Summary
Qorami sits between your AI agent and the send button, giving you a human checkpoint before emails go out. The MCP server exposes verify_email and check_action_status tools that return one of three verdicts: send it now, wait for human approval, or block it entirely. You get prompt injection detection out of the box, plus policy profiles to enforce different rules for different contexts. If the decision is request_human_confirmation, poll check_action_status until a human reviews it in the Qorami dashboard and flips it to send. Reach for this when you're shipping agentic workflows that compose emails but you're not ready to let them fire unsupervised.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Qorami SDK
Official clients, tool schemas and an MCP server for Qorami — a control point between your AI agents and actually sending email. Before each send, the agent asks Qorami, which replies send, request_human_confirmation, or do_not_send.
Get an API key in the dashboard. Full API reference: https://qorami.fr/docs.
| Path | What |
|---|---|
js/ | Zero-dependency JavaScript / TypeScript client (fetch, Node 18+ or browser). |
python/ | Zero-dependency Python client (stdlib only) + LangChain, CrewAI, LlamaIndex & OpenAI-Agents tools. |
tools/ | Drop-in OpenAI function-calling & Anthropic tool-use schemas for qorami_check_email. |
mcp/ | Stdio MCP server (qorami_health, verify_email, check_action_status) for Claude Desktop, Cursor, any MCP client. |
n8n/ | No-code recipe: guard a workflow's email with an HTTP Request node. |
examples/ | Runnable Node & Python quickstarts. |
JavaScript / TypeScript
import { QoramiClient } from './js/qorami.mjs'
const qorami = new QoramiClient({ apiKey: process.env.QORAMI_API_KEY })
await qorami.guard(
{ recipient: 'client@example.com', subject: 'Our offer', body, policyProfile: 'sales' },
{
send: () => mailer.send(), // allowed
requestHumanConfirmation: (r) => queue(r.action.id), // a human was notified
doNotSend: (r) => log('blocked', r.decision), // do not send
},
)
Or step by step with qorami.verify(...) and, after a review, poll
qorami.status(actionId) until nextAction.type === 'send'.
Python
from qorami import QoramiClient
qorami = QoramiClient(api_key=os.environ["QORAMI_API_KEY"])
result = qorami.verify(recipient="client@example.com", subject="Our offer",
body=email_body, policy_profile="sales")
if result.next_action_type == "send":
send_email()
elif result.next_action_type == "request_human_confirmation":
queue_for_review(result.action_id) # a human was notified by email
# else: do_not_send
Agent framework tools
pip install qorami[<framework>] ships a drop-in qorami_check_email wrapper —
each returns ALLOWED / NEEDS HUMAN APPROVAL / BLOCKED and reuses the client:
| Framework | Install | Import |
|---|---|---|
| LangChain | pip install qorami[langchain] | from qorami_langchain import build_qorami_tool |
| CrewAI | pip install qorami[crewai] | from qorami_crewai import QoramiEmailGuard |
| LlamaIndex | pip install qorami[llamaindex] | from qorami_llamaindex import build_qorami_tool |
| OpenAI Agents SDK | pip install qorami[openai-agents] | from qorami_openai_agents import qorami_check_email |
from qorami_langchain import build_qorami_tool
tool = build_qorami_tool() # reads QORAMI_API_KEY
No-code workflows (n8n) use a plain HTTP Request node — see n8n/.
MCP server
Register Qorami as a native tool in Claude Desktop / Cursor / any MCP client —
see mcp/. It exposes qorami_health, verify_email and check_action_status over stdio.
The contract
Every client returns the same decision the agent must obey via nextAction.type:
send, request_human_confirmation (a human approves first — poll the action),
or do_not_send. See https://qorami.fr/docs.
Cleaned version (auto-remediation)
When an email is risky only because of mechanically-removable content (a leaked
secret, a suspicious link, an IBAN/card/SSN), the verify result carries a cleaned,
sendable copy — send remediation.safeBody instead of blocking outright:
const r = await qorami.verify({ recipient, subject, body, policyProfile: 'general' })
if (r.nextAction.type === 'do_not_send' && r.remediation?.safeToSend) {
mailer.send({ ...email, body: r.remediation.safeBody }) // safe, redacted copy
}
r = qorami.verify(recipient=..., subject=..., body=email_body)
if r.next_action_type == "do_not_send" and (r.remediation or {}).get("safeToSend"):
send_email(body=r.remediation["safeBody"]) # safe, redacted copy
remediation.removed lists what was stripped (e.g. ["secret", "link"]). The MCP
server surfaces the same field.
License
MIT — see LICENSE.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
QORAMI_API_KEY*secretYour Qorami workspace API key (get one at https://qorami.fr/dashboard/).
Categories
Registryactive
Packageqorami-mcp
TransportSTDIO
AuthRequired
UpdatedJun 1, 2026
