graph-mcp 0.1.0__tar.gz

graph_mcp-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,40 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+  # Alternatively, you can trigger on push to a specific tag:
+  # push:
+  #   tags:
+  #     - 'v*'
+
+jobs:
+  pypi-publish:
+    name: Build and publish Python distribution to PyPI
+    runs-on: ubuntu-latest
+
+    # REQUIRED: environment and permissions for Trusted Publishing
+    environment:
+      name: pypi
+      url: https://pypi.org/p/graph-mcp
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install build dependencies
+        run: python -m pip install --upgrade pip build
+
+      - name: Build a binary wheel and a source tarball
+        run: python -m build
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

graph_mcp-0.1.0/.gitignore

@@ -0,0 +1,214 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer,
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+
+temp.md
+
+# Token persistence
+*.tokens.enc
+.tokens.enc

graph_mcp-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 JustStas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

graph_mcp-0.1.0/PKG-INFO

@@ -0,0 +1,130 @@
+Metadata-Version: 2.4
+Name: graph-mcp
+Version: 0.1.0
+Summary: MCP server for Microsoft Teams, Outlook Calendar, and Mail via Microsoft Graph API
+Project-URL: Homepage, https://github.com/JustStas/Graph-MCP
+Project-URL: Repository, https://github.com/JustStas/Graph-MCP.git
+Author: JustStas
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: >=3.10
+Requires-Dist: cryptography>=42.0
+Requires-Dist: fastmcp>=2.0
+Requires-Dist: httpx>=0.27
+Requires-Dist: pydantic-settings>=2.0
+Requires-Dist: pydantic>=2.0
+Description-Content-Type: text/markdown
+
+# Graph MCP
+
+An MCP server that connects Claude to Microsoft Teams, Outlook Calendar, and Mail through the Microsoft Graph API.
+
+## What it does
+
+Gives Claude access to 29 tools:
+
+| Category | Tools |
+|---|---|
+| **Auth** | Check status, login (browser OAuth), logout |
+| **Chats** | List chats, read/send messages, create chats, list members |
+| **Teams & Channels** | List teams, list channels, read/send messages, list members, read/send replies |
+| **Calendar** | List calendars, list events (with date range), get event details |
+| **Mail** | List emails, read email, search emails, send email, reply to email |
+| **Users** | Search organization directory |
+| **Presence** | Get/set your presence, get another user's presence |
+| **Search** | Search messages across all chats and channels |
+
+## Prerequisites
+
+You need an Azure App Registration:
+
+1. Go to [Azure Portal](https://portal.azure.com) > App registrations > New registration
+2. Set platform to **Mobile and desktop applications**
+3. Set redirect URI to `http://localhost:3000/auth/callback`
+4. Mark as **Public client** (no client secret needed)
+5. Under API permissions, add these **delegated** permissions:
+
+   - `offline_access`, `openid`, `profile`, `User.Read`
+   - `User.ReadBasic.All`
+   - `Chat.Read`, `Chat.ReadWrite`, `ChatMessage.Send`
+   - `ChannelMessage.Read.All`, `ChannelMessage.Send`
+   - `Team.ReadBasic.All`, `Channel.ReadBasic.All`, `ChannelMember.Read.All`
+   - `Calendars.Read`
+   - `Mail.Read`, `Mail.Send`
+   - `Presence.Read`, `Presence.Read.All`, `Presence.ReadWrite`
+
+## Install
+
+```
+pip install graph-mcp
+```
+
+Or from a cloned repo:
+
+```
+pip install -e .
+```
+
+## Setup
+
+```
+graph-mcp setup
+```
+
+This asks for your Azure Client ID and Tenant ID, then gives you the exact command:
+
+```
+claude mcp add graph -e AZURE_CLIENT_ID=your-id -e AZURE_TENANT_ID=your-tenant -- /path/to/graph-mcp
+```
+
+Paste it, start Claude Code, and ask Claude to log in. It opens your browser for OAuth sign-in — that's it.
+
+## How it works
+
+```
+Claude Code  ──stdio──>  graph-mcp  ──HTTPS──>  Microsoft Graph API
+                              │
+                         ~/.graph-mcp/
+                           tokens.enc  (encrypted)
+                           .key        (auto-generated)
+```
+
+- **Auth**: OAuth2 Authorization Code flow with PKCE. Login opens your browser, a local callback server captures the token. No secrets stored in config.
+- **Token persistence**: Tokens are encrypted with Fernet and stored in `~/.graph-mcp/tokens.enc`. The encryption key is auto-generated on first use. Logins survive server restarts.
+- **Token refresh**: Access tokens are refreshed automatically before they expire. You only need to log in again if the refresh token itself expires.
+- **Rate limiting**: Sliding window counter with exponential backoff. Respects `Retry-After` headers on 429 responses.
+
+## Configuration
+
+All configuration is passed via environment variables (set in the MCP config's `env` block):
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `AZURE_CLIENT_ID` | Yes | — | From your Azure App Registration |
+| `AZURE_TENANT_ID` | No | `common` | Your Azure tenant ID, or `common` for multi-tenant |
+| `GRAPH_REDIRECT_URI` | No | `http://localhost:3000/auth/callback` | Must match Azure app registration |
+| `GRAPH_TOKEN_ENCRYPTION_KEY` | No | auto-generated | Fernet key for token encryption |
+| `GRAPH_DEBUG` | No | `false` | Enable verbose logging |
+
+## Troubleshooting
+
+**"Approval required" error during login**
+Your Azure app is requesting scopes that aren't registered or need admin consent. Check the API permissions in the Azure portal match the list above.
+
+**403 Forbidden on specific tools**
+The endpoint needs a permission that's not in your Azure app registration, or requires admin consent.
+
+**Login works but tools say "not authenticated"**
+Restart the MCP server (`claude mcp restart graph`) — it may be running an old version.
+
+## Disclaimer
+
+This project is an independent open-source effort and is **not affiliated with, endorsed by, or sponsored by Microsoft Corporation**. Microsoft, Microsoft Teams, Outlook, Microsoft 365, Microsoft Graph, and Azure are trademarks of the Microsoft group of companies.
+
+This software is provided "as is", without warranty of any kind. Use it at your own risk. The authors accept no liability for any damages, data loss, or security issues arising from the use of this software. You are responsible for complying with your organization's policies and Microsoft's [API Terms of Use](https://learn.microsoft.com/en-us/legal/microsoft-apis/terms-of-use) when using this tool.
+
+This software accesses Microsoft services on your behalf using your own credentials and Azure app registration. Data retrieved from Microsoft Graph (emails, messages, calendar events, etc.) is passed to the LLM that invoked the tool. Be mindful of your organization's data handling policies when using this with cloud-hosted AI models.
+
+## License
+
+MIT — see [LICENSE](LICENSE).

graph_mcp-0.1.0/README.md

@@ -0,0 +1,113 @@
+# Graph MCP
+
+An MCP server that connects Claude to Microsoft Teams, Outlook Calendar, and Mail through the Microsoft Graph API.
+
+## What it does
+
+Gives Claude access to 29 tools:
+
+| Category | Tools |
+|---|---|
+| **Auth** | Check status, login (browser OAuth), logout |
+| **Chats** | List chats, read/send messages, create chats, list members |
+| **Teams & Channels** | List teams, list channels, read/send messages, list members, read/send replies |
+| **Calendar** | List calendars, list events (with date range), get event details |
+| **Mail** | List emails, read email, search emails, send email, reply to email |
+| **Users** | Search organization directory |
+| **Presence** | Get/set your presence, get another user's presence |
+| **Search** | Search messages across all chats and channels |
+
+## Prerequisites
+
+You need an Azure App Registration:
+
+1. Go to [Azure Portal](https://portal.azure.com) > App registrations > New registration
+2. Set platform to **Mobile and desktop applications**
+3. Set redirect URI to `http://localhost:3000/auth/callback`
+4. Mark as **Public client** (no client secret needed)
+5. Under API permissions, add these **delegated** permissions:
+
+   - `offline_access`, `openid`, `profile`, `User.Read`
+   - `User.ReadBasic.All`
+   - `Chat.Read`, `Chat.ReadWrite`, `ChatMessage.Send`
+   - `ChannelMessage.Read.All`, `ChannelMessage.Send`
+   - `Team.ReadBasic.All`, `Channel.ReadBasic.All`, `ChannelMember.Read.All`
+   - `Calendars.Read`
+   - `Mail.Read`, `Mail.Send`
+   - `Presence.Read`, `Presence.Read.All`, `Presence.ReadWrite`
+
+## Install
+
+```
+pip install graph-mcp
+```
+
+Or from a cloned repo:
+
+```
+pip install -e .
+```
+
+## Setup
+
+```
+graph-mcp setup
+```
+
+This asks for your Azure Client ID and Tenant ID, then gives you the exact command:
+
+```
+claude mcp add graph -e AZURE_CLIENT_ID=your-id -e AZURE_TENANT_ID=your-tenant -- /path/to/graph-mcp
+```
+
+Paste it, start Claude Code, and ask Claude to log in. It opens your browser for OAuth sign-in — that's it.
+
+## How it works
+
+```
+Claude Code  ──stdio──>  graph-mcp  ──HTTPS──>  Microsoft Graph API
+                              │
+                         ~/.graph-mcp/
+                           tokens.enc  (encrypted)
+                           .key        (auto-generated)
+```
+
+- **Auth**: OAuth2 Authorization Code flow with PKCE. Login opens your browser, a local callback server captures the token. No secrets stored in config.
+- **Token persistence**: Tokens are encrypted with Fernet and stored in `~/.graph-mcp/tokens.enc`. The encryption key is auto-generated on first use. Logins survive server restarts.
+- **Token refresh**: Access tokens are refreshed automatically before they expire. You only need to log in again if the refresh token itself expires.
+- **Rate limiting**: Sliding window counter with exponential backoff. Respects `Retry-After` headers on 429 responses.
+
+## Configuration
+
+All configuration is passed via environment variables (set in the MCP config's `env` block):
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `AZURE_CLIENT_ID` | Yes | — | From your Azure App Registration |
+| `AZURE_TENANT_ID` | No | `common` | Your Azure tenant ID, or `common` for multi-tenant |
+| `GRAPH_REDIRECT_URI` | No | `http://localhost:3000/auth/callback` | Must match Azure app registration |
+| `GRAPH_TOKEN_ENCRYPTION_KEY` | No | auto-generated | Fernet key for token encryption |
+| `GRAPH_DEBUG` | No | `false` | Enable verbose logging |
+
+## Troubleshooting
+
+**"Approval required" error during login**
+Your Azure app is requesting scopes that aren't registered or need admin consent. Check the API permissions in the Azure portal match the list above.
+
+**403 Forbidden on specific tools**
+The endpoint needs a permission that's not in your Azure app registration, or requires admin consent.
+
+**Login works but tools say "not authenticated"**
+Restart the MCP server (`claude mcp restart graph`) — it may be running an old version.
+
+## Disclaimer
+
+This project is an independent open-source effort and is **not affiliated with, endorsed by, or sponsored by Microsoft Corporation**. Microsoft, Microsoft Teams, Outlook, Microsoft 365, Microsoft Graph, and Azure are trademarks of the Microsoft group of companies.
+
+This software is provided "as is", without warranty of any kind. Use it at your own risk. The authors accept no liability for any damages, data loss, or security issues arising from the use of this software. You are responsible for complying with your organization's policies and Microsoft's [API Terms of Use](https://learn.microsoft.com/en-us/legal/microsoft-apis/terms-of-use) when using this tool.
+
+This software accesses Microsoft services on your behalf using your own credentials and Azure app registration. Data retrieved from Microsoft Graph (emails, messages, calendar events, etc.) is passed to the LLM that invoked the tool. Be mindful of your organization's data handling policies when using this with cloud-hosted AI models.
+
+## License
+
+MIT — see [LICENSE](LICENSE).

graph_mcp-0.1.0/pyproject.toml

@@ -0,0 +1,29 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "graph-mcp"
+version = "0.1.0"
+description = "MCP server for Microsoft Teams, Outlook Calendar, and Mail via Microsoft Graph API"
+readme = "README.md"
+authors = [
+    { name = "JustStas" }
+]
+license = "MIT"
+requires-python = ">=3.10"
+
+dependencies = [
+    "fastmcp>=2.0",
+    "httpx>=0.27",
+    "pydantic>=2.0",
+    "pydantic-settings>=2.0",
+    "cryptography>=42.0",
+]
+
+[project.scripts]
+graph-mcp = "graph_mcp:main"
+
+[project.urls]
+Homepage = "https://github.com/JustStas/Graph-MCP"
+Repository = "https://github.com/JustStas/Graph-MCP.git"

graph_mcp-0.1.0/src/graph_mcp/__init__.py

@@ -0,0 +1,3 @@
+from graph_mcp.server import main
+
+__all__ = ["main"]

graph_mcp-0.1.0/src/graph_mcp/__main__.py

@@ -0,0 +1,3 @@
+from graph_mcp.server import main
+
+main()

graph_mcp-0.1.0/src/graph_mcp/_select_fields.py

@@ -0,0 +1,20 @@
+"""$select field constants for Graph API resource types."""
+
+EVENT_LIST_FIELDS = (
+    "id,subject,start,end,location,organizer,attendees,isAllDay,"
+    "isCancelled,showAs,isOnlineMeeting,onlineMeeting,categories,"
+    "responseStatus,bodyPreview,recurrence,type"
+)
+
+CHAT_FIELDS = "id,chatType,topic,createdDateTime,lastUpdatedDateTime"
+
+TEAM_FIELDS = "id,displayName,description"
+
+CHANNEL_FIELDS = "id,displayName,description,membershipType"
+
+MAIL_LIST_FIELDS = (
+    "id,subject,from,toRecipients,receivedDateTime,bodyPreview,"
+    "isRead,hasAttachments,importance,flag"
+)
+
+USER_PROFILE_FIELDS = "id,displayName,mail,jobTitle,department,officeLocation"