Skip to main content

Agent-first CLI for Microsoft 365 Outlook on the web endpoints

Project description

m365-owa-cli

m365-owa-cli is a personal, agent-first Python CLI for Microsoft 365 Outlook workflows through Outlook on the web / OWA internal service endpoints.

The current command surface is calendar-focused, but the package name leaves room for mail and tasks if the same OWA-authenticated endpoint strategy proves useful there. Microsoft Graph is intentionally out of scope.

Examples

m365-owa-cli capabilities
m365-owa-cli schema event
m365-owa-cli auth set-token --connection work
m365-owa-cli auth bookmarklet --connection work --raw
m365-owa-cli auth extract-token --connection work --devtools-url http://127.0.0.1:9222 --reload
m365-owa-cli auth list-connections
m365-owa-cli events list --connection work --day 2026-04-24
m365-owa-cli events delete --connection work --id AAMk... --confirm-event-id AAMk...

Commands emit JSON by default. Use --pretty where supported for local human-readable output.

Configuration

Tokens are stored as plaintext files under:

~/.config/m365-owa-cli/connections/<connection>.token

Tests and automation can override the config root with M365_OWA_CONFIG_DIR.

Connection names are the explicit account, company, tenant, or environment selector. Examples:

m365-owa-cli auth list-connections
m365-owa-cli events list --connection crayon --day 2026-04-24
m365-owa-cli events list --connection softwareone --day 2026-04-24
m365-owa-cli events list --connection swon --day 2026-04-24
m365-owa-cli events list --connection prod --day 2026-04-24

Browser Token Capture

Preferred method: watch a DevTools-enabled Edge or Chrome tab and store the first OWA service bearer header it observes. Open Outlook on the web in that browser first:

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --remote-debugging-port=9222

Capture per connection:

m365-owa-cli auth extract-token --connection crayon --browser chrome --devtools-url http://127.0.0.1:9222 --reload
m365-owa-cli auth extract-token --connection softwareone --browser chrome --devtools-url http://127.0.0.1:9222 --reload
m365-owa-cli auth extract-token --connection swon --browser chrome --devtools-url http://127.0.0.1:9222 --reload

Each command stores a separate local token file:

~/.config/m365-owa-cli/connections/crayon.token
~/.config/m365-owa-cli/connections/softwareone.token
~/.config/m365-owa-cli/connections/swon.token

The command only accepts bearer headers from known Outlook hosts on /owa/service.svc; it stores the token locally and emits metadata only. If the capture times out, interact with the open Calendar tab and retry without --reload.

Manual Token Capture Fallback

Use the bookmarklet helper only when DevTools capture is unavailable:

m365-owa-cli auth bookmarklet --connection crayon --raw

Create a browser bookmark with the generated value as the URL, open Outlook on the web, click the bookmarklet, then refresh or open Calendar. If OWA sends an Authorization: Bearer ... header to /owa/service.svc, the helper displays it for copying into auth set-token.

Opsec

  • Do not print, paste, commit, screenshot, or document bearer token values.
  • Do not copy ~/.config/m365-owa-cli/connections/*.token into this repository.
  • Use --connection names like crayon, softwareone, swon, prod, dev, or another explicit company/environment name so agents never depend on hidden account state.
  • Keep remote debugging bound to the local machine, for example http://127.0.0.1:9222.
  • Prefer JSON command output and rely on built-in redaction for errors; do not add ad hoc debug logging around auth headers.

Releases

New versions are published to PyPI from GitHub Actions when a v* tag is pushed. The workflow uses PyPI trusted publishing against the pypi environment in this repository, so no long-lived PyPI API token is stored in GitHub.

Before the first release, configure a pending trusted publisher on PyPI:

  • PyPI project name: m365-owa-cli
  • Owner: okms
  • Repository: m365-owa-cli
  • Workflow: publish.yml
  • Environment: pypi

Release flow:

# bump version in pyproject.toml, commit
git tag vX.Y.Z
git push origin main --tags

The .github/workflows/publish.yml workflow runs tests, builds the source and wheel distributions, checks them with Twine, and publishes them to PyPI. Tag-less runs can also be triggered manually from the Actions tab.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

m365_owa_cli-0.1.2.tar.gz (51.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

m365_owa_cli-0.1.2-py3-none-any.whl (37.6 kB view details)

Uploaded Python 3

File details

Details for the file m365_owa_cli-0.1.2.tar.gz.

File metadata

  • Download URL: m365_owa_cli-0.1.2.tar.gz
  • Upload date:
  • Size: 51.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for m365_owa_cli-0.1.2.tar.gz
Algorithm Hash digest
SHA256 12821affc575a763f75092a24d7eb4bf6a3c1105e9dc478c0103207020418550
MD5 cf48178c93241feb94d162580f953f23
BLAKE2b-256 dddeac1a53d21260511ed32e2355c0a0e37b10c236fe6cfcba7d2d22a1c6c8cd

See more details on using hashes here.

Provenance

The following attestation bundles were made for m365_owa_cli-0.1.2.tar.gz:

Publisher: publish.yml on okms/m365-owa-cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file m365_owa_cli-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: m365_owa_cli-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 37.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for m365_owa_cli-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 273eba0617ed17f9a756c9198ace50a97d35fd4a94c39b273865234356af53b5
MD5 31b9e1bada387b13ec9205e561cc9a00
BLAKE2b-256 6b37a3c0d5cd2020f2186f8afe00ce16f4e3170b82a558b556f3b604e0f6a0dd

See more details on using hashes here.

Provenance

The following attestation bundles were made for m365_owa_cli-0.1.2-py3-none-any.whl:

Publisher: publish.yml on okms/m365-owa-cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page