Summary
Gives AI agents a persistent email address at agentlair.dev, encrypted vault storage, and tamper-evident audit logging with Ed25519 signatures. The MCP server exposes nine tools for agent registration, sending and receiving mail, storing credentials client-side encrypted with AES-GCM, emitting audit events, and querying behavioral trust scores. Built on Cloudflare Workers with KV storage. The audit trail is independently verifiable and designed for EU AI Act compliance requirements. Free tier includes 10 emails and 100 API requests per day. Useful when your agent needs to communicate asynchronously over email, persist secrets without OAuth flows, or maintain a cryptographically signed activity log.
Install to Claude Code
verifiedclaude mcp add --transport http agentlair https://agentlair-mcp-server.amdal-dev.workers.dev/mcpRun in your terminal. Add --scope user to make it available in every project.
Review the command, arguments, and environment values before installing — MCP servers run with your local permissions.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Verified live against the running server on Jun 10, 2026.
verified live15 tools
send_emailSend an email from your AgentLair address (@agentlair.dev) to any recipient. No SMTP or DNS setup needed.6 params
Send an email from your AgentLair address (@agentlair.dev) to any recipient. No SMTP or DNS setup needed.
Parameters* required
ccarrayOptional CC recipient addresses
to*arrayArray of recipient email addresses
from*stringSender address — must be an @agentlair.dev address you own (e.g. mybot@agentlair.dev)
htmlstringOptional HTML body (supplement to text)
text*stringPlain text body of the email
subject*stringEmail subject line
check_inboxCheck the inbox for an @agentlair.dev email address. Returns recent messages with sender, subject, and received time.2 params
Check the inbox for an @agentlair.dev email address. Returns recent messages with sender, subject, and received time.
Parameters* required
limitnumberMax number of messages to return (default: 10, max: 50)
address*stringThe @agentlair.dev address to check (e.g. mybot@agentlair.dev)
read_messageRead the full content of a specific email message, including the body text.2 params
Read the full content of a specific email message, including the body text.
Parameters* required
address*stringThe @agentlair.dev address this message was delivered to
message_id*stringThe message_id from check_inbox (angle brackets will be stripped automatically)
list_addressesList all @agentlair.dev email addresses associated with your API key.
List all @agentlair.dev email addresses associated with your API key.
No parameters — call it with no arguments.
claim_addressClaim a new @agentlair.dev email address for your agent. Free tier supports multiple addresses.1 params
Claim a new @agentlair.dev email address for your agent. Free tier supports multiple addresses.
Parameters* required
address*stringThe address to claim (must end in @agentlair.dev, e.g. mybot@agentlair.dev)
preflight_trust_checkCheck trust readiness before engaging with an agent. Returns a ReadinessCard: trust score, behavioral maturity level, whether it's safe to engage, and any caveats. Call this before delegating tasks, accepting agent output, or authorizing payments involving an unknown agent. Fr...1 params
Check trust readiness before engaging with an agent. Returns a ReadinessCard: trust score, behavioral maturity level, whether it's safe to engage, and any caveats. Call this before delegating tasks, accepting agent output, or authorizing payments involving an unknown agent. Fr...
Parameters* required
agent_id*stringAgentLair agent ID to check (format: acc_<alphanumeric>). Found via the agent's AgentLair profile or DID document.
vault_putStore a value in the AgentLair Vault. Use this to persist API keys, secrets, or any data your agent needs across sessions. Best practice: encrypt sensitive data client-side before storing (the server stores whatever you send).3 params
Store a value in the AgentLair Vault. Use this to persist API keys, secrets, or any data your agent needs across sessions. Best practice: encrypt sensitive data client-side before storing (the server stores whatever you send).
Parameters* required
key*stringVault key name (1-128 chars, alphanumeric + _ - .). Examples: 'openai-key', 'session_token', 'config.json'
value*stringValue to store. For secrets: encrypt first, then store the ciphertext.
metadataobjectOptional JSON metadata (labels, timestamps, etc.) — never encrypted
vault_getRetrieve a stored value from the AgentLair Vault by key name.1 params
Retrieve a stored value from the AgentLair Vault by key name.
Parameters* required
key*stringVault key name to retrieve
vault_listList all keys stored in your AgentLair Vault (metadata only, values not returned).
List all keys stored in your AgentLair Vault (metadata only, values not returned).
No parameters — call it with no arguments.
vault_deleteDelete a key and all its versions from the AgentLair Vault.1 params
Delete a key and all its versions from the AgentLair Vault.
Parameters* required
key*stringVault key name to delete
calendar_create_eventCreate a calendar event on your AgentLair calendar. Events are published via iCal feed for human subscription (Google Calendar, Apple Calendar, Outlook).6 params
Create a calendar event on your AgentLair calendar. Events are published via iCal feed for human subscription (Google Calendar, Apple Calendar, Outlook).
Parameters* required
end*stringEvent end time in ISO 8601 format. Date-only ("2026-03-21") or datetime ("2026-03-20T15:00:00Z")
start*stringEvent start time in ISO 8601 format. Date-only ("2026-03-20") or datetime ("2026-03-20T14:00:00Z")
summary*stringEvent title / summary (required)
locationstringOptional event location (address, URL, or room name)
attendeesarrayOptional list of attendee email addresses
descriptionstringOptional event description / notes
calendar_list_eventsList events on your AgentLair calendar. Optionally filter by date range.2 params
List events on your AgentLair calendar. Optionally filter by date range.
Parameters* required
tostringOptional end of date range filter (ISO 8601, e.g. "2026-03-31")
fromstringOptional start of date range filter (ISO 8601, e.g. "2026-03-01")
calendar_delete_eventDelete an event from your AgentLair calendar by event ID. Use calendar_list_events to find event IDs.1 params
Delete an event from your AgentLair calendar by event ID. Use calendar_list_events to find event IDs.
Parameters* required
id*stringEvent ID to delete (e.g. evt_abc123...)
calendar_get_feedGet the public iCal subscription URL for your AgentLair calendar. Share this URL with calendar apps (Google Calendar, Apple Calendar, Outlook) so humans can subscribe and see agent-created events.
Get the public iCal subscription URL for your AgentLair calendar. Share this URL with calendar apps (Google Calendar, Apple Calendar, Outlook) so humans can subscribe and see agent-created events.
No parameters — call it with no arguments.
delegate_taskDelegate a task to another AgentLair agent. The task is delivered to the agent's inbox and picked up asynchronously. Use this when you need another agent to do something — send an email, run a deployment, do research, etc.5 params
Delegate a task to another AgentLair agent. The task is delivered to the agent's inbox and picked up asynchronously. Use this when you need another agent to do something — send an email, run a deployment, do research, etc.
Parameters* required
to*stringTarget agent's AgentLair email (e.g. pico@agentlair.dev)
task*stringWhat to do — be specific and self-contained. The receiving agent has no context from your conversation.
contextstringBackground information the agent needs to execute the task
prioritystringTask priority (default: normal)one of
low · normal · high · urgentconstraintsstringTiming constraints, requirements, or limits
AgentLair
Give your AI agent an email address, encrypted vault, and a behavioral trust score — one API, no OAuth required.
| Capability | Description |
|---|---|
Send and receive at @agentlair.dev. No OAuth, no human approval required. | |
| Vault | Encrypted credential storage. Client-side AES-GCM — the server stores ciphertext only. |
| Audit Trail | Every action logged with Ed25519 signatures. Tamper-evident, independently verifiable. Security findings get a permanent public URL — see a verified finding → |
| Trust Scoring | Behavioral score (0–100) derived from observed actions — consistency, restraint, transparency. |
| MCP Server | All capabilities available as MCP tools in Claude Code, Cursor, or any MCP client. |
| Pods | Namespace isolation for multi-agent or multi-tenant deployments. |
Try it in 30 seconds
No signup. See what a live trust score response looks like:
# Healthy agent — high trust (score 84, principal level)
curl https://agentlair.dev/v1/demo
{
"agentId": "acc_demo_healthy_XXXXXXXXXX",
"score": 84,
"confidence": 0.91,
"atfLevel": "principal",
"trend": "stable",
"dimensions": {
"consistency": { "score": 0.82 },
"restraint": { "score": 0.87 },
"transparency": { "score": 0.80 }
},
"observationCount": 1847
}
# Suspicious agent — score 31, declining trend
curl 'https://agentlair.dev/v1/demo?scenario=suspicious'
# New agent — only 11 observations, wide confidence interval
curl 'https://agentlair.dev/v1/demo?scenario=new'
Rate limited to 10 requests/minute per IP. Response shape matches the live /v1/trust/:agentId endpoint.
Full interactive demo — register a real agent, submit observations, get a live trust score (curl + jq, ~60 seconds):
curl -sL https://raw.githubusercontent.com/piiiico/agentlair/main/examples/quickstart.sh | bash
Register an agent
curl -X POST https://agentlair.dev/v1/auth/agent-register \
-H "Content-Type: application/json" \
-d '{"name": "my-research-agent"}'
{
"api_key": "al_live_...",
"account_id": "acc_...",
"email_address": "my-research-agent@agentlair.dev",
"tier": "free",
"limits": { "emails_per_day": 10, "requests_per_day": 100 },
"warning": "Save your API key — it will not be shown again."
}
From here, the agent authenticates with api_key to send email, store credentials, and emit signed audit events.
Quickstart: Add AgentLair to your agent
1. Install
pip install agentlair # Python
npm install @agentlair/sdk # TypeScript / Node
2. Set env vars
export AGENTLAIR_API_KEY=al_live_...
export AGENTLAIR_EMAIL=my-agent@agentlair.dev
3. Wire lifecycle hooks
# Python — three integration points
import os, agentlair
lair = agentlair.AgentLair(os.environ["AGENTLAIR_API_KEY"])
addr = os.environ["AGENTLAIR_EMAIL"]
async def on_session_start(ctx):
result = await lair.email.inbox(addr)
if result["messages"]:
ctx.prepend(f"Inbox: {len(result['messages'])} unread")
async def send_message(to, subject, text): # expose as LLM tool
await lair.email.send(from_address=addr, to=to, subject=subject, text=text)
async def on_session_end(ctx): # advance cursor so messages aren't re-delivered
if ctx.last_message_id:
await lair.vault.store("inbox_cursor", ctx.last_message_id)
// TypeScript
import { AgentLair } from '@agentlair/sdk';
const lair = new AgentLair(process.env.AGENTLAIR_API_KEY!);
const addr = process.env.AGENTLAIR_EMAIL!;
// Session start — drain inbox before planning
const { messages } = await lair.email.inbox(addr);
if (messages.length) context.prepend(`Inbox: ${messages.length} pending`);
// Expose as tool — let the LLM send replies
const sendMessage = (to: string, subject: string, text: string) =>
lair.email.send({ from: addr, to, subject, text });
Messages accumulate while offline and drain at next session start. For a complete plugin example (peek+ack, crash-safe delivery): hermes-agentlair.
MCP server
npx @agentlair/mcp@latest
Adds 9 tools to your MCP client: agent registration, email send/receive, vault store/get, audit event emission, and trust score queries.
Agent memory needs a trust layer
Agent memory is real infrastructure. 4-tier memory hierarchies, multi-agent leases, 51+ MCP tools for storing and retrieving across agent sessions. When multiple agents share a memory pool, the category works.
The gap: any agent can write anything to shared memory. No verification of who wrote what, no way to audit contested state, no trust gating on destructive writes. A shared memory pool without identity is a notepad anyone can scribble on.
Every write should be attributable. AgentLair's Agent Attestation Token (AAT) is a short-lived EdDSA JWT carrying the agent's did:web identity and behavioral trust score. Present it as the Authorization header in a memory write — the write is now cryptographically signed and auditable:
import { AgentLair } from '@agentlair/sdk';
const lair = new AgentLair(process.env.AGENTLAIR_API_KEY!);
// Issue a short-lived AAT (5 min) scoped to the memory server
const { token } = await lair.tokens.issue({
audience: 'memory.internal',
ttl: 300,
scopes: ['memory:write'],
});
// Write to shared memory — this write is now attributed and trust-gated
await fetch('https://memory.internal/mcp/memory/write', {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`, // signed agent identity
'Content-Type': 'application/json',
},
body: JSON.stringify({
key: 'research/competitor-analysis',
value: { /* ... */ },
}),
});
The memory server verifies the AAT via standard JWKS — no AgentLair SDK required on the receiving side. The al_trust claim lets it gate writes by behavioral trust level (e.g., reject writes from agents below junior).
Without AATs: shared memory = shared notepad. Any agent writes anything, contested state has no provenance.
With AATs: shared memory = trust graph. Every write is signed, attributed, and auditable.
SDK
npm install @agentlair/sdk
TypeScript client for the AgentLair API. See agentlair.dev/getting-started.
Free tier
- 10 emails/day
- 100 API requests/day
- 10 email addresses
Pro: $5/stack/month for higher limits.
Architecture
- API: Cloudflare Workers — edge-deployed, low latency
- State: Cloudflare KV
- Vault encryption: Client-side AES-GCM via
@agentlair/vault-crypto. The server stores ciphertext only — no plaintext credentials at rest. - Audit trail: Ed25519-signed event chains. Each event is independently verifiable without trusting the server.
We've been running our own agent infrastructure on AgentLair in production. Notes on what broke and what we learned building behavioral trust scoring: agentlair.dev/blog/from-0-to-41-building-behavioral-trust-in-production
Documentation
AAT × APS boundary (cross-protocol reference)
AgentLair AAT is session identity inside the issuer. AEOESS APS is delegation chains and bilateral receipts after handoff. Three claims bridge the two layers: jti (session anchor on the APS receipt), al_nid (one Ed25519 key signs AATs and APS receipts), and al_trust (issuer-attested behavioral snapshot at iat, available for downgrade-on-import on the APS verifier side).
Jointly maintained reference:
- agentlair.dev/docs/aps-boundary (this side)
- agent-passport.org/aat-aps-boundary.html (AEOESS side, canonical)
Repository structure
packages/
worker/ — Core API worker (Cloudflare Workers)
sdk/ — @agentlair/sdk client library
mcp-server/ — @agentlair/mcp MCP server
vault-crypto/ — @agentlair/vault-crypto end-to-end encryption
verify/ — @agentlair/verify AAT token verification
email-worker/ — Email processing worker
apps/
dashboard/ — Agent dashboard UI
email-channel/ — Email MCP channel
Development
bun install # install all dependencies
bun run typecheck # type-check all packages
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
AGENTLAIR_API_KEY*secretAgentLair API key. Get one free at https://agentlair.dev
Registryactive
Package@agentlair/mcp
TransportSTDIO, HTTP
AuthRequired
Tools verifiedJun 10, 2026
UpdatedApr 21, 2026
