The approval workflow
Outbound email has a safety gate: by default, the agent does not send email on its own. It drafts, and drafts land in a Pending queue that you review before they go out. This prevents the agent from sending something you didn't sanity-check.
The email UI — Email in the sidebar. There are three tabs:
Pending — drafts the agent has written and wants to send. This is where your attention goes. Each entry shows the recipient, subject, and body. For each pending draft you can:
- Approve and send — the draft is sent as-is through the agent's email address (or connected provider). It moves to the Sent tab.
- Edit and send — open the draft in an editor, make changes, and send the edited version.
- Request rewrite — bounce the draft back to the agent with a note ("make it shorter" or "change the tone to be more casual"). The agent rewrites it and the new draft shows up in Pending again.
- Reject — throw the draft away. Nothing is sent.
Inbox — inbound emails sent to the project's agent email address. The agent can read these, and can be asked to reply (replies will go back through Pending for your approval).
Sent — everything that has actually been sent, historical. You can re-open any sent message to see the exact body and recipients.
HTML sanitization — inbound emails are sanitized server-side before being displayed: scripts, event handlers, and risky attributes are stripped. This is so that opening a malicious inbound email can't run anything in your browser.
Why pending exists — LLMs are good but not infallible, and email is high-stakes (wrong recipient, wrong tone, wrong facts). The approval gate means you always have the last word before something leaves your domain.