mcp-gmail-manager 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,38 @@
1
+ # Python
2
+ __pycache__/
3
+ *.py[cod]
4
+ *$py.class
5
+ *.so
6
+ .Python
7
+ *.egg-info/
8
+ *.egg
9
+ dist/
10
+ build/
11
+ .eggs/
12
+ wheels/
13
+
14
+ # Virtual envs
15
+ .venv/
16
+ venv/
17
+ env/
18
+ ENV/
19
+
20
+ # Tooling
21
+ .pytest_cache/
22
+ .mypy_cache/
23
+ .ruff_cache/
24
+ .coverage
25
+ htmlcov/
26
+
27
+ # IDE
28
+ .vscode/
29
+ .idea/
30
+ *.swp
31
+ *.swo
32
+ .DS_Store
33
+
34
+ # OAuth credentials & runtime state — NEVER commit
35
+ credentials.json
36
+ token.json
37
+ audit.jsonl
38
+ config.json
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Arthur Jhonathas Lima
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,196 @@
1
+ Metadata-Version: 2.4
2
+ Name: mcp-gmail-manager
3
+ Version: 0.1.0
4
+ Summary: Gmail Model Context Protocol server with recipient allowlist and local audit log.
5
+ Project-URL: Homepage, https://github.com/arthjhon/mcp-gmail-manager
6
+ Project-URL: Issues, https://github.com/arthjhon/mcp-gmail-manager/issues
7
+ Project-URL: Repository, https://github.com/arthjhon/mcp-gmail-manager
8
+ Author-email: Arthur Jhonathas Lima <arthur.jhonathas@umj.edu.br>
9
+ License-Expression: MIT
10
+ License-File: LICENSE
11
+ Keywords: allowlist,audit,claude,email,gmail,mcp,model-context-protocol
12
+ Classifier: Development Status :: 4 - Beta
13
+ Classifier: Intended Audience :: Developers
14
+ Classifier: Intended Audience :: System Administrators
15
+ Classifier: Operating System :: OS Independent
16
+ Classifier: Programming Language :: Python :: 3
17
+ Classifier: Programming Language :: Python :: 3.10
18
+ Classifier: Programming Language :: Python :: 3.11
19
+ Classifier: Programming Language :: Python :: 3.12
20
+ Classifier: Topic :: Communications :: Email
21
+ Requires-Python: >=3.10
22
+ Requires-Dist: google-api-python-client>=2.0
23
+ Requires-Dist: google-auth-oauthlib>=1.0
24
+ Requires-Dist: google-auth>=2.0
25
+ Requires-Dist: mcp>=1.0.0
26
+ Description-Content-Type: text/markdown
27
+
28
+ # mcp-gmail-manager
29
+
30
+ > 🌐 **[Leia em português (pt-BR) →](README.pt-BR.md)**
31
+
32
+ [![PyPI version](https://img.shields.io/pypi/v/mcp-gmail-manager.svg)](https://pypi.org/project/mcp-gmail-manager/)
33
+ [![Python versions](https://img.shields.io/pypi/pyversions/mcp-gmail-manager.svg)](https://pypi.org/project/mcp-gmail-manager/)
34
+ [![License: MIT](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
35
+ [![MCP Compatible](https://img.shields.io/badge/MCP-compatible-blueviolet.svg)](https://modelcontextprotocol.io)
36
+
37
+ A comprehensive Gmail [Model Context Protocol](https://modelcontextprotocol.io) server: **33 tools** covering send, reply, forward, drafts, search, read, attachments, trash, labels, filters, signature, and vacation responder.
38
+
39
+ Two optional features that distinguish it from other Gmail MCPs:
40
+
41
+ - **Local audit log** (on by default) — every write/send/modify/download appends a JSON line to `audit.jsonl`. Metadata only (no body content). Compliance trail without third-party services.
42
+ - **Recipient allowlist** (off by default) — when enabled, every outbound operation (`send_email`, `create_draft`, `reply_to_message`, `forward_message`) checks recipients against configured domains and explicit addresses. Useful for institutional / compliance contexts. See [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) to enable.
43
+
44
+ ## Tools (33)
45
+
46
+ | Group | Tools |
47
+ |---|---|
48
+ | Send / reply / forward | `send_email`, `reply_to_message`, `forward_message` |
49
+ | Drafts | `create_draft`, `list_drafts`, `send_draft`, `update_draft`, `delete_draft` |
50
+ | Read / profile | `get_profile`, `get_message`, `search_threads`, `get_thread` |
51
+ | Attachments | `get_message_attachments`, `download_attachment` |
52
+ | Trash | `trash_message`, `untrash_message`, `trash_thread`, `untrash_thread` |
53
+ | Labels | `list_labels`, `create_label`, `update_label`, `delete_label`, `label_message`, `unlabel_message`, `label_thread`, `unlabel_thread` |
54
+ | Filters | `list_filters`, `create_filter`, `delete_filter` |
55
+ | Signature | `get_signature`, `update_signature` |
56
+ | Vacation responder | `get_vacation_responder`, `set_vacation_responder` |
57
+
58
+ OAuth scopes requested: `gmail.modify` + `gmail.settings.basic`. Does **not** request the `https://mail.google.com/` superuser scope — permanent delete is intentionally unsupported.
59
+
60
+ ## Requirements
61
+
62
+ - Python ≥ 3.10
63
+ - A Google Cloud project with the Gmail API enabled and an OAuth 2.0 client (Desktop type)
64
+ - A way to forward `localhost:8765` to your auth host (typically `ssh -L 8765:localhost:8765 user@host`)
65
+
66
+ ## Install
67
+
68
+ ```bash
69
+ pip install mcp-gmail-manager
70
+ ```
71
+
72
+ Or from source:
73
+
74
+ ```bash
75
+ git clone https://github.com/arthjhon/mcp-gmail-manager.git
76
+ cd mcp-gmail-manager
77
+ pip install .
78
+ ```
79
+
80
+ ## Google Cloud setup (one-time, ~10 minutes)
81
+
82
+ 1. Go to [Google Cloud Console](https://console.cloud.google.com/) and create a new project (or pick an existing one).
83
+ 2. Enable the **Gmail API** (not "Gmail MCP API" — that's Google's own remote MCP; not what we want).
84
+ 3. Configure the **OAuth consent screen**:
85
+ - User type: **Internal** if your account is part of a Google Workspace; otherwise **External** in Testing mode (limited to 100 users, tokens expire every 7 days — fine for individuals).
86
+ - Scopes: add `https://www.googleapis.com/auth/gmail.modify` and `https://www.googleapis.com/auth/gmail.settings.basic`. **Do not** add anything else.
87
+ - Test users (External only): add the Gmail address you'll authenticate with.
88
+ 4. Create an **OAuth Client ID**:
89
+ - Application type: **Desktop app**
90
+ - Download the JSON. Save it as `credentials.json`.
91
+
92
+ ## First-time auth
93
+
94
+ Move your credentials into the config directory (default `~/.config/mcp-gmail-manager/`):
95
+
96
+ ```bash
97
+ mkdir -p ~/.config/mcp-gmail-manager
98
+ mv ~/Downloads/client_secret_*.json ~/.config/mcp-gmail-manager/credentials.json
99
+ chmod 600 ~/.config/mcp-gmail-manager/credentials.json
100
+ ```
101
+
102
+ Run the auth flow:
103
+
104
+ ```bash
105
+ mcp-gmail-manager-auth
106
+ ```
107
+
108
+ This binds to `localhost:8765` and prints a Google authorisation URL. Open it in a browser **on a machine that can reach `localhost:8765` on the auth host**:
109
+
110
+ - **Local desktop**: the printed URL works directly.
111
+ - **Remote / headless server**: forward the port from your laptop first:
112
+ ```bash
113
+ ssh -L 8765:localhost:8765 user@your-server
114
+ ```
115
+ Then run `mcp-gmail-manager-auth` inside that SSH session.
116
+
117
+ Authorise with the Google account that will own outbound mail. On success the script writes `token.json` and exits.
118
+
119
+ ## Register with Claude Code
120
+
121
+ ```bash
122
+ claude mcp add gmail-manager -- mcp-gmail-manager
123
+ ```
124
+
125
+ Or, if you installed inside a virtualenv that isn't on `$PATH`:
126
+
127
+ ```bash
128
+ claude mcp add gmail-manager -- /path/to/venv/bin/mcp-gmail-manager
129
+ ```
130
+
131
+ Restart your Claude Code session so the new tool schemas load.
132
+
133
+ ## Configuration
134
+
135
+ `~/.config/mcp-gmail-manager/config.json` is optional — if it doesn't exist, sensible defaults apply (no allowlist, audit log enabled). Two ready-to-copy examples are provided:
136
+
137
+ - [`examples/config.example.json`](examples/config.example.json) — minimal, no allowlist (default behaviour). Use this if you want the MCP to send to any address.
138
+ - [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) — institutional setup with allowlist enforced.
139
+
140
+ Schema reference:
141
+
142
+ ```json
143
+ {
144
+ "allowlist": {
145
+ "enabled": false,
146
+ "domains": [],
147
+ "emails": []
148
+ },
149
+ "audit_log": {
150
+ "enabled": true,
151
+ "path": null
152
+ },
153
+ "attachments": {
154
+ "max_total_bytes": 20971520
155
+ }
156
+ }
157
+ ```
158
+
159
+ | Field | Default | Meaning |
160
+ |---|---|---|
161
+ | `allowlist.enabled` | `false` | When `false`, any recipient is accepted. Enable explicitly for institutional use. |
162
+ | `allowlist.domains` | `[]` | Lower-case domain suffixes accepted as recipients. |
163
+ | `allowlist.emails` | `[]` | Explicit lower-case email addresses accepted regardless of domain. |
164
+ | `audit_log.enabled` | `true` | Append every write/modify/send to JSONL. |
165
+ | `audit_log.path` | `null` | `null` → `<config_dir>/audit.jsonl`. Override to centralise logs. |
166
+ | `attachments.max_total_bytes` | `20971520` (20 MB) | Combined size cap per send. Gmail's hard limit is 25 MB raw. |
167
+
168
+ ### Environment variable overrides
169
+
170
+ | Variable | Default |
171
+ |---|---|
172
+ | `GMAIL_MCP_CONFIG_DIR` | `$XDG_CONFIG_HOME/mcp-gmail-manager` or `~/.config/mcp-gmail-manager` |
173
+ | `GMAIL_MCP_CREDENTIALS` | `<config_dir>/credentials.json` |
174
+ | `GMAIL_MCP_TOKEN` | `<config_dir>/token.json` |
175
+
176
+ ## Security notes
177
+
178
+ - **Token storage**: `token.json` is written `chmod 600`. Treat it as a password — anyone with read access can act as your Gmail account.
179
+ - **No remote attestation**: this server runs entirely on your machine. No telemetry, no third-party calls beyond `googleapis.com`.
180
+ - **Allowlist is defence in depth, not perimeter security**: an attacker who compromises your machine can read `token.json` and call the Gmail API directly, bypassing the MCP entirely. The allowlist defends against the LLM being tricked or hallucinating malicious recipients, not against host compromise.
181
+ - **OAuth scope is broad**: `gmail.modify` covers everything except permanent delete. If you only need to send, fork and replace the scope with `gmail.send`.
182
+ - **Permanent delete intentionally unsupported**: we don't request `https://mail.google.com/`. Deletes go to Trash and can be undone with `untrash_*`.
183
+
184
+ ## Limitations
185
+
186
+ - OAuth "Production" verification for `gmail.modify` requires a Google security assessment (paid, weeks of process). Stay in "Internal" (Workspace) or "Testing" (≤ 100 users, 7-day token refresh) modes to avoid this.
187
+ - HTML email body composition is not exposed as a first-class field. Send via `create_draft` + manual HTML editing in the Gmail UI, or extend `_build_mime` in a fork.
188
+ - Push notifications (Pub/Sub `watch`/`stop`) not implemented — out of scope.
189
+
190
+ ## Contributing
191
+
192
+ Issues and PRs welcome. Keep changes scoped, document any new tool with a schema example, and add an audit-log entry for anything that mutates state.
193
+
194
+ ## License
195
+
196
+ MIT — see [LICENSE](LICENSE).
@@ -0,0 +1,169 @@
1
+ # mcp-gmail-manager
2
+
3
+ > 🌐 **[Leia em português (pt-BR) →](README.pt-BR.md)**
4
+
5
+ [![PyPI version](https://img.shields.io/pypi/v/mcp-gmail-manager.svg)](https://pypi.org/project/mcp-gmail-manager/)
6
+ [![Python versions](https://img.shields.io/pypi/pyversions/mcp-gmail-manager.svg)](https://pypi.org/project/mcp-gmail-manager/)
7
+ [![License: MIT](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
8
+ [![MCP Compatible](https://img.shields.io/badge/MCP-compatible-blueviolet.svg)](https://modelcontextprotocol.io)
9
+
10
+ A comprehensive Gmail [Model Context Protocol](https://modelcontextprotocol.io) server: **33 tools** covering send, reply, forward, drafts, search, read, attachments, trash, labels, filters, signature, and vacation responder.
11
+
12
+ Two optional features that distinguish it from other Gmail MCPs:
13
+
14
+ - **Local audit log** (on by default) — every write/send/modify/download appends a JSON line to `audit.jsonl`. Metadata only (no body content). Compliance trail without third-party services.
15
+ - **Recipient allowlist** (off by default) — when enabled, every outbound operation (`send_email`, `create_draft`, `reply_to_message`, `forward_message`) checks recipients against configured domains and explicit addresses. Useful for institutional / compliance contexts. See [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) to enable.
16
+
17
+ ## Tools (33)
18
+
19
+ | Group | Tools |
20
+ |---|---|
21
+ | Send / reply / forward | `send_email`, `reply_to_message`, `forward_message` |
22
+ | Drafts | `create_draft`, `list_drafts`, `send_draft`, `update_draft`, `delete_draft` |
23
+ | Read / profile | `get_profile`, `get_message`, `search_threads`, `get_thread` |
24
+ | Attachments | `get_message_attachments`, `download_attachment` |
25
+ | Trash | `trash_message`, `untrash_message`, `trash_thread`, `untrash_thread` |
26
+ | Labels | `list_labels`, `create_label`, `update_label`, `delete_label`, `label_message`, `unlabel_message`, `label_thread`, `unlabel_thread` |
27
+ | Filters | `list_filters`, `create_filter`, `delete_filter` |
28
+ | Signature | `get_signature`, `update_signature` |
29
+ | Vacation responder | `get_vacation_responder`, `set_vacation_responder` |
30
+
31
+ OAuth scopes requested: `gmail.modify` + `gmail.settings.basic`. Does **not** request the `https://mail.google.com/` superuser scope — permanent delete is intentionally unsupported.
32
+
33
+ ## Requirements
34
+
35
+ - Python ≥ 3.10
36
+ - A Google Cloud project with the Gmail API enabled and an OAuth 2.0 client (Desktop type)
37
+ - A way to forward `localhost:8765` to your auth host (typically `ssh -L 8765:localhost:8765 user@host`)
38
+
39
+ ## Install
40
+
41
+ ```bash
42
+ pip install mcp-gmail-manager
43
+ ```
44
+
45
+ Or from source:
46
+
47
+ ```bash
48
+ git clone https://github.com/arthjhon/mcp-gmail-manager.git
49
+ cd mcp-gmail-manager
50
+ pip install .
51
+ ```
52
+
53
+ ## Google Cloud setup (one-time, ~10 minutes)
54
+
55
+ 1. Go to [Google Cloud Console](https://console.cloud.google.com/) and create a new project (or pick an existing one).
56
+ 2. Enable the **Gmail API** (not "Gmail MCP API" — that's Google's own remote MCP; not what we want).
57
+ 3. Configure the **OAuth consent screen**:
58
+ - User type: **Internal** if your account is part of a Google Workspace; otherwise **External** in Testing mode (limited to 100 users, tokens expire every 7 days — fine for individuals).
59
+ - Scopes: add `https://www.googleapis.com/auth/gmail.modify` and `https://www.googleapis.com/auth/gmail.settings.basic`. **Do not** add anything else.
60
+ - Test users (External only): add the Gmail address you'll authenticate with.
61
+ 4. Create an **OAuth Client ID**:
62
+ - Application type: **Desktop app**
63
+ - Download the JSON. Save it as `credentials.json`.
64
+
65
+ ## First-time auth
66
+
67
+ Move your credentials into the config directory (default `~/.config/mcp-gmail-manager/`):
68
+
69
+ ```bash
70
+ mkdir -p ~/.config/mcp-gmail-manager
71
+ mv ~/Downloads/client_secret_*.json ~/.config/mcp-gmail-manager/credentials.json
72
+ chmod 600 ~/.config/mcp-gmail-manager/credentials.json
73
+ ```
74
+
75
+ Run the auth flow:
76
+
77
+ ```bash
78
+ mcp-gmail-manager-auth
79
+ ```
80
+
81
+ This binds to `localhost:8765` and prints a Google authorisation URL. Open it in a browser **on a machine that can reach `localhost:8765` on the auth host**:
82
+
83
+ - **Local desktop**: the printed URL works directly.
84
+ - **Remote / headless server**: forward the port from your laptop first:
85
+ ```bash
86
+ ssh -L 8765:localhost:8765 user@your-server
87
+ ```
88
+ Then run `mcp-gmail-manager-auth` inside that SSH session.
89
+
90
+ Authorise with the Google account that will own outbound mail. On success the script writes `token.json` and exits.
91
+
92
+ ## Register with Claude Code
93
+
94
+ ```bash
95
+ claude mcp add gmail-manager -- mcp-gmail-manager
96
+ ```
97
+
98
+ Or, if you installed inside a virtualenv that isn't on `$PATH`:
99
+
100
+ ```bash
101
+ claude mcp add gmail-manager -- /path/to/venv/bin/mcp-gmail-manager
102
+ ```
103
+
104
+ Restart your Claude Code session so the new tool schemas load.
105
+
106
+ ## Configuration
107
+
108
+ `~/.config/mcp-gmail-manager/config.json` is optional — if it doesn't exist, sensible defaults apply (no allowlist, audit log enabled). Two ready-to-copy examples are provided:
109
+
110
+ - [`examples/config.example.json`](examples/config.example.json) — minimal, no allowlist (default behaviour). Use this if you want the MCP to send to any address.
111
+ - [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) — institutional setup with allowlist enforced.
112
+
113
+ Schema reference:
114
+
115
+ ```json
116
+ {
117
+ "allowlist": {
118
+ "enabled": false,
119
+ "domains": [],
120
+ "emails": []
121
+ },
122
+ "audit_log": {
123
+ "enabled": true,
124
+ "path": null
125
+ },
126
+ "attachments": {
127
+ "max_total_bytes": 20971520
128
+ }
129
+ }
130
+ ```
131
+
132
+ | Field | Default | Meaning |
133
+ |---|---|---|
134
+ | `allowlist.enabled` | `false` | When `false`, any recipient is accepted. Enable explicitly for institutional use. |
135
+ | `allowlist.domains` | `[]` | Lower-case domain suffixes accepted as recipients. |
136
+ | `allowlist.emails` | `[]` | Explicit lower-case email addresses accepted regardless of domain. |
137
+ | `audit_log.enabled` | `true` | Append every write/modify/send to JSONL. |
138
+ | `audit_log.path` | `null` | `null` → `<config_dir>/audit.jsonl`. Override to centralise logs. |
139
+ | `attachments.max_total_bytes` | `20971520` (20 MB) | Combined size cap per send. Gmail's hard limit is 25 MB raw. |
140
+
141
+ ### Environment variable overrides
142
+
143
+ | Variable | Default |
144
+ |---|---|
145
+ | `GMAIL_MCP_CONFIG_DIR` | `$XDG_CONFIG_HOME/mcp-gmail-manager` or `~/.config/mcp-gmail-manager` |
146
+ | `GMAIL_MCP_CREDENTIALS` | `<config_dir>/credentials.json` |
147
+ | `GMAIL_MCP_TOKEN` | `<config_dir>/token.json` |
148
+
149
+ ## Security notes
150
+
151
+ - **Token storage**: `token.json` is written `chmod 600`. Treat it as a password — anyone with read access can act as your Gmail account.
152
+ - **No remote attestation**: this server runs entirely on your machine. No telemetry, no third-party calls beyond `googleapis.com`.
153
+ - **Allowlist is defence in depth, not perimeter security**: an attacker who compromises your machine can read `token.json` and call the Gmail API directly, bypassing the MCP entirely. The allowlist defends against the LLM being tricked or hallucinating malicious recipients, not against host compromise.
154
+ - **OAuth scope is broad**: `gmail.modify` covers everything except permanent delete. If you only need to send, fork and replace the scope with `gmail.send`.
155
+ - **Permanent delete intentionally unsupported**: we don't request `https://mail.google.com/`. Deletes go to Trash and can be undone with `untrash_*`.
156
+
157
+ ## Limitations
158
+
159
+ - OAuth "Production" verification for `gmail.modify` requires a Google security assessment (paid, weeks of process). Stay in "Internal" (Workspace) or "Testing" (≤ 100 users, 7-day token refresh) modes to avoid this.
160
+ - HTML email body composition is not exposed as a first-class field. Send via `create_draft` + manual HTML editing in the Gmail UI, or extend `_build_mime` in a fork.
161
+ - Push notifications (Pub/Sub `watch`/`stop`) not implemented — out of scope.
162
+
163
+ ## Contributing
164
+
165
+ Issues and PRs welcome. Keep changes scoped, document any new tool with a schema example, and add an audit-log entry for anything that mutates state.
166
+
167
+ ## License
168
+
169
+ MIT — see [LICENSE](LICENSE).
@@ -0,0 +1,169 @@
1
+ # mcp-gmail-manager
2
+
3
+ > 🌐 **[Read in English →](README.md)**
4
+
5
+ [![PyPI version](https://img.shields.io/pypi/v/mcp-gmail-manager.svg)](https://pypi.org/project/mcp-gmail-manager/)
6
+ [![Python versions](https://img.shields.io/pypi/pyversions/mcp-gmail-manager.svg)](https://pypi.org/project/mcp-gmail-manager/)
7
+ [![Licença: MIT](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
8
+ [![Compatível com MCP](https://img.shields.io/badge/MCP-compatible-blueviolet.svg)](https://modelcontextprotocol.io)
9
+
10
+ Servidor [Model Context Protocol](https://modelcontextprotocol.io) abrangente para o Gmail: **33 ferramentas** cobrindo envio, resposta, encaminhamento, rascunhos, busca, leitura, anexos, lixeira, labels, filtros, assinatura e resposta automática de férias.
11
+
12
+ Duas funcionalidades opcionais que diferenciam este MCP de outros para Gmail:
13
+
14
+ - **Log de auditoria local** (ligado por padrão) — toda operação de escrita/envio/modificação/download grava uma linha JSON em `audit.jsonl`. Apenas metadados (sem conteúdo do corpo). Trilha de compliance sem dependência de terceiros.
15
+ - **Allowlist de destinatários** (desligada por padrão) — quando habilitada, toda operação de envio (`send_email`, `create_draft`, `reply_to_message`, `forward_message`) confere os destinatários contra domínios e endereços explícitos configurados. Útil em contextos institucionais ou de compliance. Veja [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) para habilitar.
16
+
17
+ ## Ferramentas (33)
18
+
19
+ | Grupo | Ferramentas |
20
+ |---|---|
21
+ | Envio / resposta / encaminhamento | `send_email`, `reply_to_message`, `forward_message` |
22
+ | Rascunhos | `create_draft`, `list_drafts`, `send_draft`, `update_draft`, `delete_draft` |
23
+ | Leitura / perfil | `get_profile`, `get_message`, `search_threads`, `get_thread` |
24
+ | Anexos | `get_message_attachments`, `download_attachment` |
25
+ | Lixeira | `trash_message`, `untrash_message`, `trash_thread`, `untrash_thread` |
26
+ | Labels | `list_labels`, `create_label`, `update_label`, `delete_label`, `label_message`, `unlabel_message`, `label_thread`, `unlabel_thread` |
27
+ | Filtros | `list_filters`, `create_filter`, `delete_filter` |
28
+ | Assinatura | `get_signature`, `update_signature` |
29
+ | Resposta automática | `get_vacation_responder`, `set_vacation_responder` |
30
+
31
+ Escopos OAuth solicitados: `gmail.modify` + `gmail.settings.basic`. **Não** solicita o escopo superuser `https://mail.google.com/` — delete permanente não é suportado intencionalmente.
32
+
33
+ ## Requisitos
34
+
35
+ - Python ≥ 3.10
36
+ - Projeto no Google Cloud com a Gmail API habilitada e um OAuth Client 2.0 (tipo Desktop)
37
+ - Forma de fazer forward de `localhost:8765` até o host onde o auth roda (geralmente `ssh -L 8765:localhost:8765 user@host`)
38
+
39
+ ## Instalação
40
+
41
+ ```bash
42
+ pip install mcp-gmail-manager
43
+ ```
44
+
45
+ Ou direto do código-fonte:
46
+
47
+ ```bash
48
+ git clone https://github.com/arthjhon/mcp-gmail-manager.git
49
+ cd mcp-gmail-manager
50
+ pip install .
51
+ ```
52
+
53
+ ## Setup no Google Cloud (uma vez, ~10 minutos)
54
+
55
+ 1. Vá para o [Google Cloud Console](https://console.cloud.google.com/) e crie um novo projeto (ou use um existente).
56
+ 2. Habilite a **Gmail API** (não confunda com a "Gmail MCP API" — essa é o MCP gerenciado do próprio Google; não é o que queremos).
57
+ 3. Configure a **OAuth consent screen**:
58
+ - User type: **Internal** se a sua conta for parte de um Google Workspace; senão **External** em modo Testing (limite de 100 usuários, tokens expiram a cada 7 dias — funciona pra uso individual).
59
+ - Escopos: adicione `https://www.googleapis.com/auth/gmail.modify` e `https://www.googleapis.com/auth/gmail.settings.basic`. **Nada mais.**
60
+ - Test users (apenas External): adicione o endereço Gmail com o qual você vai autenticar.
61
+ 4. Crie um **OAuth Client ID**:
62
+ - Application type: **Desktop app**
63
+ - Baixe o JSON. Salve como `credentials.json`.
64
+
65
+ ## Primeira autenticação
66
+
67
+ Mova as credentials para o diretório de config (padrão: `~/.config/mcp-gmail-manager/`):
68
+
69
+ ```bash
70
+ mkdir -p ~/.config/mcp-gmail-manager
71
+ mv ~/Downloads/client_secret_*.json ~/.config/mcp-gmail-manager/credentials.json
72
+ chmod 600 ~/.config/mcp-gmail-manager/credentials.json
73
+ ```
74
+
75
+ Rode o fluxo OAuth:
76
+
77
+ ```bash
78
+ mcp-gmail-manager-auth
79
+ ```
80
+
81
+ Isso abre um listener em `localhost:8765` e imprime uma URL de autorização do Google. Abra a URL num browser **em uma máquina que consiga chegar em `localhost:8765` no host de auth**:
82
+
83
+ - **Desktop local**: a URL impressa funciona direto.
84
+ - **Servidor remoto / headless**: faça forward da porta a partir do seu laptop primeiro:
85
+ ```bash
86
+ ssh -L 8765:localhost:8765 user@seu-servidor
87
+ ```
88
+ Aí roda o `mcp-gmail-manager-auth` dentro daquela sessão SSH.
89
+
90
+ Autorize com a conta Google que vai assinar os emails enviados. Em caso de sucesso, o script grava `token.json` e encerra.
91
+
92
+ ## Registrar no Claude Code
93
+
94
+ ```bash
95
+ claude mcp add gmail-manager -- mcp-gmail-manager
96
+ ```
97
+
98
+ Ou, se você instalou num virtualenv que não está no `$PATH`:
99
+
100
+ ```bash
101
+ claude mcp add gmail-manager -- /caminho/para/venv/bin/mcp-gmail-manager
102
+ ```
103
+
104
+ Reinicie a sessão do Claude Code pra que as schemas das ferramentas novas sejam carregadas.
105
+
106
+ ## Configuração
107
+
108
+ `~/.config/mcp-gmail-manager/config.json` é opcional — se não existir, valores padrão razoáveis são aplicados (sem allowlist, audit log ligado). Dois exemplos prontos pra copiar estão incluídos:
109
+
110
+ - [`examples/config.example.json`](examples/config.example.json) — mínimo, sem allowlist (comportamento padrão). Use este se quer que o MCP envie pra qualquer endereço.
111
+ - [`examples/config.with-allowlist.json`](examples/config.with-allowlist.json) — setup institucional com allowlist ativa.
112
+
113
+ Referência de schema:
114
+
115
+ ```json
116
+ {
117
+ "allowlist": {
118
+ "enabled": false,
119
+ "domains": [],
120
+ "emails": []
121
+ },
122
+ "audit_log": {
123
+ "enabled": true,
124
+ "path": null
125
+ },
126
+ "attachments": {
127
+ "max_total_bytes": 20971520
128
+ }
129
+ }
130
+ ```
131
+
132
+ | Campo | Padrão | Significado |
133
+ |---|---|---|
134
+ | `allowlist.enabled` | `false` | Quando `false`, qualquer destinatário é aceito. Habilite explicitamente pra uso institucional. |
135
+ | `allowlist.domains` | `[]` | Sufixos de domínio (lower-case) aceitos como destinatário. |
136
+ | `allowlist.emails` | `[]` | Endereços explícitos (lower-case) aceitos independente do domínio. |
137
+ | `audit_log.enabled` | `true` | Anexa toda escrita/modificação/envio no JSONL. |
138
+ | `audit_log.path` | `null` | `null` → `<config_dir>/audit.jsonl`. Sobrescreva pra centralizar logs. |
139
+ | `attachments.max_total_bytes` | `20971520` (20 MB) | Limite combinado de tamanho por envio. Limite duro do Gmail é 25 MB raw. |
140
+
141
+ ### Sobrescritas via variável de ambiente
142
+
143
+ | Variável | Padrão |
144
+ |---|---|
145
+ | `GMAIL_MCP_CONFIG_DIR` | `$XDG_CONFIG_HOME/mcp-gmail-manager` ou `~/.config/mcp-gmail-manager` |
146
+ | `GMAIL_MCP_CREDENTIALS` | `<config_dir>/credentials.json` |
147
+ | `GMAIL_MCP_TOKEN` | `<config_dir>/token.json` |
148
+
149
+ ## Notas de segurança
150
+
151
+ - **Armazenamento do token**: `token.json` é gravado com `chmod 600`. Trate como senha — qualquer um com permissão de leitura consegue agir como sua conta Gmail.
152
+ - **Sem telemetria remota**: o servidor roda inteiramente na sua máquina. Sem telemetria, sem chamadas a terceiros além de `googleapis.com`.
153
+ - **Allowlist é defesa em profundidade, não perímetro de segurança**: um atacante que comprometa sua máquina pode ler `token.json` e chamar a Gmail API direto, contornando o MCP. A allowlist defende contra o LLM ser enganado ou alucinar destinatários maliciosos, não contra comprometimento do host.
154
+ - **Escopo OAuth é amplo**: `gmail.modify` cobre tudo exceto delete permanente. Se você só precisa enviar, faça um fork e troque o escopo por `gmail.send`.
155
+ - **Delete permanente é intencionalmente não suportado**: não solicitamos `https://mail.google.com/`. Deletes vão pra Lixeira e podem ser desfeitos com `untrash_*`.
156
+
157
+ ## Limitações
158
+
159
+ - A verificação "Production" do OAuth pra `gmail.modify` requer um security assessment do Google (pago, semanas de processo). Fique em "Internal" (Workspace) ou "Testing" (≤ 100 usuários, refresh de 7 dias) pra evitar isso.
160
+ - Composição de email com corpo HTML não está exposta como campo de primeira classe. Use `create_draft` + edição manual de HTML no UI do Gmail, ou estenda `_build_mime` num fork.
161
+ - Notificações push (Pub/Sub `watch`/`stop`) não foram implementadas — fora do escopo.
162
+
163
+ ## Contribuindo
164
+
165
+ Issues e PRs bem-vindos. Mantenha mudanças escopadas, documente qualquer ferramenta nova com exemplo de schema, e adicione uma entrada no audit log pra qualquer coisa que altere estado.
166
+
167
+ ## Licença
168
+
169
+ MIT — veja [LICENSE](LICENSE).
@@ -0,0 +1,14 @@
1
+ {
2
+ "allowlist": {
3
+ "enabled": false,
4
+ "domains": [],
5
+ "emails": []
6
+ },
7
+ "audit_log": {
8
+ "enabled": true,
9
+ "path": null
10
+ },
11
+ "attachments": {
12
+ "max_total_bytes": 20971520
13
+ }
14
+ }
@@ -0,0 +1,14 @@
1
+ {
2
+ "allowlist": {
3
+ "enabled": true,
4
+ "domains": ["your-org.com"],
5
+ "emails": ["specific.outsider@gmail.com"]
6
+ },
7
+ "audit_log": {
8
+ "enabled": true,
9
+ "path": null
10
+ },
11
+ "attachments": {
12
+ "max_total_bytes": 20971520
13
+ }
14
+ }
@@ -0,0 +1,42 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "mcp-gmail-manager"
7
+ version = "0.1.0"
8
+ description = "Gmail Model Context Protocol server with recipient allowlist and local audit log."
9
+ readme = "README.md"
10
+ requires-python = ">=3.10"
11
+ license = "MIT"
12
+ authors = [{ name = "Arthur Jhonathas Lima", email = "arthur.jhonathas@umj.edu.br" }]
13
+ keywords = ["mcp", "gmail", "claude", "model-context-protocol", "email", "allowlist", "audit"]
14
+ classifiers = [
15
+ "Development Status :: 4 - Beta",
16
+ "Intended Audience :: Developers",
17
+ "Intended Audience :: System Administrators",
18
+ "Operating System :: OS Independent",
19
+ "Programming Language :: Python :: 3",
20
+ "Programming Language :: Python :: 3.10",
21
+ "Programming Language :: Python :: 3.11",
22
+ "Programming Language :: Python :: 3.12",
23
+ "Topic :: Communications :: Email",
24
+ ]
25
+ dependencies = [
26
+ "mcp>=1.0.0",
27
+ "google-auth>=2.0",
28
+ "google-auth-oauthlib>=1.0",
29
+ "google-api-python-client>=2.0",
30
+ ]
31
+
32
+ [project.urls]
33
+ Homepage = "https://github.com/arthjhon/mcp-gmail-manager"
34
+ Issues = "https://github.com/arthjhon/mcp-gmail-manager/issues"
35
+ Repository = "https://github.com/arthjhon/mcp-gmail-manager"
36
+
37
+ [project.scripts]
38
+ mcp-gmail-manager = "mcp_gmail_manager.server:run"
39
+ mcp-gmail-manager-auth = "mcp_gmail_manager.auth:run"
40
+
41
+ [tool.hatch.build.targets.wheel]
42
+ packages = ["src/mcp_gmail_manager"]
@@ -0,0 +1,3 @@
1
+ """mcp-gmail-manager — Gmail MCP server with recipient allowlist and audit log."""
2
+
3
+ __version__ = "0.1.0"