Skip to main content

Overview

The Outbox Claude Code Plugin brings your Outbox AI workspace into Claude Code. Once installed, Claude can list and edit your agents, run modules, manage workflows, fetch transcripts, and send messages — all from your terminal session.

View on GitHub

github.com/Outbox-Solutions/outbox-claude-plugin

How It Works

The plugin pairs Claude Code with your Outbox account using a plugin session token — an opaque, long-lived token bound to a single user. The token is exchanged for short-lived JWT access tokens on every request, so your password never leaves your machine after the initial sign-in.
1

Sign in once

The plugin posts your email + password to /auth/plugin/login/ and stores the returned obx_pls_… token locally.
2

Exchange on demand

Each tool call exchanges the session token for a short-lived JWT via /auth/plugin/exchange/. The plugin caches the JWT until just before it expires.
3

Revoke any time

List and revoke active sessions from the dashboard or via /auth/plugin/sessions/.

Installation

claude plugin install Outbox-Solutions/outbox-claude-plugin
Then sign in: 
claude
> /outbox login
You’ll be prompted for your Outbox email and password. The plugin stores the resulting session token in your local Claude Code config — credentials are not retained.

What You Can Do

Build & Edit Agents

Create new chat or voice agents, update prompts, and add tools without leaving your editor.

Run Modules

Trigger module runs, follow logs, and download artefacts.

Manage Workflows

Enroll contacts, advance stuck actions, and review execution history.

Pull Transcripts & Logs

Search call and chat logs, fetch transcripts, and download bulk exports.

Session Management

EndpointMethodPurpose
/auth/plugin/login/POSTExchange email + password for a session token
/auth/plugin/exchange/POSTExchange a session token for a JWT
/auth/plugin/logout/POSTRevoke the current session
/auth/plugin/sessions/GETList active sessions for the user
/auth/plugin/sessions/{id}/DELETERevoke a specific session by ID
You can revoke a lost or stale device’s session at any time from Settings → Integrations → Active Sessions in the dashboard.

Security Notes

Plugin session tokens are random strings prefixed with obx_pls_. They’re only meaningful to the Outbox API and can’t be inspected client-side.
Every API call uses a short-lived JWT minted from the session token. If you revoke a session, all of its in-flight tokens stop working as soon as they expire (within minutes).
Use a descriptive label (e.g. "Connor's MacBook") at login so revoking a specific machine is unambiguous.
  • MCP Server — connect any MCP-compatible client (Claude Desktop, Cursor, etc.)
  • JavaScript SDK — call the Outbox API from Node and the browser