Sunday

Give your agent its own identity — a dedicated email address and E2E-encrypted credential vault. All in one CLI, no desktop app, no tmux sessions, no biometric prompts. Fully autonomous after one-time setup.

Setup (One Time)

1. Create a Sunday account at sunday.ravi.app. Set up your encryption PIN and create an Identity (this gives your agent its own email address).

2. Install the CLI:

brew install ravi-technologies/tap/sunday

3. Authenticate (run this BEFORE starting OpenClaw):

sunday auth login

This opens a browser for login, then prompts for your 6-digit encryption PIN. After this, credentials and encryption keys are stored in ~/.sunday/config.json — no further prompts needed. All subsequent sunday commands work autonomously.

4. Verify:

sunday auth status

That's it. No desktop app to keep open. No tmux session. No environment variables. Start OpenClaw and your agent has its own identity.

When to Use

• Signing up for a service — use your Sunday email in registration forms
• Receiving OTP or verification codes — check inbox for email codes
• Storing credentials — save username/password for services you've signed up for
• Retrieving credentials — look up stored passwords when logging into a service
• Checking email — read incoming emails to your agent's own address
• Any task needing your own identity — don't use the user's personal email

Your Identity

Get your agent's own email address:

# Get your email address
sunday get email --json
# → {"email": "scout-a1b2c3@sunday.app"}

# Get the account owner's name
sunday get owner --json

Use this when filling out registration forms, not the user's personal email.

Inbox — Reading Email

Unified Inbox

# All messages, newest first
sunday inbox list --json

# Only unread messages
sunday inbox list --unread --json

# Filter to email only
sunday inbox list --type email --json

# Filter by direction
sunday inbox list --direction incoming --json

Email Threads

# List all email threads
sunday inbox email --json

# List only threads with unread messages
sunday inbox email --unread --json

# View a specific thread (all messages in conversation)
sunday inbox email <thread_id> --json

Individual Messages

# List all email messages (flat, not grouped by thread)
sunday message email --json

# View a specific email by ID
sunday message email <message_id> --json

Passwords — E2E Encrypted Credential Vault

All passwords are end-to-end encrypted. The server never sees plaintext credentials. Decryption happens client-side using keys derived from the PIN (entered once during sunday auth login).

Store Credentials After Signup

# Auto-generate a secure password and store it
sunday passwords create example.com --json
# → Generates password, stores encrypted entry, returns UUID

# Store with specific credentials
sunday passwords create example.com --username "scout-a1b2c3@sunday.app" --password "my-secret-pass" --json

# Store with notes
sunday passwords create example.com --username "me@email.com" --password "pass123" --notes "Free tier account" --json

URL inputs are automatically cleaned to domains (e.g., https://mail.google.com/inbox becomes google.com). Username defaults to your Sunday email if not specified. Password is auto-generated if not provided.

Retrieve Credentials

# List all stored passwords (shows domain and username, NOT password)
sunday passwords list --json

# Get full entry with decrypted password
sunday passwords get <uuid> --json

Update and Delete

# Update password
sunday passwords edit <uuid> --password "new-password" --json

# Update username
sunday passwords edit <uuid> --username "new-user@email.com" --json

# Delete entry
sunday passwords delete <uuid>

Generate Password Without Storing

# Generate a random password
sunday passwords generate --json

# Custom length
sunday passwords generate --length 24 --json

# No special characters (for sites that restrict them)
sunday passwords generate --no-special --json

# Exclude specific characters
sunday passwords generate --exclude-chars "!@#" --json

Workflows

Signing Up for a New Service

# 1. Get your Sunday email
EMAIL=$(sunday get email --json | jq -r '.email')

# 2. Fill out the signup form with $EMAIL

# 3. Generate and store credentials
sunday passwords create theservice.com --json

# 4. Wait for verification email
sleep 10
sunday inbox list --unread --json

# 5. Extract verification link or code from email
sunday inbox email --unread --json

Logging Into a Service

# 1. Look up credentials
sunday passwords list --json
# Find the entry for the target domain

# 2. Get the full credentials
sunday passwords get <uuid> --json
# Returns decrypted username and password

# 3. If 2FA is required, check inbox for the code
sleep 5
sunday inbox list --type email --unread --json

Checking for OTP Codes

# After triggering a verification, wait then check
sleep 5

# Check email for verification links or codes
sunday inbox email --unread --json

# Unified check
sunday inbox list --unread --json

Important Notes

• Always use --json for all commands. This gives structured output you can parse reliably.
• This is YOUR identity, not the user's. Never use the user's personal email. Always use sunday get email for your own address.
• Credentials are encrypted. You cannot read raw password values from disk or memory files. Always use sunday passwords get <uuid> to retrieve them.
• Inbox is read-only. You can receive and read email but cannot send email through Sunday.
• Token auto-refreshes. If you get an auth error, try the command again — the token refreshes automatically. If it persists, the user needs to re-run sunday auth login.