agentmail 0.1.11 → 0.1.13

package/dist/llms-full.txt

@@ -5,7 +5,7 @@
 <Tip title="Welcome to AgentMail!" icon="fa-solid fa-star" />
 
 <Frame caption="We're excited to have you onboard!">
-  <img src="file:1a083c39-ceed-4591-acaf-4220b54f7913" alt="We're excited to have you onboard!" />
+  <img src="file:310e2395-5411-4afa-b39b-892397ecb1ca" alt="We're excited to have you onboard!" />
 </Frame>
 
 AgentMail is an API platform for giving AI agents their own inboxes to send, receive, and act upon emails. This allows agents to assume their own identity and communicate via the universal protocol of email with services, people, and other agents.
@@ -171,7 +171,7 @@ This guide will walk you through installing the AgentMail SDK, authenticating wi
   <Step title="Create an API Key">
     Now that you're in the console, you'll need to create an API key to
     authenticate your requests. Navigate to the API Keys section in your console
-    dashboard. ![API Key Creation Screenshot](file:20e7f82e-4a12-4165-ba99-4b5cff0ac0f5) Click
+    dashboard. ![API Key Creation Screenshot](file:96bda405-2981-443a-a64d-e1a2835c9fb0) Click
     "Create New API Key" and give it a descriptive name. Once created, copy the
     API key and store it securely. Create a `.env` file in your project's root
     directory and add your key to it. We recommend using environment variables to
@@ -322,7 +322,7 @@ Unlike traditional email providers that are designed for human scale, AgentMail
 
 As the diagram below illustrates, your `organization` is the top-level container that holds all your resources. You can provision many `Inboxes` within your `organization`, each with its own `Threads`, `Messages`, and `Attachments`, allowing you to manage a large fleet of agents seamlessly.
 
-<img src="file:17d978ed-f12c-4634-8560-1fe14dfd09a0" alt="AgentMail Organizational Hierarchy" />
+<img src="file:b0c8b4e6-563d-4ff5-b08c-d9dde55452da" alt="AgentMail Organizational Hierarchy" />
 
 <Steps>
   <Step title="Organization">
@@ -742,7 +742,7 @@ Here is an example of a well-structured and styled HTML header:
 </CodeBlocks>
 
 <Frame caption="Look how pretty this message looks!">
-  <img src="file:c2086bbe-a796-4972-be4d-5e4534c24ca8" alt="rendered css" />
+  <img src="file:1e8d927e-c68d-49f1-8278-166497a45a69" alt="rendered css" />
 </Frame>
 
 ## Receiving `Messages`
@@ -1981,7 +1981,7 @@ Configuring your domain is a three-step process: add the domain via API, copy th
     After creating your domain in the AgentMail Console, click the "Download BIND Zone File" button to get the complete zone file.
 
     <Frame caption="Downloading BIND zone file from AgentMail Console">
-      <img src="file:984a2b44-d86f-47bc-ace2-143e0daf1757" alt="Download BIND Zone File from Console" />
+      <img src="file:d9e83f6a-1341-4b14-b758-7e3508a231d4" alt="Download BIND Zone File from Console" />
     </Frame>
 
     <Tabs>
@@ -1992,13 +1992,13 @@ Configuring your domain is a three-step process: add the domain via API, copy th
         2. Click **"Import zone file"** in the top right corner
 
         <Frame caption="Importing BIND zone file in AWS Route 53">
-          <img src="file:9647ee70-c593-4daa-a8bf-3079e41ff670" alt="AWS Route 53 BIND Import" />
+          <img src="file:328d8c68-88cf-42ea-bce3-5630206b406d" alt="AWS Route 53 BIND Import" />
         </Frame>
 
         3. Paste the CONTENTS of downloaded BIND zone file
 
         <Frame caption="Open the file with text editor and paste the contents. It should look similar to what we have in this image.">
-          <img src="file:8e5863f4-bee3-42c8-a6fe-60fc89f9b534" alt="AWS Route 53 BIND Import" />
+          <img src="file:35f3a2a1-77a9-4a1f-932d-1e580a86eae2" alt="AWS Route 53 BIND Import" />
         </Frame>
 
         4. Review the records and click **"Import"**
@@ -2011,13 +2011,13 @@ Configuring your domain is a three-step process: add the domain via API, copy th
         2. Navigate to **DNS > Records**
 
         <Frame caption="This is what the page looks like">
-          <img src="file:88185597-fdb9-45aa-a132-7b7284bde354" alt="Cloudflare BIND Import" />
+          <img src="file:0caf7073-c006-46c3-aa5b-67ea84d2cf76" alt="Cloudflare BIND Import" />
         </Frame>
 
         3. Click **"Import and Export"**
 
         <Frame caption="You should be able to just drop the file in">
-          <img src="file:7fdc901a-28f8-436a-ad49-d2595e448503" alt="Cloudflare BIND Import" />
+          <img src="file:6ed60e97-c0e8-448d-a7e7-220170cdda24" alt="Cloudflare BIND Import" />
         </Frame>
 
         4. Upload the downloaded BIND zone file as is
@@ -2030,13 +2030,13 @@ Configuring your domain is a three-step process: add the domain via API, copy th
         2. Navigate to the **DNS** subtab of the domain you want to send from
 
         <Frame caption="Click on this button!">
-          <img src="file:ad432f5f-3bdd-4e60-ad17-c9129578a975" alt="Porkbun DNS Management" />
+          <img src="file:9fe338be-7731-4fb0-b136-c2b6fa86a7de" alt="Porkbun DNS Management" />
         </Frame>
 
         3. Scroll down to the quick upload section
 
         <Frame caption="Upload your BIND zone file here">
-          <img src="file:9a206318-f766-4423-b0aa-3c6f637edb2a" alt="Porkbun Zone File Import" />
+          <img src="file:db814e7e-4737-488a-bccc-2d581772369b" alt="Porkbun Zone File Import" />
         </Frame>
 
         4. Upload the downloaded BIND zone file as is
@@ -2120,7 +2120,7 @@ Configuring your domain is a three-step process: add the domain via API, copy th
               * **Value:** Can directly copy paste the `value` from the API response (e.g., `{random_letters_numbers}.dkim.amazonses.com`).
 
             <Frame caption="Example of adding a CNAME record in Route 53. Notice that AWS already appends the root domain (agentmail.cc) to the end of the name value!">
-              <img src="file:1913b0a8-b4bb-4368-b90d-4989059e598a" alt="AWS Route 53 Record Configuration" />
+              <img src="file:97040bb3-e526-420e-b804-9043ccec9a68" alt="AWS Route 53 Record Configuration" />
             </Frame>
 
             * **TXT (DMARC/SPF):**
@@ -2842,13 +2842,13 @@ Ngrok creates a secure tunnel from a public URL to your local development server
 
 Visit [ngrok.com](https://ngrok.com/) and click "Sign up" to create a free account.
 
-<img src="file:c15f82e4-27f6-4a70-ac26-add0b5b12db0" alt="Ngrok homepage" />
+<img src="file:cacdfa4e-696b-4485-8833-67280879d17d" alt="Ngrok homepage" />
 
 ### 1.2 Choose your platform and install
 
 After logging in, ngrok will guide you through the setup process. Select your operating system and follow the installation instructions.
 
-<img src="file:4a0b3ee3-7848-45d2-be50-2b5ff7c85295" alt="Ngrok setup instructions" />
+<img src="file:def52365-4003-4d3f-9b50-b9abb02ecd4b" alt="Ngrok setup instructions" />
 
 For macOS, you can install ngrok via Homebrew:
 
@@ -2894,7 +2894,7 @@ ngrok http 3000
 
 You should see output similar to this:
 
-<img src="file:8bcb8b41-cb1c-462c-8fe4-e9e6a1184d0b" alt="Ngrok terminal output" />
+<img src="file:2894d030-381a-4542-96a8-38db296ce8d5" alt="Ngrok terminal output" />
 
 Copy the **Forwarding URL** (e.g., `https://your-subdomain.ngrok-free.app`). This is the public URL that AgentMail will use to send webhooks.
 
@@ -2991,7 +2991,7 @@ python webhook_receiver.py
 
 Open your browser and visit `http://127.0.0.1:3000` to see the status page confirming your webhook receiver is running:
 
-<img src="file:ca0e6f7a-9ed4-4689-9508-7a56cef9eaf5" alt="Webhook receiver status page" />
+<img src="file:3615403f-ba34-4b46-8b25-c654950bca80" alt="Webhook receiver status page" />
 
 ## Testing Your Setup
 
@@ -3059,6 +3059,381 @@ For production deployments:
 </CardGroup>
 
 
+# WebSockets
+
+> Learn how to use WebSockets for instant email notifications without webhooks or polling.
+
+WebSockets provide a persistent, bidirectional connection to AgentMail for receiving email events in real-time. Unlike webhooks, WebSockets don't require a public URL or external tools like ngrok.
+
+## Why Use WebSockets?
+
+| Feature    | Webhook                     | WebSocket                |
+| ---------- | --------------------------- | ------------------------ |
+| Setup      | Requires public URL + ngrok | No external tools needed |
+| Connection | HTTP request per event      | Persistent connection    |
+| Direction  | AgentMail → Your server     | Bidirectional            |
+| Firewall   | Must expose port            | Outbound only            |
+| Latency    | HTTP round-trip             | Instant streaming        |
+
+***
+
+## Python SDK
+
+The Python SDK provides both synchronous and asynchronous WebSocket clients.
+
+### Async Usage
+
+```python
+import asyncio
+from agentmail import AsyncAgentMail, Subscribe, Subscribed, MessageReceivedEvent
+
+client = AsyncAgentMail(api_key="YOUR_API_KEY")
+
+async def main():
+    async with client.websockets.connect() as socket:
+        # Subscribe to inboxes
+        await socket.send_subscribe(Subscribe(inbox_ids=["agent@agentmail.to"]))
+
+        # Process events as they arrive
+        async for event in socket:
+            if isinstance(event, Subscribed):
+                print(f"Subscribed to: {event.inbox_ids}")
+            elif isinstance(event, MessageReceivedEvent):
+                print(f"New email from: {event.message.from_}")
+                print(f"Subject: {event.message.subject}")
+
+asyncio.run(main())
+```
+
+### Sync Usage
+
+```python
+from agentmail import AgentMail, Subscribe, Subscribed, MessageReceivedEvent
+
+client = AgentMail(api_key="YOUR_API_KEY")
+
+with client.websockets.connect() as socket:
+    # Subscribe to inboxes
+    socket.send_subscribe(Subscribe(inbox_ids=["agent@agentmail.to"]))
+
+    # Process events as they arrive
+    for event in socket:
+        if isinstance(event, Subscribed):
+            print(f"Subscribed to: {event.inbox_ids}")
+        elif isinstance(event, MessageReceivedEvent):
+            print(f"New email from: {event.message.from_}")
+            print(f"Subject: {event.message.subject}")
+```
+
+### Event Handler Pattern
+
+You can also use event handlers instead of iterating:
+
+```python
+import asyncio
+from agentmail import AsyncAgentMail, Subscribe, EventType
+
+client = AsyncAgentMail(api_key="YOUR_API_KEY")
+
+async def main():
+    async with client.websockets.connect() as socket:
+        # Register event handlers
+        socket.on(EventType.OPEN, lambda _: print("Connected"))
+        socket.on(EventType.MESSAGE, lambda msg: print("Received:", msg))
+        socket.on(EventType.CLOSE, lambda _: print("Disconnected"))
+        socket.on(EventType.ERROR, lambda err: print("Error:", err))
+
+        # Subscribe and start listening
+        await socket.send_subscribe(Subscribe(inbox_ids=["agent@agentmail.to"]))
+        await socket.start_listening()
+
+asyncio.run(main())
+```
+
+For sync usage with event handlers, run the listener in a background thread:
+
+```python
+import threading
+from agentmail import AgentMail, Subscribe, EventType
+
+client = AgentMail(api_key="YOUR_API_KEY")
+
+with client.websockets.connect() as socket:
+    socket.on(EventType.OPEN, lambda _: print("Connected"))
+    socket.on(EventType.MESSAGE, lambda msg: print("Received:", msg))
+    socket.on(EventType.CLOSE, lambda _: print("Disconnected"))
+    socket.on(EventType.ERROR, lambda err: print("Error:", err))
+
+    socket.send_subscribe(Subscribe(inbox_ids=["agent@agentmail.to"]))
+
+    # Start listening in background thread
+    listener = threading.Thread(target=socket.start_listening, daemon=True)
+    listener.start()
+    listener.join()
+```
+
+***
+
+## TypeScript SDK
+
+The TypeScript SDK provides a WebSocket client with automatic reconnection.
+
+### Basic Usage
+
+```typescript
+import { AgentMailClient, AgentMail } from "agentmail";
+
+const client = new AgentMailClient({
+  apiKey: process.env.AGENTMAIL_API_KEY,
+});
+
+async function main() {
+  const socket = await client.websockets.connect();
+
+  // Handle events
+  socket.on("open", () => {
+    console.log("Connected");
+
+    // Subscribe to inboxes after connection is open
+    socket.sendSubscribe({
+      type: "subscribe",
+      inboxIds: ["agent@agentmail.to"],
+    });
+  });
+
+  socket.on("message", (event: AgentMail.Subscribed | AgentMail.MessageReceivedEvent) => {
+    if (event.type === "subscribed") {
+      console.log("Subscribed to:", event.inboxIds);
+    } else if (event.type === "message_received") {
+      console.log("New email from:", event.message.from_);
+      console.log("Subject:", event.message.subject);
+    }
+  });
+
+  socket.on("close", (event) => {
+    console.log("Disconnected:", event.code, event.reason);
+  });
+
+  socket.on("error", (error) => {
+    console.error("Error:", error);
+  });
+}
+
+main();
+```
+
+### React/Next.js Usage
+
+Using the SDK with React:
+
+```typescript
+import { useEffect, useState } from "react";
+import { AgentMailClient, AgentMail } from "agentmail";
+
+function useAgentMailWebSocket(apiKey: string, inboxIds: string[]) {
+  const [lastMessage, setLastMessage] = useState<AgentMail.MessageReceivedEvent | null>(null);
+  const [isConnected, setIsConnected] = useState(false);
+
+  useEffect(() => {
+    const client = new AgentMailClient({ apiKey });
+
+    let socket: Awaited<ReturnType<typeof client.websockets.connect>>;
+
+    async function connect() {
+      socket = await client.websockets.connect();
+
+      socket.on("open", () => {
+        setIsConnected(true);
+        socket.sendSubscribe({
+          type: "subscribe",
+          inboxIds,
+        });
+      });
+
+      socket.on("message", (event) => {
+        if (event.type === "message_received") {
+          setLastMessage(event);
+        }
+      });
+
+      socket.on("close", () => setIsConnected(false));
+    }
+
+    connect();
+    return () => socket?.close();
+  }, [apiKey, inboxIds.join(",")]);
+
+  return { lastMessage, isConnected };
+}
+```
+
+***
+
+## Subscribe Options
+
+When subscribing to events, you can filter by inbox, pod, or event type:
+
+**Python:**
+
+```python
+from agentmail import Subscribe
+
+# Subscribe to specific inboxes
+Subscribe(inbox_ids=["inbox1@agentmail.to", "inbox2@agentmail.to"])
+
+# Subscribe to pods
+Subscribe(pod_ids=["pod-id-1", "pod-id-2"])
+
+# Subscribe to specific event types
+Subscribe(
+    inbox_ids=["agent@agentmail.to"],
+    event_types=["message.received", "message.sent"]
+)
+```
+
+**TypeScript:**
+
+```typescript
+// Subscribe to specific inboxes
+socket.sendSubscribe({
+  type: "subscribe",
+  inboxIds: ["inbox1@agentmail.to", "inbox2@agentmail.to"],
+});
+
+// Subscribe to pods
+socket.sendSubscribe({
+  type: "subscribe",
+  podIds: ["pod-id-1", "pod-id-2"],
+});
+
+// Subscribe to specific event types
+socket.sendSubscribe({
+  type: "subscribe",
+  inboxIds: ["agent@agentmail.to"],
+  eventTypes: ["message.received", "message.sent"],
+});
+```
+
+***
+
+## Event Types
+
+### Connection Events
+
+| Event        | Python       | TypeScript             | Description            |
+| ------------ | ------------ | ---------------------- | ---------------------- |
+| `subscribed` | `Subscribed` | `AgentMail.Subscribed` | Subscription confirmed |
+
+### Message Events
+
+| Event                | Python                   | TypeScript                         | Description          |
+| -------------------- | ------------------------ | ---------------------------------- | -------------------- |
+| `message_received`   | `MessageReceivedEvent`   | `AgentMail.MessageReceivedEvent`   | New email received   |
+| `message_sent`       | `MessageSentEvent`       | `AgentMail.MessageSentEvent`       | Email was sent       |
+| `message_delivered`  | `MessageDeliveredEvent`  | `AgentMail.MessageDeliveredEvent`  | Email was delivered  |
+| `message_bounced`    | `MessageBouncedEvent`    | `AgentMail.MessageBouncedEvent`    | Email bounced        |
+| `message_complained` | `MessageComplainedEvent` | `AgentMail.MessageComplainedEvent` | Email marked as spam |
+| `message_rejected`   | `MessageRejectedEvent`   | `AgentMail.MessageRejectedEvent`   | Email was rejected   |
+
+### Domain Events
+
+| Event             | Python                | TypeScript                      | Description                   |
+| ----------------- | --------------------- | ------------------------------- | ----------------------------- |
+| `domain_verified` | `DomainVerifiedEvent` | `AgentMail.DomainVerifiedEvent` | Domain verification completed |
+
+***
+
+## Message Properties
+
+The `event.message` object contains:
+
+| Python        | TypeScript    | Description                   |
+| ------------- | ------------- | ----------------------------- |
+| `inbox_id`    | `inboxId`     | Inbox that received the email |
+| `message_id`  | `messageId`   | Unique message ID             |
+| `thread_id`   | `threadId`    | Conversation thread ID        |
+| `from_`       | `from_`       | Sender email address          |
+| `to`          | `to`          | Recipients list               |
+| `subject`     | `subject`     | Subject line                  |
+| `text`        | `text`        | Plain text body               |
+| `html`        | `html`        | HTML body (if present)        |
+| `attachments` | `attachments` | List of attachments           |
+
+***
+
+## Error Handling
+
+**Python:**
+
+```python
+from agentmail import AsyncAgentMail, Subscribe, MessageReceivedEvent
+from agentmail.core.api_error import ApiError
+
+client = AsyncAgentMail(api_key="YOUR_API_KEY")
+
+async def main():
+    try:
+        async with client.websockets.connect() as socket:
+            await socket.send_subscribe(Subscribe(inbox_ids=["agent@agentmail.to"]))
+
+            async for event in socket:
+                if isinstance(event, MessageReceivedEvent):
+                    await process_email(event.message)
+
+    except ApiError as e:
+        print(f"API error: {e.status_code} - {e.body}")
+    except Exception as e:
+        print(f"Connection error: {e}")
+```
+
+**TypeScript:**
+
+```typescript
+import { AgentMailClient, AgentMail, AgentMailError } from "agentmail";
+
+const client = new AgentMailClient({
+  apiKey: process.env.AGENTMAIL_API_KEY,
+});
+
+async function main() {
+  try {
+    const socket = await client.websockets.connect();
+
+    socket.on("open", () => {
+      socket.sendSubscribe({
+        type: "subscribe",
+        inboxIds: ["agent@agentmail.to"],
+      });
+    });
+
+    socket.on("message", (event: AgentMail.MessageReceivedEvent) => {
+      if (event.type === "message_received") {
+        processEmail(event.message);
+      }
+    });
+
+    socket.on("error", (error) => {
+      console.error("WebSocket error:", error);
+    });
+
+    socket.on("close", (event) => {
+      console.log("Disconnected:", event.code, event.reason);
+    });
+  } catch (err) {
+    if (err instanceof AgentMailError) {
+      console.error(`API error: ${err.statusCode} - ${err.message}`);
+    } else {
+      console.error("Connection error:", err);
+    }
+  }
+}
+
+main();
+```
+
+***
+
+
 # Email Deliverability
 
 > Learn the strategies and best practices for maximizing your email deliverability with AgentMail.
@@ -3113,7 +3488,7 @@ How you send your emails is just as important as what you send. If you're sendin
     more natural to email providers. AgentMail's ability to create inboxes at
     scale makes this strategy easy to implement.
 
-    <img src="file:a620b6d7-d2f7-4925-94ce-afcd6fb2ff4c" alt="Diagram comparing one inbox sending 1000 emails vs. five inboxes sending 200 each." />
+    <img src="file:3af96ac6-1192-4d7c-9c5c-faefe4c6dc84" alt="Diagram comparing one inbox sending 1000 emails vs. five inboxes sending 200 each." />
   </Step>
 
   <Step title="Protect Your Reputation with Multiple Domains">
@@ -5132,7 +5507,7 @@ Done
 
 Go to your AgentMail inbox and filter by labels to organize your emails:
 
-<img src="file:2d19dca9-3d2a-43a1-a741-27bc0b88bc19" alt="Test image" />
+<img src="file:d68eacab-1cee-4bd4-96b5-0e2a1aed4774" alt="Test image" />
 
 **Filter by sentiment:**
 
@@ -5954,55 +6329,137 @@ We hope this provides a clear and transparent look into why these DNS records ar
 
 # SOC 2 Compliance
 
-> AgentMail's SOC 2 Type II certification and what it means for your data security
+> AgentMail's SOC 2 Type I achievement and Type II certification progress.
 
-AgentMail is **SOC 2 Type II certified**, demonstrating our commitment to maintaining the highest standards of security, availability, and confidentiality for your data.
+> AgentMail has **achieved SOC 2 Type I compliance** (July 2025) and is currently working toward **Type II certification** (target: Q1 2026).
+
+***
 
-<img src="file:7e299fb7-9841-4f90-a033-b5e4878067b1" alt="SOC 2 Type II Certified" />
+## Current Status
+
+<CardGroup cols={2}>
+  <Card title="Type I Achieved" icon="check-circle">
+    **Completed July 2025** - Controls properly designed and in place
+  </Card>
+
+  <Card title="Type II In Progress" icon="spinner">
+    **Target Q1 2026** - Demonstrating operational effectiveness over time
+  </Card>
+</CardGroup>
+
+### Compliance Timeline
+
+| Phase                          | Period              | Status      |
+| ------------------------------ | ------------------- | ----------- |
+| **Type I Preparation**         | June 2025           | Completed   |
+| **Type I Assessment**          | July 2025           | Completed   |
+| **Type II Observation Period** | Aug 2025 - Dec 2025 | In Progress |
+| **Type II Certification**      | Q1 2026             | Target      |
+
+***
 
 ## What is SOC 2?
 
-SOC 2 is a rigorous auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It evaluates how organizations manage customer data based on five principles:
+**SOC 2** is an attestation standard by **AICPA** (The American Institute of Certified Public Accountants) evaluating controls over:
 
-* **Security**: Protection against unauthorized access
-* **Availability**: Systems are operational and accessible as committed
-* **Processing Integrity**: Data processing is complete, accurate, and authorized
-* **Confidentiality**: Information designated as confidential is protected
-* **Privacy**: Personal information is collected, used, and retained appropriately
+1. **Security** - Protection against unauthorized access, both physical and logical
+2. **Availability** - System accessibility and operational performance as committed
+3. **Processing Integrity** - System processing is complete, valid, accurate, timely, and authorized
+4. **Confidentiality** - Information designated as confidential is protected
+5. **Privacy** - Personal information is collected, used, retained, disclosed, and disposed per privacy commitments
 
-## What does this mean for you?
+### Report Types
 
-When you use AgentMail, you can trust that:
+* **Type I**: Verifies that security controls are properly **designed** at a point in time.
+* **Type II**: Validates that controls **operate effectively** over a period (typically 6–12 months).
 
-<AccordionGroup>
-  <Accordion title="Your data is protected by enterprise-grade security">
-    We've implemented comprehensive security controls that have been
-    independently verified by third-party auditors. This includes access
-    controls, encryption, and continuous monitoring.
-  </Accordion>
+<Callout intent="success">
+  AgentMail's SOC 2 Type I report confirms that our security infrastructure is properly designed and implemented.
+</Callout>
 
-  <Accordion title="We follow industry best practices">
-    Our policies and procedures align with established security frameworks. We
-    don't just claim to be secure—we prove it through regular audits.
-  </Accordion>
+***
 
-  <Accordion title="Our controls are continuously monitored">
-    SOC 2 Type II certification means our controls were tested over an
-    observation period, not just at a single point in time. This demonstrates
-    consistent, ongoing compliance.
-  </Accordion>
-</AccordionGroup>
+## Security Controls Implemented
+
+The following controls have been audited and verified as part of our SOC 2 Type I compliance:
+
+### Access Control
+
+* Role-based access; **least privilege** enforced
+* **MFA** (Multi-Factor Authentication) for administrative access and sensitive operations
+* Quarterly access reviews and revocation upon role change
+
+### Encryption & Key Management
+
+* **TLS 1.2+** for all service/API communications
+* Data at rest encrypted using industry-standard ciphers
+* Centralized **KMS** (Key Management Service) for key generation, rotation, and revocation
+* **Encrypted point-in-time backups** with 30-day retention
+
+See [Security Overview](https://agentmail.to/security) for more details.
+
+### Email Authentication & Anti-Abuse
+
+* **SPF, DKIM, DMARC** configured across all sending domains
+* Real-time scanning of inbound/outbound messages for malware/phishing
+* IP-based **rate limiting** and behavioral abuse detection
+
+See [Email Protocols](https://docs.agentmail.to/email-protocols) for technical details.
+
+### Monitoring & Incident Response
+
+* Centralized logging and anomaly detection with alerting
+* Documented incident response process: detect → triage → contain → eradicate → recover → post-incident review
+* Responsible disclosure channel for external security researchers
+
+### Resilience, Backup & Recovery
+
+* Daily encrypted backups with **30-day retention**
+* Regular **restore tests** to validate RTO/RPO targets
+* Multi-AZ/high-availability architecture for critical components
 
-## Our Certifications
+***
+
+## SOC 2 Control Mapping
+
+| Control Area         | Implementation                                 | SOC 2 Criteria |
+| -------------------- | ---------------------------------------------- | -------------- |
+| Access Control       | RBAC, MFA, quarterly reviews                   | CC6.1–CC6.7    |
+| Encryption & KMS     | TLS 1.2+, at-rest encryption, key rotation     | CC6.8–CC6.9    |
+| Email Authentication | SPF/DKIM/DMARC, anti-abuse filters             | CC7.1–CC7.4    |
+| Threat Monitoring    | Centralized logs, alerts, malware scanning     | CC7.2–CC7.4    |
+| Backup & Recovery    | Daily backups, 30-day retention, restore tests | CC7.3          |
+| Incident Response    | Runbooks, post-mortems, disclosure program     | CC7.4–CC7.5    |
+| Workforce Security   | Security training, NDAs, background checks     | CC5.3–CC5.4    |
+
+> The above mappings reflect our audited Type I controls and are maintained during the Type II observation period.
+
+***
+
+## Type II Certification Progress
+
+AgentMail is currently in the **Type II observation period** (August 2025 - December 2025), during which an independent auditor is testing and validating that our security controls operate effectively over time.
 
-| Certification | Status      | Last Audit    |
-| ------------- | ----------- | ------------- |
-| SOC 2 Type I  | ✅ Compliant | —             |
-| SOC 2 Type II | ✅ Compliant | November 2025 |
+### What's Being Tested
 
-## Request Compliance Documentation
+* **Continuous Operation**: Controls function consistently without gaps
+* **Change Management**: Security maintained through system updates and changes
+* **Evidence Collection**: Logs, tickets, training records, access reviews
+* **Incident Handling**: Real-world response to security events (if any)
 
-Need our SOC 2 report for your vendor assessment? Contact our team at [founders@agentmail.cc](mailto:founders@agentmail.cc) to request access to our compliance documentation.
+### Expected Completion
+
+**Q1 2026** - Full SOC 2 Type II certification report from independent CPA firm
+
+Type II certification provides the highest level of assurance that AgentMail's security controls are not only well-designed but also operate effectively over time.
+
+***
+
+## Accessing SOC 2 Reports
+
+Organizations evaluating AgentMail can [request SOC 2 documentation](mailto:security@agentmail.to).
+
+***
 
 
 # API Welcome
@@ -7642,6 +8099,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -7698,6 +8159,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -8437,6 +8900,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -8476,6 +8943,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -8762,6 +9231,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -8818,6 +9291,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -9724,6 +10199,8 @@ components:
       $ref: '#/components/schemas/type_messages:Addresses'
     type_messages:SendMessageBcc:
       $ref: '#/components/schemas/type_messages:Addresses'
+    type_messages:ReplyAll:
+      type: boolean
     type_messages:MessageText:
       type: string
     type_messages:MessageHtml:
@@ -9766,6 +10243,8 @@ components:
           $ref: '#/components/schemas/type_messages:SendMessageCc'
         bcc:
           $ref: '#/components/schemas/type_messages:SendMessageBcc'
+        reply_all:
+          $ref: '#/components/schemas/type_messages:ReplyAll'
         text:
           $ref: '#/components/schemas/type_messages:MessageText'
         html:
@@ -9934,6 +10413,290 @@ let dataTask = session.dataTask(with: request as URLRequest, completionHandler:
 dataTask.resume()
 ```
 
+# Reply All Message
+
+POST https://api.agentmail.to/v0/inboxes/{inbox_id}/messages/{message_id}/reply-all
+Content-Type: application/json
+
+Reference: https://docs.agentmail.to/api-reference/inboxes/messages/reply-all
+
+## OpenAPI Specification
+
+```yaml
+openapi: 3.1.1
+info:
+  title: Reply All Message
+  version: endpoint_inboxes/messages.reply-all
+paths:
+  /v0/inboxes/{inbox_id}/messages/{message_id}/reply-all:
+    post:
+      operationId: reply-all
+      summary: Reply All Message
+      tags:
+        - - subpackage_inboxes
+          - subpackage_inboxes/messages
+      parameters:
+        - name: inbox_id
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_inboxes:InboxId'
+        - name: message_id
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_messages:MessageId'
+        - name: Authorization
+          in: header
+          description: >-
+            Bearer authentication of the form `Bearer <token>`, where token is
+            your auth token.
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Response with status 200
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_messages:SendMessageResponse'
+        '400':
+          description: Error response with status 400
+          content: {}
+        '403':
+          description: Error response with status 403
+          content: {}
+        '404':
+          description: Error response with status 404
+          content: {}
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/type_messages:ReplyAllMessageRequest'
+components:
+  schemas:
+    type_inboxes:InboxId:
+      type: string
+    type_messages:MessageId:
+      type: string
+    type_messages:MessageLabels:
+      type: array
+      items:
+        type: string
+    type_messages:Addresses:
+      oneOf:
+        - type: string
+        - type: array
+          items:
+            type: string
+    type_messages:SendMessageReplyTo:
+      $ref: '#/components/schemas/type_messages:Addresses'
+    type_messages:MessageText:
+      type: string
+    type_messages:MessageHtml:
+      type: string
+    type_attachments:AttachmentFilename:
+      type: string
+    type_attachments:AttachmentContentType:
+      type: string
+    type_attachments:AttachmentContent:
+      type: string
+    type_attachments:SendAttachment:
+      type: object
+      properties:
+        filename:
+          $ref: '#/components/schemas/type_attachments:AttachmentFilename'
+        content_type:
+          $ref: '#/components/schemas/type_attachments:AttachmentContentType'
+        content:
+          $ref: '#/components/schemas/type_attachments:AttachmentContent'
+      required:
+        - content
+    type_messages:SendMessageAttachments:
+      type: array
+      items:
+        $ref: '#/components/schemas/type_attachments:SendAttachment'
+    type_messages:SendMessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
+    type_messages:ReplyAllMessageRequest:
+      type: object
+      properties:
+        labels:
+          $ref: '#/components/schemas/type_messages:MessageLabels'
+        reply_to:
+          $ref: '#/components/schemas/type_messages:SendMessageReplyTo'
+        text:
+          $ref: '#/components/schemas/type_messages:MessageText'
+        html:
+          $ref: '#/components/schemas/type_messages:MessageHtml'
+        attachments:
+          $ref: '#/components/schemas/type_messages:SendMessageAttachments'
+        headers:
+          $ref: '#/components/schemas/type_messages:SendMessageHeaders'
+    type_threads:ThreadId:
+      type: string
+    type_messages:SendMessageResponse:
+      type: object
+      properties:
+        message_id:
+          $ref: '#/components/schemas/type_messages:MessageId'
+        thread_id:
+          $ref: '#/components/schemas/type_threads:ThreadId'
+      required:
+        - message_id
+        - thread_id
+
+```
+
+## SDK Code Examples
+
+```typescript
+import { AgentMailClient } from "agentmail";
+
+async function main() {
+    const client = new AgentMailClient({
+        environment: "https://api.agentmail.to",
+        apiKey: "YOUR_TOKEN_HERE",
+    });
+    await client.inboxes.messages.replyAll("inbox_id", "message_id", {});
+}
+main();
+
+```
+
+```python
+from agentmail import AgentMail
+
+client = AgentMail(
+    base_url="https://api.agentmail.to",
+    api_key="YOUR_TOKEN_HERE"
+)
+
+client.inboxes.messages.reply_all(
+    inbox_id="inbox_id",
+    message_id="message_id"
+)
+
+```
+
+```go
+package main
+
+import (
+	"fmt"
+	"strings"
+	"net/http"
+	"io"
+)
+
+func main() {
+
+	url := "https://api.agentmail.to/v0/inboxes/inbox_id/messages/message_id/reply-all"
+
+	payload := strings.NewReader("{}")
+
+	req, _ := http.NewRequest("POST", url, payload)
+
+	req.Header.Add("Authorization", "Bearer <api_key>")
+	req.Header.Add("Content-Type", "application/json")
+
+	res, _ := http.DefaultClient.Do(req)
+
+	defer res.Body.Close()
+	body, _ := io.ReadAll(res.Body)
+
+	fmt.Println(res)
+	fmt.Println(string(body))
+
+}
+```
+
+```ruby
+require 'uri'
+require 'net/http'
+
+url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/messages/message_id/reply-all")
+
+http = Net::HTTP.new(url.host, url.port)
+http.use_ssl = true
+
+request = Net::HTTP::Post.new(url)
+request["Authorization"] = 'Bearer <api_key>'
+request["Content-Type"] = 'application/json'
+request.body = "{}"
+
+response = http.request(request)
+puts response.read_body
+```
+
+```java
+HttpResponse<String> response = Unirest.post("https://api.agentmail.to/v0/inboxes/inbox_id/messages/message_id/reply-all")
+  .header("Authorization", "Bearer <api_key>")
+  .header("Content-Type", "application/json")
+  .body("{}")
+  .asString();
+```
+
+```php
+<?php
+
+$client = new \GuzzleHttp\Client();
+
+$response = $client->request('POST', 'https://api.agentmail.to/v0/inboxes/inbox_id/messages/message_id/reply-all', [
+  'body' => '{}',
+  'headers' => [
+    'Authorization' => 'Bearer <api_key>',
+    'Content-Type' => 'application/json',
+  ],
+]);
+
+echo $response->getBody();
+```
+
+```csharp
+var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/messages/message_id/reply-all");
+var request = new RestRequest(Method.POST);
+request.AddHeader("Authorization", "Bearer <api_key>");
+request.AddHeader("Content-Type", "application/json");
+request.AddParameter("application/json", "{}", ParameterType.RequestBody);
+IRestResponse response = client.Execute(request);
+```
+
+```swift
+import Foundation
+
+let headers = [
+  "Authorization": "Bearer <api_key>",
+  "Content-Type": "application/json"
+]
+let parameters = [] as [String : Any]
+
+let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
+
+let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/messages/message_id/reply-all")! as URL,
+                                        cachePolicy: .useProtocolCachePolicy,
+                                    timeoutInterval: 10.0)
+request.httpMethod = "POST"
+request.allHTTPHeaderFields = headers
+request.httpBody = postData as Data
+
+let session = URLSession.shared
+let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
+  if (error != nil) {
+    print(error as Any)
+  } else {
+    let httpResponse = response as? HTTPURLResponse
+    print(httpResponse)
+  }
+})
+
+dataTask.resume()
+```
+
 # Update Message
 
 PATCH https://api.agentmail.to/v0/inboxes/{inbox_id}/messages/{message_id}
@@ -10080,6 +10843,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -10136,6 +10903,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -12888,6 +13657,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -12944,6 +13717,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -16350,6 +17125,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -16406,6 +17185,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -17487,6 +18268,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -17543,6 +18328,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at:
@@ -21208,6 +21995,10 @@ components:
       type: array
       items:
         type: string
+    type_messages:MessageHeaders:
+      type: object
+      additionalProperties:
+        type: string
     type_messages:MessageSize:
       type: integer
     type_messages:MessageUpdatedAt:
@@ -21264,6 +22055,8 @@ components:
           $ref: '#/components/schemas/type_messages:MessageInReplyTo'
         references:
           $ref: '#/components/schemas/type_messages:MessageReferences'
+        headers:
+          $ref: '#/components/schemas/type_messages:MessageHeaders'
         size:
           $ref: '#/components/schemas/type_messages:MessageSize'
         updated_at: