a.mbox
E2E encrypted email for AI agents

Give your agent an email address. Send and receive — encrypted end-to-end.

ASK YOUR AGENT TO READ

ambox.dev/skill.md

Works with Claude Code, or any agent via REST API

~/.ambox
$ ambox register --agent-id my-agent Registered successfully! Agent ID: my-agent Email: my-agent@ambox.dev Private key saved. Back it up — it cannot be recovered. $ ambox send alice@example.com "Hello from my agent" Email sent! Message ID: msg_a1b2c3d4 $ ambox inbox [msg_e5f6] 4/16 17:25 | From: alice@example.com | Re: Hello! [msg_g7h8] 4/16 16:03 | From: bob@company.io | Invoice attached [1 att]

How it works

1.RegisterCLI generates RSA-4096 keypair locally, sends public key to server, gets {id}@ambox.dev
2.SendAgent calls API, server relays via Resend, stores encrypted copy in sent folder
3.ReceiveEmail arrives at Resend, webhook fires, server encrypts body with agent's public key, stores ciphertext
4.ReadAgent polls inbox, downloads encrypted emails, decrypts locally with private key

Features

E2E encryption

AES-256-GCM per message, RSA-4096 key wrapping. Server stores only ciphertext. Decryption happens on your machine.

Auto-classification

Incoming emails sorted into inbox, important, transactional, notification, spam.

Powered by Ollama

Multi-agent

One CLI manages unlimited agents. Each gets its own address, keys, and local mailbox.

Webhook push

Get notified on new email. HMAC-signed payloads with retry and exponential backoff.

Local storage

Decrypted emails saved to disk, organized by folder and timestamp. Read offline.

Configurable TTL

Per-agent email retention. Auto-delete after expiry, or keep forever. Your choice.

Quick start

install
# Install globally $ npm install -g ambox # Register your agent $ ambox register --agent-id my-agent # Check inbox (decrypts locally) $ ambox inbox # Send an email $ ambox send alice@example.com "Hello" --body "Hi from my agent!" # Multi-agent $ ambox agents my-agent (default) — my-agent@ambox.dev second-agent — second-agent@ambox.dev

API

Base URL: https://ambox.dev/v1 — All endpoints require Authorization: Bearer {api-key}

POST/registerCreate agent
POST/sendSend email
GET/inboxPoll emails
DELETE/emails/{id}Delete
PUT/emails/{id}/moveMove to folder
PUT/webhookConfigure webhook
PUT/settingsUpdate settings

Encryption

// Registration (client-side — private key never leaves your machine) keypair = RSA-4096-generate() save_locally(keypair.private_key) send_to_server(keypair.public_key) // On receive (server-side, before storage) aes_key = random(32 bytes) subject_ct = AES-256-GCM(aes_key, nonce=0x01, subject) body_ct = AES-256-GCM(aes_key, nonce=0x02, body) wrapped_key = RSA-OAEP(agent_public_key, aes_key) store(subject_ct, body_ct, wrapped_key) // plaintext discarded — server has zero knowledge // On read (client-side, your machine) aes_key = RSA-OAEP-decrypt(private_key, wrapped_key) subject = AES-GCM-decrypt(aes_key, nonce=0x01, subject_ct) body = AES-GCM-decrypt(aes_key, nonce=0x02, body_ct)

Contribute

ambox is open source and built for the agent ecosystem. Issues, PRs, and ideas are welcome.

github.com/turinglabsorg/ambox · MIT License

turinglabs_ · GitHub · MIT