Skip to main content

Core Concepts

Shroud is built around four abstractions. Once these click, the rest of the platform becomes much easier to reason about.

Session Profiles

A Session Profile is the core identity unit in Shroud. Instead of provisioning credentials one by one, a profile bundles everything an agent needs into one container:

  • A virtual credit card with a strict budget cap
  • A real-SIM phone number for receiving SMS OTPs
  • A disposable email inbox with HTML parsing
  • A realistic fake identity that matches billing requirements
Profiles are stateful

Profiles track which credentials have been used, how much budget remains, and which verification events have already been delivered.

Think of a profile as the temporary identity for a single task. One agent handling three unrelated workflows should usually create three separate profiles.

Ephemeral Credentials

Every credential Shroud issues is designed to be temporary and constrained.

  • Time-bounded: credentials can expire automatically after a TTL, such as one hour
  • Single-purpose: cards can be merchant-locked, and phone numbers or inboxes stay tied to one profile
  • Budget-capped: virtual cards enforce hard limits at the issuing layer
  • Non-reusable: once destroyed, a profile cannot be reactivated
profile = client.profiles.create(
    budget=25.00,
    ttl_seconds=3600
)

profile.destroy()

Webhook Flow

When an agent uses an Shroud phone number or email for sign-up, the target service sends a verification challenge. Shroud receives that challenge, extracts the useful signal, and forwards it to your backend.

How it works

  1. Your agent submits the Shroud phone number or inbox on a target service.
  2. The service sends an SMS OTP or email verification link.
  3. Shroud intercepts the message through provider integrations.
  4. Shroud extracts structured data instead of forwarding raw HTML.
  5. Your webhook receives a compact payload that your orchestrator can act on immediately.
{
  "type": "otp",
  "code": "849102",
  "source": "sms"
}
{
  "type": "magic_link",
  "url": "https://service.com/verify?token=abc",
  "source": "email"
}
Typical latency

End-to-end delivery from inbound message to webhook is designed to stay within a few seconds for most flows.

Cryptographic Shredding

When you call profile.destroy(), Shroud does more than mark the record as deleted. It destroys the keys protecting the associated data, making recovery impractical by design.

What happens on destroy

  1. The virtual card is closed.
  2. Phone routing is released.
  3. The email alias and inbox contents are purged.
  4. Profile-specific encryption material is destroyed.
  5. An audit event is recorded.
profile.destroy()

# After this call:
# - Card: CLOSED
# - Phone: RECYCLED
# - Email: PURGED
# - Data: SHREDDED

That isolation is what makes Shroud useful for agent workflows that should never touch a real user's personal identity surface.