惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
MyScale Blog
MyScale Blog
Microsoft Security Blog
Microsoft Security Blog
量子位
B
Blog
aimingoo的专栏
aimingoo的专栏
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
T
The Exploit Database - CXSecurity.com
N
News | PayPal Newsroom
Cloudbric
Cloudbric
A
About on SuperTechFans
AI
AI
Hacker News: Ask HN
Hacker News: Ask HN
S
Schneier on Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LINUX DO - 最新话题
T
The Blog of Author Tim Ferriss
Simon Willison's Weblog
Simon Willison's Weblog
有赞技术团队
有赞技术团队
H
Heimdal Security Blog
J
Java Code Geeks
大猫的无限游戏
大猫的无限游戏
D
Docker
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
IT之家
IT之家
Know Your Adversary
Know Your Adversary
N
Netflix TechBlog - Medium
T
Tailwind CSS Blog
B
Blog RSS Feed
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
博客园 - 叶小钗
美团技术团队
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LangChain Blog
The Hacker News
The Hacker News
Y
Y Combinator Blog
I
Intezer
The Register - Security
The Register - Security
F
Full Disclosure
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Last Week in AI
Last Week in AI
Martin Fowler
Martin Fowler

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - mxaiorg/kikubot: Email-based AI agent network
asp68 · 2026-06-11 · via Hacker News: Show HN

kikubot

An email-driven, multi-agent framework. Each agent is an inbox.


Overview

Kikubot turns an email account into an autonomous agent. Each running container polls one IMAP mailbox, runs every new email through an LLM agentic loop with a configurable tool set, and replies via SMTP. Agents collaborate by emailing each other, so a typical deployment looks like several agents — a coordinator and a few specialists — sharing one mail server.

Why email? It's the universal asynchronous message bus: humans already use it, every system can send to it, threads carry their own history (References: / In-Reply-To:), and accounts give you free per-agent identity, ACLs, and durability.

Benefits:

  • Email as the AI User Interface. Deploy AI to an organization via the most used and understood technology - email. No training required, no software to install - just an email address.
  • High Scalability. Clusters of agents, each agent can be its own cluster - results in theoretically massive scalability.
  • Observability. Agents communicate with each other via standard email. Access agent accounts to see their internal conversation history.
  • Cost Containment. Each agent can be configured to a different LLM. Choose the best LLM for the agent's role and toolset.
  • Higher Performance. Agents can specialize. Capabilities are distributed across the agent network. Each agent focuses on its area of expertise.
  • Greater Security. No risk of AI agents running on user machines. Kikubot Agents run in containers, providing isolation and security. Agents access tools and integrations via scoped API keys. Access to agents is easily controlled via ACLs (white or blacklist domains, or email addresses).
  • Resilience. Kikubot networks run over email - one of the most resilient technologies in the world.

At a glance:

  • Per-thread memory. Each email thread is a long-running conversation; the agent's history is persisted as JSON keyed by the thread's root Message-Id.
  • Pluggable tools. Built-in tools cover messaging, status reporting, snoozing, and mailbox search. Optional tools include Salesforce, WordPress, Buffer, Box, Helpjuice, Tavily web search, Apache Tika file-to-text, and arbitrary local/HTTP MCP servers.
  • Pluggable LLMs. Anthropic API (default, with prompt caching) or OpenRouter (with backup-model fallback).
  • Knowledge base. Per-agent and shared markdown files appended to the system prompt — editable live and hot-reloaded without a rebuild.
  • Multi-agent coordination. Agents talk to each other via the message_tool core tool; coordinator agents can delegate, fan out, and snooze pending work.
  • Recurring tasks. Agents can schedule tasks to run at specific times or intervals.
  • Auto-reply / bounce safety. DSNs and out-of-office replies bypass the LLM to prevent infinite delegation loops.

One Agent to Thousands of Agents

You can spawn one or more agent containers with this repository on the same machine. Each container runs a single agent. You can also deploy this repository across multiple machines and spawn agents across your organization. The only requirement is that coordinator agents can reach each other via email.

Coordinator agents can be organized into teams, and each team can have multiple agents. Coordinator agents team members can in themselves be coordinators. Much like how organizations are structured into divisions, with each division representing multiple departments which in turn represent multiple teams – so can you structure your network of agents. Each coordinator only needs to know the subset of agents it works with directly. Theoretically, a Kikubot deployment can scale to hundreds of thousands of agents.

Live Demo

Ask Alpha about the weather in your town. Email your query to alpha@labtest.mxhero.com.

kikubot

mxHERO Labs has deployed a Kikubot instance to a single machine. The instance is configured with 2 agents: Alpha and Weatherman. Alpha is the coordinator. If you send an email to Alpha asking about the weather in some city, Alpha will ask the weatherman for the weather forecast. Upon receiving the response, Alpha will send a reply to you.

This small Kikubot demo illustrates how multiple agents can work together over email

Try it locally (zero-cost)

Want to run your own Kikubot in under a minute, with no mail account and no API key required? The demo spins up a throwaway mail server, a webmail UI, and one agent — all in Docker, all on your machine, nothing exposed to the internet.

git clone https://github.com/mxaiorg/kikubot && cd kikubot
./demo.sh

Then:

  1. Open the webmail UI at http://localhost:8000
  2. Log in as human@demo.local (any password — the demo mail server has auth disabled)
  3. Compose a new email to kiku@demo.local and send it
  4. Wait ~30s, refresh the inbox — Kiku replies. 🎉

Out of the box (no API key) Kiku replies with a short "I'm alive — add a key for real answers" notice, so you get the round-trip moment at zero cost. To unlock real agent responses, drop a key into configs/demo/secrets.env and run ./demo.sh again — paste either an ANTHROPIC_API_KEY or an OPENROUTER_API_KEY and the script auto-selects the matching provider for you (no config editing). Stop everything with ./demo.sh down.

Under the hood (docker-compose-demo.yml): GreenMail provides SMTP/IMAP, Roundcube is the compose-window, and the agent is the same image as production — just pointed at the demo config in configs/demo/.

References

This project is based on the research of mxHERO Labs. See our blog post for more details.

Architecture

For a developer-oriented visual map of the runtime, configuration, memory, tools, and integrations, see docs/architecture.md.

   ┌────────────┐       ┌──────────────────┐
   │   Users    │──┐    │    Coordinator   │ ◀──┐
   └────────────┘  │    │   (Kiku inbox)   │    │
                   ▼    └────────┬─────────┘    │
              ┌──────────┐       │              │   email
              │  IMAP /  │       ▼ delegate     │   threads
              │   SMTP   │  ┌─────────┐ ┌─────────┐ ┌─────────┐
              └────┬─────┘  │  Beta   │ │  Gamma  │ │  Delta  │
                   │        │ (CRM)   │ │(social) │ │  (web)  │
                   └────────┴─────────┘ └─────────┘ └─────────┘
                                  │            │           │
                              Salesforce    Buffer    WordPress
                              mxMCP         Tavily    Helpjuice
                                                      Box, Tika

Each agent container runs an identical Go binary, parameterised by a shared configs/agents.yaml (roster + common defaults + per-agent overrides) and a shared configs/secrets.env (API keys + per-agent mailbox passwords). The container picks its identity from the AGENT_EMAIL env var injected by docker-compose.

Prerequisites

  • Docker (Compose v2).
  • An LLM API keyANTHROPIC_API_KEY and/or OPENROUTER_API_KEY.
  • An IMAP + SMTP server with one mailbox per agent. You can use any provider; this repo includes a self-hostable docker-mailserver sidecar at services/dms/ if you want one.
  • (Optional) tool credentials for any integrations you enable (Salesforce, WordPress, Buffer, Helpjuice, Box, Xero, Tavily, mxMCP).

Configuration Tool

A dashboard configuration tool can be found in the scripts directory. It's a web app that lets you configure your deployment: define your agents and optionally configure the included email server.

go run ./scripts/configurator  # serves on 127.0.0.1:50042

kikubot

See scripts/configurator/README.md for more details. There is also a, slightly outdated, Configurator Video Tutorial

AI Configuration

Use your coding agent

CONFIGURATION.md

A configuration guide for LLM guided deployment. To use simply open an LLM coding agent like, Claude Code, and prompt:

  • Read the CONFIGURATION.md file and follow its instructions to help me > configure kikubot.

Or if you want to configure in your own language:

  • Read the CONFIGURATION.md file and follow its instructions to help me configure kikubot. Communicate with me in Japanese.

Manual Configuration

git clone https://github.com/mxaiorg/kikubot
cd kikubot

# 1. Configure the roster + common defaults.
cp configs/agents-example.yaml   configs/agents.yaml
cp configs/secrets-example.env   configs/secrets.env
# Edit configs/agents.yaml: keep/edit the common: defaults (mail server,
# prompts, budgets) and the agents: entries (identity, role, tools, optional
# per-agent overrides). Then edit configs/secrets.env: fill in
# ANTHROPIC_API_KEY (or OPENROUTER_API_KEY) and one
# <UPPERCASED_LOCAL_PART>_EMAIL_PASSWORD per agent, plus any tool credentials.

# 2. (Optional) Drop knowledge files into configs/knowledge/<agent>/*.md

# 3. Edit docker-compose.yml to match your roster.
cp docker-compose-example.yml docker-compose.yml
#    - One service per agent. Each service sets AGENT_EMAIL in `environment:`
#      and points env_file at configs/secrets.env.
#    - Volume mount: ./data/<stem>:/app/data (stem = lowercased local-part).

# 4. Validate.
go run scripts/kikudoctor/*.go

# 5. Launch.
docker compose up -d --build

Send the agent an email from a whitelisted address and watch the reply land in your inbox.

To watch the conversation between agents recorded in the logs:

Because Kikubot is an email based system, you can use any email client to follow the internal and external conversation of your agents. See Observability

Configuration

Deployment config — configs/agents.yaml

configs/agents.yaml is the single source of truth for non-secret deployment config. It has two sections:

common:
  email_server: mail.agents.example.com:993
  smtp_server: mail.agents.example.com:587
  email_insecure_tls: false
  max_history_chars: 200000
  max_tokens: 6000
  agent_timeout: 300
  max_turns: 20
  system_prompt: |
    You are a helpful agent...
    {{coworkers}}
  coordinator_system_prompt: |
    You are a helpful Coordenator Agent...
    {{coworkers}}

agents:
  - name: Kiku
    email: kiku@agents.example.com
    role: Coordinator
    description: Communicates with users. Coordinates other agents.
    tools: [report, snooze, tavily_mcp]
    # Any common: field may be overridden here.
    llm_provider: openrouter
    llm_model: anthropic/claude-sonnet-4.6
    max_turns: 40
    whitelist: [example.com, agents.example.com]

  - name: Beta
    email: beta@agents.example.com
    role: CRM, Email Archivist
    description: Manages Salesforce and access to the company email record.
    tools: [mxmcp, salesforce_mcp]

The runtime selects its identity from the AGENT_EMAIL environment variable (injected per-service in docker-compose). It then merges the common: block with that agent's overrides, and JSON-formats every other agent into the {{coworkers}} block of the system prompt.

If you deploy Kikubots across multiple machines and want agents to interact between hosts, include those agents in each installation's agents.yaml.

Tool keys are defined in internal/tools/registry.go. Whitelist mode is strict (every immediate sender must match). Blacklist mode is lenient (walks the full thread to catch hidden bad actors).

Secrets — configs/secrets.env

Every container loads configs/secrets.env as a docker-compose env_file. Conventions:

Variable Purpose
ANTHROPIC_API_KEY / OPENROUTER_API_KEY LLM credentials (at least one required).
<UPPER_STEM>_EMAIL_PASSWORD Mailbox password, one per agent. Stem = uppercased local-part of the agent email. Example: KIKU_EMAIL_PASSWORD for kiku@….
Tool credentials SALESFORCE_CLIENT_ID, BUFFER_API_KEY, WORDPRESS_PASSWORD, … (see configs/secrets-example.env).

The container resolves its own mailbox password by uppercasing the local-part of AGENT_EMAIL and appending _EMAIL_PASSWORD — no per-agent env file needed.

Knowledge base — configs/knowledge/

Markdown files appended to each agent's system prompt. They're the simplest way to give an agent durable, always-in-context knowledge — company facts, tone of voice, naming conventions, links — without touching code or the system prompt itself. Each agent loads the shared common/ directory plus its own <local-part>/ directory (matching the email local-part, so kiku@… reads configs/knowledge/kiku/).

configs/knowledge/
├── common/         # loaded by every agent
│   ├── 01_company.md
│   └── 02_voice.md
└── kiku/           # loaded only by kiku@…  (matches the email local-part)
    └── 01_file_links.md

Files are sorted by name — use numeric prefixes (01_, 02_) to control ordering. The common/ files come first, then the agent's own. Because knowledge lives in the cacheable prefix of the system prompt, large knowledge bases don't re-cost tokens on every email (with the Anthropic provider).

Live editing — no rebuild required. The knowledge directory is bind-mounted into each container (./configs/knowledge:/app/knowledge:ro in docker-compose.yml), so edits on the host are immediately visible inside the container. Agents hot-reload them: each poll cycle re-reads the files if any changed, so an edit takes effect within ~30s — no image rebuild, no container restart. For instant propagation, send SIGHUP:

docker compose kill -s HUP kiku    # reload one agent now

The scripts/configurator dashboard edits these files for you and fires that signal automatically after a save or delete (falling back to the poll if the signal can't be delivered). See configs/knowledge/readme.md.

Tool credentials

Each integration adds its own variables to configs/secrets.env. The most common:

  • salesforce_mcpSALESFORCE_CLIENT_ID, SALESFORCE_CLIENT_SECRET, SALESFORCE_INSTANCE_URL
  • wordpressWEBSITE_URL, WORDPRESS_USER, WORDPRESS_PASSWORD
  • buffer_mcpBUFFER_API_KEY
  • helpjuiceHELPJUICE_API_KEY, HELPJUICE_ACCOUNT
  • xero_mcpXERO_CLIENT_ID, XERO_CLIENT_SECRET
  • tavily_mcpTAVILY_API_KEY
  • mxmcpMXMCP_API_KEY
  • box_cli — drop a Box JWT app config at box_config.json (the Dockerfile registers it during the image build)
  • file_textTIKA_URL (defaults to the bundled Tika sidecar)

Tools

A tool is anything the agent can call mid-conversation. Each tool is a ToolDefinition with a name, JSON-schema input, an Execute function, and (optionally) text contributed to the system prompt.

Built-in catalogue

Core tools — always loaded for every agent (internal/tools/core.go):

Tool Purpose
message_tool Send email to a coworker — the primitive for multi-agent coordination.
set_task_status Mark the current task waiting / complete / error so the memory file reflects state.
mbox_search Search the agent's own IMAP mailbox by sender, subject, date, or full-text.

Optional tools — opt-in per agent via the tools: list in agents.yaml (internal/tools/registry.go):

Key What it does
report Send a structured reply to the user (used by coordinators).
report_strict Send a structured reply to the sender only (used by coordinators). Good for public facing agents.
snooze / unsnooze Schedule or cancel a recurring/one-off replay of the current message — see Recurring tasks below.
anthropic_web_search Anthropic's server-side web search tool. Only works with Anthropic LLMs.
tavily_mcp Tavily web search via MCP.
salesforce_mcp Salesforce CRM via the @tsmztech/mcp-server-salesforce MCP server.
buffer_mcp Schedule social posts via Buffer's MCP.
xero_mcp Xero accounting via MCP.
xero_api Xero accounting via API.
mxmcp mxHERO email-search MCP.
wordpress Read/write posts on a WordPress site.
helpjuice Read/write FAQ articles in Helpjuice.
box_cli File operations against Box via the Box CLI.
download Fetch a URL to disk.
file_text Convert any file to plain text via Apache Tika.
bash Execute arbitrary bash locally — full network access.
vimeo Simplified read-only access to Vimeo library.
nuki Manage Nuki device accounts and keypad codes.
supabase Supabase/PostgREST CRUD.
weather Weather API

Private tools

Not every tool belongs in the public repo — company-specific integrations, proprietary logic, or anything you simply don't want to publish. These live in internal/tools_priv/ and work exactly like built-in tools: drop a .go file there, register it from an init() with tools.Register(key, factory, description), add the key to an agent's tools: list, and it's available. cmd/kikubot blank-imports the package unconditionally, so any files present are compiled and registered automatically; when the directory is empty (a clean public checkout), it contributes nothing.

Why it matters: update without conflicts. The public distribution ships this directory effectively empty, so your private tool files sit outside the upstream-tracked code. You can keep pulling project updates and never hit a merge conflict over your own tools. (Their secrets follow the same idea — private tools read credentials directly via os.Getenv rather than declaring them in the public internal/config/env_vars.go, so no symbol referencing them appears in the public repo.) The configurator dashboard flags any private tool with a small private badge so it's clear which tools depend on local-only source.

See the tools README for the full convention and a worked example.

Writing your own tool

🤖 We are successfully adding tools via Claude Code. Claude will review existing tools and build yours including adding it to the registry, etc. Your tool can be an MCP, a CLI, a web API, etc. - Claude builds them all. Typically it takes less than 10 minutes to build a tool in this manner.

Every tool is a ToolDefinition value. The minimum:

// internal/tools/weather.go
package tools

import (
    "context"
    "encoding/json"
    "fmt"
)

func WeatherTool() ToolDefinition {
    return ToolDefinition{
        Name:        "weather_lookup",
        Description: "Look up the current temperature for a city.",
        InputSchema: []byte(`{
            "type": "object",
            "properties": {
                "city": {"type": "string", "description": "City name"}
            },
            "required": ["city"]
        }`),
        // StaticSystem is appended to the cacheable prefix of the system
        // prompt — use it for instructions that don't depend on the email.
        StaticSystem: "Use weather_lookup when the user asks about the weather.",
        Execute: func(ctx context.Context, input json.RawMessage) (string, error) {
            var args struct{ City string `json:"city"` }
            if err := json.Unmarshal(input, &args); err != nil {
                return "", err
            }
            // ... call your API ...
            return fmt.Sprintf("22°C in %s", args.City), nil
        },
    }
}

Then register it under a YAML key in internal/tools/registry.go:

var registry = map[string]toolFactory{
    // ...
    "weather": wrap(WeatherTool),
}

…and add weather to the tools: list of any agent in configs/agents.yaml.

Environment variables for API keys

If an API key is passed in via environment variables, be sure to update internal/config/env_vars.go and include the exported variable (config.YouEnvVar) in your tool code. Then of course, add the env var to the env/ files.

Injecting email context into the tool system prompt

For per-email context (e.g. injecting the current date, or summarising thread state), set the System func(email services.Email) (string, error) field instead of StaticSystem — its output goes into the volatile portion of the system prompt and is not cached.

Helpers for common patterns

Most integrations don't need a hand-written Execute. The tools package provides three reusable bridges:

  • Shell commandsBashTool(). Already registered as the bash key. Runs locally with full network access (unlike Anthropic's sandboxed bash_code_execution). Use this rather than rolling your own os/exec wrapper.

  • Local MCP servers (stdio)LocalMCPBridge(LocalMCPConfig) launches an MCP server as a long-lived subprocess (e.g. an npx-installed package), discovers its tools, and exposes each one as a ToolDefinition named <server>__<tool>. Example from salesforce_mcp.go:

    func SalesforceMCP() []ToolDefinition {
        cfg := LocalMCPConfig{
            ServerName: "salesforce",
            Command:    "npx",
            Args:       []string{"-y", "@tsmztech/mcp-server-salesforce"},
            Env: map[string]string{
                "SALESFORCE_CLIENT_ID":     os.Getenv("SALESFORCE_CLIENT_ID"),
                "SALESFORCE_CLIENT_SECRET": os.Getenv("SALESFORCE_CLIENT_SECRET"),
            },
        }
        tools, _ := LocalMCPBridge(cfg)
        return tools
    }

    If the MCP server ships as an npm package, also pre-install it in the Dockerfile so npx doesn't fetch it on first call.

  • Remote MCP servers (HTTP)MCPBridge(name, url, auth) connects to a Streamable-HTTP MCP server and proxies its tools. Example from tavily_mcp.go:

    func TavilyMCP() []ToolDefinition {
        tools, _ := MCPBridge("tavily", "https://mcp.tavily.com/mcp", "Bearer "+os.Getenv("TAVILY_API_KEY"))
        return tools
    }
  • Hand-curated CLI wrappersCLIToolConfig is the same idea as LocalMCPBridge but for CLIs that don't speak MCP — you author the schemas yourself and the helper handles subprocess execution, JSON-flag injection, and root-path scoping.

More about tools

Read more about tools in the tools README

Recurring tasks

Agents can schedule themselves. The snooze / unsnooze tools (registered via the snooze and unsnooze keys in agents.yaml) let an agent park the current email and replay it on a cron schedule.

How it works:

  1. The agent calls snooze_tool with the inbound Message-Id, a description, a Once flag, and a 5-field crontab expression (minute hour dom month dow).
  2. The schedule is persisted to data/snooze.json (or snooze.json in dev) — one entry per snoozed message.
  3. Every poll cycle (30s), the main loop drains all snoozes whose next-run time has passed. For each, it re-fetches the original email by Message-Id, prepends a system note ("This email is being replayed as a previously scheduled task — do NOT snooze again"), and runs agent.HandleMessage. The snooze_tool and unsnooze_tool are stripped from the toolset for that replay so the model can't re-schedule itself into a loop.
  4. After successful execution: Once: true snoozes are deleted; recurring snoozes advance to the next cron-computed run time.
  5. To cancel, the agent calls unsnooze_tool with the Message-Id. The system prompt also surfaces any active snoozes for the current thread so a follow-up "stop the daily report" maps to the right cancellation.

Timezone handling. The crontab is interpreted in the user's timezone, extracted from the original email's Date: header. So 0 7 * * * means 7 AM in the sender's local time even if the server runs in UTC. Both IANA names (America/New_York) and fixed offsets (-0500) are supported.

Example user prompts that trigger snoozing:

  • "Send me the social-media metrics every Monday at 9am."0 9 * * 1, Once: false
  • "Remind me about the contract review tomorrow at 2pm." → one-off with Once: true
  • "Stop the daily standup digest." → triggers unsnooze_tool against the matching active snooze

The scheduler is single-process and file-backed — no external dependencies. If you run an agent across multiple replicas, only one should own the snooze file (mount it on a single volume or run a single instance per inbox).

Auxiliary services

Both are optional sidecars with their own compose files.

Mail server — services/dms/

A docker-mailserver instance for hosting agent inboxes on a domain you control (SPF/DKIM/DMARC strongly recommended). See services/dms/README.md for account-management commands.

Apache Tika — services/tika/

REST API for extracting text from PDFs, Office docs, HTML, and more. Used by the file_text tool. See services/tika/README.md.

Running multiple agents

docker-compose-example.yml ships with one active service (kiku) and commented templates for beta, gamma, and delta. To bring up additional agents, uncomment the service block and ensure a matching entry exists in configs/agents.yaml and a matching <UPPER_STEM>_EMAIL_PASSWORD in configs/secrets.env. The scripts/configurator tool can regenerate docker-compose.yml for you whenever you add or edit an agent.

# After editing docker-compose.yml + adding agents/secrets:
docker compose up -d --build --remove-orphans

# After only secrets.env changes:
docker compose up --force-recreate

Development

Local development uses Go 1.26 and the dev build tag, which loads ./configs/secrets.env via godotenv. Non-secret config (the agent roster, common defaults, per-agent overrides) is read from ./configs/agents.yaml. Set AGENT_EMAIL in your shell or IDE run-configuration to pick which agent the binary impersonates.

go run -tags=dev cmd/kikubot/main.go

Architectural notes for code changes live in CLAUDE.md.

About

About this repo. Kikubot is developed primarily for our own production use at mxHERO and released here under MIT so the community can build on it. We're a small team, so issue and PR turnaround varies — but we read everything, and we welcome contributions. See CONTRIBUTING.md for how we evaluate changes and where we most need help..

Status. This project is in active development. Compatibility with microsoft based emails (e.g., Office 365) is not yet fully tested.

Naming

We named our framework, Kikubot, from the Japanese contraction for Kiku (機駆) - 機 (ki, "mechanism") + 駆 (ku, "to drive/propel"). A machine that moves.

License

MIT — © mxHERO Inc.