DevOps teams waste time manually sorting noisy alert floods and drafting escalation emails to on-call responders during incidents. AgentMail provides an Email Inbox API that lets your AI agents receive alerts, triage them by severity, and send escalation emails automatically. Use AgentMail's message search and draft APIs to build an autonomous incident agent that monitors alerts, correlates them, and notifies on-call staff. Modern incident management relies on reducing MTTA and MTTR; AgentMail enables agents to act as intelligent email intermediaries in your incident workflow.
What this tutorial covers
- •Outcome: You'll have a working TypeScript agent that searches incoming alert emails, assigns severity levels, drafts escalation messages, and sends them to on-call responders.
- •Endpoints used: `GET /v0/inboxes/{inbox_id}/messages/search`, `GET /v0/inboxes/{inbox_id}/messages/{message_id}`, `POST /v0/inboxes/{inbox_id}/drafts`, `PATCH /v0/inboxes/{inbox_id}/drafts/{draft_id}`, `POST /v0/inboxes/{inbox_id}/messages/send`
- •SDK methods: `client.inboxes.messages.search()`, `client.inboxes.messages.get()`, `client.inboxes.drafts.create()`, `client.inboxes.drafts.update()`, `client.inboxes.messages.send()`
- •Language: typescript
- •Auth: Bearer token (Authorization header)
- •Estimated implementation time: ~18 minutes
Step 1: Search incoming alerts in your AgentMail inbox
Your incident agent's first task is finding unprocessed alert emails. Use AgentMail's search endpoint to query messages by keyword and date range. This filters the noise and surfaces only the alerts requiring triage action.
Query alert messages by severity keyword
1const inbox_id = process.env.INBOX_ID;
2const api_token = process.env.API_TOKEN;
3const keyword = "alert";
4const date_from = "2026-01-01T00:00:00Z";
5
6const res = await fetch(`https://api.agentmail.to/v0/inboxes/${inbox_id}/messages/search`, {
7 method: "GET",
8 headers: {
9 "Authorization": `${api_token}`,
10 "Content-Type": "application/json"
11 }
12});
13const data = await res.json();
14
15if (data.count > 0) {
16 console.log(`Found ${data.count} alert messages requiring triage`);
17}
18
19return data.messages;Response:
1const res = await fetch("https://api.agentmail.to/v0/inboxes/{inbox_id}/messages/search", {
2 method: "GET",
3 headers: {
4 "Authorization": `${process.env.API_TOKEN}`,
5 "Content-Type": "application/json"
6 }
7});
8const data = await res.json();
9// Response shape for searching incoming alerts in inbox:
10// {
11// "count": 0,
12// "limit": 0,
13// "next_page_token": "string",
14// "messages": [
15// {
16// "inbox_id": "string",
17// "thread_id": "string",
18// "message_id": "string",
19// "labels": [],
20// "timestamp": "2026-01-01T00:00:00Z"
21// }
22// ]
23// }Step 2: Retrieve full alert details and assign severity with AgentMail
For each alert found, fetch the complete message body to extract incident details and keywords. Use this content to assign SEV1–SEV4 severity levels. Higher severity incidents trigger faster escalation paths and engage more responders.
Get full alert details and extract severity
1const inbox_id = process.env.INBOX_ID || "";
2const api_token = process.env.API_TOKEN || "";
3
4const search_res = await fetch(`https://api.agentmail.to/v0/inboxes/${inbox_id}/messages/search`, {
5 method: "GET",
6 headers: {
7 "Authorization": api_token,
8 "Content-Type": "application/json"
9 }
10});
11const search_data = await search_res.json();
12
13for (const msg of search_data.messages) {
14 const detail_res = await fetch(`https://api.agentmail.to/v0/inboxes/${msg.inbox_id}/messages/${msg.message_id}`, {
15 method: "GET",
16 headers: {
17 "Authorization": api_token,
18 "Content-Type": "application/json"
19 }
20 });
21 const msg_data = await detail_res.json();
22 console.log(`Alert ${msg_data.message_id} retrieved with labels:`, msg_data.labels);
23}The agent now extracts keywords from the alert body and assigns a severity level. SEV1 alerts indicate production outages requiring immediate escalation; SEV4 alerts can be batched or deferred.
Step 3: Draft escalation emails with AgentMail for on-call responders
Once severity is assigned, use AgentMail's draft API to compose a pre-formatted escalation email. Include incident details, severity, and recommended action. Drafting before sending gives your agent a chance to review or refine content before delivery.
Create an escalation email draft
Response:
1{
2 "inbox_id": "string",
3 "draft_id": "string",
4 "client_id": "string",
5 "labels": ["escalation", "on-call"],
6 "reply_to": ["string"],
7 "to": ["string"],
8 "cc": ["string"],
9 "bcc": ["string"],
10 "subject": "Escalation Alert: On-Call Responder Required"
11}Step 4: Update drafts and send escalation emails via AgentMail
Before sending, your agent can refine the draft using AgentMail's update API. Add additional context, adjust recipients, or include runbook links based on the severity level. Once satisfied, send the message to notify on-call responders and reduce mean time to acknowledgment.
Update draft with runbook and send
Step 5: Orchestrate the full triage loop in your agent
Combine all steps into a continuous loop: search alerts, triage by severity, draft, update, and send escalations. This automates incident response and significantly reduces MTTA. Wrapping everything in AgentMail's API calls ensures your agent maintains a complete audit trail and integrates seamlessly with incident management workflows.
End-to-end incident triage loop
Your agent now continuously monitors incoming alerts, triages them by severity, drafts personalized escalation emails, and notifies on-call responders—reducing manual work and mean time to acknowledgment.
Common pitfalls when using AgentMail
- •Alert correlation and duplicate detection. Multiple related alerts may arrive for the same incident. Implement deduplication logic by checking for similar subjects or correlated resource names before drafting escalations, preventing alert storms from overwhelming on-call responders.
- •Severity level miscalibration. Keyword-based severity assignment can misclassify alerts if keywords are too broad or too narrow. Regularly review misclassified incidents and refine your severity mapping to match your organization's incident impact criteria.
- •Draft staleness and rate limiting. If many alerts arrive in rapid succession, draft creation and updates may queue or throttle. Monitor AgentMail API response times and implement backpressure logic to avoid cascading escalations during high-volume events.
- •On-call roster synchronization. Hardcoded on-call email addresses quickly become stale. Integrate with your incident management platform's on-call API to fetch current responders dynamically, ensuring escalations reach the right person.
Ready to reduce incident response time with automated triage and escalation? Get started with AgentMail today and empower your incident agents to act as intelligent email intermediaries.
Documentation references
The code examples in this tutorial are grounded in the following docs pages:
- •
Ready to give your agents real email access?
Join leading developers using AgentMail to enable AI agents to send, receive, and search email natively via API.
Read More Blog Posts
Auto-draft compliance responses to regulatory notices
Regulatory agencies send critical compliance notices to your inbox, but manual review and response drafting delays your firm's ability to stay audit-ready.
Auto-Draft Property Showing Confirmations From Inbound Inquiries
Real estate agents lose qualified leads when inquiry responses take hours instead of minutes, destroying conversion rates and customer experience. AgentMail pro