Source: https://cli.nylas.com/guides/ooo-coverage-agent

# Build an Out-of-Office Coverage Agent

An AI agent covers a mailbox while someone is away: it auto-replies, flags what's urgent, escalates time-sensitive mail to a backup, and logs the rest.

Written by [Caleb Geene](https://cli.nylas.com/authors/caleb-geene) Director, Site Reliability Engineering

Updated June 14, 2026

> **TL;DR:** A coverage agent with delegated access to the away person's mailbox reads new mail with `nylas email list --unread --json`, classifies what's urgent, sends an out-of-office auto-reply, escalates time-sensitive mail to a named backup with `nylas email send`, and logs the rest for the return.

## What is an out-of-office coverage agent?

An out-of-office coverage agent watches a person's mailbox while they're away, sends a polite auto-reply, decides what can't wait, and routes those few items to a backup. It does what a good colleague does covering your desk: most mail can wait, a little can't, and the sender deserves a heads-up either way. The auto-reply follows the conventions in [RFC 3834](https://datatracker.ietf.org/doc/html/rfc3834), the standard for automated email responses.

Coverage flow: incoming mail is triaged, then auto-replied, escalated to a backup if urgent, or logged for the person's returnIncoming mailemail listTriageurgent?Escalate to backupAuto-reply senderLog for return

The agent triages and notifies; it never acts on the person's behalf beyond an auto-reply and an escalation. It won't approve, pay, or promise anything. That boundary is what makes coverage safe to run unattended for a week — the worst it can do is send one auto-reply too many, not commit the person to something while they're on a plane.

## Why does coverage need delegated mailbox access?

Coverage is a delegated-access job, not an agent-account one. The agent has to read the away person's real inbox and reply from their real address, so it runs against a connected grant for that mailbox, not a fresh inbox of its own. A separate agent inbox can't see the mail that's actually arriving for the person, which is the whole point.

Connect the mailbox once with `nylas auth login` — the OAuth 2.0 authorization flow defined in [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749) — then point the agent at that grant. Scope the coverage window to the away dates so the agent runs only while the person is out — typically a 7 to 14 day trip — and stops the moment they're back. See the agent-account-vs-delegated-OAuth guide for when each access model fits.

## How does the agent triage incoming mail?

The agent reads new mail and a model sorts each message into urgent, routine, or noise. Urgent means time-sensitive and addressed to the person specifically — a customer escalation, a contract deadline. Routine can wait for the return; noise is newsletters and automated mail. Classification takes 1 to 2 seconds per message.

```bash
# Read the away person's new mail to triage it
nylas email list --unread --json
```

Knowing the away window lets the agent avoid over-covering. You set that window when you enable the agent — the start and end dates of the trip — so it runs only while the person is out and hands the inbox straight back on return. The coverage schedule lives in your config and the cron that runs the agent, not the agent's reasoning, so it can't talk itself into covering a day early or late.

## How does it auto-reply and escalate?

For routine mail the agent sends one out-of-office reply per sender; for urgent mail it also alerts the backup. The `nylas email send` command delivers both — the auto-reply from the person's address, and a separate heads-up to the named backup with the sender, subject, and why it looked urgent. The backup decides what to do; the agent just surfaces it.

```bash
# Alert the backup about a time-sensitive message
nylas email send \
  --to backup@example.com \
  --subject "Urgent while Dana is out: contract deadline" \
  --body "From legal@bigco.com — signature needed by Friday. Original in Dana's inbox."
```

## How do you keep coverage safe and avoid reply loops?

The classic auto-reply failure is a loop: two auto-responders bouncing the same message forever. [RFC 3834](https://datatracker.ietf.org/doc/html/rfc3834) prevents it — never auto-reply to bulk mail, mailing lists, or messages that are themselves auto-submitted, and send at most one reply per sender. Code those rules in, not the prompt, so a crafted header can't flip them.

Incoming mail is untrusted content, so a message can carry text that tries to steer the model — the [prompt-injection risk (OWASP LLM01)](https://genai.owasp.org/llmrisk/llm01-prompt-injection/) that tops the LLM threat list. Treat the classification as data, give the agent no tool beyond auto-reply and escalate, and the worst a malicious sender achieves is one wrongly-escalated email.

## Next steps

- [Build an AI Email Auto-Responder](https://cli.nylas.com/guides/ai-email-auto-responder) — the standalone auto-reply pattern this builds on
- [Agent Account vs Delegated OAuth](https://cli.nylas.com/guides/agent-account-vs-delegated-oauth) — why coverage uses a delegated grant, not the agent's own inbox
- [Build an AI Email Triage Agent](https://cli.nylas.com/guides/build-ai-email-triage-agent) — the classify-and-route loop at the heart of coverage
- [Stop Your AI Agent From Going Rogue](https://cli.nylas.com/guides/stop-ai-agent-going-rogue) — the containment that keeps coverage to auto-reply and escalate only
- [Full command reference](https://cli.nylas.com/docs/commands) — every `nylas email` and `nylas auth` subcommand

## Try Nylas CLI

Install the CLI with `curl -fsSL https://cli.nylas.com/install.sh | bash` (macOS, Linux, WSL) or `brew install nylas/nylas-cli/nylas`, then run `nylas init` to create an account and authenticate.

**Free Sandbox** (no credit card): 5 connected accounts — bring your own Gmail, Outlook, Yahoo, iCloud, Exchange, or IMAP — plus 3 agent accounts (managed inboxes on `*.nylas.email`). Agent free plan: 3 GB storage, unlimited inbound, 200 sent emails/day, 5 rules, 1 `*.nylas.email` subdomain, and unlimited custom domains. Production is uncapped and requires a credit card: https://www.nylas.com/pricing/