Security model

A guide with a short leash.

Controls implemented in v1 and the boundaries they enforce.

Tenant and origin isolation

Public keys are hashed at rest, revocable, and bound to an approved production origin. Widget sessions expire after 15 minutes. Vector search filters by site, and owner APIs require an authenticated owner membership.

Action safety

Knowledge and Action Map data travel through separate trust channels. The model may return only an existing action ID. The Widget resolves an approved semantic locator uniquely and refuses forms, inputs, submit, payment and destructive targets. It never evaluates model-generated JavaScript, selectors or URLs.

Abuse and billing

Public chat is rate-limited. Suspicious traffic must pass server-verified Turnstile. Conversation quota claims are transactionally serialized in D1. Creem webhooks are signature-verified and event IDs are idempotent before entitlements change.

Secrets and operations

MiniMax, Creem, Resend, Turnstile and signing values are Worker secrets and never ship to the Widget or plugin. Releases use immutable Widget and sprite hashes, a stable loader, feature flags and Worker version rollback.

Reporting

Send suspected vulnerabilities to support@palbots.ai. Include safe reproduction steps, affected URLs, and impact. Do not include visitor data, credentials, payment details, or API keys, and do not access data that is not yours.