How to Give Your AI Agent Access to Your Mac Apps Safely

You want your AI agent to read your emails, check your calendar, and write notes — but you don't want to upload your entire personal data to a cloud provider. There's a way to have both.

The answer: a local MCP server that exposes your Mac apps through the Model Context Protocol, with the agent calling it from outside your machine via a secure tunnel.

The Architecture in 30 Seconds

1. A small MCP server runs on your Mac (port 3939)
2. It exposes tools like mail_read_inbox, notes_create, calendar_today
3. A Cloudflare tunnel gives it a public HTTPS URL
4. Your AI agent in the cloud calls the tunnel URL, which forwards to localhost
5. The MCP server talks to your apps and returns results

Your data never leaves your Mac. The cloud agent just gets the answers.

Why Not Just Upload Your Emails?

The "easy" way is to OAuth into Gmail or Outlook with the cloud provider, give them a long-lived token, and let them read your inbox directly. Most AI products do this. It works. It's also a privacy nightmare:

• The provider has read access to your entire mailbox
• Your tokens live in their database
• A breach of the provider exposes your emails
• Your messages may end up in their training data

Local-first inverts this. The cloud never sees your messages — only the specific summaries the agent extracts in response to your specific requests.

How Noomachy Does It

Noomachy ships with a desktop app (Electron-based) that bundles:

• A local MCP server with 19+ macOS tools
• An auto-started Cloudflare quick tunnel
• Auto-registration so the cloud agent picks it up automatically

When you launch the desktop app, the tunnel comes online and your agent gains access to:

• Mail — read inbox, search, send (via direct SQLite access, no AppleScript prompts)
• Notes — list, read, create, update, delete, search, lock
• Calendar — read events, create new ones
• Reminders — list, create with due dates
• Files — read, write, list (sandboxed to your Documents)
• Clipboard — read, write
• Browser — open URLs
• System — info, notifications, command execution

All from inside the chat. No copy/paste.

The Permissions Model

macOS has three layers of automation permission:

1. Files — Documents folder, etc. Granted on first prompt.
2. App automation — for AppleScript-based access (Notes, Calendar, Reminders).
3. Full Disk Access — required for some Mail integrations.

For Mail specifically, Noomachy uses a different approach: it reads Mail's SQLite envelope index directly (~/Library/Mail/V10/MailData/Envelope Index). This gives instant, permission-free access for reading. Sending still uses AppleScript and triggers the standard prompt.

The Tunnel Question

Cloudflare quick tunnels give you a free, no-account public URL. The downside: the URL rotates and the connection is best-effort.

For more robust deployments you can:

• Use a named Cloudflare tunnel (free with a Cloudflare account)
• Use ngrok with a static subdomain
• Self-host with a reverse proxy
• Run the agent locally too and skip the tunnel entirely

Noomachy handles tunnel rotation automatically — when the URL changes, it updates the registered MCP endpoint in your account.

Try It

Download Noomachy desktop and your local Mac apps become available to the agent within seconds.

Sign up to get the desktop app →