{"id":49418361,"url":"https://github.com/groupthink-dev/resend-blade-mcp","last_synced_at":"2026-04-29T04:12:31.773Z","repository":{"id":352838225,"uuid":"1198358583","full_name":"Groupthink-dev/resend-blade-mcp","owner":"Groupthink-dev","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-21T09:55:50.000Z","size":105,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-21T11:40:19.105Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Groupthink-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-01T10:54:29.000Z","updated_at":"2026-04-21T09:55:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Groupthink-dev/resend-blade-mcp","commit_stats":null,"previous_names":["groupthink-dev/resend-blade-mcp"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Groupthink-dev/resend-blade-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Groupthink-dev%2Fresend-blade-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Groupthink-dev%2Fresend-blade-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Groupthink-dev%2Fresend-blade-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Groupthink-dev%2Fresend-blade-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Groupthink-dev","download_url":"https://codeload.github.com/Groupthink-dev/resend-blade-mcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Groupthink-dev%2Fresend-blade-mcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32410084,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T03:46:11.172Z","status":"ssl_error","status_checked_at":"2026-04-29T03:37:55.317Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-29T04:12:26.186Z","updated_at":"2026-04-29T04:12:31.767Z","avatar_url":"https://github.com/Groupthink-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Resend Blade MCP\n\nSecurity-first MCP server for [Resend](https://resend.com) transactional email — send, manage contacts, broadcasts, templates, domains, and webhooks with programmatic safety controls.\n\nBuilt on [FastMCP 2.0](https://github.com/jlowin/fastmcp) and [httpx](https://www.python-httpx.org/). Designed for agentic workflows where LLMs operate autonomously.\n\n## Why not the official Resend MCP?\n\nThe [official resend-mcp](https://github.com/resend/resend-mcp) covers the full API but was designed for human-supervised chat, not autonomous agents. In agentic contexts, its security model breaks down:\n\n| Capability | resend-blade-mcp | Official resend-mcp | Generic vendor MCPs |\n|---|---|---|---|\n| **Write gating** | Programmatic env var gate | Prompt engineering only | Usually none |\n| **Filesystem access** | **None** — base64/URL only | `filePath` reads any file | Varies |\n| **API key management** | **Excluded entirely** | Full CRUD exposed to agent | Often exposed |\n| **Credential scrubbing** | All error paths scrubbed | Not implemented | Rarely |\n| **Tool count** | 28 focused | 60+ (context window bloat) | Varies |\n| **Output format** | Pipe-delimited, null omission | Raw JSON responses | Raw JSON |\n| **HTTP transport auth** | Built-in bearer middleware | Per-session key only | Rarely |\n| **Idempotency** | Native `Idempotency-Key` header | Not exposed as parameter | Rarely |\n| **Rate limit handling** | Typed `RateLimitError` with retry-after | Raw error passthrough | Varies |\n\n### The filesystem problem\n\nThe official MCP accepts `filePath` in attachments, calling `fs.readFile()` with no path validation. An autonomous agent could read `/etc/passwd`, `~/.ssh/id_rsa`, or any file on the host and attach it to an email sent to any address. **resend-blade-mcp** rejects all filesystem paths — only base64 content and HTTPS URLs are permitted.\n\n### The API key problem\n\nThe official MCP exposes `create-api-key` and `remove-api-key` tools. An agent could create a full-access API key and exfiltrate it, or delete existing keys to disrupt services. **resend-blade-mcp** excludes API key management entirely — these are privileged operations that belong out-of-band.\n\n## Features\n\n- **28 tools** across 8 categories: sending, contacts, segments, broadcasts, templates, domains, webhooks, logs\n- **Write-gate** — all mutating operations disabled by default (`RESEND_WRITE_ENABLED=true` to enable)\n- **No filesystem access** — attachments via base64 content or HTTPS URL only\n- **No API key CRUD** — excluded by design, not just gated\n- **Credential scrubbing** — `re_*` API keys stripped from all error output\n- **Token-efficient** — pipe-delimited output, null-field omission, capped lists\n- **Idempotent sends** — native `Idempotency-Key` support prevents duplicate emails on retry\n- **Webhook management** — create, list, delete webhook endpoints for event-driven architectures\n- **Sidereal Marketplace** — native plugin manifest for one-click install\n\n## Requirements\n\n- macOS (tested) or Linux\n- Python 3.12+\n- [uv](https://docs.astral.sh/uv/)\n- Resend account with API key ([get one here](https://resend.com/api-keys))\n\n## Quick Start\n\n```bash\n# Clone and install\ngit clone https://github.com/Groupthink-dev/resend-blade-mcp.git\ncd resend-blade-mcp\nuv sync\n\n# Set your API key\nexport RESEND_API_KEY=re_xxxxxxxx\n\n# Run (stdio transport)\nuv run resend-blade-mcp\n```\n\n### Claude Code\n\n```bash\nclaude mcp add resend-blade -- uv run --directory ~/src/resend-blade-mcp resend-blade-mcp\n```\n\n### Claude Desktop (claude_desktop_config.json)\n\n```json\n{\n  \"mcpServers\": {\n    \"resend-blade\": {\n      \"command\": \"uv\",\n      \"args\": [\"run\", \"--directory\", \"/path/to/resend-blade-mcp\", \"resend-blade-mcp\"],\n      \"env\": {\n        \"RESEND_API_KEY\": \"re_xxxxxxxx\",\n        \"RESEND_WRITE_ENABLED\": \"false\"\n      }\n    }\n  }\n}\n```\n\n## Tools (28)\n\n### Sending (5)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_send` | write | Send email (HTML/text, attachments, scheduled, idempotent) |\n| `resend_send_batch` | write | Batch send up to 100 emails |\n| `resend_get_email` | read | Retrieve sent email by ID |\n| `resend_list_emails` | read | List sent emails with status |\n| `resend_cancel_scheduled` | write | Cancel a scheduled email |\n\n### Contacts (4)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_create_contact` | write | Create a contact with properties |\n| `resend_list_contacts` | read | List contacts |\n| `resend_update_contact` | write | Update contact properties |\n| `resend_delete_contact` | write | Delete a contact |\n\n### Segments (3)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_create_segment` | write | Create a segment |\n| `resend_list_segments` | read | List segments |\n| `resend_delete_segment` | write | Delete a segment |\n\n### Broadcasts (4)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_create_broadcast` | write | Create a broadcast (draft) |\n| `resend_send_broadcast` | write | Send or schedule a draft broadcast |\n| `resend_list_broadcasts` | read | List broadcasts with status |\n| `resend_delete_broadcast` | write | Delete a draft/scheduled broadcast |\n\n### Templates (4)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_create_template` | write | Create template with variables |\n| `resend_list_templates` | read | List templates |\n| `resend_get_template` | read | Get template with HTML content |\n| `resend_publish_template` | write | Publish template for use in sends |\n\n### Domains (4)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_add_domain` | write | Register a sending domain (returns DNS records) |\n| `resend_list_domains` | read | List domains with verification status |\n| `resend_get_domain` | read | Get domain with DNS record details |\n| `resend_verify_domain` | write | Trigger DNS verification |\n\n### Webhooks (3)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_create_webhook` | write | Create webhook endpoint (returns signing secret) |\n| `resend_list_webhooks` | read | List webhook endpoints |\n| `resend_delete_webhook` | write | Delete a webhook |\n\n### Logs (1)\n\n| Tool | Gate | Description |\n|------|------|-------------|\n| `resend_list_logs` | read | List recent API request logs |\n\n## Security\n\n| Layer | Control |\n|-------|---------|\n| API key | `RESEND_API_KEY` from env (never logged, scrubbed from errors) |\n| Transport | stdio default (no network exposure) |\n| Write gate | `RESEND_WRITE_ENABLED` default `false` — blocks all 17 write tools |\n| Attachments | Base64 content or HTTPS URL only — filesystem paths rejected |\n| API key CRUD | Excluded — no tool can create, list, or delete API keys |\n| Batch limits | `resend_send_batch` capped at 100 (Resend API maximum) |\n| Credential scrubbing | `re_*` patterns removed from all error output |\n| HTTP auth | Optional bearer token middleware (`RESEND_MCP_API_TOKEN`) |\n| Rate limits | 429 responses surface as typed `RateLimitError` with retry-after |\n\n## HTTP Transport\n\n```bash\nexport RESEND_MCP_TRANSPORT=http\nexport RESEND_MCP_HOST=127.0.0.1\nexport RESEND_MCP_PORT=8770\nexport RESEND_MCP_API_TOKEN=your-secret-token\n\nuv run resend-blade-mcp\n```\n\n## Environment Variables\n\n| Variable | Default | Description |\n|----------|---------|-------------|\n| `RESEND_API_KEY` | (required) | Resend API key |\n| `RESEND_WRITE_ENABLED` | `false` | Enable write operations |\n| `RESEND_MCP_TRANSPORT` | `stdio` | Transport: `stdio` or `http` |\n| `RESEND_MCP_HOST` | `127.0.0.1` | HTTP bind host |\n| `RESEND_MCP_PORT` | `8770` | HTTP bind port |\n| `RESEND_MCP_API_TOKEN` | (none) | Bearer token for HTTP auth |\n\n## Development\n\n```bash\nmake install-dev    # Install with dev dependencies\nmake test           # Run unit tests (mocked, no Resend needed)\nmake test-e2e       # Run E2E tests (requires live API key)\nmake check          # Lint + format + type-check\nmake run            # Start the server\n```\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgroupthink-dev%2Fresend-blade-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgroupthink-dev%2Fresend-blade-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgroupthink-dev%2Fresend-blade-mcp/lists"}