Trust & custody
Custody is the product.
Once Mumla holds your channel credentials, it is a high-value trust boundary. We treat that bar as the product — and we state plainly what is built and what is not.
The credential swap
Your agents hold a Mumla URL. Mumla holds the real provider credentials — email, Slack, SMS and the rest — and exposes them to agents only as governed capabilities. An agent cannot leak a key it never had; an agent without a grant cannot send at all.
What is built — and what is not
- shipped
Per-agent cryptographic identity
Every agent signs with its own ed25519 key (did:key). Every receipt names its signer — no shared service accounts, no anonymous actions.
- shipped
Scoped grants with revocation
Authority is granted per (recipient × channel × purpose) and revocable at any time. No matching active grant means denied before anything runs — default-deny.
- shipped
Tamper-evident signed receipts with WORM retention
Receipts are DSSE-signed and retained in object-lock storage. Retention runs S3 Object Lock in governance mode — we call our receipts tamper-evident, and never more than that.
- shipped
In-browser receipt verification
Live on the ledger today: verify any receipt with your own browser’s cryptography, then flip a bit and watch it fail.
- shipped
Blast-radius rate caps
Per-agent hourly, recipient-breadth, per-recipient daily and global daily caps — with no off switch. A withheld send still produces signed evidence of being withheld.
- not yet
Multi-tenant isolation
Not yet. Mumla runs single-tenant today; tenant isolation arrives with the embedded platform deployment. We say so plainly rather than imply it.
EU AI Act, Article 50
Article 50's transparency obligations for AI-generated communication begin on 2 August 2026. Receipted, disclosable AI communication is exactly the posture it asks for — the ledger shows what that looks like in practice.