Now with 40+ plugin integrations

AI agents that actually do things

Give your AI agents real email addresses, phone numbers, credentials, and connections to 40+ services. A built-in policy engine ensures every action stays within bounds you define.

Get started freeSee how it works
RA
Research Agent
avt_f7k2m9x
Active
Email
avt-f7k@agents.mermaidagents.ai
Phone
+1 (555) 014-2847
Credentials
4 stored · KMS encrypted
Connected
SlackGitHubNotionLinearGmail
Memory
personagoalshuman
Role
researcher

Connects to 40+ services — and counting

SlackSlack
GitHubGitHub
GoogleGoogle
NotionNotion
FigmaFigma
LinearLinear
JiraJira
DiscordDiscord
SalesforceSalesforce
HubSpotHubSpot
AsanaAsana
SentrySentry
MongoDBMongoDB
PostgreSQLPostgreSQL
MicrosoftMicrosoft
TelegramTelegram

Everything your agents need. Nothing they shouldn't have.

A complete platform for building AI agents that can interact with the real world — under policies you control and audit trails you can trust.

Real identities

Email addresses, phone numbers, and encrypted credentials — each agent gets its own real-world presence.

40+ integrations

Slack, GitHub, Notion, Salesforce, and dozens more. Connect any service through a unified plugin system.

Policy governance

Role-based policies decide every action: allow, deny, or hold for human approval. Fail-closed by default.

Autonomous agents

Agents respond to inbound messages, use their tools, and take action — all within the safety bounds you set.

Real-world channels

Real email. Real phone. Really working.

Each avatar gets dedicated email addresses and phone numbers. Receive verification codes, send messages, manage threaded conversations — all via API, MCP, or webhook.

  • Dedicated inbound email per avatar — receive verification codes, marketing emails, password resets
  • Real US phone numbers with SMS — handle 2FA, confirmations, and automated messages
  • Webhook notification on every inbound message for event-driven workflows
  • Full message threading, MIME access, and search via API
avt-f7k@agents.mermaidagents.ai
3 messages
noreply@acme.com
2m ago

Verify your email address

Click the link below to verify your email...

orders@megastore.co
14m ago

Your order #4821 has shipped

Your package is on its way. Track it here...

hello@saasapp.io
1h ago

Welcome to your new account

Thanks for signing up. Here’s how to get started...

+1 (555) 014-2847
SMS

Your verification code is 847291

2:14 PM

Code received. Proceeding with verification.

2:14 PM

Welcome! Your account is now active.

2:15 PM

One agent. Every tool it needs.

40+ integrations through a unified plugin system. Every plugin action flows through the same governance pipeline — policy check, credential resolution, execution, and audit log.

SlackSlack
GitHubGitHub
NotionNotion
GoogleGoogle
FigmaFigma
LinearLinear
JiraJira
DiscordDiscord
SalesforceSalesforce
HubSpotHubSpot
AsanaAsana
SentrySentry
MongoDBMongoDB
PostgreSQLPostgreSQL
TelegramTelegram
MicrosoftMicrosoft
TrelloTrello
GmailGmail

Communication

7 plugins

Slack, Discord, Telegram, Gmail, Microsoft Teams

Developer

5 plugins

GitHub, Linear, Sentry, Claude Code

Productivity

10+ plugins

Notion, Asana, Airtable, Google Workspace

CRM & Sales

3 plugins

Salesforce, HubSpot, Gong

Databases

6 plugins

PostgreSQL, MongoDB, Snowflake, Supabase

Project Mgmt

4 plugins

Jira, Linear, Monday.com, Trello

Custom plugins supported. Submit a manifest — no engine code changes required.

Policy evaluation log
role: researcher
slack.send_messageALLOW

researcher role — communication allowed

github.create_issueALLOW

researcher role — dev tools allowed

notion.delete_pageGATE

destructive action — requires human approval

credential.exportDENY

researcher role — credential export blocked

Approval required12s ago

Research Agent wants to delete a Notion page. Risk score: 62/100

via email, SMS, mobile app, or web

Every action. Every time. Governed.

A role-based policy engine evaluates every single agent action before it executes. Allow, deny, or hold for human approval — with full audit trails.

  • Role-based policies — assign roles to avatars, attach ALLOW / DENY / GATE rules
  • Human-in-the-loop approvals — notified via email, SMS, mobile app, or web dashboard
  • Risk scoring (0–100) surfaced to approvers with full context for informed decisions
  • Fail-closed by default — if the engine can’t decide, it blocks. Nothing slips through.
  • Append-only audit logs — every action, every decision, every credential access recorded

Agents that act. Not just respond.

When a message arrives — via Slack, email, or any webhook — the avatar wakes up, loads its tools, and responds autonomously. The agent decides how to use its tools. No hardcoded routing.

  • Event-driven — inbound messages trigger the agent loop automatically
  • Agent-as-tool-user — Claude sees all available tools and decides which to call
  • Configurable autonomy levels: reply-only, reply-and-tools, or full autonomy
  • Safety controls — per-avatar rate limiting, cost budgets, and loop detection
  • Every tool call goes through the policy engine. No exceptions.
Autonomous agent loop
Inbound message
Slack DM from @anna
Agent reasoning
Loads tools, memory, context
Tool execution
github.list_issues → ALLOW
Response sent
Replied in Slack thread
Rate limit
20/min
Budget cap
$5.00/run
Loop detect
Active
Product Squad
team_k8m2n4
MCP Endpoint
/mcp/v1/teams/k8m2n4
RA
Research Agent
researcher
8 tools
PM
Product Manager
pm
6 tools
DE
Design Expert
designer
5 tools
DV
Dev Agent
developer
12 tools
One URL serves all member tools — prefixed by role4 members

Avatar teams. One endpoint, many identities.

Group multiple avatars into a squad and connect via a single MCP URL. Your AI agent sees every team member's tools and routes to the right identity automatically.

  • One MCP endpoint serves all member avatars with their tools, prefixed by role
  • Shared tools accept an avatar_id from the team roster for routing
  • Policies targeting the team’s role apply to all member avatars
  • Add or remove members, set display names and sort order from the dashboard

Your secrets never touch the AI.

Store passwords, API keys, and secrets in an encrypted vault. Credentials are KMS-encrypted at rest and delivered as short-lived tokens. The AI model never sees the real values.

  • KMS-encrypted at rest — Fernet + AWS KMS envelope encryption
  • Short-lived tokens — secrets expire quickly, never linger in context
  • Every credential access is audit-logged with who, when, and from where
  • Scoped per avatar — each agent only sees its own credentials
Credential Vault
KMS Encrypted
OpenAI API Keysensitive
openai_api_key

sk-proj-••••••••••••

Reveal
Shopify Passwordsensitive
shopify_password

••••••••••••

Reveal
Wix OAuth Tokensensitive
wix_oauth_token

oauth_••••••••••

Reveal
Stripe Publishable
stripe_pk

pk_live_51N...8xR

Reveal
4 credentials
Every reveal audit-logged
Core Memory
4 blocks
persona
847/2000by sleeptime

I am a research assistant specialized in competitive analysis. I prefer structured outputs with clear citations. I use a formal but approachable tone...

human
1203/3000by human

Ben is the founder. Prefers concise updates in Slack. Cares about security and audit trails. Working on Series A fundraising. Timezone: PST...

goals
512/1500by agent

1. Complete competitive landscape analysis by Friday 2. Monitor Hacker News for AI agent announcements 3. Draft weekly summary for the team...

instructionsread-only
980/2000by human

Always cite sources. Never share credentials in Slack channels. Escalate budget requests over $500. Use formal tone in external emails...

Memory that persists. Context that compounds.

Structured memory blocks — persona, human preferences, goals, and instructions — give agents persistent context across sessions. Agents remember what matters. Knowledge compounds over time.

  • Four default blocks: persona, human, goals, and instructions (read-only)
  • Agents can read, append, replace, and rewrite their own memory blocks
  • Character limits per block keep context windows lean and focused
  • Create custom blocks for domain-specific knowledge (up to 10 per avatar)
  • Versioned with full update history — see who changed what and when

Native MCP server. Three tiers deep.

Connect Claude Desktop, Cursor, or any MCP-compatible client directly. Every capability exposed as Model Context Protocol tools — pick the scope that fits your setup.

Global

/mcp

Shared access to all avatars and tools. Best for multi-agent orchestration.

Per-Avatar

/mcp/v1/avatars/{id}

Scoped to a single identity. Best for dedicated single-agent setups.

Per-Team

/mcp/v1/teams/{id}

All team member tools via one URL. Best for multi-avatar squads.

mermaid-agents
api.mermaidagents.ai/mcp
20+ tools
Streamable HTTP + OAuth 2.1

Messages

6
  • list_messages
  • get_message
  • send_email
  • send_sms
  • get_thread
  • mark_as_read

Core Memory

5
  • core_memory_read
  • core_memory_replace
  • core_memory_append
  • core_memory_rewrite
  • core_memory_create_block

Credentials

3
  • list_credentials
  • get_credential
  • generate_credential

Avatars

2
  • list_avatars
  • get_avatar

Approvals

2
  • list_approvals
  • get_approval

Plugins

2
  • list_plugin_tools
  • call_plugin

OAuth 2.1 authentication. Same policy engine on every call. No exceptions.

Ready to give your agents real-world superpowers?

Start free. No credit card required.

Get started free