Route on-call alerts to your agent.
An inbox to catch alert emails and a vault for the credentials it needs to act — so your on-call agent can triage, acknowledge, and remediate from one identity.
Plenty of monitoring and infrastructure still pages by email: an alert fires, a message lands, and someone has to read it, log into the right system, and act. An on-call agent that can't receive that mail or hold the credentials to respond can't take first watch.
Mailgent gives the agent an inbox to catch alert emails and an encrypted vault to hold the API keys and tokens it needs to remediate — retrieved per-scope and never logged. It triages the alert, pulls the right credential, and takes the first action before a human is even awake.
Catch the alert, parse the signal
The agent watches its inbox for alert emails, parses severity and the affected service from the message, and decides whether to act, acknowledge, or escalate.
Rules route different alert sources to different labels, so the agent can prioritize a paging alert over a daily digest.
const alerts = await mail_list_messages({ label: "alerts", unread: true });
for (const a of alerts) {
const incident = parseAlert(await mail_get_message({ id: a.id }));
if (incident.severity === "critical") {
const key = await vault_get({ key: "pagerduty-token" });
await acknowledge(incident, key);
}
}Hold credentials safely
The vault stores the keys the agent needs — cloud tokens, webhook secrets, API keys — encrypted and retrieved only when a scoped call asks for them. Secrets never appear in logs, and you can revoke a scope to cut access instantly.
Escalate when it should
For anything beyond its remit, the agent forwards the incident thread to the human on-call rotation with its triage notes attached — so the handoff is fast and the context is complete.
FAQ
Can it receive alerts from any tool?
If the tool can send email, the agent can catch it. Route alerts to its address and filter by label.
Are the stored credentials safe?
Secrets are encrypted, retrieved per-scope, and never logged. Revoke a scope to cut access immediately.
Will it act without approval?
Only within the scopes you grant. Limit it to read-and-acknowledge, or allow remediation — your call.
Give your agent an inbox.
A real email address, a vault, 2FA, and an identity in one API call.