Connecting AI Agents to TrekMail via MCP

The TrekMail MCP server lets AI agents manage your email infrastructure through natural language. It exposes 216 tools covering domains, DNS, spam metrics, mailboxes, shared (team) mailboxes, invites, forwarding, mail filters, auto-reply, sieve, safe deletion, SMTP configuration, per-domain White Label branding, Cloudflare DNS integration, Drive file storage, Drive sync-device password management, support tickets, account and billing, email migrations, email verification, and the full webmail feature surface — messages, folders, attachments, drafts, scheduled send, contacts, contact groups, calendar, compose helpers, identities, templates, and blocked senders.

Pick how you want to connect

Path	When to use it	Setup time
Claude.ai web UI (recommended)	You use Claude on the web at claude.ai. Just paste a URL — no token, no config file.	~30 seconds
Claude Desktop / Claude Code	You use the desktop app or the CLI. Same one-click OAuth flow, configured in a JSON file.	~1 minute
mcp-remote on any host	You're piping the MCP server through your own scripts, CI, or a non-Anthropic client that supports OAuth.	~1 minute
Self-host the stdio package	You want to point at a private TrekMail instance, run inside a container, or use static `tm_live_` tokens instead of OAuth.	~5 minutes

Paths 1–3 use OAuth 2.1: the first time you connect, your browser opens TrekMail's consent page, you review the requested scopes, and Claude gets a token scoped to your account. No long-lived tm_live_ tokens involved. Revoke any connection from AI Agents & API → Tokens → Active OAuth Connections at any time.

What you get

216 agent tools covering domains, DNS, spam metrics, outbound deliverability rollups and per-recipient hard/soft bounces with SMTP status codes (new), mailboxes (with storage quota detail), shared (team) mailboxes — list/add/update/remove members plus create-and-convert lifecycle (new), invites, forwarding, sieve, safe deletion, SMTP configuration, per-domain White Label branding — set brand identity, logos, branded hosts, and verify DNS (new), Cloudflare DNS integration, support tickets, account and billing, email migrations, email verification (8 verifier tools), 42 Drive tools for file storage and sync-device password management, and the full webmail API surface (53 message tools).
OAuth 2.1 + dynamic client registration — your AI client registers itself, walks you through a browser consent page, and gets a scoped token. No copy-paste of long-lived tokens for the web/desktop/CLI paths.
Dual-token architecture — separate ops token (infrastructure) and message token (full webmail operations). When you connect via OAuth, message tokens are minted automatically per mailbox as needed.
Automatic idempotency — retries never create duplicate resources.
Two-step delete — mailbox deletion requires explicit intent + confirmation.
Destructive operations gate — delete tools are disabled by default.
Sending safety gates — email sending requires both an environment gate and per-call confirmation.
Migration safety gates — migration write tools are disabled by default and require per-call confirmation.
Full audit logging — every API and MCP operation is logged with 90-day retention.

Before you start

All plans can connect agents.
- Nano — Email Verifier tools. Pick up a Drive Storage Add-on and your agent also gets the full Drive tool set (browse, upload, share, restore, purge — 42 tools).
- Starter — Full Drive, full Email Verifier, and read-only across the rest (domains, mailboxes, migrations, tickets, and so on). For writes the Starter API doesn't expose — creating migrations, replying to tickets, changing auto-reply — use the dashboard.
- Pro / Agency — Full read + write across every family.
First time? The Guide button on the AI Agents & API page walks you through connection methods, token setup, and the audit log step by step.
For the OAuth paths (1, 2, 3) you don't need to create any token by hand — your client does it through the browser. For the self-hosted stdio path (4) you do create a tm_live_ token in the dashboard first.

1. Claude.ai (recommended)

The fastest way — works entirely in your browser, no software to install.

Open claude.ai/customize/connectors.
Click the + in the Connectors header → Add custom connector.
Fill in the dialog:
- Name: TrekMail
- Remote MCP server URL: https://trekmail.net/mcp
Click Add. Claude opens a popup to https://trekmail.net/oauth/authorize — log in to your TrekMail account if you aren't already, review the requested scopes, click Authorize.
The popup closes and the connector appears under Connected. You can now ask Claude things like "list my TrekMail domains" or "create a mailbox alice@…" in any chat.

The first authorization issues a token good for 30 days. Refreshes happen silently as long as Claude.ai is the active client. To disconnect, click the connector → Disconnect in claude.ai, or revoke from TrekMail's Tokens → Active OAuth Connections.

2. Claude Desktop / Claude Code

Same OAuth flow, configured in your local Claude config file. The desktop app handles the browser popup just like claude.ai does.

Claude Code (CLI)

claude mcp add trekmail https://trekmail.net/mcp -t http

The first time you run a Claude Code session after this, your browser opens for the consent step.

Claude Desktop

Edit your config file (macOS: ~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json) and add:

{
  "mcpServers": {
    "trekmail": {
      "url": "https://trekmail.net/mcp",
      "transport": "http"
    }
  }
}

Restart Claude Desktop. The first time you mention TrekMail in a chat, the OAuth popup opens.

3. mcp-remote (CLI)

Useful for testing or for non-Anthropic MCP clients that don't yet support remote OAuth servers directly — mcp-remote is a small Node bridge from stdio to remote HTTP.

npx -y mcp-remote https://trekmail.net/mcp

The first run opens your browser for OAuth. After that the token is cached under ~/.mcp-auth/ and used automatically.

You can wire this into any stdio MCP client by pointing it at the mcp-remote command instead of a local Node entry point.

4. Self-hosted stdio (Claude Desktop / Docker / npm)

If you want static tm_live_ tokens instead of OAuth (e.g. for unattended servers, private TrekMail instances, or container deploys), clone and run the stdio MCP package on your own host.

Create an API token on the AI Agents & API → Tokens page first. For email read/send, also create a message token via the API using your ops token (see the Connect Agent tab for instructions).

Install the MCP server

git clone https://github.com/trekmail/mcp-server trekmail-mcp
cd trekmail-mcp
npm install
npm run build

Claude Desktop (stdio)

Add this to your Claude Desktop MCP configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "trekmail": {
      "command": "node",
      "args": ["./trekmail-mcp/build/index.js"],
      "env": {
        "TREKMAIL_BASE_URL": "https://trekmail.net",
        "TREKMAIL_API_TOKEN": "tm_live_your_token",
        "TREKMAIL_MESSAGE_TOKEN": "tm_msg_your_token",
        "TREKMAIL_ALLOW_SENDING": "false",
        "TREKMAIL_ALLOW_MIGRATION": "false"
      }
    }
  }
}

Update the args path to point to where you cloned the repository. Replace the tokens with your own. You can omit TREKMAIL_MESSAGE_TOKEN if you only need infrastructure tools, or omit TREKMAIL_API_TOKEN if you only need message tools. At least one token is required.

Claude Code (stdio)

Add this to your Claude Code MCP settings (.claude/settings.json or project-level config):

{
  "mcpServers": {
    "trekmail": {
      "command": "node",
      "args": ["./trekmail-mcp/build/index.js"],
      "env": {
        "TREKMAIL_BASE_URL": "https://trekmail.net",
        "TREKMAIL_API_TOKEN": "tm_live_your_token",
        "TREKMAIL_MESSAGE_TOKEN": "tm_msg_your_token",
        "TREKMAIL_ALLOW_SENDING": "false",
        "TREKMAIL_ALLOW_MIGRATION": "false"
      }
    }
  }
}

Docker

If you prefer Docker, build the image from the repo and run it:

git clone https://github.com/trekmail/mcp-server trekmail-mcp
cd trekmail-mcp
docker build -t trekmail-mcp .

docker run -i \
  -e TREKMAIL_BASE_URL=https://trekmail.net \
  -e TREKMAIL_API_TOKEN=tm_live_your_token \
  -e TREKMAIL_MESSAGE_TOKEN=tm_msg_your_token \
  -e TREKMAIL_ALLOW_SENDING=false \
  -e TREKMAIL_ALLOW_MIGRATION=false \
  trekmail-mcp

Local npm (development)

git clone https://github.com/trekmail/mcp-server trekmail-mcp
cd trekmail-mcp
npm install && npm run build

TREKMAIL_BASE_URL=https://trekmail.net \
TREKMAIL_API_TOKEN=tm_live_your_token \
TREKMAIL_MESSAGE_TOKEN=tm_msg_your_token \
TREKMAIL_ALLOW_SENDING=false \
TREKMAIL_ALLOW_MIGRATION=false \
npm start

Stdio environment variables

Variable	Required	Default	Description
`TREKMAIL_BASE_URL`	Yes	—	Your TrekMail URL (`https://trekmail.net`)
`TREKMAIL_API_TOKEN`	At least one token	—	Ops token starting with `tm_live_` (infrastructure tools)
`TREKMAIL_MESSAGE_TOKEN`	At least one token	—	Message token starting with `tm_msg_` (email read/send tools)
`TREKMAIL_TIMEOUT_MS`	No	`30000`	Request timeout in milliseconds
`TREKMAIL_ALLOW_DESTRUCTIVE`	No	`false`	Enable destructive tools (delete intents, domain delete, password change, pause mailbox, shared-mailbox create/convert and member add/update/remove, set/update per-domain signature, per-domain branding set/logo-set/logo-remove/verify-dns/preview/remove, delete message, SMTP config, per-domain SMTP set/create-profile/update-profile/delete-profile/test plus set account SMTP default, revoke message token, delete Cloudflare token, Drive trash/purge/empty-trash, delete folder, empty folder, cancel scheduled message, delete contact, delete contact group, delete calendar event, delete identity, delete template, unblock sender)
`TREKMAIL_ALLOW_SENDING`	No	`false`	Enable the `send_message` tool
`TREKMAIL_ALLOW_MIGRATION`	No	`false`	Enable migration write tools (`start_migration`, `retry_migration`, `delete_migration`, `delete_bulk_migration`, `update_bulk_migration_job_password`, `test_migration_connection`). Note: `cancel_migration` and `cancel_bulk_migration` are always available as safety operations.

Drive tools for agents

With an ops token that includes Drive scopes, the MCP server exposes 42 Drive tools for spaces, usage, browsing, uploads, files, folders, Trash, bulk operations, public share links, sync-device password management (rclone / Cyberduck / X-Plore / DAVx⁵ credentials), and read-only Drive Add-on status. The complete MCP server now exposes 216 tools.

For a Drive-only agent, set TREKMAIL_API_TOKEN and grant only the scopes the workflow needs. Keep TREKMAIL_ALLOW_DESTRUCTIVE=false unless the agent is running a reviewed purge or empty-trash job. Drive Add-on purchase, resize, and cancel are not MCP tools; agents can read add-on status and pricing, but billing changes stay in the dashboard.

See Drive MCP Tools Overview and Connecting AI Agents to TrekMail Drive.

Available tools

The MCP server exposes these tools to connected agents. Tools are registered conditionally based on which tokens are provided.

Domain tools (ops token)

Tool	Description
`list_domains`	List domains with optional status/search filters
`get_domain`	Get details for a specific domain
`create_domain`	Add a new domain to the account
`delete_domain`	Delete a domain (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`update_domain_catch_all`	Configure or clear the catch-all address
`retry_domain_dkim`	Retry DKIM key provisioning
`update_domain_note`	Update the admin note on a domain
`get_domain_signature`	Read per-domain email signature settings
`update_domain_signature`	Set per-domain email signature (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`bulk_add_domains`	Add up to 20 domains in one call

White Label branding tools (ops token)

Branding is configured per domain — a domain runs its own brand (custom), inherits the account default (inherit), or is off. Settings always save; the branded dashboard.yourbrand.com / mail.yourbrand.com hosts only go live once the White Label add-on is active (without it they stay draft).

Tool	Description
`get_domain_branding`	Read branding state — mode, add-on status, brand fields, hosts, and the `dns_records` (CNAMEs) to create
`set_domain_branding`	Partial-merge update of the brand — mode, name, colors, dashboard/webmail toggles and labels, support/sender, scope (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`set_domain_brand_logo`	Upload a base64 logo to the `light`, `dark`, or `favicon` slot (PNG/JPG, ICO for favicon, ≤1 MB, no SVG) (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`verify_domain_branding_dns`	Queue DNS verification for the enabled branded hosts (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`create_branding_preview`	Mint a short-lived preview URL of the branded experience (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`remove_domain_brand_logo`	Remove a logo slot (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`remove_domain_branding`	Clear branding for the domain or the whole account (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

get_domain_branding is read-only and always available; the other six are disabled unless TREKMAIL_ALLOW_DESTRUCTIVE=true. An agent can run the whole setup autonomously — set the brand, read the dns_records, write them with apply_cloudflare_dns, then verify_domain_branding_dns and poll. See the White Label Branding API and MCP Guide.

DNS tools (ops token)

Tool	Description
`get_dns_requirements`	Get required DNS records for a domain
`dns_recheck`	Trigger DNS verification (returns check ID)
`get_dns_check`	Poll DNS check results

Mailbox tools (ops token)

Tool	Description
`list_mailboxes`	List mailboxes with optional filters
`get_mailbox`	Get details for a specific mailbox
`create_mailbox_generated_password`	Create a mailbox with auto-generated password (optional `storage_allocation_mb` carves out dedicated storage from the account pool)
`change_mailbox_password`	Change the password for a mailbox
`update_mailbox_note`	Update the admin note on a mailbox
`pause_mailbox`	Disable a mailbox (set status to disabled)
`resume_mailbox`	Re-enable a paused mailbox
`enable_imap`	Enable IMAP access for a mailbox (required for Message API)
`create_invite`	Send a setup invite to a recipient (optional `storage_allocation_mb` pre-allocates dedicated storage that the recipient inherits at redeem)
`create_invites_bulk`	Send up to 100 invites in one call (per-item `storage_allocation_mb` supported)
`create_mailboxes_bulk`	Create up to 100 mailboxes in one call (per-item `storage_allocation_mb` supported)
`get_forwarding`	Get forwarding config for a mailbox
`set_forwarding`	Configure forwarding rules

Shared mailbox tools (ops token)

A shared mailbox is a team inbox (support@, sales@) that other mailboxes open from their own webmail. Access is flat — everyone can read, and can_send is the only toggle (reply-capable vs read-only). There are no member roles.

Tool	Description
`list_shared_mailbox_members`	List who can access a shared mailbox (each: `member_mailbox_id`, `email`, `can_read`, `can_send`)
`add_shared_mailbox_member`	Add a member to a shared mailbox; `can_send` defaults to `true` (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`update_shared_mailbox_member`	Toggle a member's reply access (`can_send`) without removing them (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`remove_shared_mailbox_member`	Remove a member — a shared mailbox always keeps at least one (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

Shared mailbox lifecycle (ops token)

Tool	Description
`create_shared_mailbox`	Create a new shared mailbox from a domain, local part, display name, and a list of member mailbox IDs (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`convert_mailbox_to_shared`	Turn an existing mailbox into a shared one (rotates the old password so it can no longer sign in) (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`convert_shared_mailbox_to_regular`	Convert a shared mailbox back to a regular one — removes members and sets a fresh sign-in password (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

The three lifecycle tools and the three member-write tools (add/update/remove) are disabled unless TREKMAIL_ALLOW_DESTRUCTIVE=true; list_shared_mailbox_members is read-only and always available.

Sieve tools (ops token)

Tool	Description
`get_sieve_script`	Get the raw Sieve script for a mailbox
`upload_sieve_script`	Upload a raw Sieve script for a mailbox

Delete tools (ops token)

Tool	Description
`create_delete_intent`	Step 1: create a time-limited delete intent
`confirm_delete_intent`	Step 2: confirm and execute deletion (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

Migration tools (ops token)

Tool	Description
`test_migration_connection`	Validate IMAP credentials and discover source folders with counts
`list_migrations`	List migrations with optional status/mailbox filters
`get_migration`	Get detailed migration status with per-folder breakdown
`start_migration`	Start a new email migration (gated: `TREKMAIL_ALLOW_MIGRATION` + `confirm_start`)
`cancel_migration`	Cancel a running migration (always available — safety operation, requires `confirm_cancel`)
`retry_migration`	Retry a failed or cancelled migration (gated: `TREKMAIL_ALLOW_MIGRATION` + `confirm_retry`)
`delete_migration`	Delete a completed/failed migration record (gated: `TREKMAIL_ALLOW_MIGRATION` + `confirm_delete`)
`preview_bulk_migration`	Validate and preview a bulk migration batch (gated: `TREKMAIL_ALLOW_MIGRATION`)
`start_bulk_migration`	Start a bulk migration batch (gated: `TREKMAIL_ALLOW_MIGRATION` + `confirm_start`)
`list_bulk_migrations`	List bulk migration batches with optional status filter
`get_bulk_migration`	Get details of a bulk migration batch
`cancel_bulk_migration`	Cancel an active bulk batch (requires `confirm_cancel`)
`retry_bulk_migration`	Retry failed jobs in a batch (gated: `TREKMAIL_ALLOW_MIGRATION` + `confirm_retry`)
`resume_bulk_migration`	Resume a paused batch (requires `confirm_resume`)
`delete_bulk_migration`	Delete a terminal bulk migration batch (gated: `TREKMAIL_ALLOW_MIGRATION` + `confirm_delete`)
`update_bulk_migration_job_password`	Update source password for a failed job (gated: `TREKMAIL_ALLOW_MIGRATION`)

Ticket tools (ops token)

Tool	Description
`list_tickets`	List support tickets with optional filters
`get_ticket`	Get ticket details
`get_ticket_messages`	Get messages in a ticket thread
`create_ticket`	Create a new support ticket
`reply_to_ticket`	Reply to an existing ticket
`close_ticket`	Close a ticket

SMTP / domain-routing tools (ops token)

SMTP is configured per domain — each domain points at managed platform sending or at a saved SMTP profile (your own provider, reusable across domains), and a single account-wide default decides what new domains start on.

Tool	Description
`get_domain_smtp`	View a domain's SMTP route (`smtp_mode` plus `effective_smtp_mode`, which resolves `inherit` to the account default), and its profile
`set_domain_smtp`	Set a domain's route — `platform`, `profile` (with a profile id), `not_configured`, or `inherit` (live-follow the account default). Supports the `set_account_default` and `apply_to_all` switches (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`list_domain_smtp_profiles`	List the account's saved SMTP profiles
`create_domain_smtp_profile`	Create a profile and use it for this domain (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`update_domain_smtp_profile`	Update a profile — affects every domain using it (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`delete_domain_smtp_profile`	Delete a profile; domains using it are reassigned to the account default (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`test_domain_smtp`	Start an async SMTP test for a route (returns a job ID) (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)
`get_domain_smtp_test_status`	Poll a domain SMTP test job
`get_account_smtp_default`	View the account-wide default route (`default_smtp_mode`, the plan-baseline `effective_default_smtp_mode`, and its profile)
`set_account_smtp_default`	Set the account-wide default — `platform`, `profile`, or `not_configured`; decides what new domains start on. Pair with `set_domain_smtp` mode `inherit` to have a domain live-follow it (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

The write/test tools above are disabled unless TREKMAIL_ALLOW_DESTRUCTIVE=true; get_domain_smtp, list_domain_smtp_profiles, get_domain_smtp_test_status, and get_account_smtp_default are read-only and always available.

Legacy SMTP tools (deprecated)

These account-level tools remain for backward compatibility but no longer control per-domain routing — use the domain-routing tools above instead.

Tool	Description
`get_smtp_config`	(deprecated) View the legacy account-level SMTP mode and connection details
`update_smtp_config`	(deprecated) Update the legacy account-level SMTP configuration
`delete_smtp_connection`	Delete a custom SMTP connection
`test_smtp`	Start an async SMTP connection test (returns job ID)
`get_smtp_test_status`	Poll SMTP test results

Spam metrics tools (ops token)

Tool	Description
`get_spam_metrics`	Get daily spam protection metrics for a domain (inbound, spam caught, rejected, clean)
`get_spam_summary`	Get aggregated spam protection summary for a domain (spam rate, status, top triggered rules)

Account tools (ops token)

Tool	Description
`get_account`	View account info, plan, limits, and usage
`get_billing_status`	View billing status and subscription details
`list_invoices`	List invoice history

Message token management (ops token)

Tool	Description
`create_message_token`	Create a message API token for a mailbox (returns the plaintext token once)
`list_message_tokens`	List all message tokens for a mailbox
`revoke_message_token`	Revoke a message token (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

Message tools (message token)

The message token unlocks 53 tools covering the full webmail surface. Tools are organized by feature area.

Core messages

Tool	Description
`list_messages`	List messages in a folder with cursor pagination
`read_message`	Get a single message with full body and inline attachments
`send_message`	Send an email from the mailbox (requires dual safety gates)
`delete_message`	Delete a message permanently (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)
`move_message`	Move a message to a different IMAP folder
`update_message_flags`	Mark read/unread, starred/unstarred on a message
`get_raw_message`	Download the full RFC822 raw source of a message
`report_spam`	Report a message as spam — moves to Junk and trains the filter
`report_ham`	Mark a Junk message as not spam — moves to Inbox and trains the filter
`bulk_action`	Apply an action (read, star, delete, move, spam) to up to 50 messages at once

Folders

Tool	Description
`list_folders`	List all IMAP folders for the mailbox
`create_folder`	Create a new IMAP folder
`rename_folder`	Rename an existing folder
`delete_folder`	Delete a folder and its contents (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)
`empty_folder`	Permanently delete all messages in Trash or Junk (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)

Attachments

Tool	Description
`download_attachment`	Download a single attachment by index — returns base64 content
`download_all_attachments`	Download all attachments from a message as a base64 ZIP

Drafts

Tool	Description
`save_draft`	Save a new draft to the IMAP Drafts folder
`update_draft`	Replace an existing draft (deletes old UID, appends updated version)

Scheduled send

Tool	Description
`schedule_message`	Schedule a message for future delivery (requires `TREKMAIL_ALLOW_SENDING` + `confirm_send`; accepts optional IANA `timezone` for naïve datetimes)
`list_scheduled`	List all pending scheduled messages for the mailbox
`reschedule_message`	Re-time a pending scheduled message in place (no resend; uses lighter `messages:read` throttle so batch re-times don't burn the send rate-limit)
`cancel_scheduled`	Cancel a pending scheduled message (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)

Contacts

Tool	Description
`list_contacts`	List contacts with optional search filter
`create_contact`	Create a contact — upserts if email already exists
`update_contact`	Update a contact's fields
`delete_contact`	Delete a contact (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)
`import_contacts`	Import contacts from base64-encoded CSV or VCF content
`export_contacts`	Export all contacts as CSV or VCF — returns base64 content

Contact groups

Tool	Description
`create_contact_group`	Create a named contact group
`rename_contact_group`	Rename a contact group
`delete_contact_group`	Delete a contact group (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)
`add_group_members`	Add contacts to a group by ID
`remove_group_members`	Remove contacts from a group

Calendar

Tool	Description
`list_calendar_events`	List calendar events in a date range
`create_calendar_event`	Create a new event with title, start/end, location, and notes
`update_calendar_event`	Update an existing event
`delete_calendar_event`	Delete a calendar event (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)

Compose helpers

These tools prepare the data for a reply or forward — they do not send anything. Pass the returned data directly to send_message or save_draft.

Tool	Description
`get_reply_data`	Pre-populate a reply (To, Re: subject, quoted body, In-Reply-To header)
`get_reply_all_data`	Pre-populate a reply-all (To + Cc from all original recipients)
`get_forward_data`	Pre-populate a forward (Fwd: subject, forwarded body, original attachment metadata)

Identities (send-from addresses)

Tool	Description
`list_identities`	List all send-from identities for the mailbox
`create_identity`	Create an identity using the mailbox address or a configured alias
`update_identity`	Update identity name, reply-to, or HTML signature
`delete_identity`	Delete an identity — cannot delete the default (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)

Templates

Tool	Description
`list_templates`	List all saved message templates
`create_template`	Create a template with name, subject, and HTML body
`update_template`	Update a template
`delete_template`	Delete a template (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)

Blocked senders

Tool	Description
`list_blocked_senders`	List all blocked email addresses and domains
`block_sender`	Block a specific email address or entire domain (e.g., `@spam.com`)
`unblock_sender`	Remove a block (gated: `TREKMAIL_ALLOW_DESTRUCTIVE`)

Email Verifier tools (ops token)

Tool	Description
`verify_email`	Verify a single email address
`verify_email_bulk`	Submit a bulk verification job
`verify_job_status`	Check job progress and results
`verify_job_download`	Download job results as CSV
`verify_credits`	Check remaining credit balance
`verify_list_jobs`	List all verification jobs
`verify_cancel_job`	Cancel a running job and refund unprocessed credits
`verify_delete_job`	Permanently delete a job and all results (GDPR)

Email Verifier tools are available on all plans, including Nano. The only limitation is your credit balance.

Cloudflare tools (ops token)

Tool	Description
`validate_cloudflare_token`	Validate a Cloudflare API token
`list_cloudflare_zones`	List DNS zones accessible by a Cloudflare token
`connect_cloudflare_domains`	Connect domains to a Cloudflare account
`preview_cloudflare_dns`	Preview DNS changes that would be applied via Cloudflare. Pass an optional `included_records` allowlist (`{ domain_id: [record_ids] }`) to preview only specific records
`apply_cloudflare_dns`	Apply DNS changes to Cloudflare-managed zones. Use `included_records` to write only chosen records and skip the rest (e.g. MX now, DKIM later); omit it to apply everything. Use `confirmed_conflicts` to authorise replacing records preview flagged as conflicting
`list_cloudflare_tokens`	List stored Cloudflare tokens
`delete_cloudflare_token`	Delete a stored Cloudflare token (gated: requires `TREKMAIL_ALLOW_DESTRUCTIVE`)

Cloudflare tools are available on Pro and Agency plans.

Safety and destructive operations

By default, TREKMAIL_ALLOW_DESTRUCTIVE is false. With this setting, delete tools return an error explaining how to enable them. Set it to true only if you trust the agent to handle mailbox deletion.

Even with destructive operations enabled, deletion always requires two steps and the agent must explicitly set confirm: true. See Safety Rails and Delete Intents for details.

Sending safety gates

The send_message and schedule_message tools have two independent safety gates that must both pass:

Environment gate: TREKMAIL_ALLOW_SENDING=true must be set when starting the MCP server.
Per-call gate: The agent must pass confirm_send=true as a parameter on every call.

This dual-gate design prevents accidental email sends. Set TREKMAIL_ALLOW_SENDING=false (the default) if your agent should only read messages. Note that list_scheduled works without any gate — the sending gate applies only to creating or sending scheduled messages.

Migration safety gates

Migration write tools (start_migration, retry_migration, delete_migration, delete_bulk_migration, update_bulk_migration_job_password, test_migration_connection, preview_bulk_migration, start_bulk_migration, retry_bulk_migration) have two independent safety gates:

Environment gate: TREKMAIL_ALLOW_MIGRATION=true must be set when starting the MCP server.
Per-call gate: Each tool requires its own confirmation parameter (confirm_start=true, confirm_retry=true, or confirm_delete=true).

cancel_migration, cancel_bulk_migration, and resume_bulk_migration are always available regardless of the environment gate — they are safety/resumption operations. They still require per-call confirmation parameters.

Read-only migration tools (list_migrations, get_migration, list_bulk_migrations, get_bulk_migration) work without any gates.

Quick fixes

Agent cannot connect: Verify the build/index.js path is correct and you ran npm run build after cloning.
"Missing bearer token" errors: Check that at least one of TREKMAIL_API_TOKEN or TREKMAIL_MESSAGE_TOKEN is set.
Read-only tools work but writes fail: Your token is on a Starter plan. Drive writes work on Starter (full Drive surface). For other writes — provisioning mailboxes, starting migrations, replying to tickets — upgrade to Pro, or use the dashboard.
Delete tools return errors: Set TREKMAIL_ALLOW_DESTRUCTIVE=true in the environment. This applies to all delete/destructive tools — messages, folders, contacts, calendar, identities, templates, blocked senders, and scheduled messages.
Send tool returns "Sending is disabled": Set TREKMAIL_ALLOW_SENDING=true in the environment.
Send tool returns "Send not confirmed": The agent must pass confirm_send=true on each send_message or schedule_message call.
No message tools appear: Ensure TREKMAIL_MESSAGE_TOKEN is set with a valid tm_msg_ token.
Migration write tools return errors: Set TREKMAIL_ALLOW_MIGRATION=true in the environment.
503 on migration start: The server is at migration capacity. Retry in a few minutes.
Attachment download fails: Attachments are returned as base64. Large attachments (up to 25 MB) may take a few seconds. download_all_attachments returns a base64-encoded ZIP of all attachments.
Draft disappeared after update: update_draft deletes the old draft UID and creates a new one. Always use the returned new UID for subsequent operations.
Calendar event not found: Events are scoped to the specific mailbox. Confirm the message token was issued for the correct mailbox.