fix: fail loudly when --output receives JSON

[lawrence3699]

Description

Fixes #714.

--output is documented for raw binary downloads, but JSON endpoints like gmail.users.messages.attachments.get currently exit 0 without writing anything. This change makes that path fail loudly instead of silently succeeding.

Before:

• gws ... --output file on a JSON response printed JSON or nothing and left no file behind.
• The command still exited successfully.

After:

• --output returns a non-zero validation error when the endpoint responds with JSON instead of raw binary data.
• Added a regression test that exercises execute_method() against a JSON response with --output set.

Dry Run Output:

N/A

Checklist:

• My code follows the AGENTS.md guidelines (no generated google-* crates).
• I have run cargo fmt --all to format the code perfectly.
• I have run cargo clippy -- -D warnings and resolved all warnings.
• I have added tests that prove my fix is effective or that my feature works.
• I have provided a Changeset file (e.g. via pnpx changeset) to document my changes.

[changeset-bot]

🦋 Changeset detected

Latest commit: 3316a07

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@googleworkspace/cli	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the CLI would silently succeed without writing any data when the --output flag was used against endpoints returning JSON instead of raw binary data. The changes ensure that the application now explicitly validates the response type and fails with a descriptive error message if a user attempts to use --output with a JSON response.

Highlights

• Error Handling: Introduced a validation error that triggers when the --output flag is used with JSON responses, preventing silent failures.
• Regression Testing: Added a new test case that verifies the CLI correctly returns an error when attempting to output JSON data to a file.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Code Review

This pull request introduces a validation error when the --output flag is used with JSON responses, preventing the tool from silently failing to write a file. While the change includes a new test case, feedback highlights that the current implementation is inefficient because it reads and parses the entire response body before performing the check. The reviewer suggests refactoring the logic to fail earlier based on the Content-Type header and ensuring that non-JSON responses are properly handled when an output path is provided.

[gemini-code-assist]

This check occurs after the entire response body has been read into memory and parsed as JSON. This is inefficient for large JSON responses when the Content-Type header already indicates it's JSON.

Furthermore, if the response is NOT valid JSON (e.g., plain text or binary with a missing Content-Type), the function falls through to the else block (line 336) and prints to stdout. If --output was specified, this results in the output being dumped to the terminal instead of the file, which is likely not what the user intended.

Consider refactoring execute_method to fail early if is_json && output_path.is_some(), and to use handle_binary_response if content_type.is_empty() && output_path.is_some(). Please ensure these changes are focused on the primary goal to avoid scope creep, and acknowledge potential TOCTOU race conditions in file path validation as a known limitation.

References

1. Avoid introducing changes that are outside the primary goal of a pull request to prevent scope creep.
2. When implementing file path validation, acknowledge and document potential Time-of-check to time-of-use (TOCTOU) race conditions as a known limitation if a full mitigation (e.g., using openat(O_NOFOLLOW)) is considered out of scope.