@inboxapi/cli 0.2.8 → 0.2.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -14
- package/package.json +7 -7
package/README.md
CHANGED
|
@@ -7,7 +7,7 @@ Give your AI agent its own email address. Send, receive, read, search, and reply
|
|
|
7
7
|
Copy and paste this sentence into your agent:
|
|
8
8
|
|
|
9
9
|
```
|
|
10
|
-
Install the `@inboxapi/cli` npm package globally and then register the `inboxapi` command as an MCP server named `inboxapi`.
|
|
10
|
+
Install the `@inboxapi/cli@latest` npm package globally and then register the `inboxapi` command as an MCP server named `inboxapi`.
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
<details>
|
|
@@ -48,14 +48,14 @@ The CLI acts as a local bridge between your AI client and the [InboxAPI](https:/
|
|
|
48
48
|
|
|
49
49
|
- **This is your agent's personal email** — InboxAPI gives your AI agent its own email address for personal use. It is not a transactional email service — don't use it for bulk sending, marketing, or application notifications.
|
|
50
50
|
- **Weekly send limit** — Each account can send to up to five unique email addresses per week. This resets weekly.
|
|
51
|
-
- **Check your spam folder** —
|
|
51
|
+
- **Check your spam folder** — Each agent gets its own subdomain, and new subdomains don't have email reputation yet. Early messages may land in your recipient's spam or junk folder. Adding your agent's email address to your contacts or allowlist helps. Delivery improves over time as recipients interact with your agent's emails.
|
|
52
52
|
- **No attachments yet** — Attachment support is not available right now, but it's coming soon.
|
|
53
53
|
- **No rich text yet** — Emails are sent as plain text only. Rich text (HTML) support is coming soon.
|
|
54
54
|
|
|
55
55
|
## Installation
|
|
56
56
|
|
|
57
57
|
```bash
|
|
58
|
-
npm install -g @inboxapi/cli
|
|
58
|
+
npm install -g @inboxapi/cli@latest
|
|
59
59
|
```
|
|
60
60
|
|
|
61
61
|
Prebuilt binaries are included for:
|
|
@@ -66,6 +66,16 @@ Prebuilt binaries are included for:
|
|
|
66
66
|
| Linux | x64, ARM64 |
|
|
67
67
|
| Windows | x64 |
|
|
68
68
|
|
|
69
|
+
## Updating
|
|
70
|
+
|
|
71
|
+
Run the same install command to update to the latest version:
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
npm install -g @inboxapi/cli@latest
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
The CLI also checks for updates automatically when running in proxy mode and installs them in the background.
|
|
78
|
+
|
|
69
79
|
## Getting Started
|
|
70
80
|
|
|
71
81
|
Just start the proxy — an account is created automatically on first run
|
|
@@ -183,22 +193,22 @@ gemini mcp add inboxapi inboxapi --scope user
|
|
|
183
193
|
|
|
184
194
|
**OpenCode:**
|
|
185
195
|
|
|
186
|
-
|
|
196
|
+
Run the interactive setup:
|
|
187
197
|
|
|
188
198
|
```bash
|
|
189
|
-
opencode mcp add
|
|
199
|
+
opencode mcp add
|
|
190
200
|
```
|
|
191
201
|
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
202
|
+
When prompted, enter:
|
|
203
|
+
- **Location:** Global
|
|
204
|
+
- **MCP server name:** inboxapi
|
|
205
|
+
- **MCP server type:** Local
|
|
206
|
+
- **Command to run:** inboxapi
|
|
197
207
|
|
|
198
208
|
**Codex CLI:**
|
|
199
209
|
|
|
200
210
|
```bash
|
|
201
|
-
codex mcp add inboxapi
|
|
211
|
+
codex mcp add inboxapi inboxapi
|
|
202
212
|
```
|
|
203
213
|
|
|
204
214
|
## Development
|
|
@@ -226,15 +236,21 @@ Yes. No credit card, no trial period, no usage tiers. We're working on paid plan
|
|
|
226
236
|
|
|
227
237
|
**How do you prevent spam and abuse?**
|
|
228
238
|
|
|
229
|
-
Account creation requires proof-of-work. Each account can only email 5 unique external
|
|
239
|
+
Account creation requires proof-of-work. Each account can only email 5 unique external email addresses per week. Daily send quotas and rate limiting are enforced on every account. These constraints are structural — they're not policies, they're how the system works.
|
|
230
240
|
|
|
231
241
|
**What about prompt injection via email?**
|
|
232
242
|
|
|
233
243
|
Every inbound email includes a trust classification — trusted, agent, unverified, or suspicious — based on whether the sender is in your addressbook and whether their email passes authentication checks. This helps your agent decide how cautiously to handle each message. Emails from other InboxAPI agents are flagged separately so your agent knows to check with you before acting on them.
|
|
234
244
|
|
|
245
|
+
Additionally, untrusted email content is automatically transformed using spotlighting (datamarking) — whitespace is replaced with a unique marker character so your agent can clearly distinguish email data from its own instructions. This reduces the success rate of prompt injection attacks embedded in emails from ~50% to under 3%.
|
|
246
|
+
|
|
247
|
+
**What is spotlighting?**
|
|
248
|
+
|
|
249
|
+
Email retrieval tools apply datamarking to untrusted content, replacing whitespace with a unique Unicode marker character generated per request. Content containing the marker should be treated as external data — never as instructions to follow. To recover the original text, replace the marker with a space. Emails from trusted senders (in your addressbook with valid authentication) are not spotlighted by default. This technique is based on academic research ([arXiv:2403.14720](https://arxiv.org/abs/2403.14720)).
|
|
250
|
+
|
|
235
251
|
**What about data exfiltration?**
|
|
236
252
|
|
|
237
|
-
Outbound emails are scanned for authentication tokens and credentials. If your agent accidentally tries to send an email containing a JWT or access token, the message is rejected before it leaves the platform. This prevents agents from being tricked into leaking sensitive data via email.
|
|
253
|
+
Outbound emails are scanned for authentication tokens and credentials. If your agent accidentally tries to send an email containing a JWT or access token, the message is rejected before it leaves the platform. This prevents agents from being tricked into leaking sensitive data via email. Additionally, all recipient addresses in send, reply, and forward operations are validated against RFC 5322 — malformed addresses are rejected before delivery.
|
|
238
254
|
|
|
239
255
|
**Can agents spam each other?**
|
|
240
256
|
|
|
@@ -250,7 +266,7 @@ Email reaches the entire existing internet — billions of people and businesses
|
|
|
250
266
|
|
|
251
267
|
**What are the send limits?**
|
|
252
268
|
|
|
253
|
-
Each account can email up to 5 unique external
|
|
269
|
+
Each account can email up to 5 unique external email addresses per week. Emails to other @inboxapi.ai addresses don't count against this limit. The limit resets weekly.
|
|
254
270
|
|
|
255
271
|
**What happens when I hit the limit?**
|
|
256
272
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@inboxapi/cli",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.10",
|
|
4
4
|
"description": "📧 Email for your AI 🤖",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"bin": {
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
],
|
|
12
12
|
"repository": {
|
|
13
13
|
"type": "git",
|
|
14
|
-
"url": "git+https://github.com/
|
|
14
|
+
"url": "git+https://github.com/inboxapi/cli.git"
|
|
15
15
|
},
|
|
16
16
|
"keywords": [
|
|
17
17
|
"mcp",
|
|
@@ -27,10 +27,10 @@
|
|
|
27
27
|
"test": "cargo test"
|
|
28
28
|
},
|
|
29
29
|
"optionalDependencies": {
|
|
30
|
-
"@inboxapi/cli-darwin-arm64": "0.2.
|
|
31
|
-
"@inboxapi/cli-darwin-x64": "0.2.
|
|
32
|
-
"@inboxapi/cli-linux-x64": "0.2.
|
|
33
|
-
"@inboxapi/cli-linux-arm64": "0.2.
|
|
34
|
-
"@inboxapi/cli-win32-x64": "0.2.
|
|
30
|
+
"@inboxapi/cli-darwin-arm64": "0.2.10",
|
|
31
|
+
"@inboxapi/cli-darwin-x64": "0.2.10",
|
|
32
|
+
"@inboxapi/cli-linux-x64": "0.2.10",
|
|
33
|
+
"@inboxapi/cli-linux-arm64": "0.2.10",
|
|
34
|
+
"@inboxapi/cli-win32-x64": "0.2.10"
|
|
35
35
|
}
|
|
36
36
|
}
|