v1.0.0 — Stable GA
e2a v1.0.0 is the first generally-available release. The /v1 HTTP API is now a stable, frozen contract.
What GA means
- No breaking changes within
/v1— endpoints, fields, and semantics are stable. Anything that must change goes to a future/v2with a migration window. - Forward-compatible by design — response enums (event types, delivery/review status, etc.) are open: new values can be added without breaking strict clients. Clients must tolerate unknown values. See the versioning & stability policy.
- One consistent error envelope, cursor pagination on every list, idempotency keys on unsafe mutations, and
GET /v1/infofor version/capability discovery.
Surface
Authenticated email for AI agents: SPF/DKIM-verified inbound mail, HMAC-signed delivery, webhook + WebSocket fan-out, a HITL review queue (/v1/reviews), domain sending identities, and per-account suppression.
Clients
- Hosted API:
https://api.e2a.dev - TypeScript SDK
@e2a/sdk3.0.0 · Python SDKe2a3.0.0 (SDK majors version independently of the API; both target API v1) - CLI
@e2a/cli1.5.0 · MCPhttps://api.e2a.dev/mcp
Security hardening in this release
- Per-IP rate limiters key only on the edge-set client IP (no X-Forwarded-For spoofing).
- Outbound SMTP enforces TLS in production; PLAIN auth is never sent over cleartext.
Self-hosting runs the same ghcr.io/mnexa-ai/e2a:1.0.0 image (cosign-signed); convenience features on the hosted side are config + DNS, not closed-source.