mcp

VaultAssist is a personal Google Workspace MCP server that acts as a secure bridge between your AI assistant and Google services like Gmail, Drive, Calendar, Docs, Sheets, Slides, and Tasks. Built with Next.js and the Vercel MCP SDK, it provides vault-level security, per-user isolation, and advanced session management via Better Auth. The server exposes a set of tool handlers (Gmail, Drive, Docs, Calendar, Sheets, Slides, Tasks, Memory, and Sequential Thinking) that can be invoked by MCP clients to perform authenticated operations against Google Workspace APIs, with results mapped and stored in a graph database for context-aware reasoning. To use it, provide your Google OAuth 2.1 credentials and configure your database connections; once running, you can query and automate Google Workspace tasks through natural language prompts supported by the MCP SDK.

Key capabilities include:

• Gmail: manage messages, search, labels, and batch operations
• Drive: file operations with Office formats support and URL imports
• Docs: create, edit, search, and batch update content
• Calendar: event management with attachments and Meet integration
• Sheets/Slides: data I/O and batch updates for spreadsheets and presentations
• Tasks: hierarchical task management
• Memory: persistent context storage and graph-based relationships
• Sequential Thinking: orchestrates complex workflows using graph-context

The server emphasizes multi-user isolation, meaning each user’s sessions, tokens, data, and memory graphs are segregated to protect privacy.

Prerequisites:

• Node.js (recommended LTS) and npm installed on your machine
• Optional: PostgreSQL for persistent storage and a graph database setup (e.g., Neo4j or compatible)
• Optional: Upstash Redis for fast session caching

Installation steps:

1. Clone the repository or set up the MCP server package in your environment
2. Install dependencies (if you’re using a local clone):

npm install

3. Create and configure environment variables (example below) and store them in a secure place (e.g., .env):

# Google OAuth
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_OAUTH_REDIRECT_URI=https://your-domain/oauth2callback

# Databases
DATABASE_URL=postgresql://user:password@host:5432/dbname
GRAPHDB_URL=bolt://localhost:7687

# Sessions and security
SESSION_SECRET=your-session-secret

# Caching/Redis
UPSTASH_REDIS_URL=your-redis-url
UPSTASH_REDIS_TOKEN=your-redis-token

# GraphDB API (if used)
NV_GRAPHDB_API_KEY=your-graphdb-api-key

# Environment
ENVIRONMENT=production

4. Start the MCP server using the recommended command from MCP config (example with npx):

npx -y 3xcaffeine-mcp-server

5. Verify the server is running and accessible via your MCP client, and ensure Google OAuth credentials are correctly wired in the OAuth flow.

Optional:

• If you host in a container, you can adapt the command to a docker run or bun-based startup depending on your stack. Ensure port mappings allow MCP clients to reach the server.

Notes and tips:

• Ensure your Google API project has OAuth 2.1 credentials configured and the redirect URI matches your deployment.
• Keep per-user data isolated; verify that PostgreSQL schemas and graph stores are properly partitioned by user.
• Regularly rotate session secrets and API keys; use environment-based secret management.
• If you encounter CORS or validation errors, check Zod schemas and middleware wiring in your MCP SDK integration.
• For production deployments, consider using a reverse proxy (e.g., Caddy) and TLS termination, and enable caching with Upstash Redis for session management.
• The server leverages the Vercel MCP SDK; ensure compatibility with your MCP client versions and the latest SDK updates.