The permission layer between your inbox and your agent

Your agent should read your mail.
Not your life.

Connect your inbox once and decide exactly what an AI agent may see — which mail, whether it gets message text, whether it gets attachments. Your agent gets one endpoint. Everything you didn't grant simply isn't there.

Narrow · Named · ReturnableEvery grant, by construction.
Watch the gate

The raw inbox never reaches you. Only the scopes you asked for do.

Masked at the edge, stamped by category, routed by grant. Flip a scope below and watch its rows get recalled — that's revocation, live.

Raw inbox · firehoseThread gateYour agent · granted mail
  • no scopes granted — nothing crosses
Granted scopes0 blocked · masked at edge
01
The premise

Everything important still lands in email.

Receipts, boarding passes, invoices, contracts, sign-in codes, the message from your landlord. The inbox is the closest thing your life has to an API — which is why an agent that can't see it keeps asking you to copy-paste, and an agent that can see all of it is a different kind of problem.

financialreceiptstravelboarding passesinvoicessecurity codesworkcontractshealthlegalcareernewslettersorderscalendarsupportpersonalfinancialreceiptstravelboarding passesinvoicessecurity codesworkcontractshealthlegalcareernewslettersorderscalendarsupportpersonal

The catalog Thread classifies every email into — and the vocabulary every grant is written in.

02
The problem

So today the choice is everything — or nothing.

  • Paste your passwordThe agent’s config now holds a credential that opens everything — mail, contacts, recovery. Forever. Revoking means changing your password.
  • “Sign in with Google”One checkbox: read all of it. Your OTPs, your lawyer, your medical results — sitting in the context window of a model that follows instructions it finds in email.
  • Forward it by handYou become the API. It works until Tuesday, then you stop, and the agent goes blind again.

The most useful thing you can hand an agent is also the most dangerous.

03
The fix

Trust isn't a promise. It's what the system cannot do.

Narrow, named, returnable.

You grant categories, senders, subjects — in plain words. Every line is visible in your panel, editable, revocable in one tap. Grants expire by default.

Rules decide. AI only labels.

A small model tags each email once — from its sender and subject line, never the body. Then a deterministic engine decides every single read. Same input, same answer, every access audited.

Nothing worth stealing.

Per email, Thread stores three things: the id, the sender, the labels. No subjects, no bodies, no attachments at rest — content is fetched live at the moment your agent asks, and message text is delivered masked, personal details redacted.

Kept, per email

message id
sender address
labels

Never stored

subjects · bodies
attachments
raw anything

04
The agent side

For the agent, it's one call.

the whole integration
$ curl -H "Authorization: Bearer thread_sk_…" /emails

{  "emails": [{    "id": "19f36c29307f49c4",    "from": "billing@anthropic.com",    "subject": "Your July invoice",    "labels": ["financial", "invoice"],    "attachments": [{ "name": "invoice.pdf", "type": "application/pdf" }]  }]}

Every call returns what's new since the agent's last one — already filtered to the grant, message text masked, attachments downloadable when allowed. And mail outside the grant isn't denied — it's absent. No error to handle, no scope to negotiate, nothing to probe. Silence, by design.

05
Works with yours

It already speaks agent.

HermesOpenClawClaude CodeCursorany SKILL.md agent
Open-source skill

Drop the thread-mail skill into your agent and it knows the whole surface — the feed loop, attachments, masked bodies, and why an empty answer is an answer.

github.com/JoinThread/thread-skills
Or paste one prompt

Mint a key in your panel and it hands you a ready-made prompt — paste it into your agent and it's reading granted mail on the next run.

Mint an agent key
The principle
“The right to read someone's mail should be narrow, named, and returnable. Thread exists so it always is.”
Thread — design principle 01

Give your agent your mail.
Keep your life.

Connect an inbox, decide what your agent may read, mint a key. Five minutes, and the first request lights up your panel.

Revocable any time · grants expire by default · every read audited