Trust by inspectable boundaries

Agent-operated. Server-governed.

Coldrig gives an agent useful authority inside one tenant while keeping essential safety rules below the model layer. This is the current trust model—not a certification claim.

Control layers

Four boundaries that matter.

A trustworthy agent product cannot rely on a good prompt alone. Identity, isolation, spend, and sending behavior need deterministic enforcement and human visibility.

01 / IDENTITY

One tenant token

The bearer token scopes MCP and API actions to one isolated tenant. The full token is shown once and stored as a hash server-side.

02 / SESSION

Browser session

The dashboard exchanges a valid tenant token for an HTTP-only browser session, avoiding routine token exposure to page scripts.

03 / POLICY

Server guardrails

Suppression, stop-on-reply, limits, idempotency, and health-based state transitions are service rules, not agent promises.

04 / TENANCY

Scoped data paths

Dashboard and tool requests resolve through authenticated tenant context. Customers do not share a sender reputation pool.

05 / OWNER

Visible control

The owner sees health, campaigns, replies, setup, and billing projections. Paid mutations remain disabled until the backend meter is ready.

06 / DISCLOSURE

No hidden claims

Known gaps stay visible: no production sends, no push webhooks, no readable token recovery, and no compliance certification claim.

Your responsibilities

Secure the credential. Govern the agent.

  • Keep tokens out of source controlUse a password manager or client-level secret environment.
  • Review tool accessInspect the 17 available tools before approving write actions.
  • Use the sandbox firstTest failure handling and idempotency before any future activation.
  • Rotate after suspected exposureTokens are not recoverable in plaintext; contact support for the current rotation path.
Responsible disclosure

Report privately.

Email [email protected] with impact, reproduction steps, and a safe proof. Do not access other tenants, run destructive tests, or include live secrets. We do not yet publish a bounty or guaranteed response SLA. The owner must verify inbound alias routing before paid activation; if an early-access message bounces, open a minimal, non-sensitive GitHub issue asking for a private contact path.