gmail-workspace-mcp-server 0.4.3 → 0.4.5

package/README.md

@@ -273,21 +273,22 @@ List draft emails from Gmail with optional thread filtering.
 
 ### upsert_draft_email
 
-Create a new draft email or update an existing one. Optionally as a reply to an existing conversation.
+Create, update, or delete a draft email. Optionally as a reply to an existing conversation.
 
 **Parameters:**
 
-- `draft_id` (string, optional): ID of an existing draft to update (omit to create a new draft)
-- `to` (string, required): Recipient email address
-- `subject` (string, required): Email subject
-- `plaintext_body` (string): Plain text body content (at least one of plaintext_body or html_body required)
-- `html_body` (string): HTML body content for rich text formatting (at least one of plaintext_body or html_body required)
+- `draft_id` (string, optional): ID of an existing draft to update or delete (omit to create a new draft)
+- `delete` (boolean, optional): Set to `true` to delete the draft specified by `draft_id`. All other parameters are ignored when deleting
+- `to` (string, required for create/update): Recipient email address
+- `subject` (string, required for create/update): Email subject
+- `plaintext_body` (string): Plain text body content (at least one of plaintext_body or html_body required for create/update)
+- `html_body` (string): HTML body content for rich text formatting (at least one of plaintext_body or html_body required for create/update)
 - `cc` (string, optional): CC recipients
 - `bcc` (string, optional): BCC recipients
 - `thread_id` (string, optional): Thread ID for replies
 - `reply_to_email_id` (string, optional): Email ID to reply to (sets References/In-Reply-To headers)
 
-At least one of `plaintext_body` or `html_body` must be provided. If both are provided, a multipart email is sent with both versions.
+For create/update: at least one of `plaintext_body` or `html_body` must be provided. If both are provided, a multipart email is sent with both versions.
 
 **Example (create new draft):**
 
@@ -310,6 +311,15 @@ At least one of `plaintext_body` or `html_body` must be provided. If both are pr
 }
 ```
 
+**Example (delete a draft):**
+
+```json
+{
+  "draft_id": "r123456789",
+  "delete": true
+}
+```
+
 ### send_email
 
 Send an email directly or from an existing draft.

package/node_modules/@pulsemcp/mcp-elicitation/build/elicitation.js

@@ -1,5 +1,11 @@
 import { randomUUID } from 'node:crypto';
 import { readElicitationConfig } from './config.js';
+/**
+ * The set of action values recognized by the elicitation protocol.
+ * Includes 'pending' for completeness, though it is filtered before
+ * reaching the validation check in pollElicitationStatus.
+ */
+const VALID_ELICITATION_ACTIONS = new Set(['pending', 'accept', 'decline', 'cancel', 'expired']);
 /**
  * Checks whether the connected client supports native form elicitation.
  */
@@ -22,6 +28,14 @@ async function nativeElicit(server, message, requestedSchema) {
         requestedSchema,
     };
     const result = await server.elicitInput(params);
+    // Fail-safe: validate the action even from native elicitation.
+    // The TypeScript type says 'accept' | 'decline' | 'cancel', but at runtime
+    // the MCP client could return any string over the wire.
+    if (!VALID_ELICITATION_ACTIONS.has(result.action)) {
+        console.warn(`[elicitation] Unrecognized native elicitation action "${result.action}". ` +
+            `Treating as "decline" (fail-safe).`);
+        return { action: 'decline' };
+    }
     return {
         action: result.action,
         content: result.content ?? undefined,
@@ -66,6 +80,14 @@ async function pollElicitationStatus(config, requestId, expiresAt) {
         }
         const data = (await response.json());
         if (data.action !== 'pending') {
+            // Fail-safe: only allow recognized action values through.
+            // Unrecognized actions are treated as 'decline' to prevent
+            // unintended execution of protected operations.
+            if (!VALID_ELICITATION_ACTIONS.has(data.action)) {
+                console.warn(`[elicitation] Unrecognized poll action "${data.action}" for request ${requestId}. ` +
+                    `Treating as "decline" (fail-safe).`);
+                return { action: 'decline' };
+            }
             return {
                 action: data.action,
                 content: data.content ?? undefined,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gmail-workspace-mcp-server",
-  "version": "0.4.3",
+  "version": "0.4.5",
   "description": "MCP server for Gmail integration with OAuth2 and service account support",
   "main": "build/index.js",
   "type": "module",

package/shared/tools/draft-email.d.ts

@@ -3,8 +3,9 @@ import { z } from 'zod';
 import type { ClientFactory } from '../server.js';
 export declare const UpsertDraftEmailSchema: z.ZodEffects<z.ZodObject<{
     draft_id: z.ZodOptional<z.ZodString>;
-    to: z.ZodString;
-    subject: z.ZodString;
+    delete: z.ZodOptional<z.ZodBoolean>;
+    to: z.ZodOptional<z.ZodString>;
+    subject: z.ZodOptional<z.ZodString>;
     plaintext_body: z.ZodOptional<z.ZodString>;
     html_body: z.ZodOptional<z.ZodString>;
     cc: z.ZodOptional<z.ZodString>;
@@ -12,9 +13,10 @@ export declare const UpsertDraftEmailSchema: z.ZodEffects<z.ZodObject<{
     thread_id: z.ZodOptional<z.ZodString>;
     reply_to_email_id: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    to: string;
-    subject: string;
     draft_id?: string | undefined;
+    delete?: boolean | undefined;
+    to?: string | undefined;
+    subject?: string | undefined;
     plaintext_body?: string | undefined;
     html_body?: string | undefined;
     cc?: string | undefined;
@@ -22,9 +24,10 @@ export declare const UpsertDraftEmailSchema: z.ZodEffects<z.ZodObject<{
     thread_id?: string | undefined;
     reply_to_email_id?: string | undefined;
 }, {
-    to: string;
-    subject: string;
     draft_id?: string | undefined;
+    delete?: boolean | undefined;
+    to?: string | undefined;
+    subject?: string | undefined;
     plaintext_body?: string | undefined;
     html_body?: string | undefined;
     cc?: string | undefined;
@@ -32,9 +35,10 @@ export declare const UpsertDraftEmailSchema: z.ZodEffects<z.ZodObject<{
     thread_id?: string | undefined;
     reply_to_email_id?: string | undefined;
 }>, {
-    to: string;
-    subject: string;
     draft_id?: string | undefined;
+    delete?: boolean | undefined;
+    to?: string | undefined;
+    subject?: string | undefined;
     plaintext_body?: string | undefined;
     html_body?: string | undefined;
     cc?: string | undefined;
@@ -42,9 +46,10 @@ export declare const UpsertDraftEmailSchema: z.ZodEffects<z.ZodObject<{
     thread_id?: string | undefined;
     reply_to_email_id?: string | undefined;
 }, {
-    to: string;
-    subject: string;
     draft_id?: string | undefined;
+    delete?: boolean | undefined;
+    to?: string | undefined;
+    subject?: string | undefined;
     plaintext_body?: string | undefined;
     html_body?: string | undefined;
     cc?: string | undefined;
@@ -62,6 +67,10 @@ export declare function upsertDraftEmailTool(server: Server, clientFactory: Clie
                 type: string;
                 description: string;
             };
+            delete: {
+                type: string;
+                description: string;
+            };
             to: {
                 type: string;
                 description: "Recipient email address(es). For multiple recipients, separate with commas.";
@@ -95,7 +104,7 @@ export declare function upsertDraftEmailTool(server: Server, clientFactory: Clie
                 description: string;
             };
         };
-        required: string[];
+        required: never[];
     };
     handler: (args: unknown) => Promise<{
         content: {

package/shared/tools/draft-email.js

@@ -1,9 +1,11 @@
 import { z } from 'zod';
 import { getHeader } from '../utils/email-helpers.js';
 const PARAM_DESCRIPTIONS = {
-    draft_id: 'ID of an existing draft to update. If provided, the draft is replaced in-place ' +
-        'with the new content. If omitted, a new draft is created. ' +
+    draft_id: 'ID of an existing draft to update or delete. If provided, the draft is replaced in-place ' +
+        'with the new content (or deleted if delete is true). If omitted, a new draft is created. ' +
         'Get draft IDs from list_draft_emails or from a previous upsert_draft_email response.',
+    delete: 'Set to true to delete the draft specified by draft_id. ' +
+        'Requires draft_id. All other parameters are ignored when deleting.',
     to: 'Recipient email address(es). For multiple recipients, separate with commas.',
     subject: 'Subject line of the email.',
     plaintext_body: 'Plain text body content of the email. At least one of plaintext_body or html_body must be provided. If both are provided, a multipart email is sent with both versions.',
@@ -18,8 +20,9 @@ const PARAM_DESCRIPTIONS = {
 export const UpsertDraftEmailSchema = z
     .object({
     draft_id: z.string().optional().describe(PARAM_DESCRIPTIONS.draft_id),
-    to: z.string().min(1).describe(PARAM_DESCRIPTIONS.to),
-    subject: z.string().min(1).describe(PARAM_DESCRIPTIONS.subject),
+    delete: z.boolean().optional().describe(PARAM_DESCRIPTIONS.delete),
+    to: z.string().min(1).optional().describe(PARAM_DESCRIPTIONS.to),
+    subject: z.string().min(1).optional().describe(PARAM_DESCRIPTIONS.subject),
     plaintext_body: z.string().min(1).optional().describe(PARAM_DESCRIPTIONS.plaintext_body),
     html_body: z.string().min(1).optional().describe(PARAM_DESCRIPTIONS.html_body),
     cc: z.string().optional().describe(PARAM_DESCRIPTIONS.cc),
@@ -27,26 +30,39 @@ export const UpsertDraftEmailSchema = z
     thread_id: z.string().optional().describe(PARAM_DESCRIPTIONS.thread_id),
     reply_to_email_id: z.string().optional().describe(PARAM_DESCRIPTIONS.reply_to_email_id),
 })
-    .refine((data) => {
-    return Boolean(data.plaintext_body) || Boolean(data.html_body);
-}, {
-    message: 'At least one of plaintext_body or html_body must be provided.',
+    .superRefine((data, ctx) => {
+    if (data.delete) {
+        if (!data.draft_id) {
+            ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                message: 'draft_id is required when delete is true.',
+            });
+        }
+        return;
+    }
+    if (!data.to || !data.subject || (!data.plaintext_body && !data.html_body)) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message: 'to, subject, and at least one of plaintext_body or html_body must be provided.',
+        });
+    }
 });
-const TOOL_DESCRIPTION = `Create a new draft email or update an existing one.
+const TOOL_DESCRIPTION = `Create, update, or delete a draft email.
 
 **Parameters:**
-- draft_id: ID of an existing draft to update (optional — omit to create a new draft)
-- to: Recipient email address(es) (required)
-- subject: Email subject line (required)
-- plaintext_body: Plain text body content (at least one of plaintext_body or html_body required)
-- html_body: HTML body content for rich text formatting (at least one of plaintext_body or html_body required)
+- draft_id: ID of an existing draft to update or delete (optional — omit to create a new draft)
+- delete: Set to true to delete the draft specified by draft_id (optional)
+- to: Recipient email address(es) (required for create/update)
+- subject: Email subject line (required for create/update)
+- plaintext_body: Plain text body content (at least one of plaintext_body or html_body required for create/update)
+- html_body: HTML body content for rich text formatting (at least one of plaintext_body or html_body required for create/update)
 - cc: CC recipients (optional)
 - bcc: BCC recipients (optional)
 - thread_id: Thread ID to reply to an existing conversation (optional)
 - reply_to_email_id: Email ID to reply to, sets proper reply headers (optional)
 
 **Body content:**
-At least one of plaintext_body or html_body must be provided. If both are provided, a multipart email is sent with both plain text and HTML versions. Use html_body for rich formatting like hyperlinks, bold text, or lists.
+At least one of plaintext_body or html_body must be provided for create/update. If both are provided, a multipart email is sent with both plain text and HTML versions. Use html_body for rich formatting like hyperlinks, bold text, or lists.
 
 **Creating a reply:**
 To create a draft reply to an existing email:
@@ -56,11 +72,15 @@ To create a draft reply to an existing email:
 **Updating a draft:**
 To update an existing draft, provide the draft_id from a previous upsert_draft_email response or from list_draft_emails. The draft is replaced in-place — all fields must be provided (not just the ones you want to change).
 
+**Deleting a draft:**
+To delete a draft, provide the draft_id and set delete to true. All other parameters are ignored when deleting.
+
 **Use cases:**
 - Draft a new email for later review
 - Prepare a reply to an email conversation
 - Revise a draft after user feedback (without creating duplicates)
 - Save an email without sending it immediately
+- Delete a corrupted or unwanted draft
 
 **Note:** The draft will be saved in Gmail's Drafts folder. Use send_email with from_draft_id to send it.`;
 export function upsertDraftEmailTool(server, clientFactory) {
@@ -74,6 +94,10 @@ export function upsertDraftEmailTool(server, clientFactory) {
                     type: 'string',
                     description: PARAM_DESCRIPTIONS.draft_id,
                 },
+                delete: {
+                    type: 'boolean',
+                    description: PARAM_DESCRIPTIONS.delete,
+                },
                 to: {
                     type: 'string',
                     description: PARAM_DESCRIPTIONS.to,
@@ -107,12 +131,24 @@ export function upsertDraftEmailTool(server, clientFactory) {
                     description: PARAM_DESCRIPTIONS.reply_to_email_id,
                 },
             },
-            required: ['to', 'subject'],
+            required: [],
         },
         handler: async (args) => {
             try {
                 const parsed = UpsertDraftEmailSchema.parse(args ?? {});
                 const client = clientFactory();
+                // Delete mode
+                if (parsed.delete) {
+                    await client.deleteDraft(parsed.draft_id);
+                    return {
+                        content: [
+                            {
+                                type: 'text',
+                                text: `Draft deleted successfully!\n\n**Draft ID:** ${parsed.draft_id}`,
+                            },
+                        ],
+                    };
+                }
                 let inReplyTo;
                 let references;
                 // If replying to an email, get the Message-ID for proper threading
@@ -176,11 +212,17 @@ export function upsertDraftEmailTool(server, clientFactory) {
                 };
             }
             catch (error) {
+                const typedArgs = args;
+                const errorAction = typedArgs?.delete
+                    ? 'deleting'
+                    : typedArgs?.draft_id
+                        ? 'updating'
+                        : 'creating';
                 return {
                     content: [
                         {
                             type: 'text',
-                            text: `Error ${args?.draft_id ? 'updating' : 'creating'} draft: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                            text: `Error ${errorAction} draft: ${error instanceof Error ? error.message : 'Unknown error'}`,
                         },
                     ],
                     isError: true,

package/shared/tools/send-email.d.ts

@@ -102,12 +102,12 @@ export declare function sendEmailTool(server: Server, clientFactory: ClientFacto
             type: string;
             text: string;
         }[];
-        isError?: undefined;
+        isError: boolean;
     } | {
         content: {
             type: string;
             text: string;
         }[];
-        isError: boolean;
+        isError?: undefined;
     }>;
 };

package/shared/tools/send-email.js

@@ -139,7 +139,20 @@ export function sendEmailTool(server, clientFactory) {
                             'com.pulsemcp/tool-name': 'send_email',
                         },
                     }, elicitationConfig);
-                    if (confirmation.action === 'decline' || confirmation.action === 'cancel') {
+                    // Fail-safe: only proceed on explicit 'accept'.
+                    // Any other action (decline, cancel, expired, or unrecognized) blocks the send.
+                    if (confirmation.action !== 'accept') {
+                        if (confirmation.action === 'expired') {
+                            return {
+                                content: [
+                                    {
+                                        type: 'text',
+                                        text: 'Email sending confirmation expired. Please try again.',
+                                    },
+                                ],
+                                isError: true,
+                            };
+                        }
                         return {
                             content: [
                                 {
@@ -149,19 +162,8 @@ export function sendEmailTool(server, clientFactory) {
                             ],
                         };
                     }
-                    if (confirmation.action === 'expired') {
-                        return {
-                            content: [
-                                {
-                                    type: 'text',
-                                    text: 'Email sending confirmation expired. Please try again.',
-                                },
-                            ],
-                            isError: true,
-                        };
-                    }
-                    // action === 'accept' with content.confirm === true, or
-                    // action === 'accept' from disabled mode (no content)
+                    // We reach here only when action === 'accept'.
+                    // Still check if the user explicitly unchecked the confirm checkbox.
                     if (confirmation.content &&
                         'confirm' in confirmation.content &&
                         confirmation.content.confirm === false) {