Useful answers require explicit data and permission boundaries.

CommerceGPT is designed to work from merchant-controlled evidence, isolate every storefront and limit installation access to the exact workflow authorised by the merchant.

Report a security concern
Implemented controls

Security across crawling, retrieval, accounts and installation.

The public storefront, merchant dashboard, background worker and Installer MCP have different responsibilities and access boundaries.

Grounded response boundary

Answers are generated from tenant-scoped indexed storefront evidence, product records and approved merchant knowledge.

Store ownership checks

CommerceGPT verifies control of a storefront before crawling, configuring and installing the assistant.

Strict tenant isolation

Merchant ownership is resolved before knowledge, conversations, retrieval, MCP sessions or administrative actions are accessed.

Crawler URL safeguards

Public-network validation, same-host redirects, request timeouts, response limits and private-network blocking reduce SSRF exposure.

Safe crawl publication

A new crawl is treated as a candidate and must pass health and reconciliation checks before replacing the active index.

Scoped Installer MCP OAuth

Site reads, installation reads and installation writes use separate scopes with short-lived codes and rotating refresh tokens.

Public installation verification

Verification checks reachability, loader count, expected public site key and duplicate installation diagnostics.

Merchant account controls

Merchants can manage active sessions, export account data and permanently delete their account from settings.

System boundary

The storefront loader is not a merchant credential.

The browser receives a revocable public site identifier. Merchant sessions, OAuth tokens, MCP installation sessions and administrative access remain separate.

Public storefront

Hosted widget loader

Public site key

Tenant-scoped public chat API

Grounded retrieval and product cards

Merchant and installer

Signed merchant account session

Store ownership verification

Scoped OAuth and expiring MCP sessions

Auditable installation actions

Non-negotiable boundaries

What the product should not silently cross.

Public site keys do not grant dashboard, OAuth, MCP or administrative access.

The Installer MCP cannot access arbitrary merchants or use super-admin operations.

The Installer MCP supplies authorised context but does not independently push or publish repository changes.

Temporary repair routes, embedded production repair tokens and site-specific bypasses are prohibited release patterns.

Missing product, policy or delivery evidence should produce uncertainty rather than a fabricated merchant claim.

Responsible disclosure

Report suspected security issues privately to niraa@bigdoor.ai. Do not include customer data or exploit production systems beyond what is necessary to demonstrate the issue.

Email security contact