A guide with a short leash.
Controls implemented in v1 and the boundaries they enforce.
Tenant and origin isolation
Public keys are hashed at rest, revocable, and bound to an approved production origin. Widget sessions expire after 15 minutes. Vector search filters by site, and owner APIs require an authenticated owner membership.
Action safety
Knowledge and Action Map data travel through separate trust channels. The model may return only an existing action ID. The Widget resolves an approved semantic locator uniquely and refuses forms, inputs, submit, payment and destructive targets. It never evaluates model-generated JavaScript, selectors or URLs.
Abuse and billing
Public chat is rate-limited. Suspicious traffic must pass server-verified Turnstile. Conversation quota claims are transactionally serialized in D1. Creem webhooks are signature-verified and event IDs are idempotent before entitlements change.
Secrets and operations
MiniMax, Creem, Resend, Turnstile and signing values are Worker secrets and never ship to the Widget or plugin. Releases use immutable Widget and sprite hashes, a stable loader, feature flags and Worker version rollback.
Reporting
Send suspected vulnerabilities to support@palbots.ai. Include safe reproduction steps, affected URLs, and impact. Do not include visitor data, credentials, payment details, or API keys, and do not access data that is not yours.