Releases: Mnexa-AI/e2a
Release list
v1.0.8
Highlights
Tooling, SDK, and plugin release ahead of the v1 launch. No server runtime behavior change out of the box — the hosted-service images move forward with docs/web polish and a plugin MCP-wiring fix.
Features
- feat(sdk): request timeout config on the TS + Python
E2AClient(#338) - feat(plugin): multi-client manifests + CI validation gate + install docs (#336)
- feat(agentify): autonomous-repo feedback-loop framework +
/agentifydeploy skill +submit_feedbackaddon (#344) - feat: add
@e2a/ui(Loft) design-system package as a workspace (#333) - feat(piguard-eval):
--dump-segmentsto emit the canonical detector input (#343)
Fixes
- fix(ci): make
plugins/e2a/.mcp.jsonoptional in the plugin validator (#341) - v1 launch prep: docs & web polish + plugin MCP wiring fix (#342)
Docs & chores
- docs(skill): add "Integrating e2a into software" section (#337)
- docs(mcp): default
claude mcp addto user (global) scope (#339) - chore(plugin): tidy e2a plugin manifest + skill frontmatter (#335)
- ci: bump
docker/metadata-actionfrom 5 to 6 (#332)
Full changelog: v1.0.7...v1.0.8
v1.0.7
Highlights
Maintenance release: two bug fixes plus an opt-in content-scan flag. No behavior changes out of the box.
Fixes
- fix(outbound): auto-generate
conversation_idso replies thread correctly (#328, #331) - fix(httpapi): reject malformed-base64 attachments with
400instead of500(#329)
Features
- feat(piguard): content scan is now gated behind
E2A_CONTENT_SCAN_ENABLED(default off) (#330)
Full changelog: v1.0.6...v1.0.7
v1.0.6
Highlights
Breaking — email.received is now a metadata-only notification (#321)
email.received no longer embeds the message body (raw_message) or the raw auth_headers blob. Subscribers now fetch the full message (body + attachments + signed headers) from GET /v1/agents/{recipient}/messages/{message_id} using the message_id + recipient in the event — the same notify→fetch model client.listen() already uses. The raw auth_headers blob is replaced by a structured auth verdict ({spf, dkim, dmarc}, same shape as MessageView.auth) so agents keep their trust-decision input inline.
Why: bounds the webhook fan-out payload (no raw MIME / attachments amplified across N subscribers × retries) and stops shipping full message PII to every subscriber. Migrate any email.received consumer that read raw_message/auth_headers to the fetch model (auth is available inline).
Features & improvements
- Envelope-encrypt DKIM private keys at rest (#322) — per-domain DKIM signing keys are now encrypted in the database.
- Per-axis SES sending status (#309) — domains report which DNS record (DKIM vs MAIL FROM) still needs fixing, instead of an all-or-nothing rollup.
verify_domaindetects a truncated/mismatched DKIM record (#312) — a clipped DKIM TXT now reportsdkim: "mismatch"(distinct frommissing) with a "re-publish the full value" hint, so it can't silently leave a domain stuckpending.- Forwarding carries the original message's attachments by default (#314).
Fixes
- Inbound gate fails closed for shared-relay senders (#316, #299) — security hardening of the inbound authentication gate.
- HTTP MCP server is now stateless (#317).
- Events API gated on the outbox flag — returns
501when disabled (#315). - SDK version-skew guardrails in CI (
@e2a/sdk@4.0.0) (#310). - HITL approval buttons stack on mobile so they render correctly (#313).
- Web: wrap long DNS/identity values so records & chips don't overflow (#311); stop overlaying the SPF probe onto the ownership DNS row (6ddd35c).
Docs
- Webhook examples aligned with the metadata-only
email.received(#323). - Documented the inbound gate's From-authentication limitation (#318, #320).
Full changelog: v1.0.5...v1.0.6
v1.0.5
Highlights
Breaking — domain DNS records unified (#304)
GET/POST /v1/domains now returns one purpose-tagged dns_records array (each record has type, name, value, priority, purpose, status), replacing the old dns_records.{mx,txt,dkim} object + the separate sending_dns_records array. The MAIL FROM records are returned in the same array at registration when the sending feature is enabled, and every record carries a per-record status. purpose/status are open sets — tolerate unknown values.
- SDKs bumped to 4.0.0 (
@e2a/sdk@4.0.0on npm,e2a 4.0.0on PyPI).DomainViewconsumers must address records bypurposeinstead ofdns_records.mx/.txt/.dkim. - Verification now requires the inbound MX (was ownership-TXT only), so
inbound_mx.status: "verified"is honest andverifiedtruly means the domain can receive mail.
Other
- Signed pagination cursors (HMAC) — list cursors are now tamper-evident (#302).
- Web: render inbound + outbound email bodies as HTML (#307); light/dark/system theme toggle in the sidebar (#306).
- Internal: piguard-eval offline evaluation harness (#305).
Full diff: v1.0.4...v1.0.5
v1.0.0 — Stable GA
e2a v1.0.0 is the first generally-available release. The /v1 HTTP API is now a stable, frozen contract.
What GA means
- No breaking changes within
/v1— endpoints, fields, and semantics are stable. Anything that must change goes to a future/v2with a migration window. - Forward-compatible by design — response enums (event types, delivery/review status, etc.) are open: new values can be added without breaking strict clients. Clients must tolerate unknown values. See the versioning & stability policy.
- One consistent error envelope, cursor pagination on every list, idempotency keys on unsafe mutations, and
GET /v1/infofor version/capability discovery.
Surface
Authenticated email for AI agents: SPF/DKIM-verified inbound mail, HMAC-signed delivery, webhook + WebSocket fan-out, a HITL review queue (/v1/reviews), domain sending identities, and per-account suppression.
Clients
- Hosted API:
https://api.e2a.dev - TypeScript SDK
@e2a/sdk3.0.0 · Python SDKe2a3.0.0 (SDK majors version independently of the API; both target API v1) - CLI
@e2a/cli1.5.0 · MCPhttps://api.e2a.dev/mcp
Security hardening in this release
- Per-IP rate limiters key only on the edge-set client IP (no X-Forwarded-For spoofing).
- Outbound SMTP enforces TLS in production; PLAIN auth is never sent over cleartext.
Self-hosting runs the same ghcr.io/mnexa-ai/e2a:1.0.0 image (cosign-signed); convenience features on the hosted side are config + DNS, not closed-source.
v0.2.0 — first public release
e2a is an authenticated email gateway for AI agents — SPF/DKIM-verified inbound mail, HMAC-signed delivery, webhook + WebSocket fan-out, with a CLI, TypeScript and Python SDKs, and a Next.js dashboard. v0.2.0 is the first public release.
Try it
docker run -d --name e2a-pg -p 5433:5432 -e POSTGRES_USER=e2a -e POSTGRES_PASSWORD=e2a -e POSTGRES_DB=e2a postgres:16-alpine
docker run -d --name e2a -p 8080:8080 -p 2525:2525 \
-e E2A_DATABASE_URL=postgres://e2a:e2a@host.docker.internal:5433/e2a?sslmode=disable \
-e E2A_HMAC_SECRET=$(openssl rand -hex 32) \
ghcr.io/mnexa-ai/e2a:0.2.0Or git clone https://github.com/Mnexa-AI/e2a && cp .env.example .env && make docker-up. Full quickstart in the README.
What's in this release
Self-hostable end-to-end. Pick a shared mail domain (or skip it and use per-user custom domains), point DNS, set E2A_SHARED_DOMAIN, and the server seeds the FK-target row at startup — no manual SQL. Operator setup walkthrough is in the README.
Multi-arch signed Docker images. linux/amd64 + linux/arm64, both server and web dashboard, Sigstore keyless-signed via OIDC, SBOM + provenance attestations attached. Available as ghcr.io/mnexa-ai/e2a:0.2.0 / :latest and ghcr.io/mnexa-ai/e2a-web:0.2.0 / :latest.
Dashboard. Sign in with Google, browse messages, manage agents and domains, configure HITL, and now: a Settings page with profile, data export (GDPR Art. 15), and account deletion (Art. 17).
SDKs and CLI.
- TypeScript SDK
@e2a/sdkand CLI@e2a/clion npm, Apache-2.0 - Python SDK
e2aon PyPI, Apache-2.0 - All three auto-discover
shared_domainfrom the deployment viaGET /api/v1/info, so end-users only need to know the API URL.
Claude Code skill at skills/SKILL.md — drop into ~/.claude/skills/ to give Claude end-to-end agent-creation help against your deployment.
Limitations
- Does not yet support horizontal scaling — single-instance deployment only. See README → Scaling and limitations.
- HITL email notifier and outbound mail need an upstream SMTP relay (SES, Postmark, etc.) — see
E2A_OUTBOUND_SMTP_*.
Verify the image
cosign verify ghcr.io/mnexa-ai/e2a:0.2.0 \
--certificate-identity-regexp="^https://github.com/Mnexa-AI/e2a/" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.comLicense: Apache-2.0. Issues & PRs welcome.