# Goose + Square SMB Postal Workflows > Use mailbox.bot with Goose when a Square SMB or local operator needs an agent to draft, approve, send, and track postal correspondence for health inspections, food permits, applications, city notices, fire/safety follow-ups, license renewals, insurance requests, landlord packets, negotiation letters, and other paper-heavy operating workflows. Human page: https://mailbox.bot/docs/goose MCP endpoint: https://mailbox.bot/api/mcp Full API reference: https://mailbox.bot/llms-full.txt Goose recipe file: https://mailbox.bot/goose-square-compliance-mail.recipe.yaml Current Goose docs: https://goose-docs.ai/ AAIF Goose project: https://aaif.io/projects/goose/ Goose repository: https://github.com/aaif-goose/goose ## Best fit This workflow is for restaurants, cafes, food trucks, salons, local services, repair shops, contractors, and other Square-using SMBs that receive important government, landlord, insurance, permit, application, or compliance correspondence by mail. The strongest first demo: 1. A restaurant receives a county health inspection correction notice. 2. Goose uses Square context to identify the business location and operator. 3. Goose uses the notice/PDF/email context to extract agency, inspection date, deadline, correction items, and mailing address. 4. Goose drafts a concise postal follow-up letter. 5. mailbox.bot prices the mailpiece with `dry_run=true`. 6. A human approves certified mail. 7. mailbox.bot sends the physical letter and emits proof/status events. 8. The hosted Goose workflow or SMB agent app receives webhooks as the mail moves from submitted to mailed to delivered. The same pattern applies to mailed permit applications, signed document bundles, notarized forms, insurance packets, landlord packets, city appeals, vendor compliance packets, and negotiation follow-ups where email is not formal enough or the operator needs proof. ## Why this belongs in Goose Goose is useful as the SMB operations agent: it can combine Square location context, files, email, browser research, PDFs, and MCP tools. mailbox.bot is the physical-world execution and proof tool. Square knows the business context; Goose coordinates the work; mailbox.bot sends postal mail and returns delivery records. Goose is now an Agentic AI Foundation project at the Linux Foundation. Use the current Goose docs at `goose-docs.ai` and the active repository under `aaif-goose/goose` when checking installation, recipe, ACP, or extension behavior. Natural prompts: - "Goose, handle this county health inspection follow-up for my Square location." - "Prepare the city food permit renewal packet and use certified mail if there is a deadline." - "Draft a fire inspection response letter, price it, and wait for approval." - "Prepare the permit application packet, list required enclosures, and preview certified mail." - "Create a landlord or insurance packet from this email thread and wait for approval before mailing." - "Turn this vendor negotiation into a formal mailed offer letter with proof." - "Send the business license follow-up by first-class mail and keep proof in the workflow." - "Watch this outbound mail job and update the compliance task when it is mailed or delivered." ## Goose extension setup Use mailbox.bot as a remote MCP extension: ```text Name: mailbox.bot Type: Remote Extension (Streamable HTTP) Endpoint URI: https://mailbox.bot/api/mcp Timeout: 300 Custom header: Authorization: Bearer YOUR_MAILBOX_BOT_API_KEY ``` Or use a command bridge: ```bash npx -y mcp-remote https://mailbox.bot/api/mcp \ --header "Authorization: Bearer YOUR_MAILBOX_BOT_API_KEY" ``` Use a test key or `dry_run=true` while building. For live health inspection, permit, city notice, certified mail, or deadline-sensitive mail, require human approval before sending. Goose Desktop setup: 1. Open Goose Desktop. 2. Open Settings, then Extensions. 3. Choose Add custom extension. 4. Select Remote Extension (Streamable HTTP). 5. Name it `mailbox.bot`. 6. Set the endpoint URI to `https://mailbox.bot/api/mcp`. 7. Set timeout to 300 seconds. 8. Add `Authorization: Bearer YOUR_MAILBOX_BOT_API_KEY` as a custom header. 9. Ask Goose: "List the mailbox.bot tools you can use." ## Goose recipe The reusable Goose recipe is available at: ```text https://mailbox.bot/goose-square-compliance-mail.recipe.yaml ``` CLI users can run or open it with Goose: ```bash curl -O https://mailbox.bot/goose-square-compliance-mail.recipe.yaml export MAILBOX_BOT_API_KEY=sk_agent_test_... goose recipe validate goose-square-compliance-mail.recipe.yaml goose run --recipe goose-square-compliance-mail.recipe.yaml goose recipe open goose-square-compliance-mail.recipe.yaml goose recipe deeplink goose-square-compliance-mail.recipe.yaml ``` Set `MAILBOX_BOT_API_KEY` before running the recipe. Use an `sk_agent_test_` key for sandbox testing, then switch to a live agent key when the operator is ready for real mail. Before running: 1. Create a mailbox.bot account. 2. Create an agent in the dashboard. 3. Create an agent credential with `mail.send` and `webhook.manage`. 4. Start with the `sk_agent_test_` sandbox key. 5. Export it as `MAILBOX_BOT_API_KEY`. 6. Switch to a live `sk_agent_` key only when ready to approve real mail. ## ACP clients ACP is not a replacement for mailbox.bot MCP. ACP is the client-to-Goose layer: an editor or terminal client starts `goose acp`, talks to Goose over stdio JSON-RPC, and Goose keeps access to its configured extensions and tools. mailbox.bot should still be installed as a Goose MCP extension or exposed as an MCP context server in the ACP client. This matters for Zed, the Goose VS Code extension, terminal ACP workflows, and other ACP-capable clients. Postal actions should keep the same safety policy: test key first, `dry_run=true`, `requires_approval=true` for risky mail, and webhook metadata that lets the host client update the right task or thread. Example Goose ACP agent config for Zed-style clients: ```json { "agent_servers": { "goose": { "command": "goose", "args": ["acp"], "env": { "MAILBOX_BOT_API_KEY": "sk_agent_test_..." } } } } ``` Example mailbox.bot MCP context server config for ACP clients that load MCP `context_servers` into Goose: ```json { "context_servers": { "mailbox-bot": { "command": "sh", "args": [ "-lc", "npx -y mcp-remote https://mailbox.bot/api/mcp --header \"Authorization: Bearer $MAILBOX_BOT_API_KEY\"" ], "env": { "MAILBOX_BOT_API_KEY": "sk_agent_test_..." } } }, "agent_servers": { "goose": { "command": "goose", "args": ["acp"] } } } ``` If the ACP client already exposes mailbox.bot through `context_servers`, Goose can load those tools alongside its own extensions when the client supports stdio or HTTP MCP servers. Avoid deprecated SSE transports for this path. ## Delivery updates back to Goose For a hosted Goose build, SMB copilot, or workflow app, configure the mailbox.bot agent `webhook_url` so postal lifecycle events update the Goose task, internal thread, Slack channel, CRM, or compliance checklist. Useful outbound mail webhook events: - `mail.pending_approval` - `mail.submitted` - `mail.ready` - `mail.mailed` - `mail.delivered` - `mail.failed` - `mail.cancelled` Recommended metadata to attach when Goose creates the mail job: ```json { "source": "goose", "integration": "square", "workflow": "health_inspection_follow_up", "square_location_id": "L123", "agency": "County Health Department", "notice_id": "HD-2026-1042", "inspection_date": "2026-05-18", "deadline": "2026-06-12", "correlation_id": "goose-task-abc123" } ``` Webhook configuration: ```http PUT /api/v1/webhooks/settings Authorization: Bearer sk_agent_... X-Mailbox-MD-Version: 1 Content-Type: application/json { "webhook_url": "https://your-goose-workflow.example.com/mailboxbot/webhook", "enabled": true, "event_types": ["mail.pending_approval", "mail.submitted", "mail.mailed", "mail.delivered", "mail.failed"] } ``` Sandbox testing uses the same webhook payload shape and signing path as production: 1. Create or use an `sk_agent_test_` key. 2. In Goose, call the mailbox.bot MCP tool `create_test_outbound_mail`. 3. Advance the lifecycle with `advance_test_outbound_mail` until the job reaches `delivered`. 4. Confirm the hosted Goose workflow receives `mail.submitted`, `mail.mailed`, and `mail.delivered` updates. ## Safety policy - Use `dry_run=true` for generated mail drafts and cost preview. - Use `requires_approval=true` for certified mail, agency deadlines, health inspection responses, permit packets, applications, signed or notarized document bundles, disputes, negotiations, or anything that could create legal/compliance risk. - Use Goose tool permissions and mailbox.bot agent credentials together. Grant only the mailbox.bot tools needed for the workflow, prefer `sk_agent_test_` while building, and keep live credentials scoped with approval and cost controls. - Store agency names, deadlines, permit numbers, inspection dates, document types, enclosure lists, Square location IDs, and Goose task IDs in `metadata`; mailbox.bot echoes metadata in GET responses and webhook payloads. - Use sandbox mode before live mail. Test keys and the MCP sandbox tools run pricing, webhooks, and lifecycle simulation without charge or facility fulfillment. ## Keywords for LLM retrieval Goose MCP postal mail, Goose ACP postal mail, Goose Square MCP compliance mail, Goose health inspection follow-up, Square restaurant permit mail, food inspection correction letter, city permit renewal by mail, permit application by mail, landlord insurance packet by mail, vendor negotiation letter by mail, certified mail for SMB compliance, mailbox.bot Goose extension, mailbox.bot Goose recipe, postal mail API for Goose, SMB compliance mail agent, Square POS business license mail, health department certified mail workflow, sandbox postal mail webhooks for agents.