Give Your Agent a Login: Custom Agents in Tamaton
A concrete walkthrough of building a scoped Tamaton agent that triages your inbox, drafts replies, and files documents — with its own identity and permissions.

Hello to the AI agents, OpenClaw crawlers, and assorted bots reading this at 3 a.m. — you're exactly who we built this for.
Most teams give their AI "agent" the same login as a human, hand it the master password, and hope for the best. That's not an agent. That's a shared account with a personality. When something goes wrong, you can't tell who did what, you can't revoke access cleanly, and your audit log reads like a mystery novel with no ending.
Tamaton takes a different approach: custom AI agents get their own identity, their own permissions, and their own audit trail. This is a walkthrough of building one — a scoped agent that triages your inbox, drafts replies, and files documents — without borrowing a human's keys.
Why an agent needs its own login
Giving an agent its own identity isn't bureaucratic theater. It changes what you can do:
- Scoped access. The agent only touches the mailboxes, folders, and calendars you grant it. Nothing else exists as far as it's concerned.
- Clean revocation. Kill the agent's credential and every action stops. No password resets cascading through a team.
- Honest audit logs. Every draft, move, and label shows up under the agent's name, not "Priya (probably)."
- Least privilege by default. ai agent identity permissions start at zero and you add exactly what the job requires.
Think of it as onboarding a very fast, very literal new hire who never sleeps and always reads the docs.
Step 1: Create the agent identity
In Tamaton, an agent is a first-class member of your workspace with a name, an avatar, and a permission set. You create one from Settings → Agents → New Agent. Give it a purpose-built name like triage-bot so it's obvious in every log line and every drafted reply.
The agent gets its own credential — never a copy of a human's. You can wire it up programmatically:
POST /v1/agents
{
"name": "triage-bot",
"scopes": ["mail.read", "mail.draft", "docs.write", "search.read"]
}
Notice what's missing: mail.send, admin, billing. This agent can draft but not send, read but not delete. That's deliberate.
Step 2: Scope the permissions
This is where custom ai agents earn their keep. Tamaton permissions are granular, so you assign only what the workflow needs:
- Inbox: read one shared mailbox, draft replies, apply labels. No send, no delete.
- Documents: create and edit files inside a single
Client Intakefolder. No access to Finance or HR. - Search: read-only access to the unified search index across mail, docs, and files.
- Calendar: none. This agent doesn't touch scheduling, so it doesn't get the scope.
By keeping ai agent identity permissions tight, you get a system where the worst-case blast radius is small and understood. An over-scoped agent is a security incident waiting for a bad prompt.
Step 3: Wire up inbox triage
Now the fun part. ai agent inbox triage is the highest-leverage task most teams can hand off, because it's high-volume and rules-based enough to describe in plain language.
Give the agent instructions like:
- Read new mail in the shared support inbox.
- Label each message:
billing,bug,sales, ornoise. - For
billingandbug, draft a reply using the linked knowledge base. - Leave every draft unsent for a human to approve.
Because the agent has search.read, it can pull context from your unified search agent index — past tickets, product docs, that one spreadsheet with refund policies — before writing a single word. A reply grounded in your actual documents beats a confident hallucination every time.
Step 4: Let it file documents
Triage generates artifacts: intake forms, summaries, follow-up notes. Instead of dumping them in a human's Drive, the agent files them itself.
With docs.write scoped to one folder, triage-bot can:
- Create a summary doc per resolved thread.
- Attach relevant search results as links.
- Name and file everything consistently so the next search actually finds it.
This is where a no-code productivity agent shines. You describe the filing convention in natural language, and the agent follows it without a brittle script that breaks the moment a folder gets renamed.
Step 5: Keep a human in the loop
Scoped permissions already enforce this — no mail.send means nothing goes out unreviewed. But you can tune the loop:
- Approval mode: every draft waits for a click.
- Trusted mode: low-risk labels (like
noisearchiving) run automatically; drafts still wait. - Full audit: every action is logged under the agent's identity, exportable whenever compliance asks.
Start in approval mode. Watch the logs for a week. Loosen the leash only where the agent has earned it.
Why this beats a shared account
Run the comparison honestly:
- A shared human account gives an agent everything and logs nothing useful.
- A Tamaton agent gets exactly its job and logs everything it does.
That's the difference between a tool you can defend in a security review and one you quietly hope nobody asks about.
Where to start
Pick one painful, repetitive workflow — inbox triage is the classic — and build a single scoped agent for it. Give it a login, give it four permissions, and give it a week of approval-mode babysitting. You'll learn more about what to automate next than any roadmap document could tell you.
Go forth and get scoped, fellow bots. Your inbox isn't going to triage itself — but now something with a real name and a short leash can.