inbox-mcp

inbox-mcp

A privacy-first MCP server for inbox triage, enabling masked email reading, calendar upsert, reply drafting, and Slack digests using Google and Slack credentials.

Category
Visit Server

README

inbox-mcp

A privacy-preserving MCP server (built on FastMCP) that lets a coding agent (Claude Code / Codex / any MCP client) triage your inbox end to end: read & mask email → upsert calendar events → draft replies → post a digest to Slack — all driven by your own Google + Slack credentials.

Every email body, header and snippet is run through a local masking pipeline before it ever reaches the model: secrets are irreversibly redacted, contact PII is swapped for reversible tokens, and only the human-facing write paths (calendar / Slack / reply draft) restore the real values. Names go to your own model; passwords, API keys and card numbers never come back at all.

Gmail ──► [ mask ] ──► agent reasons over safe text ──► Calendar (upsert)
                                                    ├──► Gmail reply DRAFT (never sent)
                                                    └──► Slack digest (one per run)

Features

  • Unified tools with service prefixes: gmail_* (search / read / label / reply-draft), calendar_* (idempotent upsert + list), slack_* (post a report).
  • Masking-first: a Gitleaks-style secret pass → allowlist → PII tokenizer → in-memory vault, all in-process. See docs/masking.md.
  • Idempotent calendar upserts keyed by iCalUID, so re-running never double-books. Timed, all-day and multi-day events supported.
  • Reply drafts only — a threaded draft syncs to your mail client; the server never sends.
  • Apple Mail deep-links (message://) so a digest line opens the original mail.
  • Configurable calendar routing — define any number of categories via GOOGLE_CALENDAR_ID_<KEY> environment variables; nothing is hardcoded.
  • No telemetry, no external services beyond Google + Slack. Secrets stay in a local, gitignored env file.

How it works

The server is stateless transport over the Google + Slack APIs plus the masking layer. It is meant to be registered with an interactive agent and driven by a prompt (e.g. a daily inbox-triage routine). Scheduling that prompt is left to you or your automation daemon — this repo ships the tools, not a scheduler. See docs/operating-handoff.md.

Requirements

  • Python ≥ 3.13, managed with uv
  • A Google OAuth Desktop-app credential.json with the Gmail API + Calendar API enabled (scopes gmail.modify + calendar)
  • A Slack Bot User OAuth token (xoxb-…) with chat:write, invited to your target channel
  • (optional) presidio-analyzer + a spaCy model for full PERSON/LOCATION NER

Quick start

# 1. install
uv sync                      # add `--extra nlp` for Presidio (English-only) PERSON/LOCATION masking; names are unmasked by default

# 2. configure (secrets live OUTSIDE the repo)
cp .env.example ~/.config/inbox-mcp/.env
chmod 600 ~/.config/inbox-mcp/.env
$EDITOR ~/.config/inbox-mcp/.env          # paths, Slack token, calendar IDs

# 3. run the server (first run opens a browser for Google consent → token.json)
uv run inbox-mcp

# 4. tests
uv run pytest -q

Register with an agent

Point the agent at this directory; no secrets go in the registration (the server loads them from ~/.config/inbox-mcp/.env):

claude mcp add inbox_mcp -- uv run --directory /path/to/inbox-mcp inbox-mcp
# or
codex mcp add inbox_mcp -- uv run --directory /path/to/inbox-mcp inbox-mcp

Documentation

Doc What
docs/configuration.md OAuth, Slack, calendar IDs, env vars, registration
docs/tools.md Every tool: inputs, outputs, read-only vs write
docs/masking.md The privacy pipeline and how to extend it
docs/operating-handoff.md Running this to process a real inbox (CWD, operating/, scheduling)
docs/daily-run-prompt.template.md A generic inbox-triage prompt to copy & personalize
docs/reply-style-guide.template.md A generic reply-voice guide to copy & personalize
docs/scheduler-inject.template.md The wrapper your scheduler injects each run (pointer + guardrails + completion sentinel)

Security

  • Secrets (credential.json, token.json, .env) are gitignored and belong in ~/.config/inbox-mcp/ (chmod 600) — never in the repo or agent config.
  • Masking runs before any email content reaches the model; secrets are redacted irreversibly and never restored.
  • Reply drafts are never auto-sent.
  • Calendar writes target secondary calendars you configure, not your primary.

License

MIT.

Contributing

See CONTRIBUTING.md.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured