The important model:
Gmail MCP server owns Google login and token files. MCP Boundary owns the MCP execution boundary.
Setup Shape
- Install the Gmail MCP server.
- Configure its Google OAuth client exactly as its README requires.
- Run the server's own auth flow.
- Confirm the server works directly.
- Add it to MCP Boundary with
auth_mode=downstream_managed. - Start with one read/list/metadata tool.
- Open draft/send/trash tools only when you intentionally test them.
Example:
powershell
.\mcpboundary.exe add-server gmail `
--mode guarded `
--auth-mode downstream_managed `
--policy-config C:\mcpboundary\policies\gmail.policy.json `
-- npx tsx C:\path\to\advanced-gmail-mcp\src\server.ts
First Policy
Start narrow:
json
{
"version": "mcp-adapter-host-policy/v1",
"servers": [
{
"server_id": "gmail",
"tools": [
{
"downstream_tool_name": "get_labels",
"exposure": "visible",
"handling_mode": "generic_guarded",
"policy_input_mode": "allow",
"result_limits": {
"max_result_bytes": 16384
}
},
{
"downstream_tool_name": "send_email",
"exposure": "hidden",
"handling_mode": "generic_guarded",
"policy_input_mode": "block"
}
]
}
]
}
Copy exact tool names from your Gmail MCP server. Another server may use different names.
What To Test First
First:
list labels search messages read metadata
Later:
create one controlled draft send one controlled test email apply one controlled label/trash action
Do not start by making every Gmail tool requestable.
Common Gmail Auth Issue
If Google shows redirect_uri_mismatch, add the exact URI shown by Google to your OAuth client. Match host, port, and path exactly.
Full guide:
docs/publish/real-gmail.md