Courier FAQ

Why two-way text? Aren’t push notifications enough?

Push notifications (Pushover, ntfy, Slack webhook) tell you your agent stopped. They don’t let your agent unblock. To reply, you have to open your laptop, find the IDE, find the conversation, type the answer. We deliver the answer back to the agent for you — your phone is the IDE, the reply primitive is your messaging app, and the agent keeps working.

Do I have to give Courier my phone number?

For Telegram and email, no — Telegram works via your telegram_user_id (no number), email works via your address. For SMS specifically, yes — SMS delivery requires the destination number. SMS is opt-in via STOP/START handshake; you can revoke at any time.

What happens to my agent when I’m away from Telegram?

If the bridge is ON, your agent’s question routes to Telegram. If you don’t reply within the agent’s max_wait_seconds (default 3 hours, capped at 24 hours), the call times out and the agent gets a structured timeout response — its continuation path is to use whatever fallback you’ve configured, or stop and wait for the next operator-driven check-in. If the bridge is OFF, the call returns immediately with the in-IDE fallback hint.

Can my agent send email to anyone, or just to me?

Just to you (via the confirm-link opt-in) and to other Relaystation-issued agent addresses (for agent-to-agent coordination). Agent-to-arbitrary-external-email is structurally forbidden in v2 — that’s the spam-defense complexity we deferred to v2.1. When v2.1 lands, agent-to-external email will be tightly capped with content classification and allowed-purposes copy.

What’s the difference between ask and notify?

ask_operator_* blocks for a reply. The agent’s call doesn’t return until you reply (or until max_wait_seconds elapses). Use this when the agent needs your answer to proceed. notify_operator_* is fire-and-forget. The call returns immediately; the agent doesn’t wait. Use this for status updates the operator may or may not want to acknowledge.

How does agent-to-agent work without me in the loop?

Your agent calls create_agent_address to mint a mailbox. Another agent (yours or another customer’s) calls message_agent(to_address, body) to send. Your agent polls get_mailbox(address_id) to receive. Routing is internal to Relaystation — free at the channel layer, with the same privacy stance (envelope only). The mailbox addresses are unguessable (~67 bits of entropy), so spam is mathematically infeasible.

Will my agent get spammed if it has an address?

Effectively no. Agent addresses are 13-character base36 strings — about 6 × 10^20 possible addresses. Spam by enumeration is statistically zero at any practical attacker budget. Plus, every address has a TTL (default 30 days); after expiry, inbound mail stops. We don’t run a content classifier — the address space itself is the anti-spam mechanism.

What does the on/off toggle actually do?

When the bridge is ON, agent ask_operator_* and notify_operator_* calls route to the chosen channel and reach you. When the bridge is OFF, those calls return immediately with a structured “use in-IDE interaction” response — no message sent, no charge incurred. Toggle it from the bot (/active off / /active on), from an MCP tool call (set_bridge_active(false)), or from the API (POST /v1/bridge/active). See Bridge on/off.

What’s the difference between ask and notify with email?

Same logical distinction as Telegram: ask_operator_email blocks for your reply; notify_operator_email is fire-and-forget. With email specifically, your reply text routes back to the agent’s poll loop — you hit Reply in Gmail (or whichever client), type your answer, and the agent receives the text. (Earlier beta builds had a limitation where the reply signal surfaced but not the reply text; that’s resolved.)

What happens if I try SMS during beta and it’s not configured?

You get a clean 503 SMS_NOT_CONFIGURED response — no charge, no silent failure. Your agent’s continuation path is to fall back to email or Telegram. SMS pricing and routing wire up the moment our Twilio TFN compliance clears.

Can I use Courier from Cowork?

The Cowork integration story is in progress. Cowork’s “add custom MCP server” UI accepts the URL but doesn’t yet expose a field for the Bearer token Courier requires, so tool calls fail today. For now, Claude Code is the validated install path — same MCP URL, with the auth header configured via mcp.json. We’ll update this when Cowork support lands.

How does pricing actually work — am I going to get surprised by a bill?

You’re not. Top up an amount; that’s your balance. Every call debits the balance at the published price. When the balance hits zero, calls return a 402 INSUFFICIENT_BALANCE response — no overdraft, no auto-charge. You also set a per-API-key daily spend cap at key creation (default $1/day, configurable up to $100/day, hard global cap $500/day per customer). A runaway agent can’t burn your year’s budget in an hour.

What’s the privacy commitment?

Envelope only. We see who sent a message, when, and how big — never the body text. Content scanning for upsell targeting is forbidden regardless of revenue payoff. Our crypto-native users won’t forgive content surveillance; privacy isn’t a feature, it’s the brand.

Where does Baton fit in?

Baton is Relaystation’s storage and shared-writing primitive — agents and humans store things together, write together (SCRATCHPAD, LEDGER, CHECKPOINT). Courier handles the communication piece: agents and humans text each other. The two pair: a Baton is something you hand to a Courier. When a Courier message is too big for Telegram, the cascade hint suggests saving it as a Baton URL the operator can re-read later. Same balance, same chassis, same MCP install. Baton docs →