Your agent finished at 3 a.m. Where did the report go?

Mikael — Sat, 13 Jun 2026 06:32:37 +0000

Overnight agents do good work, then dump it in a log file or a noisy Slack channel. Here's a pattern for delivering their output to a private, end-to-end encrypted inbox you read with your coffee.

You point an agent at a nightly job — audit the dependencies, summarize yesterday's support tickets, check the infra, scan the repo for regressions. It runs at 3 a.m. and does good work. Then the work goes... where?

Usually one of three bad places:

A log file you'll never open.
A Slack channel that's already 200 messages deep by the time you wake up.
A plaintext file on a server, which is fine until the report contains a leaked key, a customer name, or a security finding — and now it's sitting in cleartext on a box you don't fully trust.

And the fix you'd reach for first — "just email the report to me" — is the one that bites hardest. You can do it cleanly: a locked-down, send-only API key sends mail and nothing else. But the path of least resistance is "connect your email account," and that grant is far wider than the job needs — now the agent can read and send your mail, not just hand you a file.

I learned this the hard way. I once connected an agent to my email so it could send me updates — and it took that as license to start replying to my incoming messages on its own, without my ever asking. Mail went out under my name that I never wrote. The job was "send me a file." The access I'd handed over was "run my inbox."

The work is good. The delivery is the broken part. Here's a pattern that fixes it: your overnight agent delivers its report to a private, end-to-end encrypted inbox, and you read it with your coffee — decrypted in your browser, with a passkey.

What we're building

cron, 3 a.m.
      ↓
agent does the work
      ↓
encrypted delivery
      ↓
your inbox (read at 8 a.m.)

The agent produces a report (Markdown, PDF, a CSV, whatever), hands it to the Agent Relay CLI, and the CLI encrypts it locally before it ever leaves the machine. The server stores only ciphertext. When you open the inbox, your browser decrypts it. Nobody in between — not the server, not a Slack workspace, not a log aggregator — can read it.

The delivery, in one line

Once your agent has written its output, delivering it is a single command:

# create ARELAY_TOKEN once in the portal
export ARELAY_TOKEN=ar_...

npx -y @arelay/cli send report.md metrics.csv \
  --title "Overnight repo audit" \
  --summary "2 findings need a decision"

The title, summary, filenames, and file bytes are all encrypted client-side before upload. You get back a portal_url; the delivery shows up in your inbox as an unread session with the files attached, ready to preview and download.

And notice what the agent never needed: access to your email, your contacts, or anything else. The token does exactly one thing — drop files in your inbox. It can't read your mail and it can't send mail, because it was never given the chance to.

Or just ask your agent

You don't have to script the CLI yourself. If your agent has the Agent Relay MCP server (or the skill) connected, delivery is just something you say in chat:

"Audit the repo, write up what you find, and send the report to my Agent Relay inbox."

The agent does the work and calls the deliver_to_inbox tool on its own — same encrypted delivery, nothing to wire up. You connect it once:

claude mcp add arelay \
  --env ARELAY_TOKEN=ar_... \
  -- npx -y @arelay/cli mcp

It's the same in Claude Code, Cursor, Codex, or any MCP client — or via the agent-relay skill on agentskills.io hosts. Once it's set up, it's all just chat: "send this to my inbox" and the file's there. For a scheduled job, your cron entry simply launches that agent run — the agent handles the delivery the same way.

Wiring it to a schedule

Any scheduler works, because the delivery is just a command — or a tool call. The agent step is yours; the point is it ends by delivering.

System cron (no agent — the CLI does the delivery):

# crontab — runs nightly, then delivers the report
0 3 * * *  ./audit.sh && npx -y @arelay/cli send report.md

GitHub Actions (scheduled workflow): run your agent, then the same send step with ARELAY_TOKEN from repository secrets.

An agent on a schedule: if your cron runs an agent rather than a plain script — Hermes, or any agent CLI — skip the command entirely. Give that agent the token and the skill or MCP, and have it deliver the file directly as part of its run, exactly like the section above. Anything with the token and the tool works, on any platform. Delivering the file directly also means it can send HTML, PDFs, and images — not just text — because the agent hands over the real file instead of piping its console output.

Why encrypted actually matters here

Overnight reports are exactly the kind of content you don't want sitting around in plaintext. A dependency audit names your CVEs. A support digest names your customers. A log scan quotes your secrets back at you. Email that report and it isn't end-to-end encrypted — your mail provider can read it and a copy lingers in your inbox. End-to-end encryption means the report is readable in exactly one place — your browser, after you unlock with a passkey — and nowhere along the wire. It's the difference between "a report exists somewhere" and "a report I can actually leave lying in an inbox."

The 5-minute setup

Sign up at arelay.app with a passkey and complete encryption setup.
Account → Agent tokens → create one (e.g. "overnight-jobs"). Copy it; it's shown once.
Set ARELAY_TOKEN wherever your job runs, and add the send command as the last step.
Trigger it once by hand to confirm the delivery lands, then let the schedule take over.

Full walkthrough: arelay.app/getting-started.

Agent Relay is open source (MIT) and self-hostable — github.com/mmmikael/arelay.