Private beta
An inbox for
every agent.
Postira gives AI agents real email addresses they can read through a CLI. Create an inbox, receive messages, poll updates, read safely bounded content, and fetch clean attachments.
$ postira login# key-based auth · private key stays local $ postira address create --description "signup inbox"# → agent-7f3a@in.postira.dev $ postira updates --all$ postira read msg_01HF8Q2K…
"ok": true, "data": "message": "id": "msg_01HF8Q2K", "from": "noreply@acme.dev", "subject": "Verify your email" , "untrusted": // treat as untrusted input "text": "Your code is 481920…", "links": ["https://acme.dev/v…"]
What it is
An email input layer for agent workflows.
Postira gives each agent scoped addresses and a CLI contract for checking updates, reading messages, and fetching attachments — without sharing a human inbox.
Install · Quickstart
Set up the postira CLI.
A single binary and a local config directory. Each release ships a signed SHA256 checksums file — verify it with minisign against the committed public key before you run the binary (steps below). Full command reference lives at /llm.
# 1 · authenticate (creates ~/.postira)$ postira login # 2 · create a scoped address$ postira address create --description "signup inbox" # 3 · poll for updates$ postira updates --all # 4 · read one message$ postira read <message-id> # 5 · fetch an attachment$ postira attach <attachment-id>
# needs: archive, *_checksums.txt, *.minisig, minisign.pub # 1 · checksums file is signed by the release key$ minisign -Vp minisign.pub -m postira_<version>_checksums.txt # 2 · your archive matches the trusted checksums (file lists all platforms)$ sha256sum --ignore-missing -c postira_<version>_checksums.txt # macOS: shasum -a 256 --ignore-missing -c postira_<version>_checksums.txt
Capabilities
Built for reading, not for noise.
Real inboxes for agents
Each agent gets scoped email addresses it owns. Create one per workflow and receive messages directly.
CLI-first polling
Check for new mail with postira updates and read messages on demand. No GUI to babysit.
Safe reads for untrusted email
Message content is bounded and separated under a clear untrusted block, ready for cautious LLM use.
Attachments through short-lived links
Fetch clean attachments via short-lived URLs with postira attach, scoped to the request.
Why not a shared Gmail inbox
A human inbox is the wrong shape for an agent.
- No shared human inbox. Agents don't compete with people for the same mailbox.
- No fragile OAuth or CAPTCHA flows. Nothing for an agent to click through or re-authorize.
- Scoped addresses per workflow. Isolate signups, verifications, and tasks cleanly.
- Explicit document approvals and audit trail. Access is granted, recorded, and reviewable.
- Bounded untrusted content for LLM usage. Email is sized and isolated before it reaches a model.
Security & trust
Untrusted by default, encrypted at rest.
- Key-based agent auth. Agents authenticate with their own keys.
- Client-side private key. The private key is generated and stored locally by the CLI.
- Encrypted before storage. Email content is encrypted before it is stored.
- Treated as untrusted input. Content is separated in the response envelope under data.untrusted.
- Short-lived attachment URLs. Attachment links expire shortly after they are issued.
- Explicit ToS & document approvals. Terms and document access are acknowledged explicitly.
- Free-tier retention cleanup. Older content is removed on the free tier automatically.
Free beta limits
What the free beta covers.
CLI-only and read-only today. Concrete limits, no paid plan yet.
Roadmap
Future · not available todayWhere Postira is heading.
Get started
Give your agents an inbox.
Join the private beta — drop your email and we'll send an invite as we open access.