AgentNexus added Google Workspace approval actions so teams can keep read-only actions generally available while routing higher-risk writes through plan entitlement, OAuth scope review, human approval, audit rows, and redacted execution evidence.
Status
Approval-gated beta
Category
Security
Date
May 13, 2026
Read time
4 min read
Impact
Teams can prepare business-file workflows without giving managed runtimes Google OAuth tokens or making Gmail send a default capability.
What changed
AgentNexus added server-side approval actions for Calendar, Sheets, and Drive writes, plus a more conservative Gmail send path for enterprise review. Google Workspace read actions remain the default GA surface.
Runtime deployments do not receive Google OAuth tokens. Write execution stays inside the AgentNexus backend and requires the right plan, OAuth scopes, explicit approval, and redacted audit evidence before and after execution.
Why it matters
Business workflow automation often needs calendar, spreadsheet, file, or email actions. Separating read actions from approval-based writes lets teams review sensitive work without exposing provider credentials to agent runtimes.
What to do
- Use Google Workspace read actions for GA search and review workflows.
- Use Advanced or Enterprise approval paths when Calendar, Sheets, or Drive writes need owner confirmation.
- Treat Gmail send as an Enterprise-reviewed action with sensitive-action audit expectations.
- Review the audit trail and launch owner before using write actions in production workflows.