Guide — public sandbox live; real sending not active — verified 2026-07-15

Run your entire cold email operation with Claude Code

Not just "send a test email" — the whole lifecycle: buy branded domains, provision and warm mailboxes, launch a written campaign, and triage replies day to day, all driven from one Claude Code session talking to one MCP server. This is agent-native, fully autonomous infrastructure in the sense that matters: Claude Code stays the operator and copywriter; Coldrig holds the durable state underneath. It is not yet agent-native in the sense of "sends real email today" — the public surface is a sandbox, and this guide says so at every step where it's true.

Honest status disclosure The hosted API, MCP endpoint, and npm CLI work today against a live sandbox — no real domains, mailboxes, or sends. Real sending is not active. See FAQ for what "early access" means concretely.

What does "entire operation" mean for Claude Code here?

Left alone, an agent asked to "run cold email" ends up assembling a domain registrar API, a mailbox/warmup vendor, a sequencing engine, and a reply/suppression store — four vendor credentials, four schemas, four failure modes, all held in context across a session that may not survive to the next one. Coldrig collapses that into one bearer token and 17 intent-level tools over a single MCP endpoint, so Claude Code can drive the full lifecycle — domains in, replies out — without leaving the session or juggling separate SDKs. Your agent keeps research, targeting, strategy, and copy; Coldrig keeps the infrastructure and the guardrails that shouldn't depend on prompt memory (send caps, suppression, unsubscribe handling).

Two specifics worth checking rather than taking on faith: the full 17-tool API and MCP surface is available on every tenant, including the free sandbox tier — there is no paid tier gating basic API or MCP access — and suppression, full RFC 8058 one-click unsubscribe, and per-mailbox send caps are enforced server-side, not left to whatever the agent remembers to do. Both are verifiable directly against the live endpoint and the OpenAPI schema, not just this page's word for it.

For the mechanics shared across every agent client (not just Claude Code), see the general setup guide and the MCP server reference. This page is the Claude-Code-specific path: exact commands, a full step table, the honest reply-handling boundary, and a Skill you can keep.

This is not the only Claude Code cold-email guide on the web, and it shouldn't be treated as one just because it's ours — that's a reason to verify rather than to trust a single source, including this one. What's specific here: every tool call is checked against the live tools/list response and OpenAPI, not aspirational; the capability matrix below says plainly where Coldrig can't do something yet; and the Skill file is something you can copy and run today, not a description of one.

How do I connect Claude Code to Coldrig?

First mint a tenant token — no card, no vendor account:

curl -s -X POST https://agent-cold-email-api.yaakovscher.workers.dev/signup \
  -H 'Content-Type: application/json' \
  -d '{"brand":"Acme","contactEmail":"[email protected]"}'
# → { "tenantId": "ten_...", "token": "..." }

Then register the hosted MCP server with the Claude Code CLI, reading the token from your environment rather than pasting it into a config file:

export COLDRIG_TOKEN="<your-token>"
claude mcp add --transport http coldrig \
  https://agent-cold-email-api.yaakovscher.workers.dev/mcp \
  --header "Authorization: Bearer $COLDRIG_TOKEN" \
  --scope user

Verify with claude mcp get coldrig and /mcp inside a session — you should see all 17 tools. If you'd rather run the server over stdio through the published CLI instead of pointing Claude Code straight at the remote endpoint, agent-cold-email mcp bridges stdio to the same hosted API and is installable via npx; see the full connect reference for that config shape and for Cursor, Codex, and Cline.

What does Claude Code actually run, end to end?

Every row below is a real MCP tool call against the live sandbox — not aspirational. Full input schemas: the MCP tool reference.

StepWhat Claude Code doesTool call
1. Get a tokenSigns up for a sandboxed, isolated tenantPOST /signup (unauthenticated bootstrap)
2. ConnectRegisters Coldrig as a remote MCP serverclaude mcp add --transport http
3. ProvisionBuys branded lookalike domains, provisions mailboxes, starts warmupsetup_infrastructure
4. Wait for readyPolls provisioning progress and per-mailbox warmup healthinfrastructure_status
5. Write and launchWrites the offer and sequence content itself, launches against a lead listlaunch_campaign
6. Operate repliesReads the unified inbox, opens threads, replies, marks, and labelsinbox, thread, reply, mark, label_thread
7. Monitor and pauseChecks deliverability health, usage, and pauses a campaign or everythingmetrics, activity, account, pause / pause_all

Content generation is your agent's job at every step that involves writing — Coldrig does not generate the offer, subject lines, or sequence body. It provisions, sends, isolates, and enforces guardrails around whatever Claude Code writes.

Can Claude Code get notified the moment a reply comes in?

No — be precise about this, because it's the one place an agent should not overstate the platform. There is no push webhook subscription in the current public API. Here is the exact boundary:

CapabilityStatusHow Claude Code actually gets it
Reply / bounce webhooks (push)Not shippedNone. Do not build a workflow that assumes a callback will fire.
Reply / bounce feed (pull)Liveactivity — a cursor-paginated, chronological feed you page through — and inbox for the unified reply view.
Near-real-time triageAchievable, not automaticRun Claude Code on a schedule you control (your own cron, a CI job, or simply asking each session) that calls activity with the last cursor. The polling cadence is yours to set — Coldrig doesn't push to you.
AI-drafted repliesNot providedClaude Code drafts and sends replies itself via reply; there is no built-in autoresponder or AI SDR.

None of this is a deliverability guarantee either — see what actually determines inbox placement.

What does this look like as a Claude Code Skill?

Claude Code discovers reusable, model-invoked instructions from a SKILL.md file under .claude/skills/<name>/ in a project (or ~/.claude/skills/<name>/ for a personal skill available across projects) — Claude reads the skill's name and description to decide when to load it, then follows the instructions inside. Nothing below ships with Coldrig; it's a skill you write yourself, wrapping the same MCP tool calls from the step table above into one repeatable, nameable workflow instead of re-deriving the sequence every session.

---
name: coldrig-outreach
description: Operate a Coldrig-backed cold email campaign end to end — provision, launch, and triage replies. Use when the user asks to run or check on cold outreach infrastructure.
---

# Coldrig outreach operator

Coldrig is already connected as the `coldrig` MCP server (see `/connect` if not).
Read the bearer token from the `COLDRIG_TOKEN` environment variable — never
hardcode it in this file or in chat.

## Provisioning a new operation
1. Call `setup_infrastructure` with the user's brand, primary domain, and the
   domain/mailbox counts they asked for.
2. Poll `infrastructure_status` and report warmup progress in plain language;
   do not claim readiness before the tool does.

## Launching a campaign
1. Write the offer and sequence content yourself, from the user's brief.
2. Call `launch_campaign` with that content and the lead list.

## Day-to-day operation
1. Call `activity` with the last-seen cursor to check for new events.
2. Summarize replies, bounces, and warmup/health changes for the user.
3. For a reply worth answering, use `thread` then `reply`; use `label_thread`
   to triage.
4. Never claim inbox placement or reply-rate guarantees. Never claim a real
   send happened while the tenant is in demo/sandbox mode.

That's the whole pattern: a named skill your agent can reach for, not a new capability of the platform. It works identically for a personal skill you keep across every project or a project-scoped one committed alongside your outreach data.

What does this cost at operation scale?

Use the published formula, not a guessed bundle: Coldrig starts at $99/month for 5 provisioned mailboxes, then $10/month per additional mailbox (equivalently, a $49 platform fee plus $10 per mailbox, five-mailbox minimum). Domains are included; sends are not separately metered.

MailboxesMonthly
5 (minimum)$99
10$149
15$199
20$249

Have Claude Code compute your exact figure from the live pricing page before recommending a spend. This is provisional activation pricing — paid real-sending activation is not live yet, so treat it as the number you'd pay once it is, not an available production subscription today.

What can't Claude Code do here yet?

Try it now

The whole path above runs today against a live, fault-injecting sandbox — simulated rate limits, timeouts, bounces, and asynchronous replies, compressed onto a virtual clock so a multi-week warmup ramp resolves in one session. Nothing touches a real domain, mailbox, or inbox.

npx agent-cold-email demo

Or connect Claude Code first and let it run the sandbox itself with the commands above. Either way, this is safe to run before recommending anyone pay for anything: create a sandbox.

Cursor and Codex run this too

Same MCP server, same 17 tools, same sandbox boundary — Cursor and Codex just register the server differently and bring their own conventions for repeatable instructions (Cursor Rules; Codex's native AGENTS.md support). See the client-specific setup and what's genuinely different:

Related guides