proton-workflow-connector 1.2.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. proton_workflow_connector-1.2.1/.claude-plugin/marketplace.json +15 -0
  2. proton_workflow_connector-1.2.1/.env.example +93 -0
  3. proton_workflow_connector-1.2.1/.github/workflows/ci.yml +30 -0
  4. proton_workflow_connector-1.2.1/.github/workflows/release.yml +37 -0
  5. proton_workflow_connector-1.2.1/.github/workflows/secret-scan.yml +18 -0
  6. proton_workflow_connector-1.2.1/.gitignore +53 -0
  7. proton_workflow_connector-1.2.1/.gitleaks.toml +10 -0
  8. proton_workflow_connector-1.2.1/.pre-commit-config.yaml +18 -0
  9. proton_workflow_connector-1.2.1/CHANGELOG.md +75 -0
  10. proton_workflow_connector-1.2.1/CONTRIBUTING.md +19 -0
  11. proton_workflow_connector-1.2.1/LICENSE +21 -0
  12. proton_workflow_connector-1.2.1/PKG-INFO +260 -0
  13. proton_workflow_connector-1.2.1/README.md +230 -0
  14. proton_workflow_connector-1.2.1/SECURITY.md +18 -0
  15. proton_workflow_connector-1.2.1/docs/CLIENTS.md +138 -0
  16. proton_workflow_connector-1.2.1/docs/HOSTING.md +97 -0
  17. proton_workflow_connector-1.2.1/docs/INTEGRATION_TESTS.md +94 -0
  18. proton_workflow_connector-1.2.1/docs/SETUP.md +70 -0
  19. proton_workflow_connector-1.2.1/docs/TOOLS.md +126 -0
  20. proton_workflow_connector-1.2.1/docs/WATCH.md +306 -0
  21. proton_workflow_connector-1.2.1/examples/claude-code-stdio.md +8 -0
  22. proton_workflow_connector-1.2.1/examples/codex-config.toml +26 -0
  23. proton_workflow_connector-1.2.1/examples/streamable-http.md +18 -0
  24. proton_workflow_connector-1.2.1/examples/systemd/proton-workflow-connector.service +16 -0
  25. proton_workflow_connector-1.2.1/examples/systemd/proton-workflow-watch.service +16 -0
  26. proton_workflow_connector-1.2.1/examples/systemd/protonmail-bridge-headless.service +16 -0
  27. proton_workflow_connector-1.2.1/plugins/proton-workflow-connector/.claude-plugin/plugin.json +19 -0
  28. proton_workflow_connector-1.2.1/plugins/proton-workflow-connector/.codex-plugin/plugin.json +41 -0
  29. proton_workflow_connector-1.2.1/plugins/proton-workflow-connector/.mcp.json +35 -0
  30. proton_workflow_connector-1.2.1/plugins/proton-workflow-connector/skills/setup/SKILL.md +30 -0
  31. proton_workflow_connector-1.2.1/pyproject.toml +62 -0
  32. proton_workflow_connector-1.2.1/scripts/lan_transport_check.py +107 -0
  33. proton_workflow_connector-1.2.1/scripts/live_acceptance.py +1449 -0
  34. proton_workflow_connector-1.2.1/scripts/live_bridge_workflow.py +324 -0
  35. proton_workflow_connector-1.2.1/server.json +48 -0
  36. proton_workflow_connector-1.2.1/src/proton_mail_mcp/__init__.py +5 -0
  37. proton_workflow_connector-1.2.1/src/proton_mail_mcp/__main__.py +4 -0
  38. proton_workflow_connector-1.2.1/src/proton_mail_mcp/auth.py +81 -0
  39. proton_workflow_connector-1.2.1/src/proton_mail_mcp/config.py +168 -0
  40. proton_workflow_connector-1.2.1/src/proton_mail_mcp/html_sanitize.py +64 -0
  41. proton_workflow_connector-1.2.1/src/proton_mail_mcp/imap_client.py +1864 -0
  42. proton_workflow_connector-1.2.1/src/proton_mail_mcp/mail_models.py +183 -0
  43. proton_workflow_connector-1.2.1/src/proton_mail_mcp/redaction.py +35 -0
  44. proton_workflow_connector-1.2.1/src/proton_mail_mcp/security.py +216 -0
  45. proton_workflow_connector-1.2.1/src/proton_mail_mcp/server.py +1021 -0
  46. proton_workflow_connector-1.2.1/src/proton_mail_mcp/simplelogin_client.py +252 -0
  47. proton_workflow_connector-1.2.1/src/proton_mail_mcp/watch.py +958 -0
  48. proton_workflow_connector-1.2.1/tests/fixtures/worker/README.md +39 -0
  49. proton_workflow_connector-1.2.1/tests/fixtures/worker/generate-jwk.mjs +18 -0
  50. proton_workflow_connector-1.2.1/tests/fixtures/worker/src/index.js +182 -0
  51. proton_workflow_connector-1.2.1/tests/fixtures/worker/wrangler.jsonc +29 -0
  52. proton_workflow_connector-1.2.1/tests/test_auth.py +164 -0
  53. proton_workflow_connector-1.2.1/tests/test_config.py +25 -0
  54. proton_workflow_connector-1.2.1/tests/test_imap_client.py +996 -0
  55. proton_workflow_connector-1.2.1/tests/test_mail_models.py +33 -0
  56. proton_workflow_connector-1.2.1/tests/test_redaction.py +26 -0
  57. proton_workflow_connector-1.2.1/tests/test_security.py +96 -0
  58. proton_workflow_connector-1.2.1/tests/test_server.py +168 -0
  59. proton_workflow_connector-1.2.1/tests/test_simplelogin_client.py +220 -0
  60. proton_workflow_connector-1.2.1/tests/test_watch.py +758 -0
@@ -0,0 +1,15 @@
1
+ {
2
+ "name": "proton-workflow-connector",
3
+ "owner": {
4
+ "name": "NtrpyDev",
5
+ "url": "https://github.com/NtrpyDev"
6
+ },
7
+ "plugins": [
8
+ {
9
+ "name": "proton-workflow-connector",
10
+ "source": "./plugins/proton-workflow-connector",
11
+ "description": "Self-hosted Proton Mail Bridge and SimpleLogin tools over MCP. Requires a locally running Proton Mail Bridge and the proton-workflow-connector package on PATH.",
12
+ "category": "productivity"
13
+ }
14
+ ]
15
+ }
@@ -0,0 +1,93 @@
1
+ # Copy to .env for local testing. Do not commit .env.
2
+
3
+ # Proton Mail Bridge settings. Confirm the host, ports, TLS mode, username,
4
+ # and Bridge-generated password in the Proton Mail Bridge app.
5
+ PROTON_BRIDGE_IMAP_HOST=127.0.0.1
6
+ PROTON_BRIDGE_IMAP_PORT=1143
7
+ PROTON_BRIDGE_IMAP_TLS=starttls
8
+ PROTON_BRIDGE_SMTP_HOST=127.0.0.1
9
+ PROTON_BRIDGE_SMTP_PORT=1025
10
+ PROTON_BRIDGE_SMTP_TLS=starttls
11
+ PROTON_BRIDGE_ALLOW_INSECURE_TLS=true
12
+ PROTON_BRIDGE_USERNAME=user@example.com
13
+ PROTON_BRIDGE_PASSWORD=replace-with-bridge-password
14
+ PROTON_BRIDGE_EMAIL=user@example.com
15
+ # Comma-separated addresses this Bridge account may send from.
16
+ PROTON_BRIDGE_SENDER_ADDRESSES=user@example.com
17
+
18
+ # Folder names vary by account and Bridge version. Use list_folders to verify.
19
+ PROTON_ARCHIVE_FOLDER=Archive
20
+ PROTON_TRASH_FOLDER=Trash
21
+ # Mailbox prefix Bridge uses for Proton labels (apply_label/remove_label/list_labels).
22
+ PROTON_LABELS_FOLDER=Labels
23
+ PROTON_DRAFTS_FOLDER=Drafts
24
+ PROTON_SENT_FOLDER=Sent
25
+ PROTON_SPAM_FOLDER=Spam
26
+
27
+ # SimpleLogin is optional. Leave unset if you do not use SimpleLogin tools.
28
+ SIMPLELOGIN_API_KEY=
29
+ SIMPLELOGIN_BASE_URL=https://app.simplelogin.io
30
+
31
+ # Safety bounds.
32
+ PROTON_MCP_BULK_LIMIT=50
33
+ PROTON_MCP_BODY_PREVIEW_CHARS=500
34
+ PROTON_MCP_MAX_BODY_CHARS=20000
35
+ PROTON_MCP_MAX_ATTACHMENT_DOWNLOAD_BYTES=50000000
36
+ PROTON_MCP_MAX_OUTGOING_ATTACHMENT_BYTES=25000000
37
+ PROTON_MCP_MAX_ATTACHMENTS=100
38
+ PROTON_MCP_SEARCH_ALL_LIMIT=100
39
+ PROTON_MCP_REQUEST_TIMEOUT=30
40
+
41
+ # Hosted Streamable HTTP security. Leave unset for stdio or localhost-only HTTP.
42
+ PROTON_MCP_OAUTH_ISSUER_URL=
43
+ PROTON_MCP_OAUTH_AUDIENCE=
44
+ PROTON_MCP_OAUTH_RESOURCE_SERVER_URL=
45
+ PROTON_MCP_OAUTH_JWKS_URL=
46
+ PROTON_MCP_OAUTH_BASE_SCOPE=proton-workflow-connector
47
+ PROTON_MCP_HTTP_ALLOWED_HOSTS=
48
+ PROTON_MCP_HTTP_ALLOWED_ORIGINS=
49
+ PROTON_MCP_ALLOW_UNAUTHENTICATED_HTTP=false
50
+
51
+ # Optional privacy-safe JSONL audit log and per-client limits per minute.
52
+ PROTON_MCP_AUDIT_LOG=
53
+ PROTON_MCP_RATE_LIMIT_READ=120
54
+ PROTON_MCP_RATE_LIMIT_WRITE=30
55
+ PROTON_MCP_RATE_LIMIT_DESTRUCTIVE=5
56
+
57
+ # Safety modes. read-only blocks all writes/destructive ops; allow-send=false blocks send/reply/
58
+ # forward/send_draft only; allowed-actions is an optional comma list of permitted categories
59
+ # (read,write,destructive) — when set, anything outside it is refused. Dry-run previews are exempt.
60
+ PROTON_MCP_READ_ONLY=false
61
+ PROTON_MCP_ALLOW_SEND=true
62
+ PROTON_MCP_ALLOWED_ACTIONS=
63
+
64
+ # Mailbox triggers (proton-workflow-watch and the poll_mailbox tool).
65
+ # Set a webhook URL to push new-message events to n8n, Zapier, Make, or your own service.
66
+ PROTON_MCP_WATCH_WEBHOOK_URL=
67
+ # Optional shared secret. When set, each POST carries an X-Proton-Signature: sha256=<hmac> header.
68
+ PROTON_MCP_WATCH_WEBHOOK_SECRET=
69
+ # Comma-separated folders to watch. Defaults to INBOX.
70
+ PROTON_MCP_WATCH_FOLDERS=INBOX
71
+ PROTON_MCP_WATCH_INTERVAL=60
72
+ PROTON_MCP_WATCH_LIMIT=50
73
+ PROTON_MCP_WATCH_UNREAD_ONLY=false
74
+ # Delivery retries. On failure the cursor is held so events retry on the next poll (at-least-once).
75
+ PROTON_MCP_WATCH_MAX_RETRIES=3
76
+ PROTON_MCP_WATCH_RETRY_BACKOFF=2
77
+ # Cursor state file. Defaults to $XDG_STATE_HOME/proton-workflow-connector/watch-state.json.
78
+ PROTON_MCP_WATCH_STATE=
79
+ # Optional JSON rules file with multiple named triggers (per-rule source, filter, webhook_url).
80
+ # When set, it overrides PROTON_MCP_WATCH_FOLDERS. See docs/WATCH.md.
81
+ PROTON_MCP_WATCH_RULES=
82
+ # Delivery target: webhook (default), file (append JSONL), or command (pipe event JSON to stdin).
83
+ PROTON_MCP_WATCH_SINK=webhook
84
+ # Path for the file sink (PROTON_MCP_WATCH_SINK=file).
85
+ PROTON_MCP_WATCH_FILE=
86
+ # Command for the command sink (PROTON_MCP_WATCH_SINK=command); each event is piped to its stdin.
87
+ PROTON_MCP_WATCH_COMMAND=
88
+ # Dead-letter file for events that keep failing. Defaults next to the cursor state file.
89
+ PROTON_MCP_WATCH_DEAD_LETTER=
90
+ # Failed delivery cycles on one event before it is dead-lettered and the cursor advances past it.
91
+ PROTON_MCP_WATCH_DEAD_LETTER_MAX_ATTEMPTS=5
92
+ # Use IMAP IDLE for near-instant mail triggers instead of interval polling (falls back if unsupported).
93
+ PROTON_MCP_WATCH_IDLE=false
@@ -0,0 +1,30 @@
1
+ name: CI
2
+
3
+ on:
4
+ pull_request:
5
+ push:
6
+ branches: [main]
7
+
8
+ jobs:
9
+ test:
10
+ runs-on: ubuntu-latest
11
+ strategy:
12
+ matrix:
13
+ python-version: ["3.11", "3.12", "3.13", "3.14"]
14
+ steps:
15
+ - uses: actions/checkout@v4
16
+ - uses: actions/setup-python@v5
17
+ with:
18
+ python-version: ${{ matrix.python-version }}
19
+ - name: Install
20
+ run: python -m pip install --upgrade pip && python -m pip install -e ".[dev]"
21
+ - name: Lint
22
+ run: ruff check .
23
+ - name: Format
24
+ run: ruff format --check .
25
+ - name: Test
26
+ run: pytest
27
+ - name: Compile
28
+ run: python -m compileall -q src
29
+ - name: Dependency audit
30
+ run: pip-audit
@@ -0,0 +1,37 @@
1
+ name: Release
2
+
3
+ on:
4
+ release:
5
+ types: [published]
6
+ workflow_dispatch:
7
+
8
+ jobs:
9
+ build:
10
+ runs-on: ubuntu-latest
11
+ steps:
12
+ - uses: actions/checkout@v4
13
+ - uses: actions/setup-python@v5
14
+ with:
15
+ python-version: "3.12"
16
+ - name: Build sdist and wheel
17
+ run: |
18
+ python -m pip install --upgrade build
19
+ python -m build
20
+ - uses: actions/upload-artifact@v4
21
+ with:
22
+ name: dist
23
+ path: dist/
24
+
25
+ publish:
26
+ needs: build
27
+ runs-on: ubuntu-latest
28
+ environment: pypi
29
+ permissions:
30
+ id-token: write
31
+ steps:
32
+ - uses: actions/download-artifact@v4
33
+ with:
34
+ name: dist
35
+ path: dist/
36
+ - name: Publish to PyPI (trusted publishing)
37
+ uses: pypa/gh-action-pypi-publish@release/v1
@@ -0,0 +1,18 @@
1
+ name: Secret scan
2
+
3
+ on:
4
+ pull_request:
5
+ push:
6
+ branches: [main]
7
+
8
+ jobs:
9
+ gitleaks:
10
+ runs-on: ubuntu-latest
11
+ steps:
12
+ - uses: actions/checkout@v4
13
+ with:
14
+ fetch-depth: 0
15
+ - uses: gitleaks/gitleaks-action@v2
16
+ env:
17
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
18
+ GITLEAKS_CONFIG: .gitleaks.toml
@@ -0,0 +1,53 @@
1
+ # Python
2
+ __pycache__/
3
+ *.py[cod]
4
+ *.egg-info/
5
+ .pytest_cache/
6
+ .ruff_cache/
7
+ .mypy_cache/
8
+ .coverage
9
+ htmlcov/
10
+ dist/
11
+ build/
12
+ .venv/
13
+ venv/
14
+
15
+ # Local secrets and private config
16
+ .env
17
+ .env.*
18
+ !.env.example
19
+ *.local
20
+ local-config/
21
+ private/
22
+ private-notes/
23
+ bridge-notes*
24
+ proton-bridge*
25
+ *.pem
26
+ *.key
27
+ *.crt
28
+ *.p12
29
+
30
+ # Logs, caches, and mailbox artifacts
31
+ *.log
32
+ logs/
33
+ cache/
34
+ tmp/
35
+ *.mbox
36
+ *.eml
37
+ *.maildir/
38
+ mail-export/
39
+ screenshots/
40
+
41
+ # Local deployment files
42
+ docker-compose.override.yml
43
+ deploy.local.*
44
+ .codex/config.toml
45
+ .claude/settings.local.json
46
+
47
+ # Local work-order, not part of the project
48
+ AGENT_BRIEF.md
49
+ HANDOFF.md
50
+ TEST_PLAN.md
51
+
52
+ # Wrangler local state for the test fixture worker
53
+ .wrangler/
@@ -0,0 +1,10 @@
1
+ title = "Proton Mail MCP secret scan"
2
+
3
+ [allowlist]
4
+ description = "Allow documented fake placeholder values only."
5
+ regexes = [
6
+ '''replace-with-[a-z-]+''',
7
+ '''user@example\.com''',
8
+ '''alice@example\.com''',
9
+ '''bob@example\.com''',
10
+ ]
@@ -0,0 +1,18 @@
1
+ repos:
2
+ - repo: local
3
+ hooks:
4
+ - id: ruff-check
5
+ name: ruff check
6
+ entry: ruff check
7
+ language: system
8
+ types_or: [python, pyi]
9
+ - id: ruff-format-check
10
+ name: ruff format check
11
+ entry: ruff format --check
12
+ language: system
13
+ types_or: [python, pyi]
14
+ - id: gitleaks
15
+ name: gitleaks staged secret scan
16
+ entry: gitleaks protect --staged --redact --config .gitleaks.toml
17
+ language: system
18
+ pass_filenames: false
@@ -0,0 +1,75 @@
1
+ # Changelog
2
+
3
+ All notable changes to this project are recorded here. Versions follow [semantic versioning](https://semver.org/).
4
+
5
+ ## 1.2.1 - 2026-07-01
6
+
7
+ ### Fixed
8
+
9
+ - Synchronous tools now run in worker threads instead of on the event loop, so one stalled
10
+ Bridge IMAP call can no longer freeze the whole server for every session.
11
+ - JWKS and OIDC discovery fetches send an explicit `User-Agent`; CDNs and WAFs that block
12
+ urllib's default agent were silently rejecting every OAuth token with 401. Failed token
13
+ verifications are now logged with the reason instead of being swallowed.
14
+ - Message fetches retry briefly when Bridge answers an OK FETCH without the message body
15
+ (a transient Bridge quirk under load), and report a clear "moved or deleted" error when
16
+ a stale UID is fetched after a message left the folder.
17
+
18
+ All three were found by the new live acceptance harness (`scripts/live_acceptance.py`), which
19
+ exercises all 67 tools against a real Bridge, SimpleLogin, watcher sinks, safety modes, and a
20
+ hosted OAuth deployment.
21
+
22
+ ## 1.2.0 - 2026-07-01
23
+
24
+ ### Added
25
+
26
+ - Proton label tools, header inspection, richer search filters, draft replies/forwards, and
27
+ List-Unsubscribe handling.
28
+ - Rule actions for the watcher, including mark read/unread, star/unstar, label/remove label,
29
+ archive/trash/move, and forward.
30
+ - IMAP IDLE support for lower-latency watcher polling when Bridge supports it.
31
+ - Read-only mode, send disablement, allowed-action guardrails, and MCP tool annotations.
32
+ - Dry-run previews for send/reply/forward, bulk operations, permanent delete, empty-folder operations,
33
+ and watcher rules.
34
+ - Dependency-free outbound HTML sanitization with `html_sanitized` result markers and a
35
+ `trusted_html` opt-out for caller-controlled HTML.
36
+ - `content_trust: "untrusted"` markers on read/search message payloads.
37
+ - Post-operation verification for message flags and label application.
38
+
39
+ ### Changed
40
+
41
+ - Reworked the README around clearer setup, capabilities, automations, and security boundaries.
42
+
43
+ ### Fixed
44
+
45
+ - Watcher rules that combine a move action with `forward` are rejected at parse time because retries
46
+ cannot reliably forward a message after its UID changes.
47
+
48
+ ## 1.1.0 - 2026-07-01
49
+
50
+ Turns the watcher into a real workflow layer: more event sources, flexible delivery, and reliable
51
+ forward progress.
52
+
53
+ ### Added
54
+
55
+ - **SimpleLogin alias events.** A second event source (`alias.created`) alongside `mail.received`,
56
+ with a cursor on the highest alias id. Add it as a watcher source or pull it with the new
57
+ `poll_aliases` MCP tool.
58
+ - **Rules file.** Point `PROTON_MCP_WATCH_RULES` (or `--rules`) at a JSON file to run several named
59
+ triggers at once, each with its own source, filter, and optional `webhook_url`.
60
+ - **Delivery targets.** Besides the default webhook, the watcher can append events to a JSONL file
61
+ (`--sink file`) or pipe them to a command's stdin (`--sink command`).
62
+ - **Dead-letter and replay.** After a configurable number of failed cycles, a stuck event is written
63
+ to a dead-letter file and the cursor advances so one bad event can't stall a source. Re-deliver
64
+ parked events later with `--replay-dead-letter`.
65
+ - **Trust model** documented in [docs/WATCH.md](docs/WATCH.md).
66
+
67
+ ### Fixed
68
+
69
+ - Alias polling no longer stops early on SimpleLogin's out-of-order list (pinned and recently active
70
+ aliases float to the top), which previously let new aliases on later pages be missed.
71
+
72
+ ## 1.0.0
73
+
74
+ Initial release: MCP tools for Proton Mail through Bridge and SimpleLogin, local stdio / private
75
+ HTTP / hosted OAuth transports, and the first trigger layer (`poll_mailbox` plus a webhook watcher).
@@ -0,0 +1,19 @@
1
+ # Contributing
2
+
3
+ Do not put account-specific or private data in this repository.
4
+
5
+ Before opening a pull request, run:
6
+
7
+ ```bash
8
+ python -m pip install -e ".[dev]"
9
+ ruff check .
10
+ ruff format --check .
11
+ pytest
12
+ python -m compileall -q src
13
+ pip-audit
14
+ gitleaks detect --redact --config .gitleaks.toml
15
+ ```
16
+
17
+ Tests must use fake data. Use addresses under `example.com`, short synthetic message bodies, and made-up IDs.
18
+
19
+ Do not add account-specific screenshots, mailbox exports, logs, private IPs, private hostnames, usernames, credentials, or local deployment notes.
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 NtrpyDev
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,260 @@
1
+ Metadata-Version: 2.4
2
+ Name: proton-workflow-connector
3
+ Version: 1.2.1
4
+ Summary: Unofficial self-hosted MCP connector for Proton Mail Bridge and SimpleLogin.
5
+ Project-URL: Homepage, https://github.com/NtrpyDev/proton-workflow-connector
6
+ Project-URL: Repository, https://github.com/NtrpyDev/proton-workflow-connector
7
+ Project-URL: Issues, https://github.com/NtrpyDev/proton-workflow-connector/issues
8
+ Author: NtrpyDev
9
+ License-Expression: MIT
10
+ License-File: LICENSE
11
+ Keywords: imap,mcp,proton-mail,simplelogin,smtp
12
+ Classifier: Development Status :: 5 - Production/Stable
13
+ Classifier: License :: OSI Approved :: MIT License
14
+ Classifier: Programming Language :: Python :: 3
15
+ Classifier: Programming Language :: Python :: 3.11
16
+ Classifier: Programming Language :: Python :: 3.12
17
+ Classifier: Programming Language :: Python :: 3.13
18
+ Classifier: Programming Language :: Python :: 3.14
19
+ Classifier: Topic :: Communications :: Email
20
+ Requires-Python: >=3.11
21
+ Requires-Dist: httpx>=0.27
22
+ Requires-Dist: mcp>=1.28.1
23
+ Requires-Dist: pyjwt[crypto]>=2.10
24
+ Requires-Dist: python-dotenv>=1.0
25
+ Provides-Extra: dev
26
+ Requires-Dist: pip-audit>=2.9; extra == 'dev'
27
+ Requires-Dist: pytest>=8.0; extra == 'dev'
28
+ Requires-Dist: ruff>=0.8; extra == 'dev'
29
+ Description-Content-Type: text/markdown
30
+
31
+ # Proton Workflow Connector
32
+
33
+ [![CI](https://github.com/NtrpyDev/proton-workflow-connector/actions/workflows/ci.yml/badge.svg)](https://github.com/NtrpyDev/proton-workflow-connector/actions/workflows/ci.yml)
34
+ [![Secret scan](https://github.com/NtrpyDev/proton-workflow-connector/actions/workflows/secret-scan.yml/badge.svg)](https://github.com/NtrpyDev/proton-workflow-connector/actions/workflows/secret-scan.yml)
35
+ [![Python 3.11+](https://img.shields.io/badge/Python-3.11%2B-3776AB.svg?logo=python&logoColor=white)](https://www.python.org/downloads/)
36
+ [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
37
+
38
+ Proton Workflow Connector (PWC) is a self-hosted MCP connector for reading, sending, organizing, and automating Proton Mail through Proton Mail Bridge.
39
+ It works with any MCP client or local agent runtime that can launch a stdio server or call a Streamable HTTP MCP endpoint.
40
+ SimpleLogin support is optional.
41
+
42
+ This is an unofficial project. It is not affiliated with, endorsed by, or sponsored by Proton AG.
43
+ The connector uses Bridge-generated IMAP/SMTP credentials. It does not accept Proton account passwords or store Proton login sessions.
44
+
45
+ [Quick start](#quick-start) · [Example workflows](#example-workflows) · [Capabilities](#capabilities) · [Automations](#automations) · [Security](#security-model) · [Documentation](#documentation) · [Buy Me a Coffee](https://buymeacoffee.com/ntrpydev)
46
+
47
+ ## Why use it?
48
+
49
+ Use one local server for the mail work agents usually have to piece together:
50
+
51
+ - Search, read, send, reply, forward, draft, label, archive, and download attachments through 53 Proton Mail tools.
52
+ - Require confirmation for destructive tools, preview sends and destructive operations with `dry_run`, sanitize outbound HTML by default, bound bulk operations, and allow only configured sender addresses.
53
+ - React to new mail or SimpleLogin aliases through MCP polling or a background watcher that can call a webhook, append JSONL, or run a command.
54
+ - Add 13 SimpleLogin tools when you want alias, contact, and mailbox management.
55
+ - Connect over stdio, localhost Streamable HTTP, or OAuth-protected hosted HTTP.
56
+
57
+ The server exposes 67 tools in total. See the [complete tool reference](docs/TOOLS.md).
58
+
59
+ ## How it works
60
+
61
+ PWC is an MCP server. Your client starts it over stdio or connects to it over Streamable HTTP.
62
+
63
+ The connector talks to Proton Mail Bridge over local IMAP/SMTP. Bridge must be installed, signed in, and running on the same machine as the connector. One connector process serves one Bridge account.
64
+
65
+ SimpleLogin is optional. If `SIMPLELOGIN_API_KEY` is set, PWC adds alias, contact, mailbox, and new-alias polling tools. If it is unset, the Proton Mail tools still work.
66
+
67
+ For automation, run `proton-workflow-watch` or call the polling tools from your MCP client. Watcher output can go to a webhook, a JSONL file, or a command.
68
+
69
+ ## Quick start
70
+
71
+ ### Prerequisites
72
+
73
+ - Python 3.11 or newer
74
+ - [Proton Mail Bridge](https://proton.me/mail/bridge), signed in and running
75
+ - The IMAP/SMTP host, ports, username, and generated password shown by Bridge
76
+ - A SimpleLogin API key only if you want the optional SimpleLogin tools
77
+
78
+ ### 1. Install
79
+
80
+ ```bash
81
+ git clone https://github.com/NtrpyDev/proton-workflow-connector.git
82
+ cd proton-workflow-connector
83
+ python -m venv .venv
84
+ source .venv/bin/activate
85
+ python -m pip install .
86
+ ```
87
+
88
+ On Windows PowerShell, activate the environment with `.venv\Scripts\Activate.ps1`.
89
+
90
+ ### 2. Configure Bridge credentials
91
+
92
+ Keep the environment file outside the repository:
93
+
94
+ ```bash
95
+ mkdir -p ~/.config/proton-workflow-connector
96
+ cp .env.example ~/.config/proton-workflow-connector/env
97
+ chmod 600 ~/.config/proton-workflow-connector/env
98
+ ```
99
+
100
+ Edit the copied file with the connection details shown in Proton Mail Bridge. Set `PROTON_BRIDGE_EMAIL` to the default sender and list every permitted sender address in `PROTON_BRIDGE_SENDER_ADDRESSES`.
101
+
102
+ ### 3. Run the connector
103
+
104
+ ```bash
105
+ proton-workflow-connector --transport stdio \
106
+ --env-file ~/.config/proton-workflow-connector/env
107
+ ```
108
+
109
+ ### 4. Connect an MCP client
110
+
111
+ Any MCP client or local agent runtime can use PWC as long as it supports stdio or Streamable HTTP:
112
+
113
+ - stdio: run `proton-workflow-connector --transport stdio --env-file ...`
114
+ - HTTP: run the connector with `--transport streamable-http` and point the client at `/mcp`
115
+
116
+ Claude Code stdio example:
117
+
118
+ ```bash
119
+ claude mcp add --transport stdio --scope user proton-workflow \
120
+ -- "$PWD/.venv/bin/proton-workflow-connector" --transport stdio \
121
+ --env-file ~/.config/proton-workflow-connector/env
122
+ ```
123
+
124
+ Codex stdio example:
125
+
126
+ ```toml
127
+ [mcp_servers.proton_workflow]
128
+ command = "/absolute/path/to/repo/.venv/bin/proton-workflow-connector"
129
+ args = [
130
+ "--transport", "stdio",
131
+ "--env-file", "/absolute/path/to/private/proton-workflow-connector-env"
132
+ ]
133
+ default_tools_approval_mode = "prompt"
134
+ startup_timeout_sec = 20
135
+ tool_timeout_sec = 120
136
+ ```
137
+
138
+ Run `server_status` after connecting. It checks IMAP, SMTP, SimpleLogin, OAuth configuration, and the server version without returning secrets.
139
+ Then run `list_folders`; Bridge folder names vary by account and version.
140
+
141
+ See [MCP client setup](docs/CLIENTS.md) for generic client configuration, localhost HTTP, hosted Streamable HTTP, Codex, Claude Code, and the plugin wrapper.
142
+
143
+ ## Example workflows
144
+
145
+ Once connected, ask your MCP client to:
146
+
147
+ - "List my mail folders and show the unread count for each."
148
+ - "Find unread invoices from the last 30 days without marking them read."
149
+ - "Draft a reply to the latest message in this thread, but do not send it."
150
+ - "Download the PDF attachments from this message."
151
+ - "Archive these message UIDs after showing me the exact list."
152
+ - "Create a SimpleLogin alias for shopping and add a contact for this merchant."
153
+ - "Poll for new mail from `billing@vendor.example` using the `invoices` cursor."
154
+
155
+ The connector returns structured data to the MCP client. The client decides how to present it and when to request approval for actions.
156
+
157
+ ## Capabilities
158
+
159
+ | Area | Included operations |
160
+ | --- | --- |
161
+ | Search and reading | Search one folder or all selectable folders, read messages and threads, inspect headers, and download attachments |
162
+ | Sending and drafts | Send, reply, reply-all, forward, create and update drafts, use allowed alternate senders, and attach files |
163
+ | Organization | Create and manage folders, apply Proton labels, change flags, archive, move, copy, restore, and manage Spam or Trash |
164
+ | Bounded bulk actions | Preview, mark, star, move, copy, archive, trash, restore, or permanently delete explicit UID lists |
165
+ | Automations | Poll persistent cursors or push new-message and new-alias events to a webhook, JSONL file, or command |
166
+ | SimpleLogin | Inspect account data and manage aliases, contacts, and mailboxes with an optional API key |
167
+ | Deployment | Local stdio, localhost Streamable HTTP, or OAuth/OIDC-protected hosted HTTP |
168
+
169
+ Proton Contacts are not included because Proton Mail Bridge does not expose them.
170
+
171
+ ## Automations
172
+
173
+ The background watcher polls for new mail or newly created SimpleLogin aliases and emits one event per new item:
174
+
175
+ ```bash
176
+ proton-workflow-watch \
177
+ --env-file ~/.config/proton-workflow-connector/env \
178
+ --folder INBOX \
179
+ --webhook-url https://example.com/hooks/proton \
180
+ --interval 60
181
+ ```
182
+
183
+ Key behavior:
184
+
185
+ - The first run establishes a baseline and does not replay the existing mailbox.
186
+ - Persistent cursors survive restarts and account for IMAP `UIDVALIDITY` changes.
187
+ - Webhook delivery is at-least-once, with retries, exponential backoff, and dead-letter handling.
188
+ - An optional HMAC-SHA256 signature lets webhook receivers verify each event.
189
+ - Events contain message metadata only; bodies and attachments remain available on demand through MCP tools.
190
+ - JSON rules can run several independently filtered triggers from one watcher.
191
+ - `--dry-run` shows which events and rule actions would fire without delivering, acting, or advancing cursors.
192
+
193
+ Read [Triggers and webhooks](docs/WATCH.md) for event schemas, filters, delivery guarantees, signature verification, rules, and systemd examples.
194
+
195
+ ## Security model
196
+
197
+ This connector processes private mail. Its defaults and boundaries are intentionally explicit:
198
+
199
+ - **Prefer local stdio.** Bridge and the connector should stay on the same trusted machine whenever possible.
200
+ - **Keep credentials private.** Store Bridge-generated credentials and optional API keys outside Git with user-only permissions.
201
+ - **Confirm destructive actions.** Permanent deletion, empty-folder operations, folder deletion, and alias deletion require `confirm=true` after explicit user intent.
202
+ - **Preview before mutating.** Sends, forwards, replies, bulk actions, permanent delete, and empty-folder operations support `dry_run=true` previews.
203
+ - **Treat mail as untrusted.** Read/search results mark email content as `content_trust: "untrusted"`, and outbound HTML is sanitized unless `trusted_html=true`.
204
+ - **Bound bulk operations.** Bulk tools require explicit numeric UIDs and default to a maximum of 50 messages per call.
205
+ - **Restrict senders.** Mail can only be sent from `PROTON_BRIDGE_EMAIL` or an address in `PROTON_BRIDGE_SENDER_ADDRESSES`.
206
+ - **Protect remote access.** Non-local HTTP deployments require deliberate Host/Origin policy; internet deployments require HTTPS and an external OAuth/OIDC provider.
207
+ - **Limit exposed data.** Optional audit records exclude addresses, message bodies, attachments, credentials, and tokens.
208
+ - **Treat events as untrusted input.** Email subjects and alias names can be attacker-controlled; webhook receivers and commands must validate event fields.
209
+
210
+ Read [SECURITY.md](SECURITY.md) before using real mail and [Hosted HTTP setup](docs/HOSTING.md) before exposing the connector beyond localhost.
211
+
212
+ ## Known boundaries
213
+
214
+ - Proton Mail Bridge must remain running while the connector or watcher is active.
215
+ - One server process connects to one Bridge account.
216
+ - Proton Contacts, native scheduled sending, filters, account settings, and key management are not exposed by Bridge and are not emulated.
217
+ - New-mail and new-alias triggers use polling because Proton and SimpleLogin do not provide a compatible push API.
218
+ - Trigger events include metadata, not message bodies or attachments.
219
+ - `All Mail` is a virtual read-only Bridge mailbox; start move and permanent-delete operations from a writable folder.
220
+
221
+ ## Documentation
222
+
223
+ | Guide | Use it for |
224
+ | --- | --- |
225
+ | [Setup](docs/SETUP.md) | Bridge configuration, private environment files, folder names, and network modes |
226
+ | [Tool reference](docs/TOOLS.md) | All 67 MCP tools, arguments, safety limits, and boundaries |
227
+ | [Client setup](docs/CLIENTS.md) | Generic MCP clients, local agents, Codex, Claude Code, plugins, and Streamable HTTP |
228
+ | [Triggers and webhooks](docs/WATCH.md) | Watcher rules, payloads, delivery behavior, and signature verification |
229
+ | [Hosted HTTP](docs/HOSTING.md) | OAuth/OIDC, HTTPS, Host/Origin validation, scopes, audit logs, and systemd |
230
+ | [Integration tests](docs/INTEGRATION_TESTS.md) | Live Bridge and SimpleLogin verification |
231
+
232
+ Official upstream references:
233
+
234
+ - [Proton Mail Bridge](https://proton.me/mail/bridge)
235
+ - [Proton IMAP/SMTP setup](https://proton.me/support/imap-smtp-and-pop3-setup)
236
+ - [SimpleLogin API](https://github.com/simple-login/app/blob/master/docs/api.md)
237
+
238
+ ## Development
239
+
240
+ Install the development dependencies and run the local checks:
241
+
242
+ ```bash
243
+ python -m pip install -e ".[dev]"
244
+ ruff check .
245
+ ruff format --check .
246
+ pytest
247
+ python -m compileall -q src
248
+ pip-audit
249
+ gitleaks detect --redact --config .gitleaks.toml
250
+ ```
251
+
252
+ Tests use synthetic data and do not require access to a real mailbox. Live checks are documented separately in [Integration tests](docs/INTEGRATION_TESTS.md).
253
+
254
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for contribution and privacy requirements. Report security issues privately as described in [SECURITY.md](SECURITY.md).
255
+
256
+ ## License
257
+
258
+ MIT. See [LICENSE](LICENSE).
259
+
260
+ <!-- mcp-name: io.github.ntrpydev/proton-workflow-connector -->