Frank TradeBot

Security

Operational security and platform safeguards.

Defense in depth

Controls

  • Encrypted credential storage.
  • Session cookies marked httpOnly and secure.
  • Server-side RBAC on every mutation path.
  • Audit logs for sensitive changes.
  • Strict env validation at startup.

Secrets

API key handling

API keys are masked in the UI and logs.

Secret values are never returned to the browser.

Withdrawal permission is explicitly unsupported.

Use IP whitelisting where available