Security
MailSenpai MCP is designed for OAuth-based, customer-scoped and least-privilege access.
Authentication
OAuth 2.0, well-known metadata, expiring tokens and access revocation.
Server-to-server
HMAC-signed calls between the MCP server and the MailSenpai extension.
Governance
Scopes, limits, confirmations, audit logs, consent and rate limits enforced server-side.
Secrets
API keys, OAuth secrets, passwords and internal tokens are not returned by MCP tools.
Security reports
Contact: supporto@mailsenpai.com.