feat(n8n-webhook): bridge approvals to gog executors

skills/n8n-webhook/SKILL.md

@@ -27,6 +27,7 @@ Keep the integration narrow: let OpenClaw decide what to do, and let n8n execute
 
 - direct webhook caller: `scripts/call-webhook.sh`
 - action-bus caller: `scripts/call-action.sh`
+- approval executor bridge: `scripts/resolve-approval-with-gog.py`
 - workflow validator: `scripts/validate-workflow.py`
 - importable router workflow: `assets/openclaw-action.workflow.json`
 - sample payloads:
@@ -106,6 +107,7 @@ Use the included workflow asset when you want a ready-made local router for:
 - `send_email_draft` → queue approval-gated email drafts in workflow static data
 - `create_calendar_event` → queue approval-gated calendar proposals in workflow static data
 - `approval_queue_add` / `approval_queue_list` / `approval_queue_resolve` → manage pending approvals and recent history
+- `approval_history_attach_execution` → let a host-side executor attach real execution metadata back onto approval history entries
 - `fetch_and_normalize_url` → fetch + normalize URL content using n8n runtime HTTP helpers
 - `inbound_event_filter` → classify, dedupe, store, and optionally notify on inbound events
 - normalized JSON success/failure responses
@@ -118,6 +120,18 @@ Important:
 
 See `references/openclaw-action.md` for import and test steps.
 
+### Host execution bridge for Gmail/Calendar
+
+When email/calendar provider creds live on the host via `gog` rather than inside n8n, use:
+
+```bash
+python3 scripts/resolve-approval-with-gog.py --id <approval-id> --decision approve
+```
+
+Practical note:
+- unattended execution needs `GOG_KEYRING_PASSWORD` in the environment because `gog`'s file keyring cannot prompt in non-TTY automation
+- for safe plumbing tests without touching Google state, add `--dry-run`
+
 ### Add a new webhook-backed capability
 
 1. Write down the webhook path, required auth, request JSON, and response JSON.