Is your feature request related to a problem? Please describe.
Modern enterprise email automation demands robust security. AzulClaw currently lacks a business-grade skill for Gmail management (read, move, send, organize) under a Zero Trust architecture. Direct API interactions or embedded credentials in agent processes expose sensitive systems to potential attacks and do not provide robust human-in-the-loop (HITL) controls. Business environments require that sensitive Gmail actions are never performed without explicit multi-factor user approval, and never through direct agent-side Google API calls.
Describe the solution you'd like
Design and implement a new Gmail Business Skill for AzulClaw, employing a secure, hybrid asynchronous architecture with robust MFA and human approval built-in:
Proposed Architecture:
- Transport (Azure Service Bus): The AzulClaw agent never directly calls Gmail APIs. Instead, it publishes signed requests to a Service Bus queue for processing, reducing the attack surface and preventing credential exposure.
- Execution (Azure Container Apps + MCP Server): Email commands are processed by a Model Context Protocol (MCP) microservice, running as an isolated Azure Container App. This server scales to zero when idle, and asynchronously processes messages from the Service Bus.
- Security Mediation (Azure Functions + Table Storage): An independent Azure Function acts as a secure gatekeeper, enforcing multi-factor authentication (MFA) for any sensitive Gmail action (send, delete, move). Approval requests are pushed to users’ Microsoft Authenticator applications, with status tracked in Table Storage.
- Identity & Secret Management: Gmail OAuth tokens are exclusively stored in Azure Key Vault. Managed Identities are used for internal Azure authentication, ensuring no secrets are held in code or process memory.
Man-in-the-Loop (MITL) and Security Controls:
- User Approval Enforcement:
- Sensitive email actions must be explicitly approved by the user on their mobile device via Microsoft Authenticator push notifications (leveraging Microsoft Graph API).
- The MCP server halts any action’s execution pending a valid, double-checked approval ticket in Table Storage.
- Strong Prompt Injection Defense:
- The approval state is validated server-side against Azure Table Storage—no agent logic bypass is possible.
- Identity Isolation:
- No static secrets: Managed Identities for Azure services; OAuth tokens only in Key Vault.
Workflow:
- Agent recognizes a Gmail management need, sends request to Service Bus (gmail-requests-queue).
- MCP Worker retrieves the command, initiates approval if sensitive.
- User receives and approves/rejects via Microsoft Authenticator.
- MCP Worker verifies state in Table Storage, executes on Gmail API if/when approved, puts result on gmail-responses-queue.
- Agent picks up the response for task completion.
Tech Stack
- Microsoft Agent Framework (backend orchestrator)
- MCP (Model Context Protocol)
- Azure Container Apps
- Azure Service Bus
- Azure Functions + Microsoft Entra ID (for MFA via Microsoft Authenticator)
- Azure Table Storage
- Azure Key Vault
- Gmail API
Additional context
This skill will establish AzulClaw as a business-ready automation platform with full compliance for enterprise data access standards and strict human oversight via modern identity workflows. All direct API keys and credentials will be isolated from the agent to guarantee “Zero Trust” operation for sensitive email actions.
Is your feature request related to a problem? Please describe.
Modern enterprise email automation demands robust security. AzulClaw currently lacks a business-grade skill for Gmail management (read, move, send, organize) under a Zero Trust architecture. Direct API interactions or embedded credentials in agent processes expose sensitive systems to potential attacks and do not provide robust human-in-the-loop (HITL) controls. Business environments require that sensitive Gmail actions are never performed without explicit multi-factor user approval, and never through direct agent-side Google API calls.
Describe the solution you'd like
Design and implement a new Gmail Business Skill for AzulClaw, employing a secure, hybrid asynchronous architecture with robust MFA and human approval built-in:
Proposed Architecture:
Man-in-the-Loop (MITL) and Security Controls:
Workflow:
Tech Stack
Additional context
This skill will establish AzulClaw as a business-ready automation platform with full compliance for enterprise data access standards and strict human oversight via modern identity workflows. All direct API keys and credentials will be isolated from the agent to guarantee “Zero Trust” operation for sensitive email actions.