UAI Mail docs
runbookrunbooksv2redacted view

UAI Mail Operator Boundaries

Owner-only actions, denied surfaces, credential redaction, and freeze rules for UAI Mail.

Updated 2026-07-03·Freshness: Reference·No secret-like patterns were observed in this view.

UAI Mail Operator Boundaries

Owner-only actions, denied surfaces, credential redaction, and freeze rules for UAI Mail.

Body

UAI Mail — Operator Boundaries

Owner-Only Actions

Action Reason
Start any Mailu container Stack intentionally frozen
Change DNS, MX, SPF, DMARC, or TLS Deliverability and exposure risk
Modify firewall or host routes Could expose services early
Run renew-certs.sh Couples Beacon stop + Mailu front restart
Wipe /root/mail or /mailu Only after archive verification
Choose restore vs rebuild Open AI access model

Credential Redaction

Models and docs must never expose values for:

  • /root/mail/mailu.env (including SECRET_KEY, INITIAL_ADMIN_PW, API_TOKEN names — values forbidden)
  • CADENCE_UMAIL_* / SCRIBE_UMAIL_*
  • CADENCE_SMTP_*
  • DKIM private keys, TLS private keys, mailbox passwords

It is acceptable to reference names only.

Explorer Denied Surfaces (AI Lane)

Follow bootstrap denied_surfaces. Do not use /api/tree, /api/file, /api/raw, /api/upload, /api/admin/*, direct SQLite, .env, .ssh, or arbitrary filesystem search for mail data.

Mail bodies and secrets are not catalog content.

Capability Map Gate

Before describing live mail access, call GET /api/ai/capability-map. As of 2026-07-03 there is no UAI Mail card. Cadence cards exist. Beacon edge hostname mail.united-ai.ca is not proof that mail is live.

Freeze Contract

  • No mail container start/stop/restart without owner
  • No DNS/MX/TLS/firewall/route changes without owner
  • No queue flush
  • No secret print
  • No mailbox body publication

See Also

  • uai-doc-ecosystem-product-uai-mail
  • uai-doc-runbooks-uai-mail-arch
  • uai-doc-runbooks-uai-mail-state
  • uai-doc-runbooks-uai-mail-restore
  • uai-doc-plans-uai-mail-ai-access