Security

Broker-connected trading needs explicit controls, durable audit trails, and narrow data access.

Security, privacy, and operational controls for broker-connected trading workflows.

Control posture

The platform treats real account access as a controlled operational workflow, not a generic chatbot action.

Credentials and keys are handled as secrets and are not published in public docs.
Broker connections are separated from public content and require authenticated access.
Live order flows should use risk limits, operator approvals, and audit logging.
Production routes should enforce HTTPS, secure cookies, and least-privilege access.

Agents can read public platform documentation and request integration metadata; authenticated account data requires authorized platform access.

Public agent metadata does not expose user accounts, secrets, positions, or order data.
Agent-readable documents describe capabilities and access boundaries.
API access uses authenticated routes and documented auth flows.
Unsafe or incomplete trading actions should fail closed.

Start with paper trading, connection health, and account-scoped controls before live actions.