A self-hosted email client with an AI agent, running entirely on Cloudflare Workers
Agentic Inbox lets you send, receive, and manage emails through a modern web interface -- all powered by your own Cloudflare account. Incoming emails arrive via Cloudflare Email Routing, each mailbox is isolated in its own Durable Object with a SQLite database, and attachments are stored in R2.
An AI-powered Email Agent can read your inbox, search conversations, and draft replies -- built with the Cloudflare Agents SDK and Workers AI.

Read the blog post to learn more about Cloudflare Email Service and how to use it with the Agents SDK, MCP, and from the Wrangler CLI: Email for Agents.
Important: Clicking the 'Deploy to Cloudflare' button is only one part of the setup. You must follow the After deploying steps as well. For a full step-by-step guide with screenshots, refer to this comment: https://github.com/cloudflare/agentic-inbox/issues/4#issuecomment-4269118513
Deploy to Cloudflare. The deploy flow will automatically provision R2, Durable Objects, and Workers AI. You'll be prompted for DOMAINS, which is the domain (yourdomain.com) you want to receive emails for (email@yourdomain.com).
Configure Cloudflare Access -- Enable one-click Cloudflare Access on your Worker under Settings > Domains & Routes. The modal will show your POLICY_AUD and TEAM_DOMAIN values. TEAM_DOMAIN can be either your Access team URL or the full .../cdn-cgi/access/certs URL. You must set these as secrets for your Worker.
send_email binding to send outbound emails. See Email Service docshello@example.com)Invalid or expired Access token, that usually means POLICY_AUD or TEAM_DOMAIN secrets are incorrect.POLICY_AUD and TEAM_DOMAIN values shown there.Cloudflare Access must be configured in production, this application is intentionally enforcing Cloudflare Access so your inbox is not exposed to anyone on the internet.POLICY_AUD and TEAM_DOMAIN Worker secrets from the modal values.@cloudflare/kumoAIChatAgent), AI SDK v6, Workers AI (@cf/moonshotai/kimi-k2.5), react-markdown + remark-gfmnpm install
npm run dev
wrangler.jsoncagentic-inbox: wrangler r2 bucket create agentic-inboxnpm run deploy
Any user who passes the shared Cloudflare Access policy can access all mailboxes in this app by design. This includes the MCP server at /mcp -- external AI tools (Claude Code, Cursor, etc.) connected via MCP can operate on any mailbox by passing a mailboxId parameter. There is no per-mailbox authorization; the Cloudflare Access policy is the single trust boundary.
┌──────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Browser │────>│ Hono Worker │────>│ MailboxDO │
│ React SPA │ │ (API + SSR) │ │ (SQLite + R2) │
│ Agent Panel │ │ │ └─────────────────┘
└──────┬───────┘ │ /agents/* ──────┼────>┌─────────────────┐
│ │ │ │ EmailAgent DO │
│ WebSocket │ │ │ (AIChatAgent) │
└─────────────┤ │ │ 9 email tools │
│ │────>│ Workers AI │
└──────────────────┘ └─────────────────┘
Apache 2.0 -- see LICENSE.
$ claude mcp add agentic-inbox \
-- python -m otcore.mcp_server <graph>