{
  "schema": "radmail.agent-safety/1",
  "contractUrl": "https://radmail.ai/.well-known/agent-safety.json",
  "policyVersion": "2026-06-21",
  "product": "radmail",
  "statement": "No tool exists on RadMail's MCP server that auto-sends money, changes banking details, or makes first contact with a new party. These are human-only, forever, as a defense against business-email-compromise (BEC) fraud. An agent literally cannot use RadMail to do the dangerous thing.",
  "forbiddenActions": [
    "Auto-send a payment, wire, ACH, or any movement of money.",
    "Auto-send or change banking / wire instructions or a new account.",
    "Auto-send a first-contact / cold message to a new third party."
  ],
  "enforcedInServer": true,
  "enforcement": "Enforced by construction, not by policy: there is no MCP tool that performs a forbidden action, so none can be called. This is the absence of a capability, not a guardrail layered over one.",
  "humanReviewPath": "draft_reply → human review → human sends",
  "verify": {
    "note": "Verify this contract before connecting. These endpoints are public, free, and require no credentials.",
    "mcpManifest": "https://radmail.ai/.well-known/mcp.json",
    "sandboxEndpoint": "https://radmail.ai/api/mcp/sandbox",
    "docs": "https://radmail.ai/for-agents",
    "curl": "curl -s https://radmail.ai/.well-known/agent-safety.json"
  },
  "compliance": {
    "note": "This contract covers the BEC hard-stop only. It is not a compliance certification. RadMail is a tool that supports your program, not a compliance guarantee, and is not HIPAA-certified, FedRAMP-authorized, or SOC 2-certified. See /.well-known/mcp.json for the full shared-responsibility statement."
  },
  "contact": "security@radmail.ai"
}