msoutlook-mcp 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +11 -11
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # msoutlook-mcp
2
2
 
3
- MCP server for Microsoft Outlook Web no app registration required.
3
+ MCP server for Microsoft Outlook Web. No app registration required.
4
4
 
5
5
  Uses your existing Outlook Web session (the same way [msteams-mcp](https://github.com/m0nkmaster/msteams-mcp) uses the Teams web session). Opens a browser once for login, then caches tokens and refreshes them automatically.
6
6
 
@@ -9,7 +9,7 @@ Uses your existing Outlook Web session (the same way [msteams-mcp](https://githu
9
9
  Microsoft Outlook Web (OWA) uses MSAL to store OAuth tokens in `localStorage`. This server:
10
10
 
11
11
  1. Opens a browser to `outlook.office.com` via Playwright
12
- 2. Extracts the MSAL token cache from `localStorage` using OWA's own first-party client ID (`9199bf20-a13f-4107-85dc-02114787ef48`)
12
+ 2. Extracts the MSAL token cache from `localStorage`, using OWA's own first-party client ID (`9199bf20-a13f-4107-85dc-02114787ef48`)
13
13
  3. Caches the access token, refresh token, and session state in `~/.msoutlook-mcp-server/` (AES-256-GCM encrypted)
14
14
  4. Refreshes tokens automatically using the refresh token (HTTP, no browser) or headless browser as fallback
15
15
 
@@ -86,9 +86,9 @@ Then run `outlook_login` from your MCP client to open the browser and authentica
86
86
 
87
87
  Session files are stored encrypted in `~/.msoutlook-mcp-server/`:
88
88
 
89
- - `session-state.json` Playwright browser session (cookies + localStorage)
90
- - `token-cache.json` Extracted and cached tokens
91
- - `browser-profile/` Persistent browser profile for headless refresh
89
+ - `session-state.json`: Playwright browser session (cookies + localStorage)
90
+ - `token-cache.json`: Extracted and cached tokens
91
+ - `browser-profile/`: Persistent browser profile for headless refresh
92
92
 
93
93
  If your session expires, run `outlook_login` again.
94
94
 
@@ -96,8 +96,8 @@ If your session expires, run `outlook_login` again.
96
96
 
97
97
  Tokens are refreshed automatically:
98
98
 
99
- 1. **HTTP refresh** (fast, no browser) uses the cached refresh token with OWA's client ID
100
- 2. **Headless browser refresh** fallback if HTTP refresh fails; opens a headless Edge window to silently re-acquire tokens from the saved browser session
99
+ 1. **HTTP refresh** (fast, no browser): uses the cached refresh token with OWA's client ID
100
+ 2. **Headless browser refresh**: fallback if HTTP refresh fails; opens a headless Edge window to silently re-acquire tokens from the saved browser session
101
101
 
102
102
  ## Requirements
103
103
 
@@ -111,16 +111,16 @@ Tokens are refreshed automatically:
111
111
  |---------|-------|-------|---------|
112
112
  | Browser auto-detection | System default (Edge/Chrome) | Chrome fallback | Edge (pre-installed) |
113
113
  | SSO cookie import | ✅ Chrome + Edge via Keychain | ✅ Chrome + Edge via libsecret / `"peanuts"` fallback | ✅ Edge via DPAPI (PowerShell) |
114
- | Windows Chrome 127+ cookies | | | ⚠️ App-Bound Encryption not supported. Use Edge instead. |
114
+ | Windows Chrome 127+ cookies | n/a | n/a | ⚠️ App-Bound Encryption (not supported). Use Edge instead. |
115
115
  | Headed browser fallback | ✅ | ✅ | ✅ |
116
116
 
117
- Cookie import is a best-effort optimisation. If it cannot run (e.g. no matching browser installed, Keychain denied), the MCP falls back to opening a headed browser where you sign in once manually the session then persists.
117
+ Cookie import is a best-effort optimisation. If it cannot run (e.g. no matching browser installed, Keychain denied), the MCP falls back to opening a headed browser where you sign in once manually, and the session then persists.
118
118
 
119
119
  ## Security notes
120
120
 
121
- - Uses the same auth as the Outlook web client your access is limited to what your account can do
121
+ - Uses the same auth as the Outlook web client, so your access is limited to what your account can do
122
122
  - Tokens are encrypted at rest (AES-256-GCM with a machine-derived key)
123
- - Uses undocumented internal APIs Microsoft may change these without notice
123
+ - Uses undocumented internal APIs, which Microsoft may change without notice
124
124
  - Always confirm email content with the user before sending
125
125
 
126
126
  ## Environment variables
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "msoutlook-mcp",
3
- "version": "0.1.1",
4
- "description": "MCP server for Microsoft Outlook web no app registration required, uses your existing Outlook session",
3
+ "version": "0.1.2",
4
+ "description": "MCP server for Microsoft Outlook web. No app registration required, uses your existing Outlook session.",
5
5
  "keywords": [
6
6
  "mcp",
7
7
  "outlook",