Yak Docs

Security

Yak is designed with security as a priority. The widget runs in an isolated iframe, all communication is origin-validated, and your tool calls execute in your own server context with your existing authentication.

Key Security Features

  • Origin isolation — The widget iframe is sandboxed from your application's DOM
  • Origin validation — All messages are validated against expected origins; unexpected origins are rejected
  • Tool allowlisting — Only explicitly allowed tools can be executed
  • Server-side execution — Tool calls run on your server with your auth and access controls
  • Redirect protection — Built-in protection against open redirect attacks

Tool Security

Restricting Exposed Procedures

When using the tRPC adapter, control which procedures are available:

import { createTRPCToolAdapter } from "@yak-io/trpc";

const toolAdapter = createTRPCToolAdapter({
  router: appRouter,
  createContext,
  allowedProcedures: [
    "orders.list",
    "orders.getById",
    "products.search",
  ],
});

Always restrict procedures to the minimal set needed by the assistant. Avoid exposing destructive operations without safeguards.

Authentication

Tool calls receive the original Request object, so your existing auth works automatically:

const toolAdapter = createTRPCToolAdapter({
  router: appRouter,
  createContext: async ({ req }) => {
    const session = await getSession(req);
    if (!session) throw new Error("Unauthorized");
    return { user: session.user };
  },
  allowedProcedures: ["..."],
});

Input Validation

Tool inputs are validated against the JSON Schema derived from your Zod schemas. Always validate on the server side as well:

export const ordersRouter = router({
  list: protectedProcedure
    .input(z.object({
      limit: z.number().min(1).max(100).default(10),
      status: z.enum(["pending", "shipped", "delivered"]).optional(),
    }))
    .query(async ({ ctx, input }) => {
      return db.orders.findMany({
        where: { userId: ctx.userId, status: input.status },
        take: input.limit,
      });
    }),
});

Redirect Protection

The SDK validates all redirect paths:

  • Allowed: Relative paths (/dashboard, /settings), hash paths (#section), query paths (?tab=profile)
  • Blocked: External domain URLs, protocol-relative URLs (//evil.com)

To customize redirect behavior:

<YakProvider
  appId="your-app"
  onRedirect={(path) => {
    if (isAllowedPath(path)) {
      router.push(path);
    }
  }}
/>

Content Security Policy

If your application uses CSP headers, allow the widget iframe:

frame-src https://chat.yak.io;

Production Checklist

Before deploying to production, verify:

  • Tool allowlist — Only necessary procedures are exposed
  • Authentication — Tool requests require valid auth
  • Rate limiting — Consider rate limiting your tool endpoint
  • HTTPS — All endpoints use HTTPS
  • CSP headers — Allow frame-src chat.yak.io if using CSP
  • Logging — Tool invocations are logged for audit
  • Allowed origins — Restrict which domains can embed the widget (configure in your dashboard)

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

  1. Do not create a public GitHub issue
  2. Email security@yak.io with details
  3. Include steps to reproduce if possible

UI Synchronization

Previous Page

Troubleshooting

Next Page

On this page

Key Security FeaturesTool SecurityRestricting Exposed ProceduresAuthenticationInput ValidationRedirect ProtectionContent Security PolicyProduction ChecklistReporting Security Issues