DuChat
Security

Security controls for trained assistants that face real visitors.

DuChat separates workspace users from super admins, validates public widget access server side, scopes retrieval by tenant and chatbot, and keeps private prompts and API keys off the browser.

Workspace membership gates private routes.
RAG filters by workspace and chatbot.
Widget APIs validate status and domain access.
Conversation history stays bounded.
Security details

Controls are enforced where visitors, knowledge, and workspaces meet.

DuChat is designed around tenant scoped retrieval, private server configuration, deliberate widget publishing, bounded visitor context, and separate workspace and super admin access.

Application access

  • Workspace users sign in through the user auth flow with HTTP only signed cookies.
  • Email verification is required before dashboard access.
  • Session version invalidation can end prior sessions after sensitive account changes.
  • Super admin access uses separate environment configured credentials and is not stored as a normal MongoDB workspace user.

Connected integrations

  • OAuth callbacks validate signed state tokens before saving connected account credentials.
  • Google Docs and Google Calendar OAuth access and refresh tokens are encrypted before storage.
  • Google Docs retrieval is limited to the document selected by the workspace user.
  • Google Calendar availability checks use bounded time windows, and event creation runs only after a visitor submits an appointment through an enabled chatbot flow.
  • Connected service data remains scoped to the owning workspace, chatbot, and configured integration.

Tenant isolation

  • Workspace membership controls dashboard access.
  • Tenant owned MongoDB queries must be scoped by workspaceId.
  • Chatbot owned data is scoped by workspaceId and chatbotId where applicable.
  • Training chunks, conversations, contacts, leads, support records, notifications, and usage records stay attached to the owning workspace or user context.

Widget safeguards

  • The public widget is served from public/widget.js and isolates styles with Shadow DOM.
  • Widget config, chat, and lead APIs validate chatbot status, allowed domains, visitor and session identifiers, rate limits, and credit status.
  • API keys, internal prompts, and server only settings are not exposed to the browser.
  • Widget sessions can resume recent conversations, while answer generation uses a bounded recent history window.

Answer generation and files

  • Answer generation configuration stays private and server side.
  • RAG retrieval filters by workspace, chatbot, and source metadata.
  • Prompt leakage attempts are blocked and logged as security events.
  • Uploaded training files are stored in RustFS compatible object storage, with metadata and extracted chunks in MongoDB.
  • Deleting training sources or workspaces also deletes related RustFS storage objects and generated knowledge chunks.

Deployment checklist

  • Set strong authentication secrets, service keys, webhook secrets, and super admin credentials.
  • Use MongoDB connection strings compatible with the deployment, including retryWrites=false where required.
  • Configure production site and app URLs before exposing sitemap, robots, embed snippets, or branding links.
  • Enable HTTPS, backups, logging, monitoring, rate limits, least privilege service credentials, and secret rotation in the production environment.