Grounded response boundary
Answers are generated from tenant-scoped indexed storefront evidence, product records and approved merchant knowledge.
CommerceGPT is designed to work from merchant-controlled evidence, isolate every storefront and limit installation access to the exact workflow authorised by the merchant.
Report a security concernThe public storefront, merchant dashboard, background worker and Installer MCP have different responsibilities and access boundaries.
Answers are generated from tenant-scoped indexed storefront evidence, product records and approved merchant knowledge.
CommerceGPT verifies control of a storefront before crawling, configuring and installing the assistant.
Merchant ownership is resolved before knowledge, conversations, retrieval, MCP sessions or administrative actions are accessed.
Public-network validation, same-host redirects, request timeouts, response limits and private-network blocking reduce SSRF exposure.
A new crawl is treated as a candidate and must pass health and reconciliation checks before replacing the active index.
Site reads, installation reads and installation writes use separate scopes with short-lived codes and rotating refresh tokens.
Verification checks reachability, loader count, expected public site key and duplicate installation diagnostics.
Merchants can manage active sessions, export account data and permanently delete their account from settings.
The browser receives a revocable public site identifier. Merchant sessions, OAuth tokens, MCP installation sessions and administrative access remain separate.
Hosted widget loader
Public site key
Tenant-scoped public chat API
Grounded retrieval and product cards
Signed merchant account session
Store ownership verification
Scoped OAuth and expiring MCP sessions
Auditable installation actions
Public site keys do not grant dashboard, OAuth, MCP or administrative access.
The Installer MCP cannot access arbitrary merchants or use super-admin operations.
The Installer MCP supplies authorised context but does not independently push or publish repository changes.
Temporary repair routes, embedded production repair tokens and site-specific bypasses are prohibited release patterns.
Missing product, policy or delivery evidence should produce uncertainty rather than a fabricated merchant claim.
Report suspected security issues privately to niraa@bigdoor.ai. Do not include customer data or exploit production systems beyond what is necessary to demonstrate the issue.