{"id":44862732,"url":"https://github.com/agenticmail/agenticmail","last_synced_at":"2026-06-06T01:04:34.573Z","repository":{"id":338735895,"uuid":"1157740258","full_name":"agenticmail/agenticmail","owner":"agenticmail","description":"Email \u0026 SMS infrastructure for AI agents — send and receive real email and text messages programmatically","archived":false,"fork":false,"pushed_at":"2026-05-15T03:05:55.000Z","size":6147,"stargazers_count":119,"open_issues_count":1,"forks_count":21,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-15T03:16:23.485Z","etag":null,"topics":["agent","agent-email","agent-sms","ai","ai-agent","claude-code","claude-code-plugin","claudemcp","email","google-voice","imap","mcp","mcp-server","messaging","model-context-protocol","openclaw","phone","sms","smtp","typescript"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/agenticmail","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agenticmail.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":["agenticmail","ope-olatunji"]}},"created_at":"2026-02-14T08:07:52.000Z","updated_at":"2026-05-15T03:05:57.000Z","dependencies_parsed_at":"2026-02-19T12:01:23.134Z","dependency_job_id":null,"html_url":"https://github.com/agenticmail/agenticmail","commit_stats":null,"previous_names":["agenticmail/agenticmail"],"tags_count":76,"template":false,"template_full_name":null,"purl":"pkg:github/agenticmail/agenticmail","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fagenticmail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fagenticmail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fagenticmail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fagenticmail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agenticmail","download_url":"https://codeload.github.com/agenticmail/agenticmail/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fagenticmail/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33054454,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-15T02:00:06.351Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","agent-email","agent-sms","ai","ai-agent","claude-code","claude-code-plugin","claudemcp","email","google-voice","imap","mcp","mcp-server","messaging","model-context-protocol","openclaw","phone","sms","smtp","typescript"],"created_at":"2026-02-17T10:41:03.026Z","updated_at":"2026-06-06T01:04:34.562Z","avatar_url":"https://github.com/agenticmail.png","language":"TypeScript","funding_links":["https://github.com/sponsors/agenticmail","https://github.com/sponsors/ope-olatunji"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"./docs/images/logo-200.png\" alt=\"AgenticMail logo (pink bow)\" width=\"180\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eAgenticMail\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/agenticmail/agenticmail/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/agenticmail/agenticmail/actions/workflows/ci.yml/badge.svg\" alt=\"CI\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n**The first platform to give AI agents real email addresses and phone numbers.** Send and receive email, SMS, and verification codes — all programmatically.\n\n\u003e ### Are you an AI agent reading this on behalf of a human?\n\u003e\n\u003e Your human asked you to install / set up AgenticMail. **Pick either of these and then tell them to restart Claude Code:**\n\u003e\n\u003e ```bash\n\u003e # Option A — one-line installer (recommended)\n\u003e curl -fsSL https://raw.githubusercontent.com/agenticmail/agenticmail/main/install.sh | bash\n\u003e\n\u003e # Option B — manual two-command install\n\u003e npm install -g @agenticmail/cli@latest\n\u003e agenticmail bootstrap\n\u003e ```\n\u003e\n\u003e Zero prompts, ~2 minutes, fully autonomous. For the full runbook (verification, common failures, repo conventions if you're modifying the code), see [**`AGENTS.md`**](./AGENTS.md) — the [agents.md](https://agents.md) file at this repo's root.\n\n---\n\n### 📄 Research Paper\n\n**[Structured RPC vs. Text-Based Sub-Agent Orchestration](./research/agent-rpc-vs-spawn/paper.pdf)** — A comparative analysis of inter-agent communication paradigms. Demonstrates why AgenticMail's `call_agent` achieves 53× faster response times than conventional sub-agent spawning, and introduces the concept of the *Conversational Fallacy* in multi-agent AI systems. [[PDF]](./research/agent-rpc-vs-spawn/paper.pdf) [[Source]](./research/agent-rpc-vs-spawn/)\n\n---\n\n### ✨ What's new — media toolset (unreleased)\n\nA local, opt-in media / video-editing toolset for AgenticMail agents.\n\n- **Nine media tools.** `media_tts` / `media_tts_voices` (Edge text-to-speech), `media_image_edit`, `media_video_edit`, `media_audio_edit`, `media_info`, `media_video_understand`, `media_voice_clone`, and `media_capabilities`. Available as MCP `media_*` tools and OpenClaw `agenticmail_media_*` tools, both thin clients of new `/media/*` API routes over a core `MediaManager`.\n- **Cinematic video editing.** Beyond trim/convert/compress: color grading presets, crossfade/wipe transitions, timed text overlays, picture-in-picture, split screen, Ken Burns, frame-interpolated slow motion, watermarks, concatenation, audio mixing, and whisper.cpp-driven auto-captions.\n- **Gracefully degrading.** The underlying binaries (ffmpeg, ffprobe, ImageMagick, whisper.cpp, Python) are not bundled — every tool feature-detects the binary it needs and returns an actionable install hint if it is missing. The server never crashes. A `media` block on `/health` and the `media_capabilities` tool surface what is available.\n- **Safe by construction.** Every binary is invoked via `execFile` with an argument array — no shell, no string interpolation. Untrusted input paths are validated (no control characters, no leading-dash flag-injection, must exist); numeric options are clamped; every call carries a bounded timeout and output buffer; output files land only inside the configured media directory.\n\n### ✨ What's new in 0.9.54\n\nTwilio joins 46elks as a phone transport provider.\n\n- **Pick your carrier.** `PhoneTransportProvider` is now `46elks` or `twilio` — chosen at phone setup. 46elks behaviour is unchanged; Twilio is at full parity (outbound call-control + realtime voice).\n- **Twilio call-control.** Outbound calls via the Twilio `Calls.json` REST API, TwiML webhooks, status-callback cost tracking. Inbound webhooks are verified with the `X-Twilio-Signature` header (HMAC-SHA1, timing-safe, fail-closed) on top of the per-mission token.\n- **Twilio realtime voice.** A Twilio Media Streams ↔ OpenAI Realtime bridge. `RealtimeVoiceBridge` was generalised behind a `RealtimeTransportAdapter` seam — one bridge serves both carriers, function-calling / barge-in / transcript logic written once. Twilio audio is G.711 µ-law @ 8 kHz and the OpenAI session uses `audio/pcmu`, so a Twilio call needs no transcoding. A `\u003cConnect\u003e\u003cStream\u003e` connects to `/api/agenticmail/calls/twilio-stream`.\n\n1038 tests pass; full build green. The live Twilio ↔ OpenAI call path still needs an operator smoke-test before the npm publish.\n\n### ✨ Earlier — 0.9.53\n\nRealtime voice tools + a Telegram channel.\n\n- **The voice agent can now use tools mid-call.** The OpenAI Realtime session declares `session.tools`; `RealtimeVoiceBridge` dispatches the model's function calls through an injected `ToolExecutor`, returns `function_call_output`, and keeps the phone line warm during slow tools with a safety-net timeout + an in-flight call cap.\n- **`ask_operator` — human-in-the-loop on a live call.** The agent records an operator query on the mission, notifies the operator (channel-agnostic; default email), polls up to ~5 min, and resumes with the answer. If the caller hangs up while a query is pending, the mission is flagged for **callback-on-disconnect** — once the operator answers, it re-dials with a continuity task.\n- **Lookup tools.** `web_search` (keyless DuckDuckGo, results fenced as untrusted content), `recall_memory` (the agent's universal memory), `get_datetime`. Plus agent-key-scoped operator-query API endpoints.\n- **Telegram channel.** A user registers a Telegram bot token, links a chat, and can message their AgenticMail agent — and get replies — over Telegram. The inbound webhook authenticates with a constant-time secret-token compare; it also carries `ask_operator` notifications and approvals.\n- **Security.** web_search output is fenced as untrusted before it reaches the model; operator email replies are verified against `operatorEmail`; Telegram bot tokens are encrypted at rest and redacted from logs; new SQL is parameterized.\n\n996 tests pass; full build green. The live OpenAI ⇄ 46elks call path and live Telegram delivery still need an operator smoke-test before the npm publish.\n\n### ✨ Earlier — 0.9.52\n\nRealtime voice + OpenClaw memory.\n\n- **Realtime voice bridge.** A phone mission can now hold a live conversation. `RealtimeVoiceBridge` (`@agenticmail/core`) wires an OpenAI Realtime (`gpt-realtime`) session to a 46elks realtime-media WebSocket: caller audio (PCM16 @ 24 kHz) is relayed to OpenAI, synthesised speech comes back as `response.output_audio.delta` and is relayed to 46elks, server-side VAD handles turn-taking, and caller barge-in fires a 46elks `interrupt`. 46elks streams a call to the new `/api/agenticmail/calls/realtime` WebSocket endpoint, which matches the connection to its mission by 46elks `callid` and runs the bridge. Set `OPENAI_API_KEY` (env or `config.json`) to enable it.\n- **Memory in the voice session.** Before the call starts, the agent's persistent memory is rendered with `generateMemoryContext()` and folded into the Realtime session `instructions` — the model is told to treat it as its *own* long-term knowledge, so the call is continuous with everything the agent has learned elsewhere.\n- **OpenClaw memory tools.** `agenticmail_memory`, `agenticmail_memory_reflect`, `agenticmail_memory_context`, and `agenticmail_memory_stats` bring the universal per-agent memory to OpenClaw agents — 69 → 73 tools.\n- **Bridge hardening.** Per-frame audio size cap (an oversized frame is dropped, never forwarded), bounded pre-connect buffer, fail-closed connection auth (timing-safe token compare; no unknown-mission-vs-wrong-token oracle), and a terminal-state guard so a late event can't resurrect a finished mission.\n\nThe end-to-end voice path needs a live `OPENAI_API_KEY` and a provisioned 46elks websocket number — the bridge logic, memory injection, and the WebSocket upgrade/auth glue are unit-tested with mocked sockets, but the live call must be smoke-tested by the operator.\n\n### ✨ Earlier — 0.9.51\n\nThe universal memory release. Every agent now has a persistent, evolving memory — categorised, confidence-decaying, BM25F-searchable knowledge that survives across every conversation, the way a human employee learns on the job.\n\n- **`AgentMemoryManager`** (`@agenticmail/core`) — CRUD, text recall, 9 memory categories, importance levels, confidence that decays for unaccessed entries, access tracking, pruning, and `generateMemoryContext()` which ranks + renders memory as a markdown block for prompt injection. Backed by a zero-dependency BM25F search index and an `agent_memory` table. Ported from the AgenticMail Enterprise memory engine, org-stripped — memory is personal to each agent.\n- **Memory API** — `/memory` (set / list / search / get / delete), `/memory/reflect`, `/memory/context`, `/memory/stats`. Every endpoint is scoped to the authenticated agent; an agent can only ever read or write its own memory.\n- **MCP tools** — `memory`, `memory_reflect`, `memory_context`, `memory_stats` so any MCP client can give its agent durable memory.\n- **Agent-deletion cleanup** — deleting an agent purges its `agent_memory` rows; no orphaned memory is left behind.\n\n### ✨ Earlier — 0.9.1\n\nThe visibility release — closes every \"what just happened?\" gap from 0.9.0.\n\n- **Lone wakes fire immediately.** 0.9.0's debounce window blocked even single replies for 30 s, making the dispatcher look dead. Leading-edge fire + trailing-edge coalesce now: first event for a `(agent, thread)` spawns instantly; bursts within the window collapse into one trailing wake.\n- **Dispatcher process heartbeat.** `check_activity` now shows `dispatcher: { state: 'alive' | 'unhealthy' | 'missing', uptimeMs, channels, coalesceQueueSize, ... }`. The host can finally answer \"is the dispatcher up?\" in one query.\n- **Skipped-wake ring buffer.** Every filter decision (thread-closed, allowlist-excluded, wake-on-cc, budget-exhausted) is posted with a reason; `check_activity` surfaces the last 100. No more \"did my mail land? did it skip?\" guessing.\n- **Per-agent `wake_on_cc: false` flag.** Coder agents can register a preference: never wake when only on Cc, regardless of sender. `PATCH /accounts/:id/wake-on-cc`.\n- **Display-name regex fix in `deriveDefaultWakeList`.** Senders using `\"Vesper \u003cvesper@localhost\u003e\"` form no longer fall through to \"no allowlist → wake everyone\".\n- **Web UI shows To / Cc / Bcc as separate labeled rows** in the message view (previously lumped under one `to:` line).\n- **`docs/wake-patterns.md`** documents every wake shape + 5 recommended patterns.\n\n### ✨ Earlier — 0.9.0\n\nThe wake-context release. Multi-agent thread cost goes from linear-in-thread-length to roughly flat.\n\n- **Layered wake-context system.** Every wake used to re-read the entire thread from scratch (12 messages × ~1 KB = 12 KB of token spend just to rehydrate, before any reasoning). Now the dispatcher prepends two blocks to every wake prompt: **Layer 1 — ThreadCache** (envelopes + previews of the last 10 messages, shared across CC'd agents) and **Layer 2 — AgentMemory** (a markdown file each agent writes at end-of-wake describing its own commitments and last actions). Agents read the new event + these two blocks and decide; they don't `read_email` prior history. New MCP tools `save_thread_memory` and `get_thread_id`.\n- **`wake` default flipped from \"everyone CC'd\" → \"To: only\".** Mirrors the email convention: To is for action, CC is for awareness. CC'd local agents still receive the mail in their inbox but don't get a Claude turn unless explicitly named in `wake`. Opt back into the old behaviour with `wake: 'all'`.\n- **Wake coalescing.** Within 30 s for the same `(agent, thread)`, multiple wake events collapse into ONE Claude turn. A burst of 4 quick replies becomes one Claude wake that sees all four in a `coalesced` batch prompt. Wake-budget charges once. Configurable via `wakeCoalesceMs`.\n\nTogether these eliminate the \"wake-thrash\" failure mode where an agent fired 4 near-identical status reports because a designer sent 4 replies in 2 minutes.\n\n### ✨ Earlier — 0.8.31\n\n- **Compact-and-continue** — workers can now run across multiple SDK turns. On a context-overflow error the dispatcher synthesises a breadcrumb checkpoint from the captured log, builds a \"resuming after context reset\" continuation prompt, and loops (capped at 4 iterations).\n- **Typed task contracts** — `call_agent` / `POST /tasks/assign` accept an `outputSchema` (JSON Schema, draft-7 subset). `submit_result` validates against it; mismatches return 400 with the validator errors so the worker can retry with a corrected shape.\n- **Delete + Move-to-Spam buttons** in the message view; **Compose auto-saves to Drafts** every 2s.\n- **`All Mail` folder hides itself** on servers that don't have one (Stalwart, most non-Gmail). Select-all checkbox now wires through.\n- **Logo background stripped** — bow PNG is now RGBA with proper transparency.\n\n### ✨ Earlier — 0.8.29\n\n- **Star button wired** — clicking the star toggles IMAP's `\\Flagged` flag via the new `POST /mail/messages/:uid/star` endpoint. Backed by `MailReceiver.setStarred` in `@agenticmail/core`. Optimistic UI; revert on failure.\n- **Gmail-compact list UX** — single 36 px rows (was 64 px stacked), subject + preview on one truncated line separated by an em-dash, leading checkbox column, sticky list-toolbar with select-all + refresh + count. Same layout for every folder.\n- **Compose button** down to 48 px (Gmail's actual size); the giant pink pill is gone.\n\n### ✨ Earlier — 0.8.27\n\n- **Folder bug fix** — Sent / Drafts / Spam / Trash were returning empty in the web UI because hard-coded folder names didn't match Stalwart's actual IMAP names (e.g. `Sent Items` not `Sent`). Now auto-discovered per agent and matched against every common server convention (Stalwart, Gmail, Outlook, macOS Mail).\n- **Two-line preview** on every list row — web UI uses `/mail/digest?folder=…` everywhere instead of `/mail/inbox` (no preview) + `/mail/folders/:folder` (no preview).\n- **URL reflects current folder** — hash router now uses `#/folder/\u003cid\u003e` (sent, drafts, spam, …). Back/forward works, URLs are shareable, refresh stays put.\n- **Stop hook output rewritten** — terser, audience-neutral, includes body preview. Drops the instruction-leakage from 0.8.25/26.\n\n### ✨ Earlier — 0.8.25\n\n- **Workers can now run for hours** — dropped the 30-min hard timeout. Each worker writes a per-turn log at `~/.agenticmail/worker-logs/\u003cid\u003e.log`, posts heartbeats every 30 s, and runs in its own isolated cwd so parallel agents don't clobber each other's output. New MCP tool **`tail_worker`** to read a running worker's log live; `check_activity` now shows last tool used, turn count, and a `stale` flag (no auto-eviction).\n- **Autonomous-mode awareness** — the mail hook now registers on the **Stop** event too. Long headless Claude Code runs (no user prompts firing for hours) finally see teammate replies — the hook returns `decision: 'block'` at turn boundaries when the bridge inbox has new mail, forcing Claude to continue with the new-mail summary in context. Closes the follow-up that 0.8.23 filed.\n- **Fixed `agenticmail-mail-hook: command not found` errors** — hook is now registered with an absolute path resolved at install time. Resilient to any `$PATH` configuration; old installs auto-heal on the next `agenticmail claudecode` run.\n- **Web UI fixes** — `(m.flags ?? []).includes is not a function` crash gone; sidebar folders (Sent / Drafts / Spam / Trash) now load their real IMAP mailboxes instead of all hitting `/mail/inbox`; Cmd+C no longer pops the compose modal; full mobile-responsive layout with an off-canvas sidebar.\n- **Official logos** — Claude starburst (from Wikipedia) and the AgenticMail `@` mark from `branding/` now ship bundled and render as the host avatar + topbar / favicon.\n- **Selective wake** — `wake: [\"alice\", \"bob\"]` on `send_email` / `reply_email` / `forward_email` / `template_send` / `manage_drafts(send)` tells the dispatcher to give a Claude turn only to named agents. The other CC'd recipients still receive the mail but stay asleep. Cuts token cost on large threads by ~10× when used.\n- **Thread-close markers** — `[FINAL]`, `[DONE]`, `[CLOSED]`, or `[WRAP]` in a subject tells the dispatcher this thread is done; no more wakes on any reply.\n- **`check_activity` MCP tool** — see which agents the dispatcher has woken right now, how long they've been running, and a preview of recent completions. The answer to \"did the agent I just emailed actually start working?\"\n- **Comprehensive markdown rendering** in the shell's email viewer — bold, italic, headings, lists, task lists, tables, fenced code, links, images, HTML entities, depth-colored quote stripes (instead of literal `\u003e\u003e\u003e\u003e`).\n- **LLM-tolerant tool inputs** — `batch_mark_read({ uids: \"[1,2,3]\" })` and other common stringification mistakes now just work; coerced before validation.\n- **Wake-budget circuit breaker** — caps per-(agent, thread) wakes at 10 per 24h to stop reply loops and storms.\n- **Dedup guidance** — wake prompts now tell agents to check their prior contributions before redoing work.\n\nSee [CHANGELOG.md](./CHANGELOG.md) for the full release history.\n\n---\n\nAgenticMail is a self-hosted communication platform purpose-built for AI agents. It runs a local [Stalwart](https://stalw.art) mail server via Docker, integrates SMS/phone access via Google Voice or 46elks, exposes a REST API with 75+ endpoints, ships a lightweight Gmail-style web UI for human oversight, and works with any MCP-compatible AI client and [OpenClaw](https://github.com/openclaw/openclaw) via plugin. Each agent gets its own email address, phone number, inbox, and API key.\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](./LICENSE)\n[![Node.js](https://img.shields.io/badge/Node.js-22%2B-green)](https://nodejs.org)\n\n[![agenticmail MCP server](https://glama.ai/mcp/servers/agenticmail/agenticmail/badges/card.svg)](https://glama.ai/mcp/servers/agenticmail/agenticmail)\n\n---\n\n## Table of Contents\n\n- [Why AgenticMail?](#why-agenticmail)\n- [Features](#features)\n- [Architecture](#architecture)\n- [Quick Start](#quick-start)\n- [CLI Commands](#cli-commands)\n- [Gateway Modes](#gateway-modes)\n- [Packages](#packages)\n- [API Overview](#api-overview)\n- [MCP Integration](#mcp-integration)\n- [Host Integrations](#host-integrations)\n- [OpenClaw Integration](#openclaw-integration)\n- [Interactive Shell](#interactive-shell)\n- [Security](#security)\n- [Configuration](#configuration)\n- [Development](#development)\n- [License](#license)\n\n---\n\n## Why 🎀 AgenticMail?\n\nAI agents need to communicate with the real world. Email is the universal communication protocol — every person and business has an email address. AgenticMail bridges the gap between AI agents and email by providing:\n\n- **Isolated mailboxes** — each agent has its own email address, inbox, and credentials. Agents can't read each other's mail.\n- **Internet email connectivity** — two gateway modes to send/receive real email (Gmail relay or custom domain with DKIM/SPF/DMARC).\n- **Security guardrails** — outbound scanning prevents agents from leaking API keys, passwords, or PII. Blocked emails require human approval.\n- **Agent collaboration** — agents can email each other, assign tasks, and make synchronous RPC calls.\n- **SMS / Phone number access** — integrate Google Voice or 46elks for SMS receive/send, verification code extraction, and phone number access for AI agents.\n- **Realtime voice calls** — bridge a phone mission to an OpenAI Realtime (`gpt-realtime`) session so an agent can hold a live two-way conversation, with its persistent memory folded into the call.\n- **Persistent agent memory** — every agent has a categorised, confidence-decaying, searchable long-term memory that survives across conversations and is injected into prompts and voice sessions.\n- **Smart orchestration** — `call_agent` replaces basic sub-agent spawning with auto mode detection, dynamic timeouts, runtime tool discovery, and async execution for long-running tasks.\n- **Tool integrations** — 100 MCP tools for any AI client, 89 OpenClaw tools, and a 44-command interactive shell.\n- **Self-updating** — `agenticmail update` checks npm, verifies OpenClaw compatibility, and updates both packages automatically.\n\n---\n\n## Features\n\n### Email Operations\n- **Send email** with text, HTML, attachments, CC/BCC, reply-to, and custom headers\n- **Receive email** via IMAP with real-time SSE event streaming (IMAP IDLE)\n- **Reply and forward** with proper In-Reply-To and References headers for threading\n- **Search** by sender, subject, body text, date range, read/unread status\n- **Folders** — create, list, move messages between folders\n- **Batch operations** — mark read/unread, delete, move multiple messages at once\n- **Drafts** — save, edit, and send draft emails\n- **Templates** — reusable email templates with variable substitution\n- **Scheduled sending** — queue emails for future delivery\n- **Signatures** — per-agent email signatures\n- **Tags** — label and categorize messages\n- **Contacts** — manage address book per agent\n\n### Multi-Agent\n- **Account management** — create, list, delete agents with unique email addresses\n- **Agent-to-agent email** — agents can email each other directly via `@localhost`\n- **Task system** — assign tasks to agents, claim, submit results, track status\n- **RPC calls** — synchronous agent-to-agent calls with timeout (long-poll + SSE notification)\n- **Agent directory** — discover other agents by name\n\n**You can watch the whole team work in one place with `agenticmail shell`:**\n\n![agenticmail shell — Solène (QA) and Cassian (developer) coordinating on a build, all visible from the claudecode bridge inbox](./docs/images/shell-inbox.png)\n\nThat's a real multi-agent thread captured in the REPL — the host kicked off one email, Solène verified the file Cassian shipped to disk, and every step is sitting there as ordinary mail. No custom orchestration code. Type `agenticmail shell` any time you want to see what your agents have been up to.\n\n### Gateway (Internet Email)\n- **Relay mode** (beginner) — use your existing Gmail or Outlook as a relay. Emails appear as `you+agentname@gmail.com`. Setup takes 2 minutes.\n- **Domain mode** (advanced) — custom domain via Cloudflare. Agents send from `agent@yourdomain.com` with full DKIM signing, SPF, and DMARC records.\n - Automatic DNS configuration (MX, SPF, DKIM TXT, DMARC, tunnel CNAME)\n - Cloudflare Tunnel for secure inbound traffic without exposing ports\n - Cloudflare Email Worker for Email Routing (catch-all → worker → AgenticMail)\n - Optional Gmail SMTP outbound relay for residential IPs without PTR records\n - Domain purchase via Cloudflare Registrar\n - DNS backup before any modifications\n - Automatic `@domain` email alias for all existing agents\n\n### What `setup-email` actually exposes — read before connecting a relay\n\n\u003e **Heads-up for anyone running `agenticmail setup-email` (or telling Claude / Codex to do it for them).** Once that command succeeds, your sub-agents are reachable from the public internet via Gmail / Outlook plus-addressing. This is *the design* — not a bug — but the implications surprise some operators:\n\n- **Every sub-agent has a publicly addressable inbox the moment setup-email finishes.** Anyone who knows your relay address can hit `yourrelay+\u003cagentname\u003e@gmail.com` and the corresponding agent's AgenticMail inbox receives the message. Plus-addresses are **publicly guessable** (`+secretary`, `+kepler`, …) — don't treat them as a secret.\n- **External mail wakes the dispatcher the same way internal `@localhost` mail does.** When a new-mail event lands on a watched inbox, the dispatcher runs dedup + thread-cache + wake-budget checks and spawns a Claude Code (or Codex) worker turn. Source doesn't matter — `bob@gmail.com` and `secretary@localhost` are indistinguishable from the dispatcher's point of view.\n- **The host bridge takes a different path.** Mail to `yourrelay+claudecode@gmail.com` or `yourrelay+codex@gmail.com` doesn't spawn a worker — it goes to `handleBridgeMail`, which uses the host SDK's `resume` option to wake your last session headlessly. If that fails (session expired, host CLI not running), it falls through to the bridge-escalation email at `setup_operator_email`. So external mail to the bridge can wake your CLI / forward to your phone.\n- **Watchout — spam wakes Claude / Codex turns.** A scraper that finds `astrumsphere+secretary@gmail.com` in a leaked address book can drive worker turns at your expense. Throttles available, ordered from least invasive:\n 1. Let the `wake-budget` guard in `dispatcher.handleEvent` rate-limit naturally (default cap per minute per agent).\n 2. Add inbound spam rules at the relay layer so spam gets filtered before the SSE event publishes (built-in spam filter + tags can do this; see the Security section below).\n 3. For agents that should be internal-only, set `metadata.host` to a value no dispatcher matches, or stop the relay's IMAP poller from publishing on that inbox.\n\n### Security\n- **Outbound guard** — scans every outgoing email for sensitive data patterns:\n - API keys and tokens (AWS, OpenAI, Stripe, GitHub, etc.)\n - Passwords and credentials\n - Private keys (SSH, PGP, RSA)\n - PII patterns (SSN, credit card numbers)\n - Internal URLs and configuration data\n - Blocked emails are held for human-only approval (agents cannot self-approve)\n- **Spam filter** — rule-based scoring engine for inbound email:\n - Categories: phishing, scam, malware, commercial spam, social engineering, lottery scam\n - Configurable threshold (default: 40)\n - Skips internal agent-to-agent emails\n - Runs on both relay inbound and SSE event streams\n- **Human-only approval flow** — when an agent's email is blocked:\n - The agent is informed the email was blocked and told to notify their owner\n - The owner receives a notification email with full blocked email content, warnings, and pending ID\n - Only the master key holder can approve or reject (`POST /mail/pending/:id/approve`)\n - Agents can list and view their own pending emails but **cannot** approve or reject them\n - System prompt guidelines instruct agents to inform their owner and wait, never attempt to bypass\n- **DKIM/SPF/DMARC** — automatic DNS setup in domain mode for email authentication\n- **Rate limiting** — configurable per-endpoint rate limits\n\n### SMS / Phone Number Access\n- **Provider selection** — choose Google Voice legacy forwarding or 46elks direct SMS API/webhooks\n- **46elks integration** — send SMS through the provider API and receive inbound SMS through a secret-protected webhook\n- **Google Voice integration** — give agents a real phone number via Google Voice\n- **Direct Voice web reading** (primary, instant) — reads SMS directly from voice.google.com via browser\n- **Email forwarding** (fallback) — Google Voice forwards SMS to email, agent auto-detects and records them during relay polling\n- **Separate Gmail polling** — for users whose GV Gmail differs from relay email, runs a dedicated IMAP poll\n- **Verification codes** — automatic extraction of OTP/verification codes from SMS (4-8 digit, alphanumeric, Google G-codes)\n- **Send SMS** — direct provider API send when configured, or Google Voice web automation instructions for legacy configs\n- **Smart setup wizard** — validates Gmail/GV email matching, warns about mismatches, collects separate credentials when needed\n\n### Realtime Voice Calls\n- **Live two-way conversation** — `RealtimeVoiceBridge` bridges a phone mission to an OpenAI Realtime (`gpt-realtime`) session so an agent can actually talk on the call, not just place it\n- **Two carriers — 46elks or Twilio** — pick the provider at phone setup; `RealtimeVoiceBridge` is generalised behind a `RealtimeTransportAdapter` so both run through one bridge. 46elks streams to `/api/agenticmail/calls/realtime` (PCM16 @ 24 kHz); Twilio Media Streams connects a `\u003cConnect\u003e\u003cStream\u003e` to `/api/agenticmail/calls/twilio-stream` (G.711 µ-law @ 8 kHz — OpenAI `audio/pcmu`, no transcoding). Server-side VAD for turn-taking, caller barge-in relayed to the carrier.\n- **Memory in the call** — the agent's persistent memory is rendered and folded into the Realtime session instructions, so the model speaks with full continuity, as if it had always known those things\n- **Mission-tracked** — the bridge resolves the connection to its phone mission by 46elks `callid`, authenticates the connection token, and persists the conversation transcript to the mission\n- **Hardened** — per-frame audio size cap, bounded pre-connect buffer, fail-closed connection auth, terminal-state guard\n- **Opt-in** — set `OPENAI_API_KEY` to enable; without it, phone missions still place and track calls (call-control only)\n- **Tools on the call** — the Realtime session can call functions mid-call: `ask_operator` (human-in-the-loop — pause, ask the operator, resume, or call back on disconnect), `web_search`, `recall_memory`, `get_datetime`\n\n### Telegram Channel\n- **Chat with your agents over Telegram** — register a Telegram bot token, link a chat, and message your AgenticMail agent (and get replies) from Telegram\n- **Inbound webhook** — authenticated with a constant-time `X-Telegram-Bot-Api-Secret-Token` compare; uniform 403 on mismatch\n- **Operator channel** — carries `ask_operator` notifications and approvals, so a phone agent can reach you on Telegram mid-call\n- **Secrets protected** — bot tokens encrypted at rest, redacted from every log line and error\n\n### Media Toolset\n- **Nine local media tools** — `media_tts`, `media_tts_voices`, `media_image_edit`, `media_video_edit`, `media_audio_edit`, `media_info`, `media_video_understand`, `media_voice_clone`, plus `media_capabilities`\n- **Text-to-speech** — synthesise speech with Edge TTS (twelve voice presets); returns OGG/Opus, ready to send as a voice note\n- **Image editing** — resize, crop, rotate, convert, compress, text overlay, flip, blur, sharpen, grayscale (ImageMagick)\n- **Video editing** — basic (trim, GIF, compress, resize, add/remove audio, speed) and cinematic (color grading, transitions, captions, picture-in-picture, split screen, Ken Burns, slow motion, watermark, concatenate, auto-caption) — all via ffmpeg\n- **Audio editing** — trim, convert, merge, volume, speed, extract-from-video, reverse, fade\n- **Video understanding** — extract frames + transcribe audio (whisper.cpp) into a structured timeline an agent can read before editing\n- **Voice cloning** — reference-voice speech synthesis via F5-TTS (you supply the reference sample + transcript)\n- **Opt-in / gracefully degrading** — the underlying binaries (ffmpeg, ffprobe, ImageMagick, whisper.cpp, Python) are **not bundled**; every tool feature-detects the binary it needs and returns a clear, actionable install hint when one is absent — the server never crashes. Call `media_capabilities` (or read the `/health` `media` block) to see what is available\n- **Safe by construction** — every binary is invoked via `execFile` with an argument array (never a shell); untrusted input paths are validated (no control characters, no leading-dash flag-injection, must exist) and output files land only inside the configured media directory\n\n### Persistent Agent Memory\n- **Long-term, evolving knowledge** — each agent has a categorised memory (knowledge, preference, correction, skill, reflection, …) that survives across every conversation\n- **Confidence + decay** — entries carry a confidence score that decays for unaccessed knowledge; `critical` entries never decay; low-confidence and expired entries are pruned\n- **BM25F search** — a zero-dependency full-text index ranks recall by relevance, importance, recency, and access count\n- **Prompt + voice injection** — `generateMemoryContext()` renders a ranked markdown block for injection into agent prompts and realtime voice sessions\n- **Private per agent** — every memory endpoint is scoped to the authenticated agent; deleting an agent purges its memory\n- **Everywhere** — `/memory*` REST endpoints, MCP tools (`memory`, `memory_reflect`, `memory_context`, `memory_stats`), and OpenClaw tools (`agenticmail_memory*`)\n\n### Smart Orchestration (call_agent)\n- **Auto mode detection** — reads task complexity, picks light/standard/full mode automatically\n- **Dynamic timeouts** — 60s for quick tasks, 5+ minutes for deep research, 1 hour for async\n- **Runtime tool discovery** — probes host config for available tools instead of static deny lists\n- **Async execution** — long-running tasks run independently, auto-compact context, email results when done\n- **Structured RPC** — sub-agents return JSON, not raw text\n\n### Integrations\n- **MCP server** — 90+ tools for any MCP-compatible AI client\n- **OpenClaw plugin** — 80+ tools with skill definition and system prompt guidelines\n- **REST API** — 75+ endpoints, OpenAPI-style, Bearer token auth\n- **SSE events** — real-time inbox notifications via Server-Sent Events\n- **Interactive CLI** — 44 shell commands with arrow key navigation, body previews, retry logic\n- **Self-updating** — `agenticmail update` or `/update` in shell, with OpenClaw compatibility check\n\n---\n\n## Architecture\n\n```\n ┌──────────────────────────────────────────────────┐\n │ AgenticMail │\n │ │\n AI Client ─MCP─\u003e │ @agenticmail/mcp (100 tools, stdio transport)│\n │ │ │\n OpenClaw ─────\u003e │ @agenticmail/openclaw (89 tools, plugin) │\n │ │ │\n HTTP clients──\u003e │ ▼ │\n │ @agenticmail/api (Express, 75+ endpoints) │\n │ ├── Authentication (master key + agent keys) │\n │ ├── Rate limiting (per-endpoint) │\n │ ├── SSE streaming (real-time inbox events) │\n │ └── Spam filter + Outbound guard │\n │ │ │\n │ ▼ │\n │ @agenticmail/core (SDK layer) │\n │ ├── AccountManager (CRUD agents in Stalwart) │\n │ ├── MailSender (SMTP, nodemailer) │\n │ ├── MailReceiver (IMAP, imapflow) │\n │ ├── InboxWatcher (IMAP IDLE → events) │\n │ ├── GatewayManager (relay + domain routing) │\n │ │ ├── RelayGateway (Gmail/Outlook) │\n │ │ ├── CloudflareClient (DNS, tunnels, etc) │\n │ │ ├── TunnelManager (cloudflared) │\n │ │ ├── DNSConfigurator (MX, SPF, DKIM) │\n │ │ └── DomainPurchaser (Registrar API) │\n │ ├── StalwartAdmin (mail server management) │\n │ ├── EmailSearchIndex (FTS5 full-text search) │\n │ └── Storage (SQLite + migrations) │\n │ │ │\n │ ▼ │\n │ Stalwart Mail Server (Docker container) │\n │ ├── SMTP (port 587) — submission │\n │ ├── SMTP (port 25) — inbound delivery │\n │ ├── IMAP (port 143) — mailbox access │\n │ └── HTTP (port 8080) — admin API │\n └──────────────────────────────────────────────────┘\n │ │\n ┌─────────────┘ └──────────────┐\n ▼ ▼\n Relay Mode Domain Mode\n ┌──────────────────┐ ┌──────────────────────┐\n │ Gmail / Outlook │ │ Cloudflare │\n │ IMAP polling │ │ ├── DNS zone │\n │ SMTP relay │ │ ├── Tunnel │\n │ Sub-addressing │ │ ├── Email Routing │\n │ (+agent@gmail) │ │ ├── Email Worker │\n └──────────────────┘ │ └── Registrar │\n └──────────────────────┘\n```\n\n### Data Flow\n\n**Sending email (relay mode):**\n1. Agent calls `POST /mail/send` with recipient, subject, body\n2. API runs outbound guard scan — if sensitive data found, email is blocked and owner notified\n3. GatewayManager detects external recipient → routes to RelayGateway\n4. RelayGateway sends via Gmail SMTP as `owner+agentname@gmail.com`\n5. Reply-To set to agent's relay address so replies route back\n\n**Sending email (domain mode):**\n1. Agent calls `POST /mail/send`\n2. Outbound guard scan runs\n3. GatewayManager rewrites `agent@localhost` → `agent@yourdomain.com`\n4. Email submitted to local Stalwart via SMTP (port 587)\n5. Stalwart signs with DKIM, resolves MX, delivers directly (or via Gmail relay)\n\n**Receiving email (relay mode):**\n1. RelayGateway polls Gmail IMAP every 30 seconds for new messages\n2. New email detected → parsed → spam scored\n3. If not spam, delivered to agent's local Stalwart mailbox via SMTP\n4. `X-AgenticMail-Relay: inbound` header added for identification\n5. InboxWatcher (IMAP IDLE) fires SSE event to connected clients\n\n**Receiving email (domain mode):**\n1. External sender sends to `agent@yourdomain.com`\n2. Cloudflare Email Routing catches all → routes to Email Worker\n3. Worker reads raw RFC822 message, base64-encodes, POSTs to `/api/agenticmail/mail/inbound`\n4. Inbound endpoint validates secret, parses email, delivers to agent's mailbox\n5. InboxWatcher fires SSE event\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- [Node.js](https://nodejs.org) **22 or later** (we use the built-in `node:sqlite` module — zero native compilation, no `node-gyp` headaches)\n- `brew` (macOS) or `apt` (Linux) so the wizard can install Colima / Docker if you don't already have it\n\n### Two install paths\n\n| Path | When to use | Command |\n|---|---|---|\n| **Autonomous** ✨ | Letting an AI agent (e.g. Claude Code) install AgenticMail on your behalf, or you just want zero questions | `npm install -g @agenticmail/cli \u0026\u0026 agenticmail bootstrap` |\n| **Interactive** | You want to connect a Gmail relay or your own domain right away | `npm install -g @agenticmail/cli \u0026\u0026 agenticmail setup` |\n\n#### Autonomous install (recommended for most users)\n\n```bash\n# Option A — one-liner (does the npm install + bootstrap for you, plus a Node 22+ preflight)\ncurl -fsSL https://raw.githubusercontent.com/agenticmail/agenticmail/main/install.sh | bash\n\n# Option B — equivalent, manually\nnpm install -g @agenticmail/cli\nagenticmail bootstrap\n```\n\nEither path: zero prompts. The pipeline:\n\n1. **`agenticmail setup --yes`** — auto-installs Colima + Docker if missing, starts the Stalwart mail server, generates your master key, creates a default \"secretary\" agent. **Skips external email/SMS setup** (those need user-owned credentials; add them later if you want).\n2. **`agenticmail service install`** — registers a launchd plist (macOS) / systemd unit (Linux) so the API auto-starts on boot, and starts it now.\n3. Waits for `GET /api/agenticmail/health` to come up on the configured port (default `http://127.0.0.1:3829`).\n4. **`agenticmail claudecode`** — wires the Claude Code integration in if you have Claude Code installed (idempotent / no-op otherwise).\n\nAfter this, you have a fully working local AgenticMail with internal multi-agent coordination over `*@localhost`. Add an external Gmail relay or your own domain anytime with `agenticmail setup` (interactive).\n\n#### Interactive install\n\n```bash\nnpm install -g @agenticmail/cli\nagenticmail setup\n```\n\nThe wizard walks you through everything: dependency checks, master key generation, mail-server start, optional Gmail relay or custom domain, optional SMS setup, optional realtime voice (OpenAI API key), optional phone calling (pick **46elks or Twilio** and enter that carrier's credentials), optional Telegram channel (bot token + chat link), and optional OpenClaw integration. Every optional step is skippable and re-runnable any time. With `--yes` / `--non-interactive` all the optional steps are skipped with safe defaults.\n\nThe new optional steps in detail:\n\n- **Realtime voice** — paste an OpenAI API key to enable live spoken phone calls (the realtime voice bridge). Without it, phone missions still place and track call-control calls; only the spoken-conversation bridge is unavailable. The key is stored as `openaiApiKey` in `~/.agenticmail/config.json` (file mode 0600).\n- **Phone calling** — pick your carrier (`46elks` or `twilio`), enter that carrier's credentials (46elks API username/password, or Twilio Account SID/Auth Token), a caller number, and a public HTTPS webhook base URL. The webhook secret is auto-generated if you don't supply one. Persisted to the agent's phone-transport config.\n- **Telegram channel** — paste a bot token from `@BotFather` and your chat id. The token is verified with Telegram before it's stored; the channel comes up in poll mode and `agenticmail start` auto-spawns a standalone bridge service that wakes the agent on inbound DMs with the full MCP toolset (memory, send_email, call_phone, …) available.\n\n### Want non-interactive setup? (env-piped, AI-assistant-friendly)\n\nSame setup, no prompts — secrets ride in via env vars. Useful for Claude / Codex / scripted installs:\n\n```bash\n# Email\nGMAIL_PASSWORD=… agenticmail setup-email \u003cgmail-address\u003e\n\n# Twilio outbound calls (auto-opens a free Cloudflare quick-tunnel if you\n# don't have a public HTTPS URL — no Cloudflare account required)\nTWILIO_ACCOUNT_SID='\u003csid\u003e' TWILIO_AUTH_TOKEN='\u003ctoken\u003e' \\\nAGENTICMAIL_PHONE_NUMBER='\u003cE.164\u003e' \\\n agenticmail setup-phone --provider twilio\n\n# Telegram (bridge auto-spawns on next `agenticmail start`)\nTELEGRAM_BOT_TOKEN='\u003cfrom @BotFather\u003e' TELEGRAM_CHAT_ID='\u003cyour chat id\u003e' \\\n agenticmail setup-telegram\n\n# Manual tunnel control (not usually needed — setup-phone opens one for you)\nagenticmail tunnel start # cloudflared quick-tunnel\nagenticmail tunnel url # prints the *.trycloudflare.com URL\nagenticmail tunnel stop\n```\n\n### Skip external email entirely?\n\nYes. AgenticMail works in **local-only mode** — agents email each other at `*@localhost` through the bundled Stalwart server with full RFC-822 routing, threading, attachments, and search. That's all the Claude Code multi-agent flow needs. The external Gmail/domain relay is optional and only matters when you want agents to send mail to the public internet.\n\n### What the wizard does for you\n\n- Checks Node, Colima/Docker, brew/apt\n- Generates a master API key (saved to `~/.agenticmail/config.json`, file mode 0600)\n- Initialises the SQLite database (`node:sqlite` — Node 22+ built-in, **no native compilation, no prebuilt binaries needed**)\n- Starts Stalwart in a Docker container\n- Creates your first agent with its own email and API key\n- Optionally configures a gateway (relay or domain) for internet email\n- Optionally enables realtime voice (OpenAI API key), phone calling (46elks or Twilio), and the Telegram channel\n\n### Send your first email (programmatic)\n\n```typescript\nimport { AgenticMailClient } from '@agenticmail/cli';\n\nconst client = new AgenticMailClient({\n apiUrl: 'http://127.0.0.1:3829',\n apiKey: 'ak_your_agent_api_key',\n});\n\n// Send an email\nawait client.send({\n to: 'colleague@example.com',\n subject: 'Hello from my AI agent',\n text: 'This email was sent by an AI agent using AgenticMail.',\n});\n\n// Check inbox\nconst inbox = await client.listInbox(10);\nfor (const msg of inbox) {\n console.log(`${msg.from} — ${msg.subject}`);\n}\n\n// Read a specific email\nconst email = await client.readMessage(inbox[0].uid);\nconsole.log(email.text);\n```\n\n### Send your first email (CLI)\n\n```\nagenticmail\u003e /send\nTo: someone@example.com\nSubject: Test email\nBody: Hello from the AgenticMail shell!\n\nEmail sent! Message ID: \u003cabc123@localhost\u003e\n```\n\n### Send your first email (curl)\n\n```bash\ncurl -X POST http://127.0.0.1:3829/api/agenticmail/mail/send \\\n -H \"Authorization: Bearer ak_your_agent_key\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"to\": \"someone@example.com\",\n \"subject\": \"Hello\",\n \"text\": \"Sent via the AgenticMail API.\"\n }'\n```\n\n---\n\n## CLI Commands\n\nAgenticMail includes a full CLI for managing your server. All commands are available via `agenticmail \u003ccommand\u003e` or `npx @agenticmail/cli@latest \u003ccommand\u003e`.\n\n### Core Commands\n\n| Command | Description |\n|---------|-------------|\n| `agenticmail` | **Start the server** (runs setup first if not initialized). Opens the interactive shell after startup. This is the default command — just run `agenticmail` with no arguments. |\n| `agenticmail bootstrap` | ✨ **Zero-question install.** One-shot pipeline: setup + service install + claudecode wiring. Designed for AI agents (Claude Code, scripts, CI) to run on a user's behalf — no prompts, no decisions. Skips Gmail relay and SMS setup (which need user-owned credentials); add them later with `agenticmail setup`. |\n| `agenticmail setup` | **Run the setup wizard** interactively. Walks you through system checks, account creation, service startup, email connection (Gmail/Outlook/custom domain), phone number (SMS) setup, realtime voice (OpenAI API key), phone calling (46elks or Twilio), the Telegram channel, and OpenClaw integration. Pass `--yes` (or `-y`, `--non-interactive`) to skip every prompt and use safe defaults. Safe to re-run — won't overwrite existing config. |\n| `agenticmail start` | **Start the server** and open the interactive shell. Ensures Docker is running, Stalwart is up, and the API server is reachable. Automatically installs the auto-start service if not already set up. |\n| `agenticmail shell` | 👀 **Drop into the interactive shell against an already-running server.** Use this to monitor every agent's inbox, send mail on their behalf, watch the dispatcher event feed, or run any of the 44+ shell commands. Exits cleanly with `/exit`; the server keeps running. Best command to point a user at when they ask \"what have my agents been doing?\" |\n| `agenticmail web` | 🌐 **Open the Gmail-style web UI in your browser.** Two-column layout (sidebar with Compose + folders / content pane), 24×24 vector icons, hash router, real-time SSE updates, full markdown rendering, compose + reply with the `wake` parameter surfaced as a field. Same master key as the API. Available at `http://127.0.0.1:3829/` whenever the API server is running. |\n| `agenticmail stop` | **Stop the server.** Kills the background API server process. If auto-start is enabled, it will restart on next boot. Use `agenticmail service uninstall` to fully disable. |\n| `agenticmail status` | **Show what's running.** Displays the status of Docker, Stalwart, the API server, email connection, and auto-start service. |\n\n### Integration Commands\n\n| Command | Description |\n|---------|-------------|\n| `agenticmail openclaw` | **Set up AgenticMail for OpenClaw.** Starts infrastructure, creates an agent, configures the OpenClaw plugin, enables agent auto-spawn via hooks, and restarts the OpenClaw gateway. |\n| `agenticmail claudecode` | ✨ **Set up AgenticMail for Claude Code.** Provisions a dedicated \"claudecode\" bridge agent, writes an MCP server entry to `~/.claude.json`, generates a Claude Code subagent file per AgenticMail agent under `~/.claude/agents/`, and starts the dispatcher daemon (PM2-managed) that auto-wakes agents on inbound mail or `/tasks/rpc`. No separate Anthropic key needed — workers ride on your existing Claude OAuth. Flags: `--status`, `--remove`, `--purge-bridge`. See [@agenticmail/claudecode on npm](https://www.npmjs.com/package/@agenticmail/claudecode) for the full design. |\n\n### Service Management (Auto-Start)\n\nAgenticMail installs a system service so it automatically starts when your computer boots. On macOS this is a LaunchAgent; on Linux it's a systemd user service.\n\n| Command | Description |\n|---------|-------------|\n| `agenticmail service` | **Show auto-start status.** Displays whether the service is installed and running. |\n| `agenticmail service install` | **Install the auto-start service.** AgenticMail will start automatically on boot. The startup script waits up to 10 minutes for Docker to be ready, then checks that Stalwart is running (starts it if needed), then launches the API server. |\n| `agenticmail service uninstall` | **Remove the auto-start service.** AgenticMail will no longer start on boot. |\n| `agenticmail service reinstall` | **Reinstall the service.** Use this after config changes or updates to refresh the service file. |\n\n**What happens on reboot:**\n1. Your computer starts → Docker Desktop launches (its own auto-start)\n2. Stalwart mail server starts (`restart: unless-stopped` in Docker)\n3. AgenticMail startup script waits for Docker to be ready (up to 10 min)\n4. Script verifies Stalwart is running (auto-starts it if Docker restarted without it)\n5. API server starts and begins accepting requests\n\nIf the API server crashes, the system service automatically restarts it.\n\n### Maintenance Commands\n\n| Command | Description |\n|---------|-------------|\n| `agenticmail update` | **Update to the latest version.** Checks npm for a new version, updates the CLI and OpenClaw plugin, and restarts the OpenClaw gateway if applicable. |\n| `agenticmail help` | **Show available commands.** |\n\n### Logs\n\nServer logs are stored in `~/.agenticmail/logs/`:\n- `server.log` — API server stdout\n- `server.err.log` — API server stderr\n- `startup.log` — Boot sequence log (Docker wait times, Stalwart checks)\n\n---\n\n## Gateway Modes\n\nAgenticMail supports two modes for sending/receiving real internet email:\n\n### Relay Mode (Beginner-Friendly)\n\nUse your existing Gmail or Outlook account as a relay. No domain purchase needed. Setup takes under 2 minutes.\n\n**How it works:**\n- Outbound: emails sent via your Gmail/Outlook SMTP as `you+agentname@gmail.com`\n- Inbound: AgenticMail polls your Gmail/Outlook IMAP for new messages addressed to `you+agentname@gmail.com` and delivers them to the agent's local mailbox\n- Gmail's `+` sub-addressing routes replies back to the right agent\n\n**Setup:**\n```bash\n# In the interactive shell:\nagenticmail\u003e /relay\n\n# Or via API:\ncurl -X POST http://127.0.0.1:3829/api/agenticmail/gateway/relay \\\n -H \"Authorization: Bearer mk_your_master_key\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"provider\": \"gmail\",\n \"email\": \"you@gmail.com\",\n \"password\": \"xxxx xxxx xxxx xxxx\"\n }'\n```\n\n**Requirements:**\n- Gmail: [App password](https://myaccount.google.com/apppasswords) (not your regular password)\n- Outlook: App password from Microsoft account security settings\n\n### Domain Mode (Advanced)\n\nFull custom domain with Cloudflare. Agents send from `agent@yourdomain.com` with proper email authentication.\n\n**What gets configured automatically:**\n- Cloudflare DNS zone creation\n- MX records pointing to Cloudflare Email Routing\n- SPF record (`v=spf1 include:_spf.mx.cloudflare.net ~all`)\n- DKIM key generation and TXT record\n- DMARC record (`v=DMARC1; p=quarantine`)\n- Cloudflare Tunnel (CNAME record, ingress rules)\n- Cloudflare Email Worker deployment (catches all inbound email)\n- Catch-all Email Routing rule → Worker → AgenticMail inbound endpoint\n- Stalwart hostname, DKIM signing, domain principal\n- `@domain` email aliases for all existing agents\n- Optional: Gmail SMTP outbound relay, domain purchase\n\n**Setup:**\n```bash\ncurl -X POST http://127.0.0.1:3829/api/agenticmail/gateway/domain \\\n -H \"Authorization: Bearer mk_your_master_key\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"cloudflareToken\": \"your_cf_api_token\",\n \"cloudflareAccountId\": \"your_cf_account_id\",\n \"domain\": \"yourdomain.com\",\n \"gmailRelay\": {\n \"email\": \"you@gmail.com\",\n \"appPassword\": \"xxxx xxxx xxxx xxxx\"\n }\n }'\n```\n\n**Cloudflare API token permissions needed:**\n- Zone: DNS (Edit), Email Routing (Edit)\n- Account: Cloudflare Tunnel (Edit), Workers Scripts (Edit), Registrar (Edit — only if purchasing domains)\n\n---\n\n## Packages\n\nThis is a TypeScript monorepo. Seven packages, each shipped to npm independently.\n\n| Package | Description | Install |\n|---------|-------------|---------|\n| [`@agenticmail/cli`](./agenticmail) | CLI, setup wizard, interactive shell. Install this to get started. | `npm i -g @agenticmail/cli` |\n| [`@agenticmail/core`](./packages/core) | Core SDK — accounts, SMTP/IMAP, gateway, spam filter, outbound guard, storage | `npm i @agenticmail/core` |\n| [`@agenticmail/api`](./packages/api) | Express REST API server with 75+ endpoints | `npm i @agenticmail/api` |\n| [`@agenticmail/mcp`](./packages/mcp) | MCP server with 100 tools for any MCP-compatible AI client | `npm i -g @agenticmail/mcp` |\n| [`@agenticmail/claudecode`](./packages/claudecode) | Anthropic Claude Code integration — registers MCP server + native subagents + lifecycle hooks + dispatcher daemon | `npm i -g @agenticmail/claudecode` |\n| [`@agenticmail/codex`](./packages/codex) | OpenAI Codex CLI integration — same architecture as `@agenticmail/claudecode`, adapted to Codex's TOML config and `spawn_agent` tool | `npm i -g @agenticmail/codex` |\n| [`@agenticmail/openclaw`](./packages/openclaw) | OpenClaw plugin with 89 tools and skill definition | `openclaw plugin install agenticmail` |\n\n**Plugin folders** (host marketplace manifests, separate from npm packages):\n\n| Folder | Host | What's inside |\n|---|---|---|\n| [`plugin/`](./plugin) | Claude Code | `.claude-plugin/plugin.json` manifest + `.mcp.json` + skills. Ship target for Anthropic's plugin marketplace. |\n| [`plugin-codex/`](./plugin-codex) | OpenAI Codex CLI | `.codex-plugin/plugin.json` manifest + `hooks/hooks.json` + `mcp_servers.toml` snippet + agent template. Ship target for Codex's plugin discovery (`~/.codex/plugins/`). |\n\n**Dependency graph:**\n```\n@agenticmail/cli ──────\u003e @agenticmail/api ────\u003e @agenticmail/core\n@agenticmail/mcp (standalone — HTTP calls to API)\n@agenticmail/claudecode (peer-dep on @anthropic-ai/claude-agent-sdk)\n@agenticmail/codex (peer-dep on @openai/codex-sdk)\n@agenticmail/openclaw (standalone — HTTP calls to API)\n```\n\n---\n\n## API Overview\n\nAll endpoints are under `/api/agenticmail`. Authentication via `Authorization: Bearer \u003ckey\u003e` header.\n\nTwo key types:\n- **Master key** (`mk_...`) — full admin access (create/delete agents, approve blocked emails, gateway config)\n- **Agent key** (`ak_...`) — scoped to one agent (read own inbox, send email, manage own drafts/contacts/etc.)\n\n### Key Endpoints\n\n| Method | Path | Auth | Description |\n|--------|------|------|-------------|\n| **Mail** | | | |\n| `POST` | `/mail/send` | Agent | Send email (text, HTML, attachments) |\n| `GET` | `/mail/inbox` | Agent | List inbox messages (paginated) |\n| `GET` | `/mail/digest` | Agent | Inbox with body previews |\n| `GET` | `/mail/messages/:uid` | Agent | Read full email with headers and attachments |\n| `POST` | `/mail/search` | Agent | Search by from, subject, body, date |\n| `POST` | `/mail/messages/:uid/move` | Agent | Move to folder |\n| `POST` | `/mail/messages/:uid/spam` | Agent | Report as spam |\n| `GET` | `/mail/folders` | Agent | List all folders |\n| `GET` | `/mail/pending` | Both | List blocked outbound emails |\n| `POST` | `/mail/pending/:id/approve` | Master | Approve blocked email |\n| `POST` | `/mail/pending/:id/reject` | Master | Reject blocked email |\n| **Accounts** | | | |\n| `POST` | `/accounts` | Master | Create new agent |\n| `GET` | `/accounts` | Master | List all agents with metadata |\n| `GET` | `/accounts/me` | Agent | Get own agent info |\n| `DELETE` | `/accounts/:id` | Master | Delete agent (with email archival) |\n| `GET` | `/accounts/directory` | Both | Agent discovery directory |\n| **Events** | | | |\n| `GET` | `/events` | Agent | SSE stream — new email with route metadata, flags, expunge events |\n| **Gateway** | | | |\n| `GET` | `/gateway/status` | Both | Current gateway mode and health |\n| `POST` | `/gateway/relay` | Master | Configure relay mode |\n| `POST` | `/gateway/domain` | Master | Configure domain mode |\n| `POST` | `/gateway/test` | Both | Send a test email |\n| **Tasks** | | | |\n| `POST` | `/tasks/assign` | Both | Assign task to another agent |\n| `POST` | `/tasks/rpc` | Both | Synchronous agent-to-agent RPC (long-poll) |\n| `GET` | `/tasks/pending` | Agent | List tasks assigned to me |\n| `POST` | `/tasks/:id/claim` | Agent | Claim a pending task |\n| `POST` | `/tasks/:id/result` | Agent | Submit task result |\n\nPlus endpoints for drafts, contacts, tags, rules, signatures, templates, scheduled emails, spam management, batch operations, domains, and agent deletion/cleanup.\n\nSee the [API package README](./packages/api) for complete endpoint documentation.\n\n---\n\n## MCP Integration\n\nThe MCP server exposes 80+ tools to any MCP-compatible AI client via stdio transport.\n\n### Setup\n\nAdd to your MCP client configuration (e.g., `.mcp.json` or project settings):\n\n```json\n{\n \"mcpServers\": {\n \"agenticmail\": {\n \"command\": \"npx\",\n \"args\": [\"agenticmail-mcp\"],\n \"env\": {\n \"AGENTICMAIL_API_URL\": \"http://127.0.0.1:3829\",\n \"AGENTICMAIL_API_KEY\": \"ak_your_agent_key\"\n }\n }\n }\n}\n```\n\n### Desktop Clients\n\nFor desktop AI applications, add the same configuration to your app's MCP config file (check your app's documentation for the file location).\n\n### What your AI can do\n\nOnce connected, your AI can:\n- \"Check my inbox\" → `list_inbox`\n- \"Send an email to john@example.com about the project update\" → `send_email`\n- \"Reply to that last email saying thanks\" → `reply_email`\n- \"Search for emails from Sarah about the budget\" → `search_emails`\n- \"Create a draft response to the client\" → `manage_drafts`\n- \"What tasks are assigned to me?\" → `check_tasks`\n- \"Ask the research agent to look up competitor pricing\" → `call_agent`\n\nSee the [MCP package README](./packages/mcp) for the full tool list.\n\n---\n\n## Host Integrations\n\nAgenticMail is host-agnostic at the protocol level (it's just SMTP/IMAP/HTTP/MCP under the hood), but each agentic CLI host expects its config + hooks + subagent definitions in a slightly different shape. We ship one **host integration package** per supported host. Each one:\n\n1. Registers the AgenticMail MCP server in the host's config so the model can see all 100 tools.\n2. Surfaces every AgenticMail account as a native sub-agent the model can dispatch to.\n3. Wires up the host's lifecycle hooks (`SessionStart`, `UserPromptSubmit`, `Stop`) so the agent gets a fresh-mail digest and capabilities preamble at the right moments.\n4. Runs a long-lived **dispatcher daemon** that watches every account's inbox via SSE and spawns a one-shot model turn whenever new mail or a task arrives — so agents wake on each other's replies automatically without polling.\n\n### Currently shipping\n\n| Host | Package | Plugin folder | Status |\n|---|---|---|---|\n| Anthropic Claude Code | [`@agenticmail/claudecode`](./packages/claudecode) | [`plugin/`](./plugin) | **Shipping (0.2.x)** |\n| OpenAI Codex CLI | [`@agenticmail/codex`](./packages/codex) | [`plugin-codex/`](./plugin-codex) | **Shipping (0.1.x)** |\n\nBoth integrations share the same dispatcher architecture (per-agent serialization, wake-coalesce, wake-budget, restart recovery, capabilities preamble). The host-specific bits are: config-file format (JSON vs TOML), subagent definition syntax (markdown+frontmatter vs TOML heredoc), and the SDK we drive workers through (`@anthropic-ai/claude-agent-sdk` vs `@openai/codex-sdk`).\n\n### Picking the right install path\n\n| You want… | Run |\n|---|---|\n| **One-line setup for Claude Code** | `npm install -g @agenticmail/cli \u0026\u0026 agenticmail claudecode` |\n| **One-line setup for Codex** | `npm install -g @agenticmail/codex \u0026\u0026 agenticmail-codex install` |\n| **Install both side-by-side** | Run both — they don't conflict. Each writes to its own host's config; the AgenticMail accounts are shared. |\n| **Marketplace install (Anthropic plugin store)** | Drop [`plugin/`](./plugin) into your Claude Code plugin directory and run `/agenticmail-install`. |\n| **Marketplace install (Codex `~/.codex/plugins/`)** | Copy [`plugin-codex/`](./plugin-codex) to `~/.codex/plugins/agenticmail/`. |\n| **Programmatic (your own provisioning script)** | `import { install } from '@agenticmail/claudecode'` or `'@agenticmail/codex'` — same shape, different host. |\n\n### Cross-host coordination\n\nThe mail layer is the lingua franca. An agent running under Claude Code can email an agent running under Codex (or vice versa) using the exact same `send_email({ to, cc, wake })` MCP tool — the message lands in the target's inbox, the target's host-specific dispatcher picks it up, spawns the right kind of turn (Claude or Codex), and the agent replies-all to the thread. From the sender's perspective there's no API difference between \"my teammate runs under the same host as me\" and \"my teammate runs under a different host.\" That's the whole point of routing through email instead of host-native peer messaging.\n\n### Roadmap\n\n| Host | Status | Notes |\n|---|---|---|\n| xAI Grok Build CLI | Researched — see [wiki](https://github.com/agenticmail/agenticmail/wiki/Integration-Grok-Build) | Blocked on getting a SuperGrok Heavy seat to validate the closed-beta config-file paths against the community CLI proxy. ~80% architectural overlap. |\n| Nous Research Hermes Agent | Researched — see [wiki](https://github.com/agenticmail/agenticmail/wiki/Integration-Hermes) | Python-native plugin (`pip install hermes-agent-agenticmail`). ~75% architectural overlap with claudecode/codex. |\n\n---\n\n## OpenClaw Integration\n\nAlready have OpenClaw? Two steps:\n\n```bash\n# Step 1 — Install AgenticMail globally and run the setup wizard\nnpm install -g @agenticmail/cli \u0026\u0026 agenticmail setup\n```\n\n```bash\n# Step 2 — Connect AgenticMail to your OpenClaw instance\nagenticmail openclaw\n```\n\nThat's it. The global install gives you the `agenticmail` command. The `openclaw` command will start the mail server, create an agent, and merge the plugin config into your `openclaw.json` automatically. Your OpenClaw agent now has its own email address.\n\n### Manual Configuration\n\nIf you prefer to configure manually, add to `~/.openclaw/openclaw.json`:\n\n```json\n{\n \"plugins\": {\n \"agenticmail\": {\n \"enabled\": true,\n \"config\": {\n \"apiUrl\": \"http://127.0.0.1:3829\",\n \"apiKey\": \"ak_your_agent_key\",\n \"masterKey\": \"mk_your_master_key\"\n }\n }\n }\n}\n```\n\nThe plugin survives OpenClaw updates — plugin configuration lives in user config (`~/.openclaw/openclaw.json`), not in the OpenClaw source directory.\n\n### Chat with Your AI Agent\n\nUse `/chat` in the AgenticMail shell to talk directly to your OpenClaw agent in real-time:\n\n```\n╭───────────────────────────────────────────────╮\n│ ❯ what's the weather in NYC? │\n╰───────────────────────────────────────────────╯\n You 👤\n ╭──────────────╮\n │ what's the │\n │ weather in │\n │ NYC? │\n ╰──────────────╯\n🎀 Fola\n╭──────────────────────────────────────╮\n│ Currently 42°F and cloudy in NYC. │\n╰──────────────────────────────────────╯\n```\n\n- WebSocket connection to OpenClaw gateway with Ed25519 device auth\n- Bubble-style chat UI with markdown rendering\n- Animated thinking indicator with elapsed timer\n- Multi-line input (Enter sends, `\\` + Enter for new lines)\n\n### Smart Sub-Agent Spawning\n\nThe `call_agent` tool intelligently spawns sub-agents:\n\n- **Auto mode detection** — light (simple tasks), standard (web research), full (multi-agent coordination)\n- **Dynamic timeouts** — 60s / 180s / 300s based on complexity\n- **Dynamic tool discovery** — probes OpenClaw config at runtime instead of static deny lists\n- **Async mode** — `call_agent(async=true)` for long-running tasks. The caller polls `/tasks/assigned` for completion; the assigned agent **emails the result back to the caller** when it has email capability enabled. In a localhost-only / no-relay setup the result still lands in the caller's local mailbox, so check `/mail/inbox` if you don't see an SMTP delivery.\n- **Web search fallback** — uses DuckDuckGo when Brave API isn't configured\n\nSee the [OpenClaw package README](./packages/openclaw) for the full tool list.\n\n---\n\n## Interactive Shell\n\nThe CLI includes a full-featured interactive shell with 44 commands:\n\n```\nagenticmail\u003e /inbox\n\n ★ 1 john@example.com Project Update 2m ago\n 2 sarah@example.com Re: Budget Review 1h ago\n 3 notifications@github.com [repo] New issue #42 3h ago\n\n ─────────────────────────────────────────────────\n Page 1/3 ─ [←] prev [→] next [v] toggle previews [Esc] back\n\n Use ↑↓ arrow keys to select, Enter to read inline\n```\n\n**Key features:**\n- Arrow key navigation with cursor selection\n- Body preview toggle (press `v`)\n- Inline email reading (press `Enter`)\n- Unread markers (`★`)\n- 3-retry input validation on all prompts\n- Paginated views with `←`/`→` navigation\n\n### Command Reference\n\n```\nEmail: /inbox /send /read /reply /forward /search /delete /save\n /thread /unread /archive /trash\nOrganize: /folders /contacts /drafts /signature /templates /schedule /tag\nAgents: /agents /switch /deleteagent /deletions\nSecurity: /spam /rules /pending\nGateway: /relay /digest /setup /status /openclaw\nSystem: /help /clear /exit\n```\n\n---\n\n## Security\n\n### Outbound Guard\n\nEvery outgoing email is scanned before sending. The guard detects:\n\n| Category | Examples |\n|----------|----------|\n| API keys | `sk-...`, `AKIA...`, `ghp_...`, `sk_live_...` |\n| Credentials | `password: ...`, `secret: ...`, `token: ...` |\n| Private keys | `-----BEGIN RSA PRIVATE KEY-----` |\n| PII | Social security numbers, credit card patterns |\n| Internal data | Localhost URLs, internal IPs, config file contents |\n\nWhen sensitive data is detected:\n1. Email is **blocked** and saved to the `pending_outbound` table\n2. Agent receives a response explaining what was blocked and why, with instructions to inform their owner\n3. Owner (master key holder) is notified via email with the full blocked email content, security warnings, recipient, subject, and pending ID\n4. Owner approves or rejects via the master key API (`POST /mail/pending/:id/approve` or `/reject`) or by replying to the notification email\n5. Agents **cannot** approve or reject their own blocked emails — the approve/reject endpoints require the master key\n6. Agents can only list and view their pending emails to check approval status\n7. MCP and OpenClaw tools enforce this by rejecting approve/reject actions with a message directing agents to inform their owner\n8. System prompt guidelines (OpenClaw) instruct agents to never attempt self-approval or rewrite emails to bypass detection\n\n### Spam Filter\n\nInbound emails are scored against rule-based patterns:\n\n| Category | Score Range | Examples |\n|----------|-------------|----------|\n| Phishing | 10-30 | Fake login pages, urgency language, spoofed senders |\n| Scam | 15-25 | Nigerian prince, lottery winner, inheritance schemes |\n| Malware | 20-30 | Suspicious attachments, executable links |\n| Commercial | 5-15 | Unsolicited marketing, unsubscribe-heavy emails |\n| Social engineering | 10-20 | Impersonation, authority pressure |\n\n- Emails scoring \u003e= 40 (configurable) are moved to Spam folder\n- Emails scoring 20-39 get a warning flag\n- Internal agent-to-agent emails skip spam filtering entirely\n- Relay-rewritten emails (`@localhost` from, external replyTo) are always treated as external\n\n### Authentication\n\n- **Master key** — full admin access, required for agent creation/deletion, gateway config, email approval\n- **Agent API keys** — scoped per-agent, can only access own inbox and send from own address\n- **Inbound webhook secret** — authenticates Cloudflare Email Worker requests to the inbound endpoint\n\n---\n\n## Configuration\n\n### Environment Variables\n\n```bash\n# === Required ===\nAGENTICMAIL_MASTER_KEY=mk_your_key # Master API key (generate: openssl rand -hex 32)\n\n# === Stalwart Mail Server ===\nSTALWART_ADMIN_USER=admin # Stalwart admin username\nSTALWART_ADMIN_PASSWORD=changeme # Stalwart admin password\nSTALWART_URL=http://localhost:8080 # Stalwart HTTP admin URL\n\n# === SMTP/IMAP (local Stalwart) ===\nSMTP_HOST=localhost # SMTP host\nSMTP_PORT=587 # SMTP submission port\nIMAP_HOST=localhost # IMAP host\nIMAP_PORT=143 # IMAP port\n\n# === Optional ===\nAGENTICMAIL_API_PORT=3829 # API server port (default: 3829 — chosen to\n # avoid 3000/3100/3200/3300/4000/5000/8000/8080\n # which are all common dev-tool defaults)\nAGENTICMAIL_API_HOST=127.0.0.1 # API bind host (default: 127.0.0.1; loopback only)\nAGENTICMAIL_DATA_DIR=~/.agenticmail # Data directory for SQLite DB and config\n\n# === Realtime Voice (optional) ===\nOPENAI_API_KEY=sk-... # Enables the realtime voice bridge — bridges a\n # phone mission to an OpenAI Realtime session.\n # Without it, calls are call-control only.\n\n# === Gateway: Relay Mode ===\nRELAY_PROVIDER=gmail # gmail or outlook\nRELAY_EMAIL=you@gmail.com # Your email address\nRELAY_PASSWORD=xxxx xxxx xxxx xxxx # App password\n\n# === Gateway: Domain Mode ===\nCLOUDFLARE_API_TOKEN=your_token # Cloudflare API token\nCLOUDFLARE_ACCOUNT_ID=your_account_id # Cloudflare account ID\nAGENTICMAIL_DOMAIN=yourdomain.com # Your domain\nAGENTICMAIL_INBOUND_SECRET=your_secret # Shared secret for Email Worker\n\n# === Gmail SMTP Relay (domain mode outbound) ===\nGMAIL_RELAY_EMAIL=you@gmail.com # Gmail address for outbound relay\nGMAIL_RELAY_APP_PASSWORD=xxxx xxxx xxxx # Gmail app password\n\n# === Debug ===\n# AGENTICMAIL_DEBUG=1 # Enable verbose per-message logging\n```\n\n### Docker Compose\n\n```yaml\n# docker-compose.yml (included in repo)\nservices:\n stalwart:\n image: stalwartlabs/stalwart:latest\n container_name: agenticmail-stalwart\n ports:\n - \"8080:8080\" # HTTP Admin + JMAP\n - \"587:587\" # SMTP Submission\n - \"143:143\" # IMAP\n - \"25:25\" # SMTP Inbound\n volumes:\n - stalwart-data:/opt/stalwart\n - ~/.agenticmail/stalwart.toml:/opt/stalwart/etc/stalwart.toml:ro\n restart: unless-stopped\n```\n\n### SQLite Database\n\nAgenticMail stores all state in a SQLite database at `~/.agenticmail/agenticmail.db`. As of `@agenticmail/core@0.7.x` we use Node's built-in **`node:sqlite`** module (stable since Node 22) instead of `better-sqlite3`. The migration removed all native compilation from the install path — no `node-gyp`, no prebuilt-binary version-mismatch issues, no Python prerequisites. The on-disk database format is unchanged (it's still SQLite 3), so existing `~/.agenticmail/agenticmail.db` files continue to work without migration.\n\nTables:\n\n- `agents` — agent accounts (name, email, API key, metadata)\n- `gateway_config` — relay or domain mode configuration\n- `pending_outbound` — blocked emails awaiting approval\n- `delivered_messages` — deduplication tracking for inbound relay\n- `spam_log` — spam scoring history\n- `agent_tasks` — inter-agent task assignments\n- `email_rules` — per-agent email filtering rules\n- `contacts`, `drafts`, `signatures`, `templates`, `scheduled_emails`, `tags`\n\n---\n\n## Development\n\n### Setup\n\n```bash\ngit clone https://github.com/agenticmail/agenticmail.git\ncd agenticmail\nnpm install\ndocker compose up -d\nnpm run build\nnpm test\n```\n\n### Project Structure\n\n```\nagenticmail/\n├── agenticmail/ # CLI facade package (npm: agenticmail)\n│ └── src/\n│ ├── cli.ts # CLI entry point (setup, start, status)\n│ ├── shell.ts # Interactive REPL (44 commands)\n│ └── index.ts # Re-exports from @agenticmail/core\n├── packages/\n│ ├── core/ # @agenticmail/core\n│ │ └── src/\n│ │ ├── accounts/ # Agent CRUD, roles, deletion\n│ │ ├── mail/ # Sender, receiver, parser, spam filter, outbound guard\n│ │ ├── inbox/ # IMAP IDLE watcher\n│ │ ├── gateway/ # Relay, Cloudflare, DNS, tunnel, domain purchase\n│ │ ├── stalwart/ # Stalwart admin API client\n│ │ ├── storage/ # SQLite database, migrations, search index\n│ │ ├── domain/ # Domain management\n│ │ └── setup/ # Dependency checker, installer\n│ ├── api/ # @agenticmail/api\n│ │ └── src/\n│ │ ├── app.ts # Express app factory\n│ │ ├── routes/ # 8 route modules (mail, accounts, events, etc.)\n│ │ └── middleware/ # Auth, rate limiting, error handling\n│ ├── mcp/ # @agenticmail/mcp\n│ │ └── src/\n│ │ ├── index.ts # MCP server entry (stdio transport)\n│ │ ├── tools.ts # 80+ tool definitions and handlers\n│ │ └── resources.ts\n│ └── openclaw/ # @agenticmail/openclaw\n│ ├── index.ts # Plugin entry, system prompt\n│ ├── src/tools.ts # 89 tool definitions and handlers\n│ └── skill/ # SKILL.md, reference docs, scripts\n├── docker-compose.yml # Stalwart mail server\n├── .env.example # Environment variable template\n└── package.json # Workspace root\n```\n\n### Build Commands\n\n```bash\n# Build all packages\nnpm run build\n\n# Build a single package\ncd packages/core \u0026\u0026 npx tsup src/index.ts --format esm --dts --clean\n\n# Run all tests\nnpm test\n\n# Run tests for a specific package\ncd packages/core \u0026\u0026 npx vitest run\n```\n\n### Publish to npm\n\nPublish in dependency order:\n\n```bash\ncd packages/core \u0026\u0026 npm publish\ncd packages/api \u0026\u0026 npm publish\ncd packages/mcp \u0026\u0026 npm publish\ncd packages/openclaw \u0026\u0026 npm publish\ncd agenticmail \u0026\u0026 npm publish\n```\n\nAll scoped packages have `\"publishConfig\": { \"access\": \"public\" }` configured.\n\nSee [CONTRIBUTING.md](./CONTRIBUTING.md) for development guidelines.\n\n---\n\n## Telemetry\n\nAgenticMail collects **anonymous** usage statistics to help improve the product. We track:\n\n- Tool call counts (which tools are popular)\n- Package version and OS platform\n- Anonymous install ID (random UUID, no personal data)\n\n**We never collect** API keys, email content, addresses, or any personal information.\n\n**Opt out** by setting the environment variable:\n\n```bash\nexport AGENTICMAIL_TELEMETRY=0\n# or\nexport DO_NOT_TRACK=1\n```\n\nTelemetry is also automatically disabled in CI environments.\n\n## Troubleshooting\n\n### OpenClaw plugin ID mismatch warning\n\n```\nplugin id mismatch (manifest uses \"agenticmail\", entry hints \"openclaw\")\n```\n\nThis is harmless. OpenClaw infers the plugin ID from the npm package name (`@agenticmail/openclaw`) but the manifest declares `\"id\": \"agenticmail\"`. The plugin loads and works correctly.\n\n### OpenClaw plugin path not found\n\nIf OpenClaw reports the plugin path not found, update `plugins.load.paths` in `~/.openclaw/openclaw.json` to point to the correct location:\n\n```bash\nnpm prefix -g\n# Plugin is at: \u003cprefix\u003e/lib/node_modules/@agenticmail/openclaw\n```\n\n### `agenticmail: command not found`\n\nUse `npx agenticmail` for one-off usage, or install globally with `npm install -g @agenticmail/cli`.\n\n## License\n\n[MIT](./LICENSE) - Ope Olatunji ([@ope-olatunji](https://github.com/agenticmail/agenticmail))\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagenticmail%2Fagenticmail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagenticmail%2Fagenticmail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagenticmail%2Fagenticmail/lists"}