Spaces:

Agents-MCP-Hackathon
/

MailQuery

Sleeping

App Files Files Community

Arun Raghav commited on Jun 10

Commit

627b659

1 Parent(s): 2312d97

google auth done

Browse files

Files changed (6) hide show

agentic_implementation/README_OAuth.md +258 -0
agentic_implementation/email_mcp_server_oauth.py +545 -0
agentic_implementation/gmail_api_scraper.py +301 -0
agentic_implementation/oauth_manager.py +487 -0
agentic_implementation/requirements_oauth.txt +21 -0
agentic_implementation/setup_oauth.py +274 -0

agentic_implementation/README_OAuth.md ADDED Viewed

	@@ -0,0 +1,258 @@

+# Gmail MCP Server with OAuth Authentication
+This is an enhanced version of the Gmail MCP (Model Context Protocol) server that uses **OAuth 2.0 authentication** instead of requiring users to provide email credentials for each query.
+## 🚀 Key Features
+- **OAuth 2.0 Authentication**: Secure authentication flow using Google's OAuth system
+- **One-time Setup**: Authenticate once, use anywhere
+- **Automatic Token Refresh**: Handles token expiration automatically
+- **Encrypted Storage**: Credentials are encrypted and stored securely
+- **No More Password Sharing**: No need to provide email/password to Claude
+## 📋 Prerequisites
+1. **Google Account**: You need a Gmail account
+2. **Google Cloud Project**: Free to create
+3. **Python 3.8+**: Required for running the server
+## 🛠️ Setup Instructions
+### Step 1: Install Dependencies
+```bash
+pip install -r requirements_oauth.txt
+```
+### Step 2: Run the Interactive Setup
+The setup script will guide you through the entire process:
+```bash
+python setup_oauth.py
+```
+This will walk you through:
+1. Creating a Google Cloud project
+2. Enabling the Gmail API
+3. Setting up OAuth consent screen
+4. Creating OAuth credentials
+5. Testing the authentication flow
+### Step 3: Start the MCP Server
+```bash
+python email_mcp_server_oauth.py
+```
+The server will start and show you:
+- Authentication status
+- MCP endpoint URL
+- Web interface URL
+## 🔧 Claude Desktop Configuration
+Add this configuration to your Claude Desktop MCP settings:
+```json
+{
+  "mcpServers": {
+    "gmail-oauth": {
+      "command": "npx",
+      "args": [
+        "mcp-remote",
+        "http://localhost:7860/gradio_api/mcp/sse"
+      ]
+    }
+  }
+}
+```
+## 🔍 Available Tools
+### 1. search_emails
+Search your emails using natural language queries - **no credentials needed!**
+**Parameters:**
+- `query`: Natural language query (e.g., "show me emails from amazon last week")
+**Example Usage in Claude:**
+> "Can you search my emails for messages from Swiggy in the last week?"
+### 2. get_email_details
+Get full details of a specific email by message ID.
+**Parameters:**
+- `message_id`: Message ID from search results
+### 3. analyze_email_patterns
+Analyze email patterns from a specific sender over time.
+**Parameters:**
+- `sender_keyword`: Sender to analyze (e.g., "amazon", "google")
+- `days_back`: Number of days to analyze (default: "30")
+### 4. authenticate_user
+Trigger the OAuth authentication flow from Claude Desktop.
+**Parameters:** None
+### 5. get_authentication_status
+Check current authentication status.
+**Parameters:** None
+## 🔐 Security Features
+### Encrypted Storage
+- All credentials are encrypted using Fernet encryption
+- Encryption keys are stored securely with proper permissions
+- No plaintext credentials are ever stored
+### OAuth Benefits
+- No need to share Gmail passwords
+- Granular permission control
+- Easy revocation from Google Account settings
+- Automatic token refresh
+### Local Storage
+- All data stored locally on your machine
+- No cloud storage of credentials
+- You maintain full control
+## 🔧 Advanced Usage
+### Command Line Tools
+Check authentication status:
+```bash
+python setup_oauth.py --status
+```
+Re-authenticate:
+```bash
+python setup_oauth.py --auth
+```
+Clear stored credentials:
+```bash
+python setup_oauth.py --clear
+```
+Show help:
+```bash
+python setup_oauth.py --help
+```
+### Web Interface
+When the server is running, you can access the web interface at:
+```
+http://localhost:7860
+```
+Use this interface to:
+- Check authentication status
+- Trigger authentication flow
+- Test email search functionality
+## 🆚 Comparison: OAuth vs App Passwords
+| Feature | App Password (Old) | OAuth (New) |
+|---------|-------------------|-------------|
+| **Setup Complexity** | Simple | One-time setup required |
+| **Security** | Share app password | No password sharing |
+| **User Experience** | Enter credentials each time | Authenticate once |
+| **Revocation** | Change app password | Revoke from Google Account |
+| **Token Management** | Manual | Automatic refresh |
+| **Scope Control** | Full Gmail access | Granular permissions |
+## 🐛 Troubleshooting
+### Authentication Issues
+**"OAuth not configured" error:**
+```bash
+python setup_oauth.py
+```
+**"Not authenticated" error:**
+```bash
+python setup_oauth.py --auth
+```
+**Authentication timeout:**
+- Check if port 8080 is available
+- Try disabling firewall temporarily
+- Ensure browser can access localhost:8080
+### Common Issues
+**"No module named 'google.auth'" error:**
+```bash
+pip install -r requirements_oauth.txt
+```
+**"Permission denied" on credential files:**
+```bash
+# Check permissions
+ls -la ~/.mailquery_oauth/
+# Should show restricted permissions (600/700)
+```
+**Browser doesn't open:**
+- Copy the authorization URL manually
+- Paste it in your browser
+- Complete the flow manually
+### Getting Help
+1. Check authentication status: `python setup_oauth.py --status`
+2. Review server logs for detailed error messages
+3. Ensure Google Cloud project is properly configured
+4. Verify OAuth consent screen is set up correctly
+## 📁 File Structure
+```
+~/.mailquery_oauth/
+├── client_secret.json    # OAuth client configuration
+├── token.pickle         # Encrypted access/refresh tokens
+└── key.key             # Encryption key (secure permissions)
+```
+## 🔄 Migration from App Password Version
+If you're migrating from the app password version:
+1. Run the new OAuth setup: `python setup_oauth.py`
+2. Update your Claude Desktop configuration to use the new server
+3. The old environment variables (EMAIL_ID, APP_PASSWORD) are no longer needed
+## 📞 Support
+For issues or questions:
+1. Check the troubleshooting section above
+2. Review the setup script output for specific guidance
+3. Ensure all prerequisites are met
+4. Verify Google Cloud project configuration
+## 🎯 Example Queries for Claude
+Once set up, you can ask Claude:
+- "Search my emails for messages from Amazon in the last month"
+- "Show me emails from my bank from last week"
+- "Analyze my LinkedIn email patterns over the last 60 days"
+- "Find emails from Swiggy today"
+- "Get details of the email with ID xyz123"
+Claude will automatically use the OAuth-authenticated tools without asking for credentials!
+## 🔒 Privacy & Data
+- **No data leaves your machine**: All processing happens locally
+- **Google only provides**: Access to your Gmail via official APIs
+- **We store**: Encrypted authentication tokens only
+- **We never store**: Email content, passwords, or personal data
+- **You control**: Access can be revoked anytime from Google Account settings

agentic_implementation/email_mcp_server_oauth.py ADDED Viewed

	@@ -0,0 +1,545 @@

+import gradio as gr
+import json
+import os
+from typing import Dict, List
+from datetime import datetime, timedelta
+from dotenv import load_dotenv
+# Import OAuth-enabled modules
+from tools import extract_query_info, analyze_emails
+from gmail_api_scraper import gmail_scraper
+from oauth_manager import oauth_manager
+from logger import logger
+load_dotenv()
+def check_authentication() -> tuple[bool, str]:
+    """Check if user is authenticated and return status info"""
+    if oauth_manager.is_authenticated():
+        user_email = oauth_manager.get_user_email()
+        return True, user_email or "authenticated"
+    return False, "not authenticated"
+def authenticate_user() -> str:
+    """
+    Start OAuth authentication flow for Gmail access.
+    Opens a browser window for user to authenticate with Google.
+    Returns:
+        str: JSON string containing authentication result
+    """
+    try:
+        logger.info("Starting OAuth authentication flow...")
+        # Check if OAuth is configured
+        if not oauth_manager.client_secrets_file.exists():
+            return json.dumps({
+                "error": "OAuth not configured",
+                "message": "Please run 'python setup_oauth.py' first to configure OAuth credentials.",
+                "success": False
+            }, indent=2)
+        # Start authentication
+        success = oauth_manager.authenticate_interactive()
+        if success:
+            user_email = oauth_manager.get_current_account()
+            result = {
+                "success": True,
+                "message": "Authentication successful! You can now use the email tools.",
+                "user_email": user_email,
+                "instructions": [
+                    "Authentication completed successfully",
+                    "You can now search emails, get email details, and analyze patterns",
+                    f"Currently authenticated as: {user_email}"
+                ]
+            }
+        else:
+            result = {
+                "success": False,
+                "error": "Authentication failed",
+                "message": "Please try again or check your internet connection.",
+                "instructions": [
+                    "Make sure you have internet connection",
+                    "Ensure you complete the authentication in the browser",
+                    "Try running 'python setup_oauth.py' if problems persist"
+                ]
+            }
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error in authenticate_user: %s", e)
+        error_result = {
+            "success": False,
+            "error": str(e),
+            "message": "Authentication failed due to an error."
+        }
+        return json.dumps(error_result, indent=2)
+def switch_account(target_email: str) -> str:
+    """
+    Switch to a different authenticated Gmail account.
+    Args:
+        target_email (str): Email address to switch to
+    Returns:
+        str: JSON string containing switch result
+    """
+    try:
+        logger.info("Switching to account: %s", target_email)
+        # Check if target account is authenticated
+        if not oauth_manager.is_authenticated(target_email):
+            return json.dumps({
+                "error": "Account not authenticated",
+                "message": f"Account '{target_email}' is not authenticated. Please authenticate first.",
+                "target_email": target_email,
+                "authenticated_accounts": list(oauth_manager.list_accounts().keys())
+            }, indent=2)
+        # Switch account
+        success = oauth_manager.switch_account(target_email)
+        if success:
+            result = {
+                "success": True,
+                "message": f"Successfully switched to account: {target_email}",
+                "current_account": oauth_manager.get_current_account(),
+                "previous_account": None  # Could track this if needed
+            }
+        else:
+            result = {
+                "success": False,
+                "error": "Failed to switch account",
+                "message": f"Could not switch to account: {target_email}",
+                "current_account": oauth_manager.get_current_account()
+            }
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error switching account: %s", e)
+        error_result = {
+            "success": False,
+            "error": str(e),
+            "message": f"Failed to switch to account: {target_email}"
+        }
+        return json.dumps(error_result, indent=2)
+def list_accounts() -> str:
+    """
+    List all authenticated Gmail accounts and their status.
+    Returns:
+        str: JSON string containing all accounts and their authentication status
+    """
+    try:
+        logger.info("Listing all accounts")
+        accounts = oauth_manager.list_accounts()
+        current_account = oauth_manager.get_current_account()
+        result = {
+            "accounts": accounts,
+            "current_account": current_account,
+            "total_accounts": len(accounts),
+            "authenticated_accounts": [email for email, is_auth in accounts.items() if is_auth],
+            "message": f"Found {len(accounts)} stored accounts, currently using: {current_account or 'None'}"
+        }
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error listing accounts: %s", e)
+        error_result = {
+            "error": str(e),
+            "message": "Failed to list accounts"
+        }
+        return json.dumps(error_result, indent=2)
+def remove_account(email_to_remove: str) -> str:
+    """
+    Remove an authenticated Gmail account and its stored credentials.
+    Args:
+        email_to_remove (str): Email address to remove
+    Returns:
+        str: JSON string containing removal result
+    """
+    try:
+        logger.info("Removing account: %s", email_to_remove)
+        # Check if account exists
+        accounts = oauth_manager.list_accounts()
+        if email_to_remove not in accounts:
+            return json.dumps({
+                "error": "Account not found",
+                "message": f"Account '{email_to_remove}' not found in stored accounts.",
+                "available_accounts": list(accounts.keys())
+            }, indent=2)
+        # Remove account
+        oauth_manager.remove_account(email_to_remove)
+        result = {
+            "success": True,
+            "message": f"Successfully removed account: {email_to_remove}",
+            "removed_account": email_to_remove,
+            "current_account": oauth_manager.get_current_account(),
+            "remaining_accounts": list(oauth_manager.list_accounts().keys())
+        }
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error removing account: %s", e)
+        error_result = {
+            "success": False,
+            "error": str(e),
+            "message": f"Failed to remove account: {email_to_remove}"
+        }
+        return json.dumps(error_result, indent=2)
+def search_emails(query: str) -> str:
+    """
+    Search for emails based on a natural language query using OAuth authentication.
+    Args:
+        query (str): Natural language query (e.g., "show me mails from swiggy last week")
+    Returns:
+        str: JSON string containing email search results and analysis
+    """
+    try:
+        logger.info("OAuth Email search tool called with query: %s", query)
+        # Check authentication
+        is_auth, auth_info = check_authentication()
+        if not is_auth:
+            return json.dumps({
+                "error": "Not authenticated",
+                "message": "Please authenticate first using the authenticate_user tool or run 'python setup_oauth.py'",
+                "auth_status": auth_info
+            }, indent=2)
+        # Extract sender keyword and date range from query
+        query_info = extract_query_info(query)
+        sender_keyword = query_info.get("sender_keyword", "")
+        start_date = query_info.get("start_date")
+        end_date = query_info.get("end_date")
+        logger.info(f"Searching for emails with keyword '{sender_keyword}' between {start_date} and {end_date}")
+        # Use Gmail API scraper with OAuth
+        full_emails = gmail_scraper.search_emails(sender_keyword, start_date, end_date)
+        if not full_emails:
+            result = {
+                "query_info": query_info,
+                "email_summary": [],
+                "analysis": {"summary": f"No emails found for '{sender_keyword}' in the specified date range.", "insights": []},
+                "email_count": 0,
+                "user_email": auth_info
+            }
+            return json.dumps(result, indent=2)
+        # Create summary version without full content
+        email_summary = []
+        for email in full_emails:
+            summary_email = {
+                "date": email.get("date"),
+                "time": email.get("time"),
+                "subject": email.get("subject"),
+                "from": email.get("from", "Unknown Sender"),
+                "message_id": email.get("message_id"),
+                "gmail_id": email.get("gmail_id")
+            }
+            email_summary.append(summary_email)
+        # Auto-analyze the emails for insights
+        analysis = analyze_emails(full_emails)
+        # Return summary info with analysis
+        result = {
+            "query_info": query_info,
+            "email_summary": email_summary,
+            "analysis": analysis,
+            "email_count": len(full_emails),
+            "user_email": auth_info
+        }
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error in search_emails: %s", e)
+        error_result = {
+            "error": str(e),
+            "query": query,
+            "message": "Failed to search emails. Please check your authentication and try again."
+        }
+        return json.dumps(error_result, indent=2)
+def get_email_details(message_id: str) -> str:
+    """
+    Get full details of a specific email by its message ID using OAuth authentication.
+    Args:
+        message_id (str): The message ID of the email to retrieve
+    Returns:
+        str: JSON string containing the full email details
+    """
+    try:
+        logger.info("Getting email details for message_id: %s", message_id)
+        # Check authentication
+        is_auth, auth_info = check_authentication()
+        if not is_auth:
+            return json.dumps({
+                "error": "Not authenticated",
+                "message": "Please authenticate first using the authenticate_user tool or run 'python setup_oauth.py'",
+                "auth_status": auth_info
+            }, indent=2)
+        # Get email using Gmail API
+        email = gmail_scraper.get_email_by_id(message_id)
+        if email:
+            email["user_email"] = auth_info
+            return json.dumps(email, indent=2)
+        else:
+            error_result = {
+                "error": f"No email found with message_id '{message_id}'",
+                "message": "Email may not exist or you may not have access to it.",
+                "user_email": auth_info
+            }
+            return json.dumps(error_result, indent=2)
+    except Exception as e:
+        logger.error("Error in get_email_details: %s", e)
+        error_result = {
+            "error": str(e),
+            "message_id": message_id,
+            "message": "Failed to retrieve email details."
+        }
+        return json.dumps(error_result, indent=2)
+def analyze_email_patterns(sender_keyword: str, days_back: str = "30") -> str:
+    """
+    Analyze email patterns from a specific sender over a given time period using OAuth authentication.
+    Args:
+        sender_keyword (str): The sender/company keyword to analyze (e.g., "amazon", "google")
+        days_back (str): Number of days to look back (default: "30")
+    Returns:
+        str: JSON string containing email pattern analysis
+    """
+    try:
+        logger.info("Analyzing email patterns for sender: %s, days_back: %s", sender_keyword, days_back)
+        # Check authentication
+        is_auth, auth_info = check_authentication()
+        if not is_auth:
+            return json.dumps({
+                "error": "Not authenticated",
+                "message": "Please authenticate first using the authenticate_user tool or run 'python setup_oauth.py'",
+                "auth_status": auth_info
+            }, indent=2)
+        # Calculate date range
+        days_int = int(days_back)
+        end_date = datetime.today()
+        start_date = end_date - timedelta(days=days_int)
+        start_date_str = start_date.strftime("%d-%b-%Y")
+        end_date_str = end_date.strftime("%d-%b-%Y")
+        # Search for emails using Gmail API
+        full_emails = gmail_scraper.search_emails(sender_keyword, start_date_str, end_date_str)
+        if not full_emails:
+            result = {
+                "sender_keyword": sender_keyword,
+                "date_range": f"{start_date_str} to {end_date_str}",
+                "analysis": {"summary": f"No emails found from '{sender_keyword}' in the last {days_back} days.", "insights": []},
+                "email_count": 0,
+                "user_email": auth_info
+            }
+            return json.dumps(result, indent=2)
+        # Analyze the emails
+        analysis = analyze_emails(full_emails)
+        result = {
+            "sender_keyword": sender_keyword,
+            "date_range": f"{start_date_str} to {end_date_str}",
+            "analysis": analysis,
+            "email_count": len(full_emails),
+            "user_email": auth_info
+        }
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error in analyze_email_patterns: %s", e)
+        error_result = {
+            "error": str(e),
+            "sender_keyword": sender_keyword,
+            "message": "Failed to analyze email patterns."
+        }
+        return json.dumps(error_result, indent=2)
+def get_authentication_status() -> str:
+    """
+    Get current authentication status and account information.
+    Returns:
+        str: JSON string containing authentication status
+    """
+    try:
+        current_account = oauth_manager.get_current_account()
+        is_auth = oauth_manager.is_authenticated() if current_account else False
+        all_accounts = oauth_manager.list_accounts()
+        result = {
+            "authenticated": is_auth,
+            "current_account": current_account,
+            "status": "authenticated" if is_auth else "not_authenticated",
+            "message": f"Current account: {current_account}" if is_auth else "No account selected or not authenticated",
+            "all_accounts": all_accounts,
+            "total_accounts": len(all_accounts),
+            "authenticated_accounts": [email for email, auth in all_accounts.items() if auth]
+        }
+        if not is_auth and not oauth_manager.client_secrets_file.exists():
+            result["setup_required"] = True
+            result["message"] = "OAuth not configured. Please run 'python setup_oauth.py' first."
+        elif not is_auth and current_account:
+            result["message"] = f"Account {current_account} needs re-authentication"
+        elif not current_account and all_accounts:
+            result["message"] = "Accounts available but none selected. Use switch_account to select one."
+        return json.dumps(result, indent=2)
+    except Exception as e:
+        logger.error("Error checking authentication status: %s", e)
+        return json.dumps({
+            "error": str(e),
+            "message": "Failed to check authentication status"
+        }, indent=2)
+# Create Gradio interfaces
+search_interface = gr.Interface(
+    fn=search_emails,
+    inputs=[
+        gr.Textbox(label="Query", placeholder="Show me emails from amazon last week")
+    ],
+    outputs=gr.Textbox(label="Search Results", lines=20),
+    title="Email Search (OAuth)",
+    description="Search your emails using natural language queries with OAuth authentication"
+)
+details_interface = gr.Interface(
+    fn=get_email_details,
+    inputs=[
+        gr.Textbox(label="Message ID", placeholder="Email message ID from search results")
+    ],
+    outputs=gr.Textbox(label="Email Details", lines=20),
+    title="Email Details (OAuth)",
+    description="Get full details of a specific email by message ID with OAuth authentication"
+)
+analysis_interface = gr.Interface(
+    fn=analyze_email_patterns,
+    inputs=[
+        gr.Textbox(label="Sender Keyword", placeholder="amazon, google, linkedin, etc."),
+        gr.Textbox(label="Days Back", value="30", placeholder="Number of days to analyze")
+    ],
+    outputs=gr.Textbox(label="Analysis Results", lines=20),
+    title="Email Pattern Analysis (OAuth)",
+    description="Analyze email patterns from a specific sender over time with OAuth authentication"
+)
+auth_interface = gr.Interface(
+    fn=authenticate_user,
+    inputs=[],
+    outputs=gr.Textbox(label="Authentication Result", lines=10),
+    title="Authenticate with Gmail",
+    description="Click Submit to start OAuth authentication flow with Gmail"
+)
+status_interface = gr.Interface(
+    fn=get_authentication_status,
+    inputs=[],
+    outputs=gr.Textbox(label="Authentication Status", lines=15),
+    title="Authentication Status",
+    description="Check current authentication status and view all accounts"
+)
+switch_interface = gr.Interface(
+    fn=switch_account,
+    inputs=[
+        gr.Textbox(label="Target Email", placeholder="[email protected]")
+    ],
+    outputs=gr.Textbox(label="Switch Result", lines=10),
+    title="Switch Account",
+    description="Switch to a different authenticated Gmail account"
+)
+accounts_interface = gr.Interface(
+    fn=list_accounts,
+    inputs=[],
+    outputs=gr.Textbox(label="Accounts List", lines=15),
+    title="List All Accounts",
+    description="View all authenticated Gmail accounts and their status"
+)
+remove_interface = gr.Interface(
+    fn=remove_account,
+    inputs=[
+        gr.Textbox(label="Email to Remove", placeholder="[email protected]")
+    ],
+    outputs=gr.Textbox(label="Removal Result", lines=10),
+    title="Remove Account",
+    description="Remove an authenticated Gmail account and its credentials"
+)
+# Combine interfaces into a tabbed interface
+demo = gr.TabbedInterface(
+    [auth_interface, status_interface, accounts_interface, switch_interface, remove_interface, search_interface, details_interface, analysis_interface],
+    ["🔐 Authenticate", "📊 Status", "👥 All Accounts", "🔄 Switch Account", "🗑️ Remove Account", "📧 Email Search", "📄 Email Details", "📈 Pattern Analysis"],
+    title="📧 Gmail Assistant MCP Server (Multi-Account OAuth)"
+)
+if __name__ == "__main__":
+    # Set environment variable to enable MCP server
+    import os
+    os.environ["GRADIO_MCP_SERVER"] = "True"
+    # Check authentication status on startup
+    current_account = oauth_manager.get_current_account()
+    all_accounts = oauth_manager.list_accounts()
+    if current_account and oauth_manager.is_authenticated():
+        print(f"✅ Currently authenticated as: {current_account}")
+        if len(all_accounts) > 1:
+            print(f"📱 {len(all_accounts)} total accounts available: {list(all_accounts.keys())}")
+    elif all_accounts:
+        print(f"📱 {len(all_accounts)} stored accounts found: {list(all_accounts.keys())}")
+        print("⚠️  No current account selected. Use the web interface or Claude to switch accounts.")
+    else:
+        print("❌ No authenticated accounts. Users will need to authenticate through the web interface.")
+        print("💡 Or run 'python setup_oauth.py' for initial setup.")
+    # Launch the server
+    demo.launch(share=False)
+    print("\n🚀 MCP Server is running!")
+    print("📍 MCP Endpoint: http://localhost:7860/gradio_api/mcp/sse")
+    print("📖 Copy this URL to your Claude Desktop MCP configuration")
+    print("\n🔗 Web Interface: http://localhost:7860")
+    print("📝 Use the web interface to authenticate and test the tools")

agentic_implementation/gmail_api_scraper.py ADDED Viewed

	@@ -0,0 +1,301 @@

+#!/usr/bin/env python3
+"""
+Gmail API-based Email Scraper with OAuth Authentication
+"""
+import base64
+import re
+from datetime import datetime, timedelta
+from typing import List, Dict, Optional
+from email.mime.text import MIMEText
+import googleapiclient.errors
+from oauth_manager import oauth_manager
+from logger import logger
+class GmailAPIScraper:
+    """Gmail API-based email scraper using OAuth authentication"""
+    def __init__(self):
+        """Initialize the Gmail API scraper"""
+        self.oauth_manager = oauth_manager
+    def _parse_date_string(self, date_str: str) -> datetime:
+        """Parse date string in DD-MMM-YYYY format to datetime object"""
+        try:
+            return datetime.strptime(date_str, "%d-%b-%Y")
+        except ValueError:
+            raise ValueError(f"Invalid date format: {date_str}. Expected DD-MMM-YYYY")
+    def _format_date_for_query(self, date_obj: datetime) -> str:
+        """Format datetime object for Gmail API query"""
+        return date_obj.strftime("%Y/%m/%d")
+    def _decode_message_part(self, part: Dict) -> str:
+        """Decode message part content"""
+        data = part.get('body', {}).get('data', '')
+        if data:
+            # Decode base64url
+            data += '=' * (4 - len(data) % 4)  # Add padding if needed
+            decoded_bytes = base64.urlsafe_b64decode(data)
+            try:
+                return decoded_bytes.decode('utf-8')
+            except UnicodeDecodeError:
+                return decoded_bytes.decode('utf-8', errors='ignore')
+        return ''
+    def _extract_email_content(self, message: Dict) -> str:
+        """Extract readable content from Gmail API message"""
+        content = ""
+        if 'payload' not in message:
+            return content
+        payload = message['payload']
+        # Handle multipart messages
+        if 'parts' in payload:
+            for part in payload['parts']:
+                mime_type = part.get('mimeType', '')
+                if mime_type == 'text/plain':
+                    content += self._decode_message_part(part)
+                elif mime_type == 'text/html':
+                    html_content = self._decode_message_part(part)
+                    # Simple HTML tag removal
+                    clean_text = re.sub(r'<[^>]+>', '', html_content)
+                    content += clean_text
+                elif mime_type.startswith('multipart/'):
+                    # Handle nested multipart
+                    if 'parts' in part:
+                        for nested_part in part['parts']:
+                            nested_mime = nested_part.get('mimeType', '')
+                            if nested_mime == 'text/plain':
+                                content += self._decode_message_part(nested_part)
+        else:
+            # Handle single part messages
+            mime_type = payload.get('mimeType', '')
+            if mime_type in ['text/plain', 'text/html']:
+                raw_content = self._decode_message_part(payload)
+                if mime_type == 'text/html':
+                    # Simple HTML tag removal
+                    content = re.sub(r'<[^>]+>', '', raw_content)
+                else:
+                    content = raw_content
+        return content.strip()
+    def _get_header_value(self, headers: List[Dict], name: str) -> str:
+        """Get header value by name"""
+        for header in headers:
+            if header.get('name', '').lower() == name.lower():
+                return header.get('value', '')
+        return ''
+    def _parse_email_message(self, message: Dict) -> Dict:
+        """Parse Gmail API message into structured format"""
+        headers = message.get('payload', {}).get('headers', [])
+        # Extract headers
+        subject = self._get_header_value(headers, 'Subject') or 'No Subject'
+        from_header = self._get_header_value(headers, 'From') or 'Unknown Sender'
+        date_header = self._get_header_value(headers, 'Date')
+        message_id = self._get_header_value(headers, 'Message-ID') or message.get('id', '')
+        # Parse date
+        email_date = datetime.now().strftime("%d-%b-%Y")
+        email_time = "00:00:00"
+        if date_header:
+            try:
+                # Parse RFC 2822 date format
+                from email.utils import parsedate_to_datetime
+                dt_obj = parsedate_to_datetime(date_header)
+                # Convert to IST (Indian Standard Time)
+                from zoneinfo import ZoneInfo
+                ist_dt = dt_obj.astimezone(ZoneInfo("Asia/Kolkata"))
+                email_date = ist_dt.strftime("%d-%b-%Y")
+                email_time = ist_dt.strftime("%H:%M:%S")
+            except Exception as e:
+                logger.warning(f"Failed to parse date {date_header}: {e}")
+        # Extract content
+        content = self._extract_email_content(message)
+        return {
+            "date": email_date,
+            "time": email_time,
+            "subject": subject,
+            "from": from_header,
+            "content": content[:2000],  # Limit content length
+            "message_id": message_id,
+            "gmail_id": message.get('id', '')
+        }
+    def search_emails(self, keyword: str, start_date: str, end_date: str) -> List[Dict]:
+        """Search emails containing keyword within date range using Gmail API
+        Args:
+            keyword: Keyword to search for in emails
+            start_date: Start date in DD-MMM-YYYY format
+            end_date: End date in DD-MMM-YYYY format
+        Returns:
+            List of email dictionaries
+        """
+        logger.info(f"Searching emails containing '{keyword}' between {start_date} and {end_date}")
+        # Get Gmail service
+        service = self.oauth_manager.get_gmail_service()
+        if not service:
+            raise Exception("Not authenticated. Please authenticate first using the setup tool.")
+        try:
+            # Parse dates
+            start_dt = self._parse_date_string(start_date)
+            end_dt = self._parse_date_string(end_date)
+            # Format dates for Gmail API query
+            after_date = self._format_date_for_query(start_dt)
+            before_date = self._format_date_for_query(end_dt + timedelta(days=1))  # Add 1 day for inclusive end
+            # Build search query
+            # Gmail API search syntax: https://developers.google.com/gmail/api/guides/filtering
+            query_parts = [
+                f'after:{after_date}',
+                f'before:{before_date}',
+                f'({keyword})'  # Search in all fields
+            ]
+            query = ' '.join(query_parts)
+            logger.info(f"Gmail API query: {query}")
+            # Search for messages
+            results = service.users().messages().list(
+                userId='me',
+                q=query,
+                maxResults=500  # Limit to 500 results
+            ).execute()
+            messages = results.get('messages', [])
+            logger.info(f"Found {len(messages)} messages")
+            if not messages:
+                return []
+            # Fetch full message details
+            scraped_emails = []
+            for i, msg_ref in enumerate(messages):
+                try:
+                    logger.info(f"Processing email {i+1}/{len(messages)}")
+                    # Get full message
+                    message = service.users().messages().get(
+                        userId='me',
+                        id=msg_ref['id'],
+                        format='full'
+                    ).execute()
+                    # Parse message
+                    parsed_email = self._parse_email_message(message)
+                    # Verify date range (double-check since Gmail search might be inclusive)
+                    email_dt = self._parse_date_string(parsed_email['date'])
+                    if start_dt <= email_dt <= end_dt:
+                        # Verify keyword presence (case-insensitive)
+                        keyword_lower = keyword.lower()
+                        if any(keyword_lower in text.lower() for text in [
+                            parsed_email['subject'],
+                            parsed_email['from'],
+                            parsed_email['content']
+                        ]):
+                            scraped_emails.append(parsed_email)
+                except googleapiclient.errors.HttpError as e:
+                    logger.error(f"Error fetching message {msg_ref['id']}: {e}")
+                    continue
+                except Exception as e:
+                    logger.error(f"Error processing message {msg_ref['id']}: {e}")
+                    continue
+            # Sort by date (newest first)
+            scraped_emails.sort(
+                key=lambda x: datetime.strptime(f"{x['date']} {x['time']}", "%d-%b-%Y %H:%M:%S"),
+                reverse=True
+            )
+            logger.info(f"Successfully processed {len(scraped_emails)} emails containing '{keyword}'")
+            return scraped_emails
+        except googleapiclient.errors.HttpError as e:
+            logger.error(f"Gmail API error: {e}")
+            raise Exception(f"Gmail API error: {e}")
+        except Exception as e:
+            logger.error(f"Email search failed: {e}")
+            raise
+    def get_email_by_id(self, message_id: str) -> Optional[Dict]:
+        """Get email details by message ID or Gmail ID
+        Args:
+            message_id: Either the Message-ID header or Gmail message ID
+        Returns:
+            Email dictionary or None if not found
+        """
+        service = self.oauth_manager.get_gmail_service()
+        if not service:
+            raise Exception("Not authenticated. Please authenticate first using the setup tool.")
+        try:
+            # Try to get message directly by Gmail ID first
+            try:
+                message = service.users().messages().get(
+                    userId='me',
+                    id=message_id,
+                    format='full'
+                ).execute()
+                return self._parse_email_message(message)
+            except googleapiclient.errors.HttpError:
+                # If direct ID lookup fails, search by Message-ID header
+                pass
+            # Search by Message-ID header
+            query = f'rfc822msgid:{message_id}'
+            results = service.users().messages().list(
+                userId='me',
+                q=query,
+                maxResults=1
+            ).execute()
+            messages = results.get('messages', [])
+            if not messages:
+                return None
+            # Get the message
+            message = service.users().messages().get(
+                userId='me',
+                id=messages[0]['id'],
+                format='full'
+            ).execute()
+            return self._parse_email_message(message)
+        except Exception as e:
+            logger.error(f"Failed to get email {message_id}: {e}")
+            return None
+    def is_authenticated(self) -> bool:
+        """Check if user is authenticated"""
+        return self.oauth_manager.is_authenticated()
+    def get_user_email(self) -> Optional[str]:
+        """Get authenticated user's email address"""
+        return self.oauth_manager.get_user_email()
+    def authenticate(self) -> bool:
+        """Trigger interactive authentication"""
+        return self.oauth_manager.authenticate_interactive()
+# Global scraper instance
+gmail_scraper = GmailAPIScraper()

agentic_implementation/oauth_manager.py ADDED Viewed

	@@ -0,0 +1,487 @@

+import os
+import json
+import pickle
+import base64
+from pathlib import Path
+from typing import Optional, Dict, Any
+from cryptography.fernet import Fernet
+import google.auth.transport.requests
+import google_auth_oauthlib.flow
+import googleapiclient.discovery
+from google.oauth2.credentials import Credentials
+from google.auth.transport.requests import Request
+import webbrowser
+import threading
+import time
+from http.server import HTTPServer, BaseHTTPRequestHandler
+import urllib.parse as urlparse
+from logger import logger
+class OAuthCallbackHandler(BaseHTTPRequestHandler):
+    """HTTP request handler for OAuth callback"""
+    def do_GET(self):
+        """Handle GET request (OAuth callback)"""
+        # Parse the callback URL to extract authorization code
+        parsed_path = urlparse.urlparse(self.path)
+        query_params = urlparse.parse_qs(parsed_path.query)
+        if 'code' in query_params:
+            # Store the authorization code
+            self.server.auth_code = query_params['code'][0]
+            # Send success response
+            self.send_response(200)
+            self.send_header('Content-type', 'text/html')
+            self.end_headers()
+            success_html = """
+            <html>
+            <head><title>Authentication Successful</title></head>
+            <body style="font-family: Arial, sans-serif; text-align: center; padding: 50px;">
+                <h1 style="color: #4CAF50;">✅ Authentication Successful!</h1>
+                <p>You have successfully authenticated with Gmail.</p>
+                <p>You can now close this window and return to Claude Desktop.</p>
+                <script>
+                    setTimeout(function() {
+                        window.close();
+                    }, 3000);
+                </script>
+            </body>
+            </html>
+            """
+            self.wfile.write(success_html.encode())
+        else:
+            # Send error response
+            self.send_response(400)
+            self.send_header('Content-type', 'text/html')
+            self.end_headers()
+            error_html = """
+            <html>
+            <head><title>Authentication Error</title></head>
+            <body style="font-family: Arial, sans-serif; text-align: center; padding: 50px;">
+                <h1 style="color: #f44336;">❌ Authentication Failed</h1>
+                <p>There was an error during authentication.</p>
+                <p>Please try again.</p>
+            </body>
+            </html>
+            """
+            self.wfile.write(error_html.encode())
+    def log_message(self, format, *args):
+        """Suppress server log messages"""
+        pass
+class GmailOAuthManager:
+    """Manages Gmail OAuth 2.0 authentication and token storage for multiple accounts"""
+    # Gmail API scopes
+    SCOPES = [
+        'https://www.googleapis.com/auth/gmail.readonly',
+        'https://www.googleapis.com/auth/gmail.modify'
+    ]
+    def __init__(self, credentials_dir: str = None):
+        """Initialize OAuth manager
+        Args:
+            credentials_dir: Directory to store credentials (defaults to ~/.mailquery_oauth)
+        """
+        if credentials_dir is None:
+            credentials_dir = os.path.expanduser("~/.mailquery_oauth")
+        self.credentials_dir = Path(credentials_dir)
+        self.credentials_dir.mkdir(exist_ok=True)
+        # File paths
+        self.client_secrets_file = self.credentials_dir / "client_secret.json"
+        self.accounts_file = self.credentials_dir / "accounts.json"
+        self.encryption_key_file = self.credentials_dir / "key.key"
+        self.current_account_file = self.credentials_dir / "current_account.txt"
+        # Initialize encryption
+        self._init_encryption()
+        # OAuth flow settings
+        self.redirect_uri = "http://localhost:8080/oauth2callback"
+        # Current account
+        self.current_account_email = self._load_current_account()
+    def _init_encryption(self):
+        """Initialize encryption for secure credential storage"""
+        if self.encryption_key_file.exists():
+            with open(self.encryption_key_file, 'rb') as key_file:
+                self.encryption_key = key_file.read()
+        else:
+            self.encryption_key = Fernet.generate_key()
+            with open(self.encryption_key_file, 'wb') as key_file:
+                key_file.write(self.encryption_key)
+            # Make key file readable only by owner
+            os.chmod(self.encryption_key_file, 0o600)
+        self.cipher_suite = Fernet(self.encryption_key)
+    def _load_current_account(self) -> Optional[str]:
+        """Load the currently selected account"""
+        if self.current_account_file.exists():
+            try:
+                with open(self.current_account_file, 'r') as f:
+                    return f.read().strip()
+            except Exception as e:
+                logger.error(f"Failed to load current account: {e}")
+        return None
+    def _save_current_account(self, email: str):
+        """Save the currently selected account"""
+        try:
+            with open(self.current_account_file, 'w') as f:
+                f.write(email)
+            self.current_account_email = email
+            logger.info(f"Set current account to: {email}")
+        except Exception as e:
+            logger.error(f"Failed to save current account: {e}")
+    def setup_client_secrets(self, client_id: str, client_secret: str):
+        """Setup OAuth client secrets
+        Args:
+            client_id: Google OAuth 2.0 client ID
+            client_secret: Google OAuth 2.0 client secret
+        """
+        client_config = {
+            "web": {
+                "client_id": client_id,
+                "client_secret": client_secret,
+                "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+                "token_uri": "https://oauth2.googleapis.com/token",
+                "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+                "redirect_uris": [self.redirect_uri]
+            }
+        }
+        with open(self.client_secrets_file, 'w') as f:
+            json.dump(client_config, f, indent=2)
+        logger.info("Client secrets saved successfully")
+    def _encrypt_data(self, data: Any) -> bytes:
+        """Encrypt data using Fernet encryption"""
+        serialized_data = pickle.dumps(data)
+        return self.cipher_suite.encrypt(serialized_data)
+    def _decrypt_data(self, encrypted_data: bytes) -> Any:
+        """Decrypt data using Fernet encryption"""
+        decrypted_data = self.cipher_suite.decrypt(encrypted_data)
+        return pickle.loads(decrypted_data)
+    def get_authorization_url(self) -> str:
+        """Get the authorization URL for OAuth flow
+        Returns:
+            Authorization URL that user should visit
+        """
+        if not self.client_secrets_file.exists():
+            raise ValueError("Client secrets not found. Please run setup first.")
+        flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
+            str(self.client_secrets_file),
+            scopes=self.SCOPES
+        )
+        flow.redirect_uri = self.redirect_uri
+        auth_url, _ = flow.authorization_url(
+            access_type='offline',
+            include_granted_scopes='true',
+            prompt='consent'  # Force consent to get refresh token
+        )
+        return auth_url
+    def authenticate_interactive(self) -> bool:
+        """Interactive authentication flow that opens browser
+        Returns:
+            True if authentication successful, False otherwise
+        """
+        try:
+            # Start local HTTP server for OAuth callback
+            server = HTTPServer(('localhost', 8080), OAuthCallbackHandler)
+            server.auth_code = None
+            # Get authorization URL
+            auth_url = self.get_authorization_url()
+            logger.info("Opening browser for authentication...")
+            logger.info(f"If browser doesn't open, visit: {auth_url}")
+            # Open browser
+            webbrowser.open(auth_url)
+            # Start server in background thread
+            server_thread = threading.Thread(target=server.handle_request)
+            server_thread.daemon = True
+            server_thread.start()
+            # Wait for callback (max 5 minutes)
+            timeout = 300  # 5 minutes
+            start_time = time.time()
+            while server.auth_code is None and (time.time() - start_time) < timeout:
+                time.sleep(1)
+            if server.auth_code is None:
+                logger.error("Authentication timed out")
+                return False
+            # Exchange authorization code for credentials
+            flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
+                str(self.client_secrets_file),
+                scopes=self.SCOPES
+            )
+            flow.redirect_uri = self.redirect_uri
+            flow.fetch_token(code=server.auth_code)
+            credentials = flow.credentials
+            # Get user email from credentials
+            user_email = self._get_email_from_credentials(credentials)
+            if not user_email:
+                logger.error("Failed to get user email from credentials")
+                return False
+            # Save encrypted credentials for this account
+            self._save_credentials(user_email, credentials)
+            # Set as current account
+            self._save_current_account(user_email)
+            logger.info("Authentication successful!")
+            return True
+        except Exception as e:
+            logger.error(f"Authentication failed: {e}")
+            return False
+    def _get_email_from_credentials(self, credentials: Credentials) -> Optional[str]:
+        """Get email address from credentials"""
+        try:
+            service = googleapiclient.discovery.build(
+                'gmail', 'v1', credentials=credentials
+            )
+            profile = service.users().getProfile(userId='me').execute()
+            return profile.get('emailAddress')
+        except Exception as e:
+            logger.error(f"Failed to get email from credentials: {e}")
+            return None
+    def _save_credentials(self, email: str, credentials: Credentials):
+        """Save encrypted credentials for a specific account"""
+        try:
+            # Load existing accounts
+            accounts = self._load_accounts()
+            # Encrypt and store credentials
+            encrypted_credentials = self._encrypt_data(credentials)
+            accounts[email] = base64.b64encode(encrypted_credentials).decode('utf-8')
+            # Save accounts file
+            with open(self.accounts_file, 'w') as f:
+                json.dump(accounts, f, indent=2)
+            # Make accounts file readable only by owner
+            os.chmod(self.accounts_file, 0o600)
+            logger.info(f"Credentials saved for account: {email}")
+        except Exception as e:
+            logger.error(f"Failed to save credentials for {email}: {e}")
+            raise
+    def _load_accounts(self) -> Dict[str, str]:
+        """Load accounts data"""
+        if not self.accounts_file.exists():
+            return {}
+        try:
+            with open(self.accounts_file, 'r') as f:
+                return json.load(f)
+        except Exception as e:
+            logger.error(f"Failed to load accounts: {e}")
+            return {}
+    def _load_credentials(self, email: str) -> Optional[Credentials]:
+        """Load and decrypt credentials for a specific account"""
+        accounts = self._load_accounts()
+        if email not in accounts:
+            return None
+        try:
+            encrypted_credentials = base64.b64decode(accounts[email])
+            credentials = self._decrypt_data(encrypted_credentials)
+            return credentials
+        except Exception as e:
+            logger.error(f"Failed to load credentials for {email}: {e}")
+            return None
+    def get_valid_credentials(self, email: str = None) -> Optional[Credentials]:
+        """Get valid credentials for an account, refreshing if necessary
+        Args:
+            email: Email address of account (uses current account if None)
+        Returns:
+            Valid Credentials object or None if authentication required
+        """
+        if email is None:
+            email = self.current_account_email
+        if not email:
+            logger.warning("No current account set")
+            return None
+        credentials = self._load_credentials(email)
+        if not credentials:
+            logger.warning(f"No stored credentials found for {email}")
+            return None
+        # Refresh if expired
+        if credentials.expired and credentials.refresh_token:
+            try:
+                logger.info(f"Refreshing expired credentials for {email}...")
+                credentials.refresh(Request())
+                self._save_credentials(email, credentials)
+                logger.info("Credentials refreshed successfully")
+            except Exception as e:
+                logger.error(f"Failed to refresh credentials for {email}: {e}")
+                return None
+        if not credentials.valid:
+            logger.warning(f"Credentials are not valid for {email}")
+            return None
+        return credentials
+    def is_authenticated(self, email: str = None) -> bool:
+        """Check if user is authenticated
+        Args:
+            email: Email address to check (uses current account if None)
+        Returns:
+            True if valid credentials exist, False otherwise
+        """
+        return self.get_valid_credentials(email) is not None
+    def switch_account(self, email: str) -> bool:
+        """Switch to a different authenticated account
+        Args:
+            email: Email address to switch to
+        Returns:
+            True if switch successful, False if account not found or not authenticated
+        """
+        if self.is_authenticated(email):
+            self._save_current_account(email)
+            logger.info(f"Switched to account: {email}")
+            return True
+        else:
+            logger.error(f"Account {email} is not authenticated")
+            return False
+    def list_accounts(self) -> Dict[str, bool]:
+        """List all stored accounts and their authentication status
+        Returns:
+            Dictionary mapping email addresses to authentication status
+        """
+        accounts = self._load_accounts()
+        result = {}
+        for email in accounts.keys():
+            result[email] = self.is_authenticated(email)
+        return result
+    def remove_account(self, email: str):
+        """Remove an account and its credentials
+        Args:
+            email: Email address to remove
+        """
+        accounts = self._load_accounts()
+        if email in accounts:
+            del accounts[email]
+            # Save updated accounts
+            with open(self.accounts_file, 'w') as f:
+                json.dump(accounts, f, indent=2)
+            # If this was the current account, clear it
+            if self.current_account_email == email:
+                if self.current_account_file.exists():
+                    self.current_account_file.unlink()
+                self.current_account_email = None
+            logger.info(f"Removed account: {email}")
+        else:
+            logger.warning(f"Account {email} not found")
+    def clear_credentials(self):
+        """Clear all stored credentials"""
+        if self.accounts_file.exists():
+            self.accounts_file.unlink()
+        if self.current_account_file.exists():
+            self.current_account_file.unlink()
+        self.current_account_email = None
+        logger.info("All credentials cleared")
+    def get_gmail_service(self, email: str = None):
+        """Get authenticated Gmail service object
+        Args:
+            email: Email address (uses current account if None)
+        Returns:
+            Gmail service object or None if not authenticated
+        """
+        credentials = self.get_valid_credentials(email)
+        if not credentials:
+            return None
+        try:
+            service = googleapiclient.discovery.build(
+                'gmail', 'v1', credentials=credentials
+            )
+            return service
+        except Exception as e:
+            logger.error(f"Failed to build Gmail service: {e}")
+            return None
+    def get_user_email(self, email: str = None) -> Optional[str]:
+        """Get the authenticated user's email address
+        Args:
+            email: Email address (uses current account if None)
+        Returns:
+            User's email address or None if not authenticated
+        """
+        if email is None:
+            return self.current_account_email
+        return email if self.is_authenticated(email) else None
+    def get_current_account(self) -> Optional[str]:
+        """Get the currently selected account
+        Returns:
+            Current account email or None if no account selected
+        """
+        return self.current_account_email
+# Global OAuth manager instance
+oauth_manager = GmailOAuthManager()

agentic_implementation/requirements_oauth.txt ADDED Viewed

	@@ -0,0 +1,21 @@

+# Core dependencies from original requirements
+gradio>=4.0.0
+python-dotenv
+beautifulsoup4
+requests
+# OAuth and Google API dependencies
+google-auth>=2.15.0
+google-auth-oauthlib>=1.0.0
+google-auth-httplib2>=0.2.0
+google-api-python-client>=2.70.0
+# Encryption for secure credential storage
+cryptography>=3.4.8
+# Existing dependencies (if not already included)
+openai
+pandas
+numpy
+matplotlib
+seaborn

agentic_implementation/setup_oauth.py ADDED Viewed

	@@ -0,0 +1,274 @@

+#!/usr/bin/env python3
+"""
+OAuth Setup Utility for Gmail MCP Server
+This script helps users set up OAuth authentication for the Gmail MCP server.
+"""
+import sys
+import os
+import json
+from pathlib import Path
+from oauth_manager import oauth_manager
+from logger import logger
+def print_banner():
+    """Print setup banner"""
+    print("=" * 60)
+    print("📧 Gmail MCP Server - OAuth Setup")
+    print("=" * 60)
+    print()
+def print_step(step_num: int, title: str):
+    """Print step header"""
+    print(f"\n🔹 Step {step_num}: {title}")
+    print("-" * 50)
+def check_dependencies():
+    """Check if required dependencies are installed"""
+    try:
+        import google.auth
+        import google_auth_oauthlib
+        import googleapiclient
+        import cryptography
+        print("✅ All required dependencies are installed")
+        return True
+    except ImportError as e:
+        print(f"❌ Missing dependency: {e}")
+        print("\nPlease install the required dependencies:")
+        print("pip install google-auth google-auth-oauthlib google-api-python-client cryptography")
+        return False
+def setup_google_cloud_project():
+    """Guide user through Google Cloud project setup"""
+    print_step(1, "Google Cloud Project Setup")
+    print("You need to create a Google Cloud project and enable the Gmail API.")
+    print("\n📋 Follow these steps:")
+    print("1. Go to: https://console.cloud.google.com/")
+    print("2. Create a new project or select an existing one")
+    print("3. Enable the Gmail API:")
+    print("   - Go to 'APIs & Services' > 'Library'")
+    print("   - Search for 'Gmail API'")
+    print("   - Click 'Enable'")
+    input("\n✅ Press Enter when you've completed these steps...")
+def setup_oauth_consent():
+    """Guide user through OAuth consent screen setup"""
+    print_step(2, "OAuth Consent Screen Setup")
+    print("Now you need to configure the OAuth consent screen.")
+    print("\n📋 Follow these steps:")
+    print("1. Go to: https://console.cloud.google.com/apis/credentials/consent")
+    print("2. Choose 'External' user type (unless using Google Workspace)")
+    print("3. Fill in the app information:")
+    print("   - App name: 'Gmail MCP Server' (or your preferred name)")
+    print("   - User support email: Your email address")
+    print("   - Developer contact: Your email address")
+    print("4. Add these scopes:")
+    print("   - https://www.googleapis.com/auth/gmail.readonly")
+    print("   - https://www.googleapis.com/auth/gmail.modify")
+    print("5. Add your email as a test user")
+    print("6. Complete the setup")
+    input("\n✅ Press Enter when you've completed these steps...")
+def setup_oauth_credentials():
+    """Guide user through OAuth credentials setup"""
+    print_step(3, "OAuth Client Credentials Setup")
+    print("Now you need to create OAuth 2.0 client credentials.")
+    print("\n📋 Follow these steps:")
+    print("1. Go to: https://console.cloud.google.com/apis/credentials")
+    print("2. Click 'Create Credentials' > 'OAuth client ID'")
+    print("3. Choose 'Web application' as the application type")
+    print("4. Set the name to 'Gmail MCP Server'")
+    print("5. Add this redirect URI:")
+    print("   http://localhost:8080/oauth2callback")
+    print("6. Click 'Create'")
+    print("7. Copy the Client ID and Client Secret")
+    print("\n🔑 Enter your OAuth credentials:")
+    while True:
+        client_id = input("Client ID: ").strip()
+        if client_id:
+            break
+        print("❌ Client ID cannot be empty")
+    while True:
+        client_secret = input("Client Secret: ").strip()
+        if client_secret:
+            break
+        print("❌ Client Secret cannot be empty")
+    try:
+        oauth_manager.setup_client_secrets(client_id, client_secret)
+        print("✅ OAuth credentials saved successfully")
+        return True
+    except Exception as e:
+        print(f"❌ Failed to save credentials: {e}")
+        return False
+def test_authentication():
+    """Test the OAuth authentication flow"""
+    print_step(4, "Authentication Test")
+    print("Now let's test the authentication flow.")
+    print("This will open your web browser for authentication.")
+    confirm = input("\n🌐 Ready to open browser for authentication? (y/n): ").strip().lower()
+    if confirm != 'y':
+        print("Authentication test skipped.")
+        return False
+    try:
+        print("\n🔄 Starting authentication flow...")
+        success = oauth_manager.authenticate_interactive()
+        if success:
+            print("✅ Authentication successful!")
+            # Test getting user info
+            user_email = oauth_manager.get_user_email()
+            if user_email:
+                print(f"✅ Authenticated as: {user_email}")
+            return True
+        else:
+            print("❌ Authentication failed")
+            return False
+    except Exception as e:
+        print(f"❌ Authentication error: {e}")
+        return False
+def show_completion_info():
+    """Show completion information and next steps"""
+    print("\n" + "=" * 60)
+    print("🎉 Setup Complete!")
+    print("=" * 60)
+    print("\n✅ Your Gmail MCP server is now configured with OAuth authentication!")
+    print("\n📝 Next steps:")
+    print("1. Start the MCP server:")
+    print("   python email_mcp_server_oauth.py")
+    print("\n2. Configure Claude Desktop:")
+    print('   Add this to your MCP configuration:')
+    print('   {')
+    print('     "mcpServers": {')
+    print('       "gmail-oauth": {')
+    print('         "command": "npx",')
+    print('         "args": ["mcp-remote", "http://localhost:7860/gradio_api/mcp/sse"]')
+    print('       }')
+    print('     }')
+    print('   }')
+    print("\n🔐 Security notes:")
+    print("- Your credentials are encrypted and stored locally")
+    print("- Tokens are automatically refreshed when needed")
+    print("- You can revoke access anytime from Google Account settings")
+    credentials_dir = oauth_manager.credentials_dir
+    print(f"\n📁 Credentials stored in: {credentials_dir}")
+def show_help():
+    """Show help information"""
+    print("Gmail MCP Server OAuth Setup")
+    print("\nUsage:")
+    print("  python setup_oauth.py            # Full interactive setup")
+    print("  python setup_oauth.py --help     # Show this help")
+    print("  python setup_oauth.py --auth     # Re-authenticate only")
+    print("  python setup_oauth.py --status   # Check authentication status")
+    print("  python setup_oauth.py --clear    # Clear stored credentials")
+def check_status():
+    """Check authentication status"""
+    print("🔍 Checking authentication status...")
+    if oauth_manager.is_authenticated():
+        user_email = oauth_manager.get_user_email()
+        print(f"✅ Authenticated as: {user_email}")
+        return True
+    else:
+        print("❌ Not authenticated")
+        return False
+def clear_credentials():
+    """Clear stored credentials"""
+    confirm = input("⚠️  This will clear all stored credentials. Continue? (y/n): ").strip().lower()
+    if confirm == 'y':
+        oauth_manager.clear_credentials()
+        print("✅ Credentials cleared")
+    else:
+        print("Operation cancelled")
+def main():
+    """Main setup function"""
+    if len(sys.argv) > 1:
+        arg = sys.argv[1].lower()
+        if arg in ['--help', '-h', 'help']:
+            show_help()
+            return
+        elif arg == '--status':
+            check_status()
+            return
+        elif arg == '--auth':
+            print("🔄 Starting re-authentication...")
+            if test_authentication():
+                print("✅ Re-authentication successful")
+            else:
+                print("❌ Re-authentication failed")
+            return
+        elif arg == '--clear':
+            clear_credentials()
+            return
+        else:
+            print(f"Unknown argument: {arg}")
+            show_help()
+            return
+    # Full interactive setup
+    print_banner()
+    # Check if already authenticated
+    if oauth_manager.is_authenticated():
+        user_email = oauth_manager.get_user_email()
+        print(f"✅ Already authenticated as: {user_email}")
+        choice = input("\n🔄 Do you want to re-authenticate? (y/n): ").strip().lower()
+        if choice == 'y':
+            if test_authentication():
+                show_completion_info()
+        else:
+            print("Setup complete - you're already authenticated!")
+        return
+    # Check dependencies
+    if not check_dependencies():
+        return
+    # Full setup flow
+    try:
+        setup_google_cloud_project()
+        setup_oauth_consent()
+        if not setup_oauth_credentials():
+            print("❌ Setup failed at credentials step")
+            return
+        if test_authentication():
+            show_completion_info()
+        else:
+            print("❌ Setup completed but authentication test failed")
+            print("You can try authentication later with: python setup_oauth.py --auth")
+    except KeyboardInterrupt:
+        print("\n\n⚠️ Setup interrupted by user")
+    except Exception as e:
+        print(f"\n❌ Setup failed: {e}")
+if __name__ == "__main__":
+    main()