Most "AI inbox assistant" tools start by asking for a Gmail or Outlook OAuth grant against your real inbox. The model then reads, drafts, and sometimes sends from your address. It works until it doesn’t — until the audit log is a mess, the agent has access to threads it has no business reading, and the only revocation is "log out everywhere".
The fix is simple and underrated: give the agent its own address.
What a dedicated agent inbox solves
- Scope. The agent reads only the threads sent to its address, never your private threads.
- Audit. Every send is unambiguously the agent’s; the log answers "who sent that?" without forensic work.
- Revocation. Burning the agent does not log you out of your real Gmail.
- Identity. The recipient sees a real From: header that signals "this is the agent" without giving away your private email.
Why "use the user’s mailbox" wins anyway, sometimes
A dedicated agent inbox is not always the right answer. If you want the agent to triage your real inbox — answer the easy ones, defer the noisy ones — there is no substitute for direct access. Helix supports both shapes: connect your real Gmail/Outlook, or spin up a fresh agent address. Both run the same approval queue.
The shape of the agent inbox in Helix
A Helix agent inbox is a real address — receivable mail, sendable mail, calendar attached. Behind it sits the same identity object as a connected Gmail account: a sponsor, a scope of authority, an approval policy, an audit log.
The only thing that differs is who the recipient sees in the From: header. The agent has its own social fingerprint without leaking yours.