docs(state): record gmail pass completion evidence

WIP.md

@@ -96,9 +96,9 @@ Started: `2026-03-12`
   4. delete the test event
 
 ### Then expand useful Google actions
-- [ ] Add `delete_email_draft`
-- [ ] Add `list_email_drafts`
-- [ ] Add `send_gmail_draft` / send-approved-email path
+- [x] Add `delete_email_draft`
+- [x] Add `list_email_drafts`
+- [x] Add `send_gmail_draft` / send-approved-email path
 - [ ] Add `update_calendar_event`
 - [ ] Add `delete_calendar_event`
 - [ ] Add `list_upcoming_events`
@@ -126,11 +126,11 @@ Started: `2026-03-12`
 Execution should proceed in staged fresh sessions using `WIP.md` as the canonical state file.
 
 Planned passes:
-1. Gmail pass:
-   - add `delete_email_draft`
-   - add `list_email_drafts`
-   - add `send_gmail_draft` / send-approved-email path
-   - update `WIP.md` with evidence before ending the pass
+1. Gmail pass: ✅ complete
+   - added `delete_email_draft`
+   - added `list_email_drafts`
+   - added `send_gmail_draft` / send-approved-email path
+   - updated workflow contract/docs/test payloads/bridge + WIP evidence
 2. Calendar pass:
    - add `update_calendar_event`
    - add `delete_calendar_event`
@@ -158,13 +158,47 @@ Planned passes:
   - verified via `gog calendar get primary <eventId>`
   - cleaned via `gog calendar delete primary <eventId> --force`
 
+## Gmail pass 1 completion (2026-03-12)
+Implemented in this pass:
+- workflow contract + router logic for:
+  - `list_email_drafts`
+  - `delete_email_draft`
+  - `send_gmail_draft` (alias: `send_approved_email`)
+- explicit per-action approval metadata in queued responses (`approval.policy`, `approval.required`, `approval.mutation_level`)
+- host bridge executor coverage for new approval kinds:
+  - `email_list_drafts` → `gog gmail drafts list`
+  - `email_draft_delete` → `gog gmail drafts delete`
+  - `email_draft_send` → `gog gmail drafts send`
+- docs + sample payloads + workflow validator updates for the new contract
+
+Targeted verification evidence:
+- `python3 skills/n8n-webhook/scripts/validate-workflow.py skills/n8n-webhook/assets/openclaw-action.workflow.json`
+  - result: `OK: workflow asset structure looks consistent`
+- Router simulation against the shipped workflow JS (`verify-list-001`, `verify-delete-001`, `verify-send-001`, `verify-send-alias-001`):
+  - all returned `status: queued_for_approval`
+  - alias normalization confirmed (`send_approved_email` → `result.action = send_gmail_draft`)
+  - approval metadata returned with expected mutation levels (`low` for list, `high` for delete/send)
+  - generated pending ids in the simulation run:
+    - `approval-mmny879w-5sncgd98`
+    - `approval-mmny879w-a353xg8q`
+    - `approval-mmny879w-yvqzokpz`
+    - `approval-mmny879w-md99hqxs`
+- Bridge dry-run command execution (via real `gog` CLI) for new Gmail kinds:
+  - list: exit `0`, returned draft list JSON
+  - delete: exit `0`, returned dry-run op `delete gmail draft r-example-draft-id`
+  - send: exit `0`, returned dry-run op `gmail.drafts.send`
+- `python3 -m py_compile skills/n8n-webhook/scripts/resolve-approval-with-gog.py` passed.
+
 ## Next-session handoff
 For the next fresh implementation session, start from `HANDOFF.md` + `WIP.md` rather than from old chat context.
 
 Immediate target:
-- implement at least one new Gmail action and one new Calendar action
-- verify through the same approval+bridge flow
-- refresh WIP/memory/tasks and commit
+- calendar pass only:
+  - add `update_calendar_event`
+  - add `delete_calendar_event`
+  - add `list_upcoming_events`
+- keep approval policy explicit for mutating calendar actions
+- run targeted verification and refresh WIP/memory/tasks before ending
 
 ## Relevant files
 - `skills/n8n-webhook/assets/openclaw-action.workflow.json`