Wraps Logo
wraps · mcp server

The MCP server for email your agent owns.

$ npx -y @wraps.dev/mcp

Six tools over the AWS SES stack in your account — send history, delivery events, domain status, suppressions, and guarded sending. Runs locally over stdio; your credentials never leave your machine.

wraps · 6 tools
  • list_recent_sends

    Recent sends from your email history

    read
  • get_email_event_log

    Full delivery timeline for a message

    read
  • verify_domain_status

    DKIM + verification status of a domain

    read
  • list_suppressions

    Bounce and complaint suppression list

    read
  • send_email

    Send via your SES account, guarded

    write
  • check_send_status

    Poll a send awaiting operator approval

    read

Your agent can answer email questions itself.

Deliverability debugging, domain checks, suppression lookups — the questions you'd open the AWS console for become one tool call in Claude Code, Claude Desktop, Cursor, or any MCP client.

list_recent_sends

read

List recent sends from your email history table — who, what, when, and current status.

“What did we send to acme.com this week?”

get_email_event_log

read

The full delivery event log for one message: Send, Delivery, Bounce, Complaint, Open, Click.

“Why did the reset email to dana@ bounce?”

verify_domain_status

read

Verification and DKIM status of a sending domain, straight from SES.

“Is mail.myapp.com verified yet?”

list_suppressions

read

Addresses on your SES suppression list, filterable by BOUNCE or COMPLAINT.

“Who complained in the last import?”

send_email

write

Send a transactional email through your SES account. Off by default; guarded by allowlists and caps when on.

“Email the weekly report to the team.”

check_send_status

read

Poll the outcome of a send that's waiting on operator approval (enforced mode).

“Did anyone approve that send yet?”

One config block. No API key.

The server resolves AWS credentials from your environment — the same chain the AWS CLI uses. If wraps email status works in your terminal, the MCP server works too.

Claude Code — project root

JSON.mcp.json
{  "mcpServers": {    "wraps": {      "command": "npx",      "args": ["-y", "@wraps.dev/mcp"]    }  }}

Claude Code inherits your shell's AWS environment, so no extra env config is needed.

Claude Desktop, Cursor, Windsurf

JSONclaude_desktop_config.json
{  "mcpServers": {    "wraps": {      "command": "npx",      "args": ["-y", "@wraps.dev/mcp"],      "env": {        "AWS_REGION": "us-east-1",        "AWS_PROFILE": "your-aws-profile"      }    }  }}

GUI clients don't inherit your shell, so pass the region and profile explicitly. Full per-client setup lives in the MCP reference.

An agent with a send button needs a leash.

Your SES account carries your domain reputation. The Wraps MCP server treats sending as the privileged operation it is — three layers, from cautious default to hard enforcement.

Read-only by default

Out of the box, the server can look but not touch. send_email stays disabled until you set WRAPS_WRITE_ENABLED=true — an explicit decision, not a default you have to find and turn off.

Allowlists and caps for write mode

When you do enable sending, you scope it: exact recipient addresses, allowed domains, a per-call recipient cap, and a locked from address. The agent sends what you permitted, nothing else.

Enforced mode for provisioned agents

Provisioned agents get a credential that can only invoke an enforcer Lambda in your account — never SES directly. Kill-switch, allowlist, and hourly/daily caps are decided server-side, with operator approval for anything outside policy.

Every guardrail variable is documented in the MCP reference.

Your SES. Your credentials. One config block.