mcp-gmail-manager 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- mcp_gmail_manager-0.1.0/.gitignore +38 -0
- mcp_gmail_manager-0.1.0/LICENSE +21 -0
- mcp_gmail_manager-0.1.0/PKG-INFO +196 -0
- mcp_gmail_manager-0.1.0/README.md +169 -0
- mcp_gmail_manager-0.1.0/README.pt-BR.md +169 -0
- mcp_gmail_manager-0.1.0/examples/config.example.json +14 -0
- mcp_gmail_manager-0.1.0/examples/config.with-allowlist.json +14 -0
- mcp_gmail_manager-0.1.0/pyproject.toml +42 -0
- mcp_gmail_manager-0.1.0/src/mcp_gmail_manager/__init__.py +3 -0
- mcp_gmail_manager-0.1.0/src/mcp_gmail_manager/auth.py +54 -0
- mcp_gmail_manager-0.1.0/src/mcp_gmail_manager/config.py +98 -0
- mcp_gmail_manager-0.1.0/src/mcp_gmail_manager/server.py +931 -0
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Python
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[cod]
|
|
4
|
+
*$py.class
|
|
5
|
+
*.so
|
|
6
|
+
.Python
|
|
7
|
+
*.egg-info/
|
|
8
|
+
*.egg
|
|
9
|
+
dist/
|
|
10
|
+
build/
|
|
11
|
+
.eggs/
|
|
12
|
+
wheels/
|
|
13
|
+
|
|
14
|
+
# Virtual envs
|
|
15
|
+
.venv/
|
|
16
|
+
venv/
|
|
17
|
+
env/
|
|
18
|
+
ENV/
|
|
19
|
+
|
|
20
|
+
# Tooling
|
|
21
|
+
.pytest_cache/
|
|
22
|
+
.mypy_cache/
|
|
23
|
+
.ruff_cache/
|
|
24
|
+
.coverage
|
|
25
|
+
htmlcov/
|
|
26
|
+
|
|
27
|
+
# IDE
|
|
28
|
+
.vscode/
|
|
29
|
+
.idea/
|
|
30
|
+
*.swp
|
|
31
|
+
*.swo
|
|
32
|
+
.DS_Store
|
|
33
|
+
|
|
34
|
+
# OAuth credentials & runtime state — NEVER commit
|
|
35
|
+
credentials.json
|
|
36
|
+
token.json
|
|
37
|
+
audit.jsonl
|
|
38
|
+
config.json
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Arthur Jhonathas Lima
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: mcp-gmail-manager
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Gmail Model Context Protocol server with recipient allowlist and local audit log.
|
|
5
|
+
Project-URL: Homepage, https://github.com/arthjhon/mcp-gmail-manager
|
|
6
|
+
Project-URL: Issues, https://github.com/arthjhon/mcp-gmail-manager/issues
|
|
7
|
+
Project-URL: Repository, https://github.com/arthjhon/mcp-gmail-manager
|
|
8
|
+
Author-email: Arthur Jhonathas Lima <arthur.jhonathas@umj.edu.br>
|
|
9
|
+
License-Expression: MIT
|
|
10
|
+
License-File: LICENSE
|
|
11
|
+
Keywords: allowlist,audit,claude,email,gmail,mcp,model-context-protocol
|
|
12
|
+
Classifier: Development Status :: 4 - Beta
|
|
13
|
+
Classifier: Intended Audience :: Developers
|
|
14
|
+
Classifier: Intended Audience :: System Administrators
|
|
15
|
+
Classifier: Operating System :: OS Independent
|
|
16
|
+
Classifier: Programming Language :: Python :: 3
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
18
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
19
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
20
|
+
Classifier: Topic :: Communications :: Email
|
|
21
|
+
Requires-Python: >=3.10
|
|
22
|
+
Requires-Dist: google-api-python-client>=2.0
|
|
23
|
+
Requires-Dist: google-auth-oauthlib>=1.0
|
|
24
|
+
Requires-Dist: google-auth>=2.0
|
|
25
|
+
Requires-Dist: mcp>=1.0.0
|
|
26
|
+
Description-Content-Type: text/markdown
|
|
27
|
+
|
|
28
|
+
# mcp-gmail-manager
|
|
29
|
+
|
|
30
|
+
> 🌐 **[Leia em português (pt-BR) →](README.pt-BR.md)**
|
|
31
|
+
|
|
32
|
+
[](https://pypi.org/project/mcp-gmail-manager/)
|
|
33
|
+
[](https://pypi.org/project/mcp-gmail-manager/)
|
|
34
|
+
[](LICENSE)
|
|
35
|
+
[](https://modelcontextprotocol.io)
|
|
36
|
+
|
|
37
|
+
A comprehensive Gmail [Model Context Protocol](https://modelcontextprotocol.io) server: **33 tools** covering send, reply, forward, drafts, search, read, attachments, trash, labels, filters, signature, and vacation responder.
|
|
38
|
+
|
|
39
|
+
Two optional features that distinguish it from other Gmail MCPs:
|
|
40
|
+
|
|
41
|
+
- **Local audit log** (on by default) — every write/send/modify/download appends a JSON line to `audit.jsonl`. Metadata only (no body content). Compliance trail without third-party services.
|
|
42
|
+
- **Recipient allowlist** (off by default) — when enabled, every outbound operation (`send_email`, `create_draft`, `reply_to_message`, `forward_message`) checks recipients against configured domains and explicit addresses. Useful for institutional / compliance contexts. See [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) to enable.
|
|
43
|
+
|
|
44
|
+
## Tools (33)
|
|
45
|
+
|
|
46
|
+
| Group | Tools |
|
|
47
|
+
|---|---|
|
|
48
|
+
| Send / reply / forward | `send_email`, `reply_to_message`, `forward_message` |
|
|
49
|
+
| Drafts | `create_draft`, `list_drafts`, `send_draft`, `update_draft`, `delete_draft` |
|
|
50
|
+
| Read / profile | `get_profile`, `get_message`, `search_threads`, `get_thread` |
|
|
51
|
+
| Attachments | `get_message_attachments`, `download_attachment` |
|
|
52
|
+
| Trash | `trash_message`, `untrash_message`, `trash_thread`, `untrash_thread` |
|
|
53
|
+
| Labels | `list_labels`, `create_label`, `update_label`, `delete_label`, `label_message`, `unlabel_message`, `label_thread`, `unlabel_thread` |
|
|
54
|
+
| Filters | `list_filters`, `create_filter`, `delete_filter` |
|
|
55
|
+
| Signature | `get_signature`, `update_signature` |
|
|
56
|
+
| Vacation responder | `get_vacation_responder`, `set_vacation_responder` |
|
|
57
|
+
|
|
58
|
+
OAuth scopes requested: `gmail.modify` + `gmail.settings.basic`. Does **not** request the `https://mail.google.com/` superuser scope — permanent delete is intentionally unsupported.
|
|
59
|
+
|
|
60
|
+
## Requirements
|
|
61
|
+
|
|
62
|
+
- Python ≥ 3.10
|
|
63
|
+
- A Google Cloud project with the Gmail API enabled and an OAuth 2.0 client (Desktop type)
|
|
64
|
+
- A way to forward `localhost:8765` to your auth host (typically `ssh -L 8765:localhost:8765 user@host`)
|
|
65
|
+
|
|
66
|
+
## Install
|
|
67
|
+
|
|
68
|
+
```bash
|
|
69
|
+
pip install mcp-gmail-manager
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
Or from source:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
git clone https://github.com/arthjhon/mcp-gmail-manager.git
|
|
76
|
+
cd mcp-gmail-manager
|
|
77
|
+
pip install .
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
## Google Cloud setup (one-time, ~10 minutes)
|
|
81
|
+
|
|
82
|
+
1. Go to [Google Cloud Console](https://console.cloud.google.com/) and create a new project (or pick an existing one).
|
|
83
|
+
2. Enable the **Gmail API** (not "Gmail MCP API" — that's Google's own remote MCP; not what we want).
|
|
84
|
+
3. Configure the **OAuth consent screen**:
|
|
85
|
+
- User type: **Internal** if your account is part of a Google Workspace; otherwise **External** in Testing mode (limited to 100 users, tokens expire every 7 days — fine for individuals).
|
|
86
|
+
- Scopes: add `https://www.googleapis.com/auth/gmail.modify` and `https://www.googleapis.com/auth/gmail.settings.basic`. **Do not** add anything else.
|
|
87
|
+
- Test users (External only): add the Gmail address you'll authenticate with.
|
|
88
|
+
4. Create an **OAuth Client ID**:
|
|
89
|
+
- Application type: **Desktop app**
|
|
90
|
+
- Download the JSON. Save it as `credentials.json`.
|
|
91
|
+
|
|
92
|
+
## First-time auth
|
|
93
|
+
|
|
94
|
+
Move your credentials into the config directory (default `~/.config/mcp-gmail-manager/`):
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
mkdir -p ~/.config/mcp-gmail-manager
|
|
98
|
+
mv ~/Downloads/client_secret_*.json ~/.config/mcp-gmail-manager/credentials.json
|
|
99
|
+
chmod 600 ~/.config/mcp-gmail-manager/credentials.json
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Run the auth flow:
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
mcp-gmail-manager-auth
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
This binds to `localhost:8765` and prints a Google authorisation URL. Open it in a browser **on a machine that can reach `localhost:8765` on the auth host**:
|
|
109
|
+
|
|
110
|
+
- **Local desktop**: the printed URL works directly.
|
|
111
|
+
- **Remote / headless server**: forward the port from your laptop first:
|
|
112
|
+
```bash
|
|
113
|
+
ssh -L 8765:localhost:8765 user@your-server
|
|
114
|
+
```
|
|
115
|
+
Then run `mcp-gmail-manager-auth` inside that SSH session.
|
|
116
|
+
|
|
117
|
+
Authorise with the Google account that will own outbound mail. On success the script writes `token.json` and exits.
|
|
118
|
+
|
|
119
|
+
## Register with Claude Code
|
|
120
|
+
|
|
121
|
+
```bash
|
|
122
|
+
claude mcp add gmail-manager -- mcp-gmail-manager
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
Or, if you installed inside a virtualenv that isn't on `$PATH`:
|
|
126
|
+
|
|
127
|
+
```bash
|
|
128
|
+
claude mcp add gmail-manager -- /path/to/venv/bin/mcp-gmail-manager
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
Restart your Claude Code session so the new tool schemas load.
|
|
132
|
+
|
|
133
|
+
## Configuration
|
|
134
|
+
|
|
135
|
+
`~/.config/mcp-gmail-manager/config.json` is optional — if it doesn't exist, sensible defaults apply (no allowlist, audit log enabled). Two ready-to-copy examples are provided:
|
|
136
|
+
|
|
137
|
+
- [`examples/config.example.json`](examples/config.example.json) — minimal, no allowlist (default behaviour). Use this if you want the MCP to send to any address.
|
|
138
|
+
- [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) — institutional setup with allowlist enforced.
|
|
139
|
+
|
|
140
|
+
Schema reference:
|
|
141
|
+
|
|
142
|
+
```json
|
|
143
|
+
{
|
|
144
|
+
"allowlist": {
|
|
145
|
+
"enabled": false,
|
|
146
|
+
"domains": [],
|
|
147
|
+
"emails": []
|
|
148
|
+
},
|
|
149
|
+
"audit_log": {
|
|
150
|
+
"enabled": true,
|
|
151
|
+
"path": null
|
|
152
|
+
},
|
|
153
|
+
"attachments": {
|
|
154
|
+
"max_total_bytes": 20971520
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
| Field | Default | Meaning |
|
|
160
|
+
|---|---|---|
|
|
161
|
+
| `allowlist.enabled` | `false` | When `false`, any recipient is accepted. Enable explicitly for institutional use. |
|
|
162
|
+
| `allowlist.domains` | `[]` | Lower-case domain suffixes accepted as recipients. |
|
|
163
|
+
| `allowlist.emails` | `[]` | Explicit lower-case email addresses accepted regardless of domain. |
|
|
164
|
+
| `audit_log.enabled` | `true` | Append every write/modify/send to JSONL. |
|
|
165
|
+
| `audit_log.path` | `null` | `null` → `<config_dir>/audit.jsonl`. Override to centralise logs. |
|
|
166
|
+
| `attachments.max_total_bytes` | `20971520` (20 MB) | Combined size cap per send. Gmail's hard limit is 25 MB raw. |
|
|
167
|
+
|
|
168
|
+
### Environment variable overrides
|
|
169
|
+
|
|
170
|
+
| Variable | Default |
|
|
171
|
+
|---|---|
|
|
172
|
+
| `GMAIL_MCP_CONFIG_DIR` | `$XDG_CONFIG_HOME/mcp-gmail-manager` or `~/.config/mcp-gmail-manager` |
|
|
173
|
+
| `GMAIL_MCP_CREDENTIALS` | `<config_dir>/credentials.json` |
|
|
174
|
+
| `GMAIL_MCP_TOKEN` | `<config_dir>/token.json` |
|
|
175
|
+
|
|
176
|
+
## Security notes
|
|
177
|
+
|
|
178
|
+
- **Token storage**: `token.json` is written `chmod 600`. Treat it as a password — anyone with read access can act as your Gmail account.
|
|
179
|
+
- **No remote attestation**: this server runs entirely on your machine. No telemetry, no third-party calls beyond `googleapis.com`.
|
|
180
|
+
- **Allowlist is defence in depth, not perimeter security**: an attacker who compromises your machine can read `token.json` and call the Gmail API directly, bypassing the MCP entirely. The allowlist defends against the LLM being tricked or hallucinating malicious recipients, not against host compromise.
|
|
181
|
+
- **OAuth scope is broad**: `gmail.modify` covers everything except permanent delete. If you only need to send, fork and replace the scope with `gmail.send`.
|
|
182
|
+
- **Permanent delete intentionally unsupported**: we don't request `https://mail.google.com/`. Deletes go to Trash and can be undone with `untrash_*`.
|
|
183
|
+
|
|
184
|
+
## Limitations
|
|
185
|
+
|
|
186
|
+
- OAuth "Production" verification for `gmail.modify` requires a Google security assessment (paid, weeks of process). Stay in "Internal" (Workspace) or "Testing" (≤ 100 users, 7-day token refresh) modes to avoid this.
|
|
187
|
+
- HTML email body composition is not exposed as a first-class field. Send via `create_draft` + manual HTML editing in the Gmail UI, or extend `_build_mime` in a fork.
|
|
188
|
+
- Push notifications (Pub/Sub `watch`/`stop`) not implemented — out of scope.
|
|
189
|
+
|
|
190
|
+
## Contributing
|
|
191
|
+
|
|
192
|
+
Issues and PRs welcome. Keep changes scoped, document any new tool with a schema example, and add an audit-log entry for anything that mutates state.
|
|
193
|
+
|
|
194
|
+
## License
|
|
195
|
+
|
|
196
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
# mcp-gmail-manager
|
|
2
|
+
|
|
3
|
+
> 🌐 **[Leia em português (pt-BR) →](README.pt-BR.md)**
|
|
4
|
+
|
|
5
|
+
[](https://pypi.org/project/mcp-gmail-manager/)
|
|
6
|
+
[](https://pypi.org/project/mcp-gmail-manager/)
|
|
7
|
+
[](LICENSE)
|
|
8
|
+
[](https://modelcontextprotocol.io)
|
|
9
|
+
|
|
10
|
+
A comprehensive Gmail [Model Context Protocol](https://modelcontextprotocol.io) server: **33 tools** covering send, reply, forward, drafts, search, read, attachments, trash, labels, filters, signature, and vacation responder.
|
|
11
|
+
|
|
12
|
+
Two optional features that distinguish it from other Gmail MCPs:
|
|
13
|
+
|
|
14
|
+
- **Local audit log** (on by default) — every write/send/modify/download appends a JSON line to `audit.jsonl`. Metadata only (no body content). Compliance trail without third-party services.
|
|
15
|
+
- **Recipient allowlist** (off by default) — when enabled, every outbound operation (`send_email`, `create_draft`, `reply_to_message`, `forward_message`) checks recipients against configured domains and explicit addresses. Useful for institutional / compliance contexts. See [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) to enable.
|
|
16
|
+
|
|
17
|
+
## Tools (33)
|
|
18
|
+
|
|
19
|
+
| Group | Tools |
|
|
20
|
+
|---|---|
|
|
21
|
+
| Send / reply / forward | `send_email`, `reply_to_message`, `forward_message` |
|
|
22
|
+
| Drafts | `create_draft`, `list_drafts`, `send_draft`, `update_draft`, `delete_draft` |
|
|
23
|
+
| Read / profile | `get_profile`, `get_message`, `search_threads`, `get_thread` |
|
|
24
|
+
| Attachments | `get_message_attachments`, `download_attachment` |
|
|
25
|
+
| Trash | `trash_message`, `untrash_message`, `trash_thread`, `untrash_thread` |
|
|
26
|
+
| Labels | `list_labels`, `create_label`, `update_label`, `delete_label`, `label_message`, `unlabel_message`, `label_thread`, `unlabel_thread` |
|
|
27
|
+
| Filters | `list_filters`, `create_filter`, `delete_filter` |
|
|
28
|
+
| Signature | `get_signature`, `update_signature` |
|
|
29
|
+
| Vacation responder | `get_vacation_responder`, `set_vacation_responder` |
|
|
30
|
+
|
|
31
|
+
OAuth scopes requested: `gmail.modify` + `gmail.settings.basic`. Does **not** request the `https://mail.google.com/` superuser scope — permanent delete is intentionally unsupported.
|
|
32
|
+
|
|
33
|
+
## Requirements
|
|
34
|
+
|
|
35
|
+
- Python ≥ 3.10
|
|
36
|
+
- A Google Cloud project with the Gmail API enabled and an OAuth 2.0 client (Desktop type)
|
|
37
|
+
- A way to forward `localhost:8765` to your auth host (typically `ssh -L 8765:localhost:8765 user@host`)
|
|
38
|
+
|
|
39
|
+
## Install
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
pip install mcp-gmail-manager
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Or from source:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
git clone https://github.com/arthjhon/mcp-gmail-manager.git
|
|
49
|
+
cd mcp-gmail-manager
|
|
50
|
+
pip install .
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
## Google Cloud setup (one-time, ~10 minutes)
|
|
54
|
+
|
|
55
|
+
1. Go to [Google Cloud Console](https://console.cloud.google.com/) and create a new project (or pick an existing one).
|
|
56
|
+
2. Enable the **Gmail API** (not "Gmail MCP API" — that's Google's own remote MCP; not what we want).
|
|
57
|
+
3. Configure the **OAuth consent screen**:
|
|
58
|
+
- User type: **Internal** if your account is part of a Google Workspace; otherwise **External** in Testing mode (limited to 100 users, tokens expire every 7 days — fine for individuals).
|
|
59
|
+
- Scopes: add `https://www.googleapis.com/auth/gmail.modify` and `https://www.googleapis.com/auth/gmail.settings.basic`. **Do not** add anything else.
|
|
60
|
+
- Test users (External only): add the Gmail address you'll authenticate with.
|
|
61
|
+
4. Create an **OAuth Client ID**:
|
|
62
|
+
- Application type: **Desktop app**
|
|
63
|
+
- Download the JSON. Save it as `credentials.json`.
|
|
64
|
+
|
|
65
|
+
## First-time auth
|
|
66
|
+
|
|
67
|
+
Move your credentials into the config directory (default `~/.config/mcp-gmail-manager/`):
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
mkdir -p ~/.config/mcp-gmail-manager
|
|
71
|
+
mv ~/Downloads/client_secret_*.json ~/.config/mcp-gmail-manager/credentials.json
|
|
72
|
+
chmod 600 ~/.config/mcp-gmail-manager/credentials.json
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
Run the auth flow:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
mcp-gmail-manager-auth
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
This binds to `localhost:8765` and prints a Google authorisation URL. Open it in a browser **on a machine that can reach `localhost:8765` on the auth host**:
|
|
82
|
+
|
|
83
|
+
- **Local desktop**: the printed URL works directly.
|
|
84
|
+
- **Remote / headless server**: forward the port from your laptop first:
|
|
85
|
+
```bash
|
|
86
|
+
ssh -L 8765:localhost:8765 user@your-server
|
|
87
|
+
```
|
|
88
|
+
Then run `mcp-gmail-manager-auth` inside that SSH session.
|
|
89
|
+
|
|
90
|
+
Authorise with the Google account that will own outbound mail. On success the script writes `token.json` and exits.
|
|
91
|
+
|
|
92
|
+
## Register with Claude Code
|
|
93
|
+
|
|
94
|
+
```bash
|
|
95
|
+
claude mcp add gmail-manager -- mcp-gmail-manager
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
Or, if you installed inside a virtualenv that isn't on `$PATH`:
|
|
99
|
+
|
|
100
|
+
```bash
|
|
101
|
+
claude mcp add gmail-manager -- /path/to/venv/bin/mcp-gmail-manager
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
Restart your Claude Code session so the new tool schemas load.
|
|
105
|
+
|
|
106
|
+
## Configuration
|
|
107
|
+
|
|
108
|
+
`~/.config/mcp-gmail-manager/config.json` is optional — if it doesn't exist, sensible defaults apply (no allowlist, audit log enabled). Two ready-to-copy examples are provided:
|
|
109
|
+
|
|
110
|
+
- [`examples/config.example.json`](examples/config.example.json) — minimal, no allowlist (default behaviour). Use this if you want the MCP to send to any address.
|
|
111
|
+
- [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) — institutional setup with allowlist enforced.
|
|
112
|
+
|
|
113
|
+
Schema reference:
|
|
114
|
+
|
|
115
|
+
```json
|
|
116
|
+
{
|
|
117
|
+
"allowlist": {
|
|
118
|
+
"enabled": false,
|
|
119
|
+
"domains": [],
|
|
120
|
+
"emails": []
|
|
121
|
+
},
|
|
122
|
+
"audit_log": {
|
|
123
|
+
"enabled": true,
|
|
124
|
+
"path": null
|
|
125
|
+
},
|
|
126
|
+
"attachments": {
|
|
127
|
+
"max_total_bytes": 20971520
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
```
|
|
131
|
+
|
|
132
|
+
| Field | Default | Meaning |
|
|
133
|
+
|---|---|---|
|
|
134
|
+
| `allowlist.enabled` | `false` | When `false`, any recipient is accepted. Enable explicitly for institutional use. |
|
|
135
|
+
| `allowlist.domains` | `[]` | Lower-case domain suffixes accepted as recipients. |
|
|
136
|
+
| `allowlist.emails` | `[]` | Explicit lower-case email addresses accepted regardless of domain. |
|
|
137
|
+
| `audit_log.enabled` | `true` | Append every write/modify/send to JSONL. |
|
|
138
|
+
| `audit_log.path` | `null` | `null` → `<config_dir>/audit.jsonl`. Override to centralise logs. |
|
|
139
|
+
| `attachments.max_total_bytes` | `20971520` (20 MB) | Combined size cap per send. Gmail's hard limit is 25 MB raw. |
|
|
140
|
+
|
|
141
|
+
### Environment variable overrides
|
|
142
|
+
|
|
143
|
+
| Variable | Default |
|
|
144
|
+
|---|---|
|
|
145
|
+
| `GMAIL_MCP_CONFIG_DIR` | `$XDG_CONFIG_HOME/mcp-gmail-manager` or `~/.config/mcp-gmail-manager` |
|
|
146
|
+
| `GMAIL_MCP_CREDENTIALS` | `<config_dir>/credentials.json` |
|
|
147
|
+
| `GMAIL_MCP_TOKEN` | `<config_dir>/token.json` |
|
|
148
|
+
|
|
149
|
+
## Security notes
|
|
150
|
+
|
|
151
|
+
- **Token storage**: `token.json` is written `chmod 600`. Treat it as a password — anyone with read access can act as your Gmail account.
|
|
152
|
+
- **No remote attestation**: this server runs entirely on your machine. No telemetry, no third-party calls beyond `googleapis.com`.
|
|
153
|
+
- **Allowlist is defence in depth, not perimeter security**: an attacker who compromises your machine can read `token.json` and call the Gmail API directly, bypassing the MCP entirely. The allowlist defends against the LLM being tricked or hallucinating malicious recipients, not against host compromise.
|
|
154
|
+
- **OAuth scope is broad**: `gmail.modify` covers everything except permanent delete. If you only need to send, fork and replace the scope with `gmail.send`.
|
|
155
|
+
- **Permanent delete intentionally unsupported**: we don't request `https://mail.google.com/`. Deletes go to Trash and can be undone with `untrash_*`.
|
|
156
|
+
|
|
157
|
+
## Limitations
|
|
158
|
+
|
|
159
|
+
- OAuth "Production" verification for `gmail.modify` requires a Google security assessment (paid, weeks of process). Stay in "Internal" (Workspace) or "Testing" (≤ 100 users, 7-day token refresh) modes to avoid this.
|
|
160
|
+
- HTML email body composition is not exposed as a first-class field. Send via `create_draft` + manual HTML editing in the Gmail UI, or extend `_build_mime` in a fork.
|
|
161
|
+
- Push notifications (Pub/Sub `watch`/`stop`) not implemented — out of scope.
|
|
162
|
+
|
|
163
|
+
## Contributing
|
|
164
|
+
|
|
165
|
+
Issues and PRs welcome. Keep changes scoped, document any new tool with a schema example, and add an audit-log entry for anything that mutates state.
|
|
166
|
+
|
|
167
|
+
## License
|
|
168
|
+
|
|
169
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
# mcp-gmail-manager
|
|
2
|
+
|
|
3
|
+
> 🌐 **[Read in English →](README.md)**
|
|
4
|
+
|
|
5
|
+
[](https://pypi.org/project/mcp-gmail-manager/)
|
|
6
|
+
[](https://pypi.org/project/mcp-gmail-manager/)
|
|
7
|
+
[](LICENSE)
|
|
8
|
+
[](https://modelcontextprotocol.io)
|
|
9
|
+
|
|
10
|
+
Servidor [Model Context Protocol](https://modelcontextprotocol.io) abrangente para o Gmail: **33 ferramentas** cobrindo envio, resposta, encaminhamento, rascunhos, busca, leitura, anexos, lixeira, labels, filtros, assinatura e resposta automática de férias.
|
|
11
|
+
|
|
12
|
+
Duas funcionalidades opcionais que diferenciam este MCP de outros para Gmail:
|
|
13
|
+
|
|
14
|
+
- **Log de auditoria local** (ligado por padrão) — toda operação de escrita/envio/modificação/download grava uma linha JSON em `audit.jsonl`. Apenas metadados (sem conteúdo do corpo). Trilha de compliance sem dependência de terceiros.
|
|
15
|
+
- **Allowlist de destinatários** (desligada por padrão) — quando habilitada, toda operação de envio (`send_email`, `create_draft`, `reply_to_message`, `forward_message`) confere os destinatários contra domínios e endereços explícitos configurados. Útil em contextos institucionais ou de compliance. Veja [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) para habilitar.
|
|
16
|
+
|
|
17
|
+
## Ferramentas (33)
|
|
18
|
+
|
|
19
|
+
| Grupo | Ferramentas |
|
|
20
|
+
|---|---|
|
|
21
|
+
| Envio / resposta / encaminhamento | `send_email`, `reply_to_message`, `forward_message` |
|
|
22
|
+
| Rascunhos | `create_draft`, `list_drafts`, `send_draft`, `update_draft`, `delete_draft` |
|
|
23
|
+
| Leitura / perfil | `get_profile`, `get_message`, `search_threads`, `get_thread` |
|
|
24
|
+
| Anexos | `get_message_attachments`, `download_attachment` |
|
|
25
|
+
| Lixeira | `trash_message`, `untrash_message`, `trash_thread`, `untrash_thread` |
|
|
26
|
+
| Labels | `list_labels`, `create_label`, `update_label`, `delete_label`, `label_message`, `unlabel_message`, `label_thread`, `unlabel_thread` |
|
|
27
|
+
| Filtros | `list_filters`, `create_filter`, `delete_filter` |
|
|
28
|
+
| Assinatura | `get_signature`, `update_signature` |
|
|
29
|
+
| Resposta automática | `get_vacation_responder`, `set_vacation_responder` |
|
|
30
|
+
|
|
31
|
+
Escopos OAuth solicitados: `gmail.modify` + `gmail.settings.basic`. **Não** solicita o escopo superuser `https://mail.google.com/` — delete permanente não é suportado intencionalmente.
|
|
32
|
+
|
|
33
|
+
## Requisitos
|
|
34
|
+
|
|
35
|
+
- Python ≥ 3.10
|
|
36
|
+
- Projeto no Google Cloud com a Gmail API habilitada e um OAuth Client 2.0 (tipo Desktop)
|
|
37
|
+
- Forma de fazer forward de `localhost:8765` até o host onde o auth roda (geralmente `ssh -L 8765:localhost:8765 user@host`)
|
|
38
|
+
|
|
39
|
+
## Instalação
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
pip install mcp-gmail-manager
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Ou direto do código-fonte:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
git clone https://github.com/arthjhon/mcp-gmail-manager.git
|
|
49
|
+
cd mcp-gmail-manager
|
|
50
|
+
pip install .
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
## Setup no Google Cloud (uma vez, ~10 minutos)
|
|
54
|
+
|
|
55
|
+
1. Vá para o [Google Cloud Console](https://console.cloud.google.com/) e crie um novo projeto (ou use um existente).
|
|
56
|
+
2. Habilite a **Gmail API** (não confunda com a "Gmail MCP API" — essa é o MCP gerenciado do próprio Google; não é o que queremos).
|
|
57
|
+
3. Configure a **OAuth consent screen**:
|
|
58
|
+
- User type: **Internal** se a sua conta for parte de um Google Workspace; senão **External** em modo Testing (limite de 100 usuários, tokens expiram a cada 7 dias — funciona pra uso individual).
|
|
59
|
+
- Escopos: adicione `https://www.googleapis.com/auth/gmail.modify` e `https://www.googleapis.com/auth/gmail.settings.basic`. **Nada mais.**
|
|
60
|
+
- Test users (apenas External): adicione o endereço Gmail com o qual você vai autenticar.
|
|
61
|
+
4. Crie um **OAuth Client ID**:
|
|
62
|
+
- Application type: **Desktop app**
|
|
63
|
+
- Baixe o JSON. Salve como `credentials.json`.
|
|
64
|
+
|
|
65
|
+
## Primeira autenticação
|
|
66
|
+
|
|
67
|
+
Mova as credentials para o diretório de config (padrão: `~/.config/mcp-gmail-manager/`):
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
mkdir -p ~/.config/mcp-gmail-manager
|
|
71
|
+
mv ~/Downloads/client_secret_*.json ~/.config/mcp-gmail-manager/credentials.json
|
|
72
|
+
chmod 600 ~/.config/mcp-gmail-manager/credentials.json
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
Rode o fluxo OAuth:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
mcp-gmail-manager-auth
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
Isso abre um listener em `localhost:8765` e imprime uma URL de autorização do Google. Abra a URL num browser **em uma máquina que consiga chegar em `localhost:8765` no host de auth**:
|
|
82
|
+
|
|
83
|
+
- **Desktop local**: a URL impressa funciona direto.
|
|
84
|
+
- **Servidor remoto / headless**: faça forward da porta a partir do seu laptop primeiro:
|
|
85
|
+
```bash
|
|
86
|
+
ssh -L 8765:localhost:8765 user@seu-servidor
|
|
87
|
+
```
|
|
88
|
+
Aí roda o `mcp-gmail-manager-auth` dentro daquela sessão SSH.
|
|
89
|
+
|
|
90
|
+
Autorize com a conta Google que vai assinar os emails enviados. Em caso de sucesso, o script grava `token.json` e encerra.
|
|
91
|
+
|
|
92
|
+
## Registrar no Claude Code
|
|
93
|
+
|
|
94
|
+
```bash
|
|
95
|
+
claude mcp add gmail-manager -- mcp-gmail-manager
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
Ou, se você instalou num virtualenv que não está no `$PATH`:
|
|
99
|
+
|
|
100
|
+
```bash
|
|
101
|
+
claude mcp add gmail-manager -- /caminho/para/venv/bin/mcp-gmail-manager
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
Reinicie a sessão do Claude Code pra que as schemas das ferramentas novas sejam carregadas.
|
|
105
|
+
|
|
106
|
+
## Configuração
|
|
107
|
+
|
|
108
|
+
`~/.config/mcp-gmail-manager/config.json` é opcional — se não existir, valores padrão razoáveis são aplicados (sem allowlist, audit log ligado). Dois exemplos prontos pra copiar estão incluídos:
|
|
109
|
+
|
|
110
|
+
- [`examples/config.example.json`](examples/config.example.json) — mínimo, sem allowlist (comportamento padrão). Use este se quer que o MCP envie pra qualquer endereço.
|
|
111
|
+
- [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) — setup institucional com allowlist ativa.
|
|
112
|
+
|
|
113
|
+
Referência de schema:
|
|
114
|
+
|
|
115
|
+
```json
|
|
116
|
+
{
|
|
117
|
+
"allowlist": {
|
|
118
|
+
"enabled": false,
|
|
119
|
+
"domains": [],
|
|
120
|
+
"emails": []
|
|
121
|
+
},
|
|
122
|
+
"audit_log": {
|
|
123
|
+
"enabled": true,
|
|
124
|
+
"path": null
|
|
125
|
+
},
|
|
126
|
+
"attachments": {
|
|
127
|
+
"max_total_bytes": 20971520
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
```
|
|
131
|
+
|
|
132
|
+
| Campo | Padrão | Significado |
|
|
133
|
+
|---|---|---|
|
|
134
|
+
| `allowlist.enabled` | `false` | Quando `false`, qualquer destinatário é aceito. Habilite explicitamente pra uso institucional. |
|
|
135
|
+
| `allowlist.domains` | `[]` | Sufixos de domínio (lower-case) aceitos como destinatário. |
|
|
136
|
+
| `allowlist.emails` | `[]` | Endereços explícitos (lower-case) aceitos independente do domínio. |
|
|
137
|
+
| `audit_log.enabled` | `true` | Anexa toda escrita/modificação/envio no JSONL. |
|
|
138
|
+
| `audit_log.path` | `null` | `null` → `<config_dir>/audit.jsonl`. Sobrescreva pra centralizar logs. |
|
|
139
|
+
| `attachments.max_total_bytes` | `20971520` (20 MB) | Limite combinado de tamanho por envio. Limite duro do Gmail é 25 MB raw. |
|
|
140
|
+
|
|
141
|
+
### Sobrescritas via variável de ambiente
|
|
142
|
+
|
|
143
|
+
| Variável | Padrão |
|
|
144
|
+
|---|---|
|
|
145
|
+
| `GMAIL_MCP_CONFIG_DIR` | `$XDG_CONFIG_HOME/mcp-gmail-manager` ou `~/.config/mcp-gmail-manager` |
|
|
146
|
+
| `GMAIL_MCP_CREDENTIALS` | `<config_dir>/credentials.json` |
|
|
147
|
+
| `GMAIL_MCP_TOKEN` | `<config_dir>/token.json` |
|
|
148
|
+
|
|
149
|
+
## Notas de segurança
|
|
150
|
+
|
|
151
|
+
- **Armazenamento do token**: `token.json` é gravado com `chmod 600`. Trate como senha — qualquer um com permissão de leitura consegue agir como sua conta Gmail.
|
|
152
|
+
- **Sem telemetria remota**: o servidor roda inteiramente na sua máquina. Sem telemetria, sem chamadas a terceiros além de `googleapis.com`.
|
|
153
|
+
- **Allowlist é defesa em profundidade, não perímetro de segurança**: um atacante que comprometa sua máquina pode ler `token.json` e chamar a Gmail API direto, contornando o MCP. A allowlist defende contra o LLM ser enganado ou alucinar destinatários maliciosos, não contra comprometimento do host.
|
|
154
|
+
- **Escopo OAuth é amplo**: `gmail.modify` cobre tudo exceto delete permanente. Se você só precisa enviar, faça um fork e troque o escopo por `gmail.send`.
|
|
155
|
+
- **Delete permanente é intencionalmente não suportado**: não solicitamos `https://mail.google.com/`. Deletes vão pra Lixeira e podem ser desfeitos com `untrash_*`.
|
|
156
|
+
|
|
157
|
+
## Limitações
|
|
158
|
+
|
|
159
|
+
- A verificação "Production" do OAuth pra `gmail.modify` requer um security assessment do Google (pago, semanas de processo). Fique em "Internal" (Workspace) ou "Testing" (≤ 100 usuários, refresh de 7 dias) pra evitar isso.
|
|
160
|
+
- Composição de email com corpo HTML não está exposta como campo de primeira classe. Use `create_draft` + edição manual de HTML no UI do Gmail, ou estenda `_build_mime` num fork.
|
|
161
|
+
- Notificações push (Pub/Sub `watch`/`stop`) não foram implementadas — fora do escopo.
|
|
162
|
+
|
|
163
|
+
## Contribuindo
|
|
164
|
+
|
|
165
|
+
Issues e PRs bem-vindos. Mantenha mudanças escopadas, documente qualquer ferramenta nova com exemplo de schema, e adicione uma entrada no audit log pra qualquer coisa que altere estado.
|
|
166
|
+
|
|
167
|
+
## Licença
|
|
168
|
+
|
|
169
|
+
MIT — veja [LICENSE](LICENSE).
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["hatchling"]
|
|
3
|
+
build-backend = "hatchling.build"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "mcp-gmail-manager"
|
|
7
|
+
version = "0.1.0"
|
|
8
|
+
description = "Gmail Model Context Protocol server with recipient allowlist and local audit log."
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
requires-python = ">=3.10"
|
|
11
|
+
license = "MIT"
|
|
12
|
+
authors = [{ name = "Arthur Jhonathas Lima", email = "arthur.jhonathas@umj.edu.br" }]
|
|
13
|
+
keywords = ["mcp", "gmail", "claude", "model-context-protocol", "email", "allowlist", "audit"]
|
|
14
|
+
classifiers = [
|
|
15
|
+
"Development Status :: 4 - Beta",
|
|
16
|
+
"Intended Audience :: Developers",
|
|
17
|
+
"Intended Audience :: System Administrators",
|
|
18
|
+
"Operating System :: OS Independent",
|
|
19
|
+
"Programming Language :: Python :: 3",
|
|
20
|
+
"Programming Language :: Python :: 3.10",
|
|
21
|
+
"Programming Language :: Python :: 3.11",
|
|
22
|
+
"Programming Language :: Python :: 3.12",
|
|
23
|
+
"Topic :: Communications :: Email",
|
|
24
|
+
]
|
|
25
|
+
dependencies = [
|
|
26
|
+
"mcp>=1.0.0",
|
|
27
|
+
"google-auth>=2.0",
|
|
28
|
+
"google-auth-oauthlib>=1.0",
|
|
29
|
+
"google-api-python-client>=2.0",
|
|
30
|
+
]
|
|
31
|
+
|
|
32
|
+
[project.urls]
|
|
33
|
+
Homepage = "https://github.com/arthjhon/mcp-gmail-manager"
|
|
34
|
+
Issues = "https://github.com/arthjhon/mcp-gmail-manager/issues"
|
|
35
|
+
Repository = "https://github.com/arthjhon/mcp-gmail-manager"
|
|
36
|
+
|
|
37
|
+
[project.scripts]
|
|
38
|
+
mcp-gmail-manager = "mcp_gmail_manager.server:run"
|
|
39
|
+
mcp-gmail-manager-auth = "mcp_gmail_manager.auth:run"
|
|
40
|
+
|
|
41
|
+
[tool.hatch.build.targets.wheel]
|
|
42
|
+
packages = ["src/mcp_gmail_manager"]
|