Security

How keys, configs and endpoints are protected.

• Wallet keys live in encrypted environment variables, never in source.
• Fee-sharing configs are verified on-chain before registration is accepted.
• Admin revocation is required, so fee routing cannot change after registration.
• The protocol is open source and reviewable on GitHub.
• Rate limiting is enforced on all API endpoints.