public reads. (#664)
• YouTube: add youtube search list / yt search ls for YouTube Data API search across videos, channels, and playlists. (#650, #651) — thanks @BRO3886.
• Gmail: add gmail search --from-contact to resolve a contact's email addresses into a from:(...) OR query. (#657) — thanks @chrischall.
• Docs: add named --page-size presets for docs write and docs page-layout. (#640) — thanks @sebsnyk.
• Docs: add smart-chip insertion commands for person, Drive file, and date chips. (#638) — thanks @sebsnyk.
• Docs: add docs cell-style for table-cell background color and inline cell text styling. (#645) — thanks @sebsnyk.
• Docs: add docs insert-image to upload a local image, temporarily share it for Docs insertion, and revoke the public permission afterward. (#648) — thanks @sebsnyk.
• Docs: update the bundled gog agent skill to preserve broad user OAuth scopes during reauth and rely on command guards for scoped execution.

Contributors

• @rel
• @jason-allen-oneal
• @chrischall
• @BRO3886
• @sebsnyk

0.19.0

Added

• Auth: store Google OAuth client_secret values in the keyring by default while leaving only client metadata on disk; legacy plaintext credentials still read and auth credentials set --insecure preserves the old write shape. (#596)
• Auth: add auth credentials set --expand-env for strict environment placeholder expansion in OAuth client JSON. (#599)
• Auth: let auth import seed an initial access token and expiry, and round-trip cached access tokens through token export/import. (#598)
• CLI: add XDG kind-aware config/data/state/cache paths with GOG_HOME, per-kind GOG_*_DIR overrides, and --home while preserving legacy auth/keyring/service-account reads. (#621, #622) — thanks @alexminza.
• Docs: add explicit --page-width, --page-height, and page margin flags to docs write and docs page-layout, keeping --pageless width unchanged unless requested. (#629, #630) — thanks @sebsnyk.

Fixed

• People: fall back to token identity when gog me / gog whoami hit a disabled People API on the OAuth client project. (#460, #461)
• Docs: drop all-whitespace Markdown table header rows during Docs markdown writes, and rewrite same-document #heading-slug links to native Google Docs heading links after Drive markdown import. (#632, #633) — thanks @sebsnyk.
• Gmail: include attachment metadata in gmail messages search --include-body --json results. (#620)
• Auth: let auth service-account set read service account keys from stdin (--key=- or --key-stdin) or an environment variable (--key-env). (#600)
• Auth: serialize file-keyring reads and writes with a shared lock so concurrent gog processes cannot observe partial keyring entries or clobber multi-key token updates. (#597)
• Release: verify the OpenClaw Homebrew tap checkout when checking gogcli formula assets.

Contributors

• @alexminza
• @sebsnyk

0.18.0

Added

• Docs: add VISION.md with project fit, discussion, and live-test merge guidance.
• Calendar: add --with-zoom / --regenerate-zoom / --remove-zoom that create, regenerate, and remove Zoom meetings and attach the join URL + meeting ID + passcode to the Calendar event description. Google's Calendar API rejects conferenceData writes asserting conferenceSolution.key.type="addOn" from non-Workspace-Marketplace OAuth clients, so the description-mode integration is the path that round-trips through Google's storage; trade-off is no native "Join with Zoom" conference card. (#589, #590) — thanks @alexisperumal and @mvanhorn.
• Auth: add gog zoom auth setup / doctor for Zoom S2S OAuth credential storage. (#590) — thanks @mvanhorn.
• Drive: add --action=resolve|reopen to drive comments reply and sibling drive comments resolve|reopen verbs (also docs comments reopen) to post a reply that atomically flips the parent comment's resolved state via the Drive API's Reply.action field. Avoids the previous workaround of drive comments delete (which destroys review-thread context) for batch-resolving inline doc-review feedback. (#623) — thanks @sebsnyk.
• Sheets: add gog sheets batch-update <spreadsheetId> --data-json ... for updating multiple value ranges in one Sheets API request. Alias: batch. (#601) — thanks @Tsopic.
• Docs: add gog docs insert-page-break <docId> [--index N | --at-end] [--tab=STRING] to insert a Google Docs page break directly via InsertPageBreakRequest — markdown has no native page-break construct, so this is the only path for multi-page deliverables. Aliases: page-break, pb. (#604)
• Docs: add gog docs page-layout <docId> [--layout=pageless|pages] to toggle the page layout of an existing Google Doc via updateDocumentStyle on documentFormat.documentMode. Sibling to the existing --pageless flag on docs create/write/update for the case where the doc was created upstream (e.g. by Drive markdown conversion) without the desired layout. Defaults to pageless. Aliases: set-page-layout, page-setup. (#593)
• Docs: add --heading-level N (1..6 shortcut) and --named-style NAME (full enum) to gog docs format so existing paragraphs can be promoted to HEADING_1..HEADING_6, TITLE, SUBTITLE, or NORMAL_TEXT. Both set paragraphStyle.namedStyleType on the existing UpdateParagraphStyle request and compose cleanly with --alignment / --line-spacing. (#605)
• Sheets: add gog sheets reorder-tab <spreadsheetId> --tab=<name|sheetId> --to=N to move a tab to a specific 0-based position via updateSheetProperties with field mask index. --tab accepts a title or a numeric sheet ID; --to=0 is force-sent so the leftmost target reaches the wire as "index":0. Aliases: move-tab, reorder-sheet, move-sheet. (#603)
• Docs: add gog docs insert-table <docId> --rows N --cols M [--index N | --at-end] [--values-json [[...]]] [--tab=STRING] to insert a native Google Docs table directly via InsertTableRequest, bypassing the markdown writer. --values-json takes a JSON 2D string array whose dimensions must match --rowsx--cols. Empty --values-json produces an empty table structure. (#602)
• Docs: gog docs write --replace --markdown --tab=<tab> now performs a whole-tab re-render — the targeted tab's existing body is wiped via DeleteContentRange and the markdown is re-rendered locally via the same Docs batchUpdate path used by --append --markdown, so other tabs are untouched. Previously this combination errored because Drive's markdown converter operates on entire documents only. (#595)

Fixed

• Docs: make generated command references ignore local keyring config so make ci stays clean across developer machines.
• CLI: harden backup writes, config/credentials atomic saves, keyring write verification, line input buffering, disabled-API hints, JSON transform number handling, and untrusted-content wrapping after ClawPatch review.
• CLI: bound retry request replay buffering, recover failed async backup pushes, ignore global git commit signing in backup snapshots, and protect account manager OAuth redirects with CSRF checks.
• Release: update the Homebrew handoff to publish through openclaw/tap.
• Version: gog --version now reports an informative fallback (for example, v0.17.0-dev) when built from source with plain go build instead of returning dev.
• Docs: gog docs insert now defaults to end-of-doc when --index is omitted, instead of always inserting at position 1 (which silently reversed iterative inserts across multiple calls). Pass --index 1 explicitly to keep the previous behaviour. (#606)
• Docs: docs write --append --markdown with three or more markdown tables in a single render no longer drifts the per-table insertion offset by one character per table — the trailing punctuation of the paragraph immediately before the third (and any subsequent) table is preserved instead of being split into a standalone paragraph after the table. (#607)
• Docs: docs write --append --markdown now expands inline markdown markers (**bold**, *italic*, `code`, [link](url)) inside table cells into character runs, matching the behaviour outside of tables — previously the markers rendered as literal characters because the table inserter bypassed the inline-formatting pass. (#608)
• Docs: markdown empty-header table rows (e.g. | | |) no longer collide with the separator detection — previously docs write --append --markdown swallowed both the empty header and the real |---|---| separator, leaving the last data row re-parsed as a literal pipe paragraph after the table. (#609)
• Docs: docs write --append --markdown no longer silently drops tables with insert native table: table not found near index N. The native-table inserter's post-write search used a ±2 code-unit window, but the Docs API's actual table StartIndex can drift further (auto-newline + placeholder paragraph combine to a several-unit shift); the search now picks the closest forward Table element with matching dimensions and a small backward tolerance instead. The docs create --file --markdown path was unaffected because it uses Drive's native markdown import end-to-end. (#592) — thanks @sebsnyk.
• Docs: docs write --append --markdown now renders bullet lists as native BULLET paragraphs (via CreateParagraphBullets) and fenced code blocks as a single contiguous shaded paragraph (joining lines with vertical-tab soft breaks). Previously bullets came through as NORMAL_TEXT paragraphs with a literal • glyph in the text run, and each code-block line became its own one-line Courier New paragraph with no paragraph-level background. (#594) — thanks @sebsnyk.

Contributors

• @mvanhorn
• @Tsopic
• @alexisperumal
• @sebsnyk