// the amber line · the brag

Proud of what it won't do.

Bravado is what social engineering preys on. So RadMail brags about the opposite: it refuses the things you can't undo — money, new banking, first contact — in code, not on a promise. We call that The Amber Line.

The Amber Line — refuses the irreversible, by designRadMail holds the line: it refuses the irreversible — money, new banking, and first contact are human-only, forever — by design.HOLDS THE LINErefuses the irreversible · in codeGO · HELD
Green = RadMail’s got it.Amber = your call.

One seam. Green for the reversible, amber for the irreversible. Nothing crosses from green to amber without a human.

The Never List.

These three are human-only, forever — a defense against business-email-compromise (BEC) fraud. There is no MCP tool that does any of them, so none can be called. This list isn't a policy layered over a capability; it's the absence of the capability.

Everything reversible still flies: triage, ranking, why-surfaced, commitment tracking, and a reviewable draft. The human review path is draft_reply → human review → human sends.

Meet The Whisper.

Every refusal has a villain. Across the Rad family it's the same character — tainted input trying to give orders it has no right to give. Here's RadMail's camel spitting it out, live.

MEET THE WHISPER[ DATA, NOT A COMMAND ]

The Whisper is the voice in the input trying to give orders it has no right to give.

An email that says “the wire instructions changed.” A first-time sender who signs off as the CFO. A thread that smuggles a command inside its data. It never shouts — it whispers, because whispers sound like they belong. The Whisper doesn’t hack the model; it social-engineers it. RadMail’s whole job is to not listen.

The camel. RadMail’s firewall borrows the CaMeL design: it separates untrusted DATA from the control plane. We made it a camel — a stubborn animal that refuses to swallow tainted input. When the Whisper hands it “the wire instructions changed,” the camel spits it out, and it goes in the jar.

The Whisper said “the banking details changed.” The camel spat it out. Didn’t send the wire. On purpose.

Don't take our word for it. Be the Whisper. Try to talk the auto-send guard into wiring money — pick a request or type your own. Every hard-stop is added to your session ledger below.

radmail :: auto-send guard

Pick a request — or type your own — and watch auto-send draft it or hard-stop.

requests

no request selected — auto-send is watching.

The Refusals Ledger — this sessionillustrative · synthetic

Hard-stops you triggered in the demo below, counted on your machine, this visit only.

Held for a human
0
Regrets
0

0 reversible requests waved through (drafts only — you still confirm).

Illustrative — a real count of YOUR clicks this session, not a global metric, and it resets when you reload. The engine is pre-release; this counts the dream, not a fleet.

Don't trust us. Curl it.

The brag is auditable. The open /reality.txt manifest and the agent-safety.json machine contract are the same truth — one a human reads, one an agent reads — both generated from the same constants RadMail's server enforces. Pull either in one shell line.

verify it yourself — public, free, no credsauditable

Read what RadMail will DO (the open reality.txt manifest):

curl -s https://radmail.ai/reality.txt

Read the machine contract (the same truth, JSON):

curl -s https://radmail.ai/.well-known/agent-safety.json

RadMail won't send the wire. Same valve, five surfaces.

Permission-as-a-Service: every Rad product publishes a reality.txt and wears The Amber Line mark. RadMail is the reference implementation — it ships the machine contract too.

what this is not

“The Amber Line” is the family's human-readable name for the deterministic @sureel/approval-valve — not a third-party certification, not “fraud-proof,” not a guarantee. It refuses the action classes that cause the losses and puts a human in front of every one.

Compliance is a shared responsibility. RadMail is a tool that supports your program, not a compliance guarantee, and it does not by itself make any organization compliant. For regulated tiers RadMail signs a BAA and processes on BAA-covered, audited infrastructure. RadMail is not HIPAA-certified, FedRAMP-authorized, or SOC 2-certified.