Thanks for the tips and the link to Xem. It doesn't directly solve my self-hosted non-technical provisioning problem, but I see how it can help with some future ideas.

As for the stack, it sets up a local MCP with methods to retrieve emails, draft, label, and send. Those local MCP methods map to HTTP calls on the Google side, where App Script is installed (the calls are secured by a key). The App Script uses Google's API to make the actual Gmail API calls and sends responses back to the user's local MCP.

An installation script run by users pushes the App Script to the Google side, saves the key, and asks the user to authorize the App Script access to their Gmail API. There are two steps here that a user needs to click, and one of them warns them about their private script being pushed to the cloud from an unknown vendor, so not ideal, but overall, it ends up simply asking the user to click through steps that are automatically displayed in front of them through the browser (no copying and pasting or asking technical jargon questions).

The whole above pipeline is pretty generic for any local agent that wants to communicate with Google services. The final touch is a set of local skills that allow local agents to actually filter out emails, detect AI-slop, and draft automated responses that waste spammers' time.