# LiteMX MCP

LiteMX is designed to give MCP-compatible agents scoped access to custom-domain mailboxes.

LiteMX is not an AI assistant. It does not choose how to answer email by itself. It provides infrastructure that external agents can use to search, read, draft, and, when explicitly allowed, send replies.

## Transport

The remote MCP endpoint is available at:

```txt
https://litemx-api-worker.litemx.workers.dev/mcp
```

It uses stateless Streamable HTTP-style JSON-RPC over `POST /mcp`. Private founder mode uses LiteMX bearer-token auth. Before broad public launch, LiteMX should implement OAuth-based remote MCP authorization.

## Tools

- list_mailboxes
- search_messages
- list_threads
- read_thread
- read_message
- create_draft
- send_draft
- reply_to_thread
- get_agent_instructions

`reply_to_thread` creates a reply draft. `send_draft` is the only MCP send tool and requires explicit send scope.

## Scopes

MCP tools enforce LiteMX-owned scoped tokens. Scopes can separate read, search, draft, and send operations.

Example:

```sh
litemx tokens create --name triage-bot \
  --mailbox support@project.dev \
  --scopes messages:read,messages:search,drafts:write
```

That token can help an agent understand and draft a response, but it cannot send. Sending requires an explicit send scope.

Typical scopes:

- Read/search: `mailboxes:read,messages:read,messages:search`
- Draft replies: add `drafts:write`
- Send drafts: add `email:send`

Sending through MCP also depends on the same outbound preflight as CLI/API sending: verified provider readiness, explicit send scope, per-message recipient cap, plan send limits, and provider approval.
