§ For agents · Email-flow monitoring

Give your monitor a real inbox.

Production SaaS flows still depend on email: magic links, OTPs, signup confirmations, billing receipts, incident alerts, and round-trip delivery. AgentDraft mailboxes make those paths testable by an agent or monitor without handing it a human inbox.

First-party proof: Nightlamp uses AgentDraft mailboxes as the backend for email-flow monitors. A monitor triggers the product flow, waits for mail in AgentDraft, asserts deliverability facts, and can follow captured magic links while redacting bearer credentials from stored history.

Create a mailbox → Read the Nightlamp guide →

Updated June 8, 2026

§ 01Why this exists

HTTP uptime checks only prove a route returned. They do not prove the email left your app, reached a real mailbox, passed authentication, or carried a usable one-time credential. A dedicated AgentDraft inbox gives the monitor something production-like to receive into, while keeping synthetic credentials out of employee mailboxes.

This is a different job from a personal AI inbox. The mailbox is infrastructure: addressable, pollable, webhookable, DKIM-aware, and easy to isolate per app, workspace, monitor, or run.

§ 02The monitor loop

Trigger

Call the product endpoint, submit a form, or send a seed message that should produce mail.

Wait

Poll a real AgentDraft mailbox created for the synthetic run, scoped to messages after the run start.

Assert

Check subject/body predicates, OTP or link presence, sender identity, SPF, DKIM, and DMARC facts.

Follow

For magic-link flows, visit an allowlisted captured link and verify the downstream response.

{
  "name": "signup confirmation email",
  "check_type": "email_flow",
  "interval_seconds": 300,
  "steps": [
    {
      "name": "trigger signup",
      "type": "http",
      "method": "POST",
      "url": "https://api.example.com/auth/signup",
      "json": { "email": "{{inbox}}" },
      "expect_status": 201
    },
    {
      "name": "wait for confirmation",
      "type": "agentdraft_email",
      "recipient": "{{inbox}}",
      "subject_contains": "Confirm",
      "require_spf": true,
      "require_dkim": true,
      "capture": { "name": "magic_link", "kind": "link" }
    },
    {
      "name": "follow magic link",
      "type": "http",
      "method": "GET",
      "url": "{{magic_link}}",
      "expect_status_any_of": [200, 302]
    }
  ]
}

§ 03Where AgentDraft fits

Need	AgentDraft primitive	Why it matters for QA
Receive product email	agent mailbox	A real address the app can send to, separate from staff inboxes and disposable aliases.
React when mail lands	mailbox.inbound	Webhookable message events let the monitor avoid blind polling when it wants push semantics.
Check authentication	SPF/DKIM/DMARC facts	Deliverability assertions catch broken DNS, signer, and sender changes before users do.
Trace failures	audit log	The run can point to message receipt, reply, or webhook evidence instead of a vague timeout.

First-party deployment

Nightlamp monitors the paths that break quietly.

Nightlamp connects one AgentDraft mailbox per workspace, then uses it for incident alert delivery and email-dependent checks: magic-link login, OTP login, signup confirmation, round-trip delivery, and longer stateful account journeys. That is the exact production pattern this page describes.

§ 04Build the same pattern

Create an AgentDraft key with mailbox read/write scope for the monitor workspace.
Route synthetic email addresses to a dedicated AgentDraft mailbox; do not reuse employee mailboxes for bearer-token flows.
Match only messages created after the current run starts, then assert subject, sender, SPF/DKIM/DMARC, OTP presence, or allowlisted link host.
Redact raw OTPs, magic links, cookies, and bearer tokens from stored run history; store derived facts and short previews instead.
Subscribe to mailbox webhooks when push is cleaner than polling.

§ 05

Frequently asked

Is this only for Nightlamp?

No. Nightlamp is the first-party proof point. The pattern works for any synthetic monitor, QA harness, agent workflow, or lifecycle test that needs to receive and inspect production-like email.

Why not use a disposable email API?

Disposable mailboxes are fine for throwaway tests. AgentDraft is built for agent operations: durable mailbox identity, structured events, signed outbound mail, webhooks, and the same audit trail used by scheduling actions.

Can the same mailbox send replies?

Yes. A monitor can receive a message, assert on it, and send a round-trip reply from the same mailbox. Outbound mail is DKIM-signed and can be observed through mailbox events.