AgentDraft and email-flow monitors

Connect an AgentDraft agent mailbox once per workspace, then use it for incident alert delivery and email-dependent checks like magic-link login, OTP login, signup confirmation, and round-trip delivery.

AgentDraft is an org-scoped integration. Nightlamp stores the AgentDraft API key encrypted at rest, shows only a masked hint after connection, and can optionally reuse the mailbox as the QA backend for email_flow monitors.

Powered by AgentDraft mailboxes Create the inbox Nightlamp polls for magic-link, OTP, and round-trip email checks. Visit AgentDraft

What AgentDraft does in Nightlamp

The AgentDraft card lives on each app's Integrations page because that is where monitor setup happens, but the connection applies to the whole workspace. One AgentDraft inbox can back every app in the org.

Incident alert delivery

Opened incidents can be delivered to the connected agent mailbox as another email channel alongside the workspace notification emails.

Email-flow QA mailbox

When enabled, monitors can trigger an email, wait for it in the AgentDraft inbox, assert on deliverability details, and optionally follow a captured magic link.

Connect AgentDraft

Create an AgentDraft API key
In AgentDraft, create a key with mailbox:read and mailbox:write scopes. Nightlamp uses read scope for email-flow polling and write scope for round-trip send checks and alert delivery.
Paste it in Nightlamp
Open App -> Integrations -> AgentDraft, paste the key, and choose whether to enable alert delivery, the email-flow QA mailbox, or both.
Test the connection
Use the card's test button to confirm the key still reaches the mailbox, read scope is present, and daily send quota is visible when AgentDraft returns it.

Create an email-flow monitor

After the QA mailbox toggle is on, choose Email flow - magic-link & round-trip when creating a monitor. The monitor runs a short linear flow:

trigger

Send an HTTP request to your app or send a test message.

wait

Poll the AgentDraft inbox for a matching message after run start.

assert

Check subject/body predicates, SPF/DKIM/DMARC, OTP presence, or link host.

For magic-link flows, follow an allowlisted link and verify the response.

Email-flow monitors are intentionally slower than HTTP probes. Their minimum interval is 300 seconds because real email delivery can take seconds to minutes.

Run a full account lifecycle

For production SaaS journeys, choose stateful_journey. It combines HTTP/API steps, AgentDraft email polling, optional browser sub-journeys, shared variables, JSON extraction, assertions, and cleanup finalizers in one low-frequency run.

{
  "name": "EchoThread account lifecycle",
  "check_type": "stateful_journey",
  "schedule": "weekly",
  "interval_seconds": 604800,
  "variables": {
    "email": "{{inbox}}",
    "shortname": "synthetic-{{run_id}}"
  },
  "steps": [
    {
      "name": "register account",
      "type": "http",
      "method": "POST",
      "url": "https://api.echothread.io/api/v1/auth/register",
      "json": { "email": "{{email}}" },
      "expect_status": 201,
      "extract": {
        "access_token": "$.access_token",
        "user_id": "$.user.id"
      },
      "sensitive_outputs": ["access_token"]
    },
    {
      "name": "wait for confirmation",
      "type": "agentdraft_email",
      "recipient": "{{email}}",
      "subject_contains": "Confirm",
      "require_spf": true,
      "capture": { "name": "magic_link", "kind": "link" }
    }
  ],
  "finalizers": [
    {
      "name": "cleanup account if token exists",
      "type": "http",
      "method": "DELETE",
      "url": "https://api.echothread.io/api/v1/auth/me",
      "headers": [
        { "key": "Authorization", "value": "Bearer {{access_token}}" }
      ],
      "expect_status_any_of": [204, 401, 404],
      "run_if": "{{access_token}} exists"
    }
  ]
}

The run history shows each step, phase, likely dependency, duration, redacted request/response summary, email delivery timing, and cleanup status. Raw bearer tokens, magic links, OTPs, and cookies are not stored.

Security and retention

Magic links and OTPs are bearer credentials, so Nightlamp treats captured email bodies as sensitive. Raw links and one-time codes live only in the prober's memory for that run. Stored outcomes keep derived facts such as link_present, link_host, otp_present, and SPF/DKIM/DMARC results, plus a redacted preview.

Captured email-body previews are clamped to a short retention window before expiring from the probe history store. AgentDraft messages remain in AgentDraft according to that product's mailbox behavior.

Programmatic surface

The capabilities manifest includes email_flow when monitor types are listed for an app. AgentDraft itself is managed through org-scoped integration endpoints:

GET /orgs/me/integrations/agentdraft - read connection status.
POST /orgs/me/integrations/agentdraft - connect and validate a key.
POST /orgs/me/integrations/agentdraft/test - live mailbox check.
PATCH /orgs/me/integrations/agentdraft - toggle alerts or QA mailbox.
DELETE /orgs/me/integrations/agentdraft - disconnect and clear stored fields.

See Programmatic setup for the app capabilities flow and API reference for request and response schemas.