The MCP server for email your agent owns.
$ npx -y @wraps.dev/mcp
Six tools over the AWS SES stack in your account — send history, delivery events, domain status, suppressions, and guarded sending. Runs locally over stdio; your credentials never leave your machine.
- read
list_recent_sends
Recent sends from your email history
- read
get_email_event_log
Full delivery timeline for a message
- read
verify_domain_status
DKIM + verification status of a domain
- read
list_suppressions
Bounce and complaint suppression list
- write
send_email
Send via your SES account, guarded
- read
check_send_status
Poll a send awaiting operator approval
Your agent can answer email questions itself.
Deliverability debugging, domain checks, suppression lookups — the questions you'd open the AWS console for become one tool call in Claude Code, Claude Desktop, Cursor, or any MCP client.
list_recent_sends
readList recent sends from your email history table — who, what, when, and current status.
“What did we send to acme.com this week?”
get_email_event_log
readThe full delivery event log for one message: Send, Delivery, Bounce, Complaint, Open, Click.
“Why did the reset email to dana@ bounce?”
verify_domain_status
readVerification and DKIM status of a sending domain, straight from SES.
“Is mail.myapp.com verified yet?”
list_suppressions
readAddresses on your SES suppression list, filterable by BOUNCE or COMPLAINT.
“Who complained in the last import?”
send_email
writeSend a transactional email through your SES account. Off by default; guarded by allowlists and caps when on.
“Email the weekly report to the team.”
check_send_status
readPoll the outcome of a send that's waiting on operator approval (enforced mode).
“Did anyone approve that send yet?”
One config block. No API key.
The server resolves AWS credentials from your environment — the same chain the AWS CLI uses. If wraps email status works in your terminal, the MCP server works too.
Claude Code — project root
{ "mcpServers": { "wraps": { "command": "npx", "args": ["-y", "@wraps.dev/mcp"] } }}Claude Code inherits your shell's AWS environment, so no extra env config is needed.
Claude Desktop, Cursor, Windsurf
{ "mcpServers": { "wraps": { "command": "npx", "args": ["-y", "@wraps.dev/mcp"], "env": { "AWS_REGION": "us-east-1", "AWS_PROFILE": "your-aws-profile" } } }}GUI clients don't inherit your shell, so pass the region and profile explicitly. Full per-client setup lives in the MCP reference.
An agent with a send button needs a leash.
Your SES account carries your domain reputation. The Wraps MCP server treats sending as the privileged operation it is — three layers, from cautious default to hard enforcement.
Read-only by default
Out of the box, the server can look but not touch. send_email stays disabled until you set WRAPS_WRITE_ENABLED=true — an explicit decision, not a default you have to find and turn off.
Allowlists and caps for write mode
When you do enable sending, you scope it: exact recipient addresses, allowed domains, a per-call recipient cap, and a locked from address. The agent sends what you permitted, nothing else.
Enforced mode for provisioned agents
Provisioned agents get a credential that can only invoke an enforcer Lambda in your account — never SES directly. Kill-switch, allowlist, and hourly/daily caps are decided server-side, with operator approval for anything outside policy.
Every guardrail variable is documented in the MCP reference.
Your SES. Your credentials. One config block.

