v1.0.6
Highlights
Breaking — email.received is now a metadata-only notification (#321)
email.received no longer embeds the message body (raw_message) or the raw auth_headers blob. Subscribers now fetch the full message (body + attachments + signed headers) from GET /v1/agents/{recipient}/messages/{message_id} using the message_id + recipient in the event — the same notify→fetch model client.listen() already uses. The raw auth_headers blob is replaced by a structured auth verdict ({spf, dkim, dmarc}, same shape as MessageView.auth) so agents keep their trust-decision input inline.
Why: bounds the webhook fan-out payload (no raw MIME / attachments amplified across N subscribers × retries) and stops shipping full message PII to every subscriber. Migrate any email.received consumer that read raw_message/auth_headers to the fetch model (auth is available inline).
Features & improvements
- Envelope-encrypt DKIM private keys at rest (#322) — per-domain DKIM signing keys are now encrypted in the database.
- Per-axis SES sending status (#309) — domains report which DNS record (DKIM vs MAIL FROM) still needs fixing, instead of an all-or-nothing rollup.
verify_domaindetects a truncated/mismatched DKIM record (#312) — a clipped DKIM TXT now reportsdkim: "mismatch"(distinct frommissing) with a "re-publish the full value" hint, so it can't silently leave a domain stuckpending.- Forwarding carries the original message's attachments by default (#314).
Fixes
- Inbound gate fails closed for shared-relay senders (#316, #299) — security hardening of the inbound authentication gate.
- HTTP MCP server is now stateless (#317).
- Events API gated on the outbox flag — returns
501when disabled (#315). - SDK version-skew guardrails in CI (
@e2a/sdk@4.0.0) (#310). - HITL approval buttons stack on mobile so they render correctly (#313).
- Web: wrap long DNS/identity values so records & chips don't overflow (#311); stop overlaying the SPF probe onto the ownership DNS row (6ddd35c).
Docs
- Webhook examples aligned with the metadata-only
email.received(#323). - Documented the inbound gate's From-authentication limitation (#318, #320).
Full changelog: v1.0.5...v1.0.6