@shivaduke28/gmail-mcp 0.2.0 → 1.1.0

package/README.md

@@ -1,4 +1,4 @@
-# gmail-mcp
+# @shivaduke28/gmail-mcp
 
 Gmail API の MCP (Model Context Protocol) サーバー。
 
@@ -38,8 +38,7 @@ OAuth スコープは `gmail.modify` のみ。送信・削除はできません
       "command": "npx",
       "args": ["-y", "@shivaduke28/gmail-mcp"],
       "env": {
-        "GOOGLE_OAUTH_CREDENTIALS": "/path/to/credentials.json",
-        "GOOGLE_OAUTH_TOKENS": "/path/to/tokens.json"
+        "GOOGLE_OAUTH_CREDENTIALS": "/path/to/credentials.json"
       }
     }
   }
@@ -49,8 +48,8 @@ OAuth スコープは `gmail.modify` のみ。送信・削除はできません
 #### ソースから実行
 
 ```bash
-npm install
-npm run build
+pnpm install
+pnpm -r build
 ```
 
 ```json
@@ -58,10 +57,9 @@ npm run build
   "mcpServers": {
     "gmail": {
       "command": "node",
-      "args": ["/path/to/gmail-mcp/dist/index.js"],
+      "args": ["/path/to/google-mcp/packages/gmail/dist/index.js"],
       "env": {
-        "GOOGLE_OAUTH_CREDENTIALS": "/path/to/credentials.json",
-        "GOOGLE_OAUTH_TOKENS": "/path/to/tokens.json"
+        "GOOGLE_OAUTH_CREDENTIALS": "/path/to/credentials.json"
       }
     }
   }
@@ -73,11 +71,12 @@ npm run build
 | 変数 | 必須 | 説明 |
 |---|---|---|
 | `GOOGLE_OAUTH_CREDENTIALS` | Yes | OAuth クライアント認証情報の JSON ファイルパス |
-| `GOOGLE_OAUTH_TOKENS` | Yes | ユーザートークンの保存先パス。初回認証時に自動生成 |
 
 ### 4. 認証
 
-初回起動時にブラウザが開き、Google アカウントでの認証を求められます。認証後、トークンが `GOOGLE_OAUTH_TOKENS` で指定したパスに自動保存され、以降はブラウザ認証なしで起動できます。
+初回起動時にブラウザが開き、Google アカウントでの認証を求められます。認証後、トークンは `~/.config/gmail-mcp/tokens.json` に自動保存され、以降はブラウザ認証なしで起動できます。
+
+PKCE (Proof Key for Code Exchange) に対応しています。
 
 ## Gmail 検索クエリの例
 
@@ -97,11 +96,10 @@ label:INBOX
 ## Development
 
 ```bash
-npm install
-npm run dev          # tsx で開発実行
-npm run build        # tsc でビルド
-npm run test         # テスト実行
-npm run typecheck    # 型チェック
+pnpm install
+pnpm --filter @shivaduke28/gmail-mcp dev          # tsx で開発実行
+pnpm --filter @shivaduke28/gmail-mcp build        # tsc でビルド
+pnpm --filter @shivaduke28/gmail-mcp typecheck    # 型チェック
 ```
 
 ## License

package/dist/index.js

@@ -3,35 +3,39 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
 import { encode } from "@toon-format/toon";
-import { authorize } from "./auth.js";
+import { authorize, resolvePath } from "@shivaduke28/google-mcp-auth";
 import { gmail as googleGmail } from "@googleapis/gmail";
 import { extractHeaders, extractBody, buildRawMessage } from "./gmail.js";
 import { existsSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
-const credentialsPath = process.env.GOOGLE_OAUTH_CREDENTIALS;
-if (!credentialsPath) {
+const SCOPES = [
+    "https://www.googleapis.com/auth/gmail.modify",
+];
+const rawCredentialsPath = process.env.GOOGLE_OAUTH_CREDENTIALS;
+if (!rawCredentialsPath) {
     console.error("GOOGLE_OAUTH_CREDENTIALS 環境変数を設定してください");
     process.exit(1);
 }
+const credentialsPath = resolvePath(rawCredentialsPath);
 if (!existsSync(credentialsPath)) {
     console.error(`credentials.json が見つかりません: ${credentialsPath}`);
     process.exit(1);
 }
 const resolvedCredentialsPath = credentialsPath;
-const resolvedTokensPath = process.env.GOOGLE_OAUTH_TOKENS ?? join(homedir(), ".config", "gmail-mcp", "tokens.json");
+const resolvedTokensPath = process.env.GOOGLE_OAUTH_TOKENS ? resolvePath(process.env.GOOGLE_OAUTH_TOKENS) : join(homedir(), ".config", "gmail-mcp", "tokens.json");
 // lazy auth: ツール呼び出し時に初めて認証する
 let gmailClient = null;
 async function getGmail() {
     if (!gmailClient) {
-        const auth = await authorize(resolvedCredentialsPath, resolvedTokensPath);
+        const auth = await authorize(resolvedCredentialsPath, resolvedTokensPath, SCOPES);
         gmailClient = googleGmail({ version: "v1", auth });
     }
     return gmailClient;
 }
 const server = new McpServer({
     name: "gmail-mcp",
-    version: "0.2.0",
+    version: "1.1.0",
 });
 // 1. search-messages
 server.registerTool("search-messages", {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shivaduke28/gmail-mcp",
-  "version": "0.2.0",
+  "version": "1.1.0",
   "type": "module",
   "main": "dist/index.js",
   "bin": {
@@ -9,16 +9,13 @@
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsc",
-    "start": "node dist/index.js",
-    "dev": "tsx src/index.ts",
-    "test": "tsx --test test/*.test.ts",
-    "typecheck": "tsc --noEmit"
+  "publishConfig": {
+    "access": "public"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/shivaduke28/gmail-mcp.git"
+    "url": "https://github.com/shivaduke28/google-mcp.git",
+    "directory": "packages/gmail"
   },
   "keywords": [
     "mcp",
@@ -27,21 +24,24 @@
   ],
   "author": "shivaduke",
   "license": "ISC",
-  "bugs": {
-    "url": "https://github.com/shivaduke28/gmail-mcp/issues"
-  },
-  "homepage": "https://github.com/shivaduke28/gmail-mcp#readme",
-  "description": "Gmail MCP server with domain-based permission control",
+  "description": "Gmail MCP server",
   "dependencies": {
     "@googleapis/gmail": "^16.1.1",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "@toon-format/toon": "^2.1.0",
-    "google-auth-library": "^10.5.0",
-    "zod": "^4.3.6"
+    "zod": "^4.3.6",
+    "@shivaduke28/google-mcp-auth": "1.1.0"
   },
   "devDependencies": {
     "@types/node": "^25.2.3",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3"
+  },
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts",
+    "test": "tsx --test test/*.test.ts",
+    "typecheck": "tsc --noEmit"
   }
-}
+}

package/dist/auth.js

@@ -1,88 +0,0 @@
-import { OAuth2Client } from "google-auth-library";
-import { mkdir, readFile, writeFile } from "node:fs/promises";
-import { dirname } from "node:path";
-import { createServer } from "node:http";
-import { exec } from "node:child_process";
-const SCOPES = [
-    "https://www.googleapis.com/auth/gmail.modify",
-];
-export async function authorize(credentialsPath, tokensPath) {
-    const content = await readFile(credentialsPath, "utf-8");
-    const credentials = JSON.parse(content);
-    const { client_id, client_secret } = credentials.installed;
-    const oauth2Client = new OAuth2Client(client_id, client_secret, "http://localhost:3000/callback");
-    // 保存済みトークンがあれば読み込み、有効性を確認
-    let hasTokens = false;
-    try {
-        const tokens = JSON.parse(await readFile(tokensPath, "utf-8"));
-        oauth2Client.setCredentials(tokens);
-        hasTokens = true;
-    }
-    catch {
-        // ファイルなしまたは破損
-    }
-    if (hasTokens) {
-        try {
-            await oauth2Client.getAccessToken();
-            return oauth2Client;
-        }
-        catch (err) {
-            const status = err.status ?? err.code;
-            if (status === 401 || status === 400) {
-                // トークン失効 → ブラウザ認証へ
-            }
-            else {
-                throw err;
-            }
-        }
-    }
-    const tokens = await authenticateWithBrowser(oauth2Client);
-    await mkdir(dirname(tokensPath), { recursive: true });
-    await writeFile(tokensPath, JSON.stringify(tokens, null, 2), { mode: 0o600 });
-    oauth2Client.setCredentials(tokens);
-    return oauth2Client;
-}
-function authenticateWithBrowser(oauth2Client) {
-    return new Promise((resolve, reject) => {
-        const authUrl = oauth2Client.generateAuthUrl({
-            access_type: "offline",
-            scope: SCOPES,
-        });
-        const server = createServer(async (req, res) => {
-            if (!req.url?.startsWith("/callback"))
-                return;
-            const url = new URL(req.url, "http://localhost:3000");
-            const code = url.searchParams.get("code");
-            if (!code) {
-                res.writeHead(400);
-                res.end("No code received");
-                reject(new Error("No authorization code received"));
-                server.close();
-                return;
-            }
-            try {
-                const { tokens } = await oauth2Client.getToken(code);
-                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-                res.end("<h1>認証成功！このタブを閉じてください。</h1>");
-                resolve(tokens);
-            }
-            catch (err) {
-                res.writeHead(500);
-                res.end("Token exchange failed");
-                reject(err);
-            }
-            finally {
-                server.close();
-            }
-        });
-        server.listen(3000, () => {
-            console.error(`\n認証が必要です。ブラウザを開きます...\n`);
-            const command = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-            exec(`${command} '${authUrl}'`, (err) => {
-                if (err) {
-                    console.error(`ブラウザの自動起動に失敗しました。以下のURLを手動で開いてください:\n${authUrl}\n`);
-                }
-            });
-        });
-    });
-}

package/dist/permissions.js

@@ -1,94 +0,0 @@
-import { readFile, writeFile } from "node:fs/promises";
-import { existsSync } from "node:fs";
-export const PermissionAction = {
-    Allow: "allow",
-    Deny: "deny",
-};
-export const OperationType = {
-    Read: "read",
-    CreateDraft: "create_draft",
-    ModifyLabels: "modify_labels",
-};
-const DEFAULT_CONFIG = {
-    internalDomain: "",
-    permissions: {
-        read: {
-            self_only: PermissionAction.Allow,
-            internal: PermissionAction.Allow,
-            external: PermissionAction.Allow,
-        },
-        create_draft: {
-            self_only: PermissionAction.Allow,
-            internal: PermissionAction.Allow,
-            external: PermissionAction.Deny,
-        },
-        modify_labels: {
-            self_only: PermissionAction.Allow,
-            internal: PermissionAction.Allow,
-            external: PermissionAction.Allow,
-        },
-    },
-};
-export async function loadPermissionConfig(configPath) {
-    if (!configPath)
-        return DEFAULT_CONFIG;
-    // ファイルがなければデフォルト設定を書き出す
-    if (!existsSync(configPath)) {
-        try {
-            await writeFile(configPath, JSON.stringify(DEFAULT_CONFIG, null, 2) + "\n");
-            console.error(`permissions.json を作成しました: ${configPath}`);
-        }
-        catch {
-            console.error(`permissions.json の作成に失敗しました: ${configPath}`);
-        }
-        return DEFAULT_CONFIG;
-    }
-    try {
-        const content = await readFile(configPath, "utf-8");
-        const parsed = JSON.parse(content);
-        return {
-            internalDomain: parsed.internalDomain ?? DEFAULT_CONFIG.internalDomain,
-            permissions: {
-                read: parsed.permissions?.read ?? DEFAULT_CONFIG.permissions.read,
-                create_draft: parsed.permissions?.create_draft ?? DEFAULT_CONFIG.permissions.create_draft,
-                modify_labels: parsed.permissions?.modify_labels ?? DEFAULT_CONFIG.permissions.modify_labels,
-            },
-        };
-    }
-    catch {
-        console.error(`設定ファイルの読み込みに失敗しました: ${configPath}`);
-        return DEFAULT_CONFIG;
-    }
-}
-export const RecipientCondition = {
-    SelfOnly: "self_only",
-    Internal: "internal",
-    External: "external",
-};
-export function classifyRecipients(recipients, selfEmail, internalDomain) {
-    const others = recipients.filter((email) => email.toLowerCase() !== selfEmail.toLowerCase());
-    if (others.length === 0)
-        return RecipientCondition.SelfOnly;
-    if (internalDomain && others.every((email) => email.toLowerCase().endsWith(`@${internalDomain.toLowerCase()}`))) {
-        return RecipientCondition.Internal;
-    }
-    return RecipientCondition.External;
-}
-export function checkPermission(config, operation, recipients, selfEmail) {
-    const perm = config.permissions[operation];
-    const condition = classifyRecipients(recipients, selfEmail, config.internalDomain);
-    return { action: perm[condition], condition };
-}
-const CONDITION_LABELS = {
-    [RecipientCondition.SelfOnly]: "自分のみ",
-    [RecipientCondition.Internal]: "内部メンバー",
-    [RecipientCondition.External]: "外部宛先",
-};
-const OPERATION_LABELS = {
-    [OperationType.Read]: "読み取り",
-    [OperationType.CreateDraft]: "下書き作成",
-    [OperationType.ModifyLabels]: "ラベル変更",
-};
-export function denyMessage(operation, condition) {
-    return `${CONDITION_LABELS[condition]}への${OPERATION_LABELS[operation]}は許可されていません。`;
-}