ProtonScope
Provides a scoped, read-and-draft-only view into Proton Mail, allowing AI agents to read and draft emails within configured workspaces.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ProtonScopedraft a reply to the latest email from ACME Corp"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ProtonScope
A lightweight MCP server that gives an AI agent a scoped, read-and-draft-only view into your Proton Mail through Proton Bridge.
The scope is enforced in code, not by prompting: the agent physically cannot read or touch mail outside the workspace you configure, and it can never send — replies are saved as drafts for you to review and send yourself in Proton.
What it does (and doesn't)
✅ Read mail within a configured scope (specific folders/labels, optionally only starred, optionally only certain correspondents — including mail where you were BCC'd).
✅ Work thread-centric: list and read whole conversations.
✅ Draft replies and new messages (saved to your Drafts).
✅ Optional housekeeping: mark read/unread, star, move/label within scope, optional delete.
❌ No sending. No SMTP. The server never opens an SMTP connection and has no send tool.
❌ No calendar, no contacts. Mail only.
Proton Bridge exposes mail over local IMAP/SMTP only; this server uses IMAP exclusively.
Related MCP server: ProtonMail MCP Server
How scope works
Each workspace is a single committed YAML file, workspaces/<name>.yaml (name/description/
account plus a mail: section for permission, scope, and write targets). Scope is
deny-by-default and combines (AND) up to three filters — a message is in scope only if
all apply:
it is in an allowed source mailbox (
scope.sources);if
require_starred: true, it is starred;if
scope.addressesis set, one of those addresses appears in From/To/Cc or the delivery headers (Delivered-To/X-Original-To/Envelope-To— this is how BCC'd mail to your aliases is matched).
See workspaces/example-clients.yaml for a fully
commented example. One server instance serves exactly one workspace.
Prerequisites
Proton Bridge installed, running, and signed in. Add your account and note the per-account IMAP username and Bridge password (Bridge → account → Mailbox configuration). This is the Bridge password, not your Proton login password.
Python 3.11+ and uv.
Install
git clone <this-repo> code-protonscope
cd code-protonscope
uv syncRun the tests (no Proton Bridge needed — scope logic is pure):
uv run pytestpython -m venv .venv
# Linux/macOS:
source .venv/bin/activate
# Windows PowerShell:
.\.venv\Scripts\Activate.ps1
pip install -e . pytest
pytest
protonscope --workspace workspaces/my-clients.yaml # after configuring (see below)Requires a real Python 3.11+ on PATH (the Microsoft Store stub won't work).
Configure a workspace
Copy the example and edit it:
# Linux/macOS
cp workspaces/example-clients.yaml workspaces/my-clients.yaml# Windows (PowerShell)
Copy-Item workspaces/example-clients.yaml workspaces/my-clients.yamlEdit workspaces/my-clients.yaml: your username, and under mail: your scope,
permission tier, and the real names of your Drafts/Trash mailboxes as Bridge reports them.
Try it locally with the MCP Inspector
PROTONSCOPE_BRIDGE_PASSWORD="<bridge-password>" \
uv run protonscope --workspace workspaces/my-clients.yamlOr with the interactive inspector:
PROTONSCOPE_WORKSPACE=workspaces/my-clients.yaml \
PROTONSCOPE_BRIDGE_PASSWORD="<bridge-password>" \
uv run mcp dev src/protonscope/__main__.pyOn Windows PowerShell, set the env vars first:
$env:PROTONSCOPE_BRIDGE_PASSWORD = "<bridge-password>"
uv run protonscope --workspace workspaces/my-clients.yamlRegister with an MCP client
Add one entry per workspace to your client config (e.g. Claude Desktop's
claude_desktop_config.json, or a project .mcp.json):
{
"mcpServers": {
"protonscope-clients": {
"command": "uv",
"args": ["run", "protonscope", "--workspace", "workspaces/my-clients.yaml"],
"env": { "PROTONSCOPE_BRIDGE_PASSWORD": "<bridge-password>" }
}
}
}On Windows, use the absolute path to the workspace and ensure
uvis onPATH(or give the full path touv.exe). Bridge's default ports (IMAP 1143) are identical on both OSes.
Picking a permission tier
| Reads | Drafts & housekeeping | Sends |
| ✅ | ❌ | ❌ (never) |
| ✅ | ✅ | ❌ (never) |
delete_message is only offered when allow_delete: true (and needs write_targets.trash).
Security notes
Workspace YAML is committed; secrets are not. The Bridge password is only ever read from
PROTONSCOPE_BRIDGE_PASSWORD.workspaces/.gitignorealso ignores*.secret/*.local.yaml.Thread reconstruction stays within your allowed sources, so a thread may come back partial if some messages are outside scope — this is intentional (no peeking via All Mail).
The scope core (
src/protonscope/scope.py) is pure and fully unit-tested (tests/test_scope.py).
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dazzle-blip/code-protonscope'
If you have feedback or need assistance with the MCP directory API, please join our Discord server