Skip to content

Releases: Mnexa-AI/e2a

v1.0.8

Choose a tag to compare

@jiashuoz jiashuoz released this 30 Jun 22:14
05dd25e

Highlights

Tooling, SDK, and plugin release ahead of the v1 launch. No server runtime behavior change out of the box — the hosted-service images move forward with docs/web polish and a plugin MCP-wiring fix.

Features

  • feat(sdk): request timeout config on the TS + Python E2AClient (#338)
  • feat(plugin): multi-client manifests + CI validation gate + install docs (#336)
  • feat(agentify): autonomous-repo feedback-loop framework + /agentify deploy skill + submit_feedback addon (#344)
  • feat: add @e2a/ui (Loft) design-system package as a workspace (#333)
  • feat(piguard-eval): --dump-segments to emit the canonical detector input (#343)

Fixes

  • fix(ci): make plugins/e2a/.mcp.json optional in the plugin validator (#341)
  • v1 launch prep: docs & web polish + plugin MCP wiring fix (#342)

Docs & chores

  • docs(skill): add "Integrating e2a into software" section (#337)
  • docs(mcp): default claude mcp add to user (global) scope (#339)
  • chore(plugin): tidy e2a plugin manifest + skill frontmatter (#335)
  • ci: bump docker/metadata-action from 5 to 6 (#332)

Full changelog: v1.0.7...v1.0.8

v1.0.7

Choose a tag to compare

@jiashuoz jiashuoz released this 27 Jun 05:48
2de39cb

Highlights

Maintenance release: two bug fixes plus an opt-in content-scan flag. No behavior changes out of the box.

Fixes

  • fix(outbound): auto-generate conversation_id so replies thread correctly (#328, #331)
  • fix(httpapi): reject malformed-base64 attachments with 400 instead of 500 (#329)

Features

  • feat(piguard): content scan is now gated behind E2A_CONTENT_SCAN_ENABLED (default off) (#330)

Full changelog: v1.0.6...v1.0.7

v1.0.6

Choose a tag to compare

@jiashuoz jiashuoz released this 27 Jun 00:23
bc8ce1b

Highlights

Breaking — email.received is now a metadata-only notification (#321)

email.received no longer embeds the message body (raw_message) or the raw auth_headers blob. Subscribers now fetch the full message (body + attachments + signed headers) from GET /v1/agents/{recipient}/messages/{message_id} using the message_id + recipient in the event — the same notify→fetch model client.listen() already uses. The raw auth_headers blob is replaced by a structured auth verdict ({spf, dkim, dmarc}, same shape as MessageView.auth) so agents keep their trust-decision input inline.

Why: bounds the webhook fan-out payload (no raw MIME / attachments amplified across N subscribers × retries) and stops shipping full message PII to every subscriber. Migrate any email.received consumer that read raw_message/auth_headers to the fetch model (auth is available inline).

Features & improvements

  • Envelope-encrypt DKIM private keys at rest (#322) — per-domain DKIM signing keys are now encrypted in the database.
  • Per-axis SES sending status (#309) — domains report which DNS record (DKIM vs MAIL FROM) still needs fixing, instead of an all-or-nothing rollup.
  • verify_domain detects a truncated/mismatched DKIM record (#312) — a clipped DKIM TXT now reports dkim: "mismatch" (distinct from missing) with a "re-publish the full value" hint, so it can't silently leave a domain stuck pending.
  • Forwarding carries the original message's attachments by default (#314).

Fixes

  • Inbound gate fails closed for shared-relay senders (#316, #299) — security hardening of the inbound authentication gate.
  • HTTP MCP server is now stateless (#317).
  • Events API gated on the outbox flag — returns 501 when disabled (#315).
  • SDK version-skew guardrails in CI (@e2a/sdk@4.0.0) (#310).
  • HITL approval buttons stack on mobile so they render correctly (#313).
  • Web: wrap long DNS/identity values so records & chips don't overflow (#311); stop overlaying the SPF probe onto the ownership DNS row (6ddd35c).

Docs

  • Webhook examples aligned with the metadata-only email.received (#323).
  • Documented the inbound gate's From-authentication limitation (#318, #320).

Full changelog: v1.0.5...v1.0.6

v1.0.5

Choose a tag to compare

@jiashuoz jiashuoz released this 26 Jun 05:33
12245d6

Highlights

Breaking — domain DNS records unified (#304)

GET/POST /v1/domains now returns one purpose-tagged dns_records array (each record has type, name, value, priority, purpose, status), replacing the old dns_records.{mx,txt,dkim} object + the separate sending_dns_records array. The MAIL FROM records are returned in the same array at registration when the sending feature is enabled, and every record carries a per-record status. purpose/status are open sets — tolerate unknown values.

  • SDKs bumped to 4.0.0 (@e2a/sdk@4.0.0 on npm, e2a 4.0.0 on PyPI). DomainView consumers must address records by purpose instead of dns_records.mx/.txt/.dkim.
  • Verification now requires the inbound MX (was ownership-TXT only), so inbound_mx.status: "verified" is honest and verified truly means the domain can receive mail.

Other

  • Signed pagination cursors (HMAC) — list cursors are now tamper-evident (#302).
  • Web: render inbound + outbound email bodies as HTML (#307); light/dark/system theme toggle in the sidebar (#306).
  • Internal: piguard-eval offline evaluation harness (#305).

Full diff: v1.0.4...v1.0.5

v1.0.0 — Stable GA

Choose a tag to compare

@jiashuoz jiashuoz released this 25 Jun 01:37
65d02e6

e2a v1.0.0 is the first generally-available release. The /v1 HTTP API is now a stable, frozen contract.

What GA means

  • No breaking changes within /v1 — endpoints, fields, and semantics are stable. Anything that must change goes to a future /v2 with a migration window.
  • Forward-compatible by design — response enums (event types, delivery/review status, etc.) are open: new values can be added without breaking strict clients. Clients must tolerate unknown values. See the versioning & stability policy.
  • One consistent error envelope, cursor pagination on every list, idempotency keys on unsafe mutations, and GET /v1/info for version/capability discovery.

Surface

Authenticated email for AI agents: SPF/DKIM-verified inbound mail, HMAC-signed delivery, webhook + WebSocket fan-out, a HITL review queue (/v1/reviews), domain sending identities, and per-account suppression.

Clients

  • Hosted API: https://api.e2a.dev
  • TypeScript SDK @e2a/sdk 3.0.0 · Python SDK e2a 3.0.0 (SDK majors version independently of the API; both target API v1)
  • CLI @e2a/cli 1.5.0 · MCP https://api.e2a.dev/mcp

Security hardening in this release

  • Per-IP rate limiters key only on the edge-set client IP (no X-Forwarded-For spoofing).
  • Outbound SMTP enforces TLS in production; PLAIN auth is never sent over cleartext.

Self-hosting runs the same ghcr.io/mnexa-ai/e2a:1.0.0 image (cosign-signed); convenience features on the hosted side are config + DNS, not closed-source.

v0.2.0 — first public release

Choose a tag to compare

@jiashuoz jiashuoz released this 26 Apr 02:52
eb2bea4

e2a is an authenticated email gateway for AI agents — SPF/DKIM-verified inbound mail, HMAC-signed delivery, webhook + WebSocket fan-out, with a CLI, TypeScript and Python SDKs, and a Next.js dashboard. v0.2.0 is the first public release.

Try it

docker run -d --name e2a-pg -p 5433:5432 -e POSTGRES_USER=e2a -e POSTGRES_PASSWORD=e2a -e POSTGRES_DB=e2a postgres:16-alpine
docker run -d --name e2a -p 8080:8080 -p 2525:2525 \
  -e E2A_DATABASE_URL=postgres://e2a:e2a@host.docker.internal:5433/e2a?sslmode=disable \
  -e E2A_HMAC_SECRET=$(openssl rand -hex 32) \
  ghcr.io/mnexa-ai/e2a:0.2.0

Or git clone https://github.com/Mnexa-AI/e2a && cp .env.example .env && make docker-up. Full quickstart in the README.

What's in this release

Self-hostable end-to-end. Pick a shared mail domain (or skip it and use per-user custom domains), point DNS, set E2A_SHARED_DOMAIN, and the server seeds the FK-target row at startup — no manual SQL. Operator setup walkthrough is in the README.

Multi-arch signed Docker images. linux/amd64 + linux/arm64, both server and web dashboard, Sigstore keyless-signed via OIDC, SBOM + provenance attestations attached. Available as ghcr.io/mnexa-ai/e2a:0.2.0 / :latest and ghcr.io/mnexa-ai/e2a-web:0.2.0 / :latest.

Dashboard. Sign in with Google, browse messages, manage agents and domains, configure HITL, and now: a Settings page with profile, data export (GDPR Art. 15), and account deletion (Art. 17).

SDKs and CLI.

  • TypeScript SDK @e2a/sdk and CLI @e2a/cli on npm, Apache-2.0
  • Python SDK e2a on PyPI, Apache-2.0
  • All three auto-discover shared_domain from the deployment via GET /api/v1/info, so end-users only need to know the API URL.

Claude Code skill at skills/SKILL.md — drop into ~/.claude/skills/ to give Claude end-to-end agent-creation help against your deployment.

Limitations

Verify the image

cosign verify ghcr.io/mnexa-ai/e2a:0.2.0 \
  --certificate-identity-regexp="^https://github.com/Mnexa-AI/e2a/" \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

License: Apache-2.0. Issues & PRs welcome.