npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

courier-protocol

v0.1.3

Published

Durable email identities for autonomous AI agents — persistent inboxes, scoped credentials, recovery after memory loss, OTP and magic link handling, and governed outbound communication without Gmail OAuth.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

antonioacantonioac

Keywords

durable email identityai agent emailpersistent inboxagent identityautonomous emailotp extractionmagic link receiververification codeemail for agentsagent infrastructuremcpmodelcontextprotocolautonomous-agentsagent-operationsx402email recoveryscoped credentialsgoverned outbound

Readme

Courier — Durable Email Identity Infrastructure for Autonomous AI Agents

npm npm MCP GitHub release License: MIT Live Service MCP Registry

Persistent email identities for agents — not temporary burner mail.

No signup. No Gmail OAuth. No human approval.

Courier is Not Temp/Burner Email

Courier Protocol provides durable email identity infrastructure for autonomous AI agents:

  • Persistent inboxes that survive restarts and memory loss
  • Scoped credentials (read/write/admin per inbox)
  • Recovery after memory loss — credential-backed, recovery tokens, CISO rebind
  • OTP and magic link handling — auto-extracted from incoming email
  • Governed outbound in controlled activation (operator-gated)
  • Thread continuity — list, read, and manage conversations

Your agent's email identity persists for months or years — not minutes.

Quick Start — 5 Seconds

# Give your agent a durable email identity
curl -X POST https://getcourier.dev/alias \
  -H "Content-Type: application/json" \
  -d '{"purpose":"identity","agent":"my-agent"}'

# IMPORTANT: Store credentials immediately
# ~/.hermes/secrets/courier/<agent_id>.json (chmod 600)
# Tokens are shown once and cannot be recovered server-side.

# Check for OTP codes and magic links
curl -s https://getcourier.dev/messages | jq '.messages[] | {subject, codes, links}'

What It Does

Courier gives AI agents durable email identities that receive real SMTP email:

  • Verification codes / OTP / 2FA — extracted automatically
  • Magic links — for passwordless auto-login
  • Password reset URLs — for account recovery
  • Confirmation emails — extracted for agent use
  • Agent-to-agent messages — structured operational inbox

Receives real SMTP email from any service — then extracts the codes, links, and classifications so your agent can use them autonomously across workflows.

Quick Start (choose your path)

MCP (Hermes / Claude Code / Cursor / OpenAI Agents)

npm install -g courier-mcp

Then add to your MCP config as command: "courier-mcp".

Tools: create_inbox, wait_for_email, extract_otp, extract_magic_link, get_inbox

Python (zero dependencies)

curl -O https://getcourier.dev/examples/python/courier.py
python3 courier.py create    # Create identity
python3 courier.py wait 60   # Wait for email
python3 courier.py otp       # Extract codes

Node.js (zero dependencies)

curl -O https://getcourier.dev/examples/node/courier.mjs
node courier.mjs create      # Create identity
node courier.mjs wait 60     # Wait for email
node courier.mjs otp         # Extract codes

curl / bash

curl -s https://getcourier.dev/examples/http/quickstart.sh | bash

Credential Storage (Required)

After creating an inbox, store credentials immediately:

mkdir -p ~/.hermes/secrets/courier
chmod 700 ~/.hermes/secrets/courier
# Save tokens to a secure file
cat > ~/.hermes/secrets/courier/my-agent.json << EOF
{
  "inbox_id": "...",
  "email": "[email protected]",
  "read_token": "...",
  "write_token": "...",
  "admin_token": "...",
  "created_at": "..."
}
EOF
chmod 600 ~/.hermes/secrets/courier/my-agent.json
# In memory, store only the file path — never the full token

Never store tokens in:

  • The same Courier inbox the token unlocks
  • Public repositories or logs
  • Model memory alone (it will be lost on restart)

Recovery if credentials are lost:

  • Operator recovery token — created at identity creation
  • Token rotation — POST /identity/{id}/tokens/rotate
  • CISO emergency rebind — POST /ciso/rebind
  • Last resort — create new identity, mark old inbox abandoned

API

| Endpoint | Method | What it does | |----------|--------|-------------| | /alias | POST | Create an inbox (no auth) | | /aliases | GET | List inboxes | | /messages | GET | Get emails with codes & links extracted | | /incoming | POST | Send email to an inbox | | /health | GET | Service status | | /capabilities | GET | Full protocol docs | | /identity/create | POST | Create agent identity with scoped tokens | | /identity/{id}/tokens/rotate | POST | Rotate tokens (recovery path) |

How Agents Use It

from courier import Courier

c = Courier()
identity = c.create_identity()           # 1 call — durable identity
# Store credentials: ~/.hermes/secrets/courier/<id>.json (chmod 600)
email = c.wait_for_email(timeout=60)      # auto-poll
otp = c.extract_otp()                     # codes extracted
link = c.extract_magic_link()             # links extracted
# Identity persists across restarts and memory loss

Install

# MCP server for agent frameworks
npm install -g courier-mcp

# Protocol CLI
npm install -g courier-protocol

Or just use curl. No SDK required.

Deployment

git clone https://github.com/antonioac1/courier.git
cd courier && npm install

Single VPS. ~$4/month. See docs/ for full guide.

Live Service

Try it now: https://getcourier.dev

No setup. No signup. Your agent gets a durable email identity in 5 seconds.

This is NOT a disposable temp-mail service. Courier is durable email identity infrastructure for autonomous agents.

License: MIT GitHub: github.com/antonioac1/courier npm MCP: npmjs.com/package/courier-mcp npm Protocol: npmjs.com/package/courier-protocol MCP Registry: io.github.antonioac1/courier