7:["$","div",null,{"className":"mx-auto flex max-w-7xl flex-col gap-8 px-4 py-8 lg:flex-row lg:px-6","children":[["$","aside",null,{"className":"lg:w-56 lg:shrink-0","children":[["$","p",null,{"className":"mb-3 text-[10px] font-medium uppercase tracking-widest text-zinc-600","children":"Documentation"}],["$","$L12",null,{"nav":[{"title":"Welcome","slug":""},{"title":"What is Loop?","slug":"what-is-loop"},{"title":"Who is it for?","slug":"who-is-it-for"},{"title":"Core concepts","slug":"core-concepts"},{"title":"Features","slug":"features-walkthrough"},{"title":"How trading works","slug":"how-trading-works"},{"title":"System architecture","slug":"system-architecture"},{"title":"Smart contracts","slug":"smart-contracts"},{"title":"Data sources","slug":"data-sources-market-intelligence"},{"title":"API reference","slug":"api-reference"},{"title":"Environment variables","slug":"environment-variables"},{"title":"Local development","slug":"local-development"},{"title":"Deployment","slug":"deployment-vercel-custom-domain"},{"title":"Security","slug":"security-model"},{"title":"Glossary","slug":"glossary"},{"title":"FAQ","slug":"faq-troubleshooting"}]}]]}],["$","article",null,{"className":"doc-content min-w-0 flex-1","dangerouslySetInnerHTML":{"__html":"

Security

\n\n\n\n\n\n\n\n\n

Topic	Practice
Secrets	`PRIVATE_KEY` and `ADMIN_API_KEY` server only; never in client bundles
Admin routes	`x-admin-key` header when `ADMIN_API_KEY` is set
Perp marks	Read only from the client; engine runs server side
Rate limits	Bootstrap, sync, and nudge endpoints
CSP	Configured in `next.config.ts`
User funds	Users sign their own transactions; Loop does not custody wallets

PRIVATE_KEY signs oracle updates and operational transactions. It is not used for user authentication or delegated trading.

"}}]]}]