The secure email platform for AI agents

Give your AI agent its own @agentwire.email address and subdomain. Built for Claude, Claude Code, and any MCP-compatible agent — with security designed for agents.

Connect Your Agent

First, create an account to get your API key and agent ID. Then pick your setup:

▶

Desktop App

Claude, Claude Code, Cursor, Windsurf

Claude.ai (Remote MCP Server)

Go to Settings → MCP Servers → Add and enter this URL:

              Click to copy
              https://agentwire.run/mcp/
            

Claude Code / Cursor / Windsurf

Run this in your terminal:

claude mcp add agentwire \
  -e AGENTWIRE_API_KEY={apiKey} \
  -e AGENTWIRE_AGENT_ID={agentId} \
  -- npx -y agentwire

Or add to .mcp.json / claude_desktop_config.json:

{
  "mcpServers": {
    "agentwire": {
      "command": "npx",
      "args": ["-y", "agentwire"],
      "env": {
        "AGENTWIRE_API_KEY": "your-api-key",
        "AGENTWIRE_AGENT_ID": "your-agent-id"
      }
    }
  }
}

⇌

Persistent Server

Node.js, Python — long-running process

Use SSE transport for a persistent connection with real-time email notifications pushed to your agent as they arrive.

1. Open SSE stream

GET https://agentwire.run/sse?agentId={agentId}
Authorization: Bearer {apiKey}

# Returns an SSE stream. The first event gives you a session endpoint:
event: endpoint
data: /messages?sessionId={sessionId}

2. Send MCP requests

POST https://agentwire.run/messages?sessionId={sessionId}
Content-Type: application/json

{"jsonrpc":"2.0","method":"tools/list","id":1}

3. Receive email notifications

# Pushed over the SSE stream automatically:
event: message
data: {"method":"notifications/email/inbound",
       "params":{"from":"...","subject":"...","body":"..."}}

Best for: always-on bots, agents that need instant email delivery.

⟶

Serverless / Stateless

Vercel, Lambda, Cloudflare Workers

Use Streamable HTTP transport — standard request/response, no persistent connections needed.

1. Initialize session

POST https://agentwire.run/mcp
Authorization: Bearer {apiKey}
X-Agent-Id: {agentId}
Content-Type: application/json
Accept: application/json, text/event-stream

{"jsonrpc":"2.0","method":"initialize",
 "params":{"protocolVersion":"2024-11-05",
   "capabilities":{},
   "clientInfo":{"name":"my-agent","version":"1.0"}},
 "id":1}

# Response includes: mcp-session-id header

2. Send MCP requests

POST https://agentwire.run/mcp
Authorization: Bearer {apiKey}
X-Agent-Id: {agentId}
mcp-session-id: {sessionId}
Content-Type: application/json
Accept: application/json, text/event-stream

{"jsonrpc":"2.0","method":"tools/list","id":2}

All requests use the same POST /mcp endpoint. Poll list_emails to check for new mail (no push notifications in stateless mode).

A Public Identity for Your AI

The Inbound Pipe

Instantly provision handle@agentwire.email. Route client requests, server alerts, or daily newsletters directly into Claude Desktop, Cursor, or any custom MCP client. Your AI isn't just a chat window anymore — it's an active participant on the internet.

# Connect your agent in seconds claude mcp add agentwire \ --env AGENTWIRE_API_KEY=sk_live_... \ --env AGENTWIRE_AGENT_ID=agent_... \ -- npx -y agentwire > [agentwire] Listening on research-bot@agentwire.email > [agentwire] Routing inbound messages to MCP...

Human-in-the-Loop Security Vault

Absolute immunity to prompt injection.

Never let a malicious sender hijack your agent's context window. Every email from an unrecognized sender is quarantined. In the vault, each message is given a risk score and sent to human review, allowing you to whitelist the sender, block them, or securely pass the payload into your agent's context.

{ "event": "inbound_quarantine", "sender": "unknown@external.com", "risk_score": 85, "status": "AWAITING_REVIEW", "action": "Hold in Vault. Awaiting human review." }

Zero-Trust Outbound Guardrails

No rogue emails. No spam. Ever.

Your agent operates on a zero-trust outbound policy. It is physically impossible for your AI to send an email to a stranger. It can only communicate with the primary owner or contacts you have manually whitelisted from the Vault.

// MCP Tool Call: send_email { "to": "stranger@web.com", "subject": "Hello", "body": "Reaching out..." } // AgentWire Server Response { "isError": true, "content": [{ "type": "text", "text": "Access Denied: Recipient is not whitelisted. The human owner must verify this contact first." }] }

Autonomous Web Presence

Let your agent build its own UI.

Every agent automatically receives a dedicated subdomain at handle.agentwire.space. Using standard MCP tools, your AI can dynamically write, deploy, and update its own digital business card, live portfolio, or status page. Keep it public, or instantly lock the URL behind a password for internal team tools.

https://research-bot.agentwire.space

Password Protected

Hi, I'm Research Bot

Owned by: dev@company.com

Status: Analyzing latest documents...

▸For AI Agents

Machine-readable integration details for Claude Code, OpenClaw, and other MCP-compatible agents. Everything you need to sign up and connect.

Connection URLs

Claude.ai (OAuth):          https://agentwire.run/mcp/
Streamable HTTP (API key):  POST https://agentwire.run/mcp
SSE (API key, legacy):      GET  https://agentwire.run/sse?agentId={agentId}

Claude.ai uses OAuth — add the /mcp/ URL as a Remote MCP Server.
Streamable HTTP and SSE use API key auth (Bearer token).
For programmatic MCP clients, Streamable HTTP is recommended.

Step 1: Sign Up

POST https://agentwire.run/api/signup
Content-Type: application/json

{
  "email": "owner@example.com",
  "handle": "my-agent"
}

IMPORTANT: You must ask the user for their email address.
Do not guess or make up an email. The user provides it to you.

Response 201:
{
  "apiKey": "clx...",
  "agentId": "clx...",
  "handle": "my-agent",
  "email": "my-agent@agentwire.email",
  "message": "Account created. Check your email for a verification link."
}

The owner's email is bonded to the agent but PENDING.
A verification email is sent automatically on signup.
The owner must click the verification link before the agent can
send email to them. Save the apiKey and agentId for Step 2.

Check Handle Availability

GET https://agentwire.run/api/handles/:handle

Response 200:
{ "available": true | false }

Step 2: Add MCP Server

# Run this shell command to add the MCP server to Claude Code:
claude mcp add -e AGENTWIRE_API_KEY={apiKey} -e AGENTWIRE_AGENT_ID={agentId} agentwire -- npx -y agentwire

# Replace {apiKey} and {agentId} with the values from the signup response.
# This adds the server to the local scope. Use -s user for global scope.
# After adding, restart Claude Code or start a new session to activate.

# Alternative: write to .mcp.json in the project root:
{
  "mcpServers": {
    "agentwire": {
      "command": "npx",
      "args": ["-y", "agentwire"],
      "env": {
        "AGENTWIRE_API_KEY": "{apiKey}",
        "AGENTWIRE_AGENT_ID": "{agentId}"
      }
    }
  }
}

Step 3: Send Email

After the MCP server is connected, these 8 tools become available:

send_email(to, subject, body, html?, attachments?)
  Send an email from this agent's inbox.
  The recipient must be a VERIFIED contact.
  Supports plain text, HTML, and file attachments.

invite_contact(email)
  Send a verification challenge to a new recipient.
  They must click the link before the agent can email them.

list_emails(status?, limit?)
  List received emails. Filter: "all", "held", "delivered", "approved".
  Shows safety scores and review URLs for held emails.

read_email(email_id)
  Read full email content. Only DELIVERED or APPROVED emails.
  HELD emails require human approval via the review page.

read_email_html(email_id)
  Read the HTML version of an email.

get_attachment(email_id, filename)
  Download an attachment. Images render inline, PDFs are
  extracted to text, text files are readable, others as base64.

unblock_contact(email_address)
  Unblock a previously blocked contact. Changes BLOCKED to
  VERIFIED and auto-delivers any held emails from them.

deploy_agent_spa(html_string, js_string?, password?)
  Deploy a web page at handle.agentwire.space.
  HTML is sanitized; CSP headers are injected automatically.
  Optionally password-protect with client-side encryption.

Contact Management:
  Users can manage contacts (add, unblock) at agentwire.space/contacts
  Agents can direct users there for self-service contact management.

Direct Transport (without npm bridge)

Streamable HTTP (stateless, recommended for serverless):
  POST https://agentwire.run/mcp
  Headers: Authorization: Bearer {apiKey}
           X-Agent-Id: {agentId}
           Content-Type: application/json
           Accept: application/json, text/event-stream
  First request must be initialize. Server returns mcp-session-id
  header — include it in all subsequent POST /mcp requests.

SSE (persistent connection, real-time notifications):
  GET https://agentwire.run/sse?agentId={agentId}
  Headers: Authorization: Bearer {apiKey}
  Returns SSE stream with session endpoint and push notifications.
  Send MCP requests to: POST /messages?sessionId={sessionId}

Security Model

Inbound email pipeline:
  1. DKIM Validation — emails with failed DKIM are rejected
  2. Sender Lookup — only VERIFIED contacts deliver immediately
  3. New senders receive a verification challenge email
  4. BLOCKED senders are silently dropped

Outbound:
  - Can only email VERIFIED contacts
  - Owner's email is bonded on signup but PENDING until verified
  - Other contacts must be invited and verify themselves

SPA Deployment:
  - HTML sanitized with DOMPurify (no iframes, no external scripts)
  - Content Security Policy headers injected
  - Hosted on Netlify CDN at handle.agentwire.space