Security

This page covers the security posture of fastcrest.com, docs.fastcrest.com, the chat proxy, and the Reflex software. If you’ve found a vulnerability, jump straight to disclosure.

Data at rest

What	Where	Encryption	Retention
Newsletter emails	Cloudflare KV (`FASTCREST_LEADS`)	Encrypted at rest by Cloudflare; key only accessible by FastCrest’s Worker. Stored as `lead:<sha256(email)>`.	5 years TTL
Per-page feedback votes	Cloudflare KV (`FASTCREST_FEEDBACK`)	Encrypted at rest. Per-IP keys are SHA-256(IP, day, page) — not reversible to IP.	2 days for the per-IP idempotency key; aggregate tally is permanent
Rate-limit counters	Cloudflare KV (`FASTCREST_RATE_LIMIT`)	Encrypted at rest. Keyed by `client_id` (chat) or IP (newsletter).	36 hours TTL
Reflex chat conversation history	Not stored by us. Forwarded to OpenAI; their retention policies apply.	—	n/a
Reflex CLI usage data	Not collected. The CLI makes no telemetry calls.	—	n/a

Cloudflare KV is encrypted at rest using AES-256 within their own infrastructure. We don’t hold the key.

Data in transit

All public surfaces (fastcrest.com, docs.fastcrest.com, chat.fastcrest.com) are HTTPS-only with TLS 1.2+. HTTP requests are 308-redirected to HTTPS by Cloudflare.
Communication between the chat proxy and OpenAI is HTTPS to api.openai.com.
The OpenAI API key is stored as a Cloudflare Worker secret, never in source, never logged.

Authentication and authorization

The /admin/leads endpoint requires a shared-secret header (X-Admin-Token) compared timing-safe against a Worker secret. Anyone without the secret gets a 401.
The newsletter form has no auth — anyone can subscribe; per-IP rate limits prevent flood (5/IP/day).
The feedback widget has no auth — anyone can vote; the per-IP-per-page-per-day key prevents spam.
The chat proxy has no auth — anyone can use the 100/day free tier per client_id. Bring-your-own-key is supported via FASTCREST_PROXY_URL for higher limits.

Reflex software security

The Reflex package itself (the reflex-vla Python package) is open source on GitHub under BSL 1.1. Notable security properties:

No telemetry. The CLI doesn’t phone home. The only network call from CLI usage is reflex chat (when you run it) hitting chat.fastcrest.com, and the model registry probe (when needed) hitting huggingface.co.
No silent failures on ONNX provider load. reflex serve errors loudly if the GPU runtime can’t load — no silent CPU fallback that would mask configuration errors.
Reflex doctor’s 10 falsifiable checks (details) catch common deploy misconfigurations including float64 input bugs (LeRobot issue #2458) and silent CPU-EP fallback (per ADR 2026-04-14-strict-provider-no-silent-cpu-fallback).
ActionGuard with URDF-derived joint limits (details) clamps unsafe action chunks before they leave the server. EU AI Act audit log support.
No code execution from user input on the serve endpoint. /act accepts a JSON body and routes it to a constant ONNX session. No eval, no untrusted file loading, no template injection paths.
Pinned dependencies. transformers==5.3.0 is pinned because earlier versions produced incorrect ONNX exports for pi0/pi0.5. The version pin protects against silent regressions across upgrades.

Threats we explicitly model

Threat	Mitigation
DDoS against the public sites	Cloudflare’s standard DDoS protection; the static origin is the Pages CDN and is intrinsically scalable
Worker abuse (chat-proxy used for non-Reflex chat)	100 calls/day per `client_id` rate limit + small response budget. Beyond that the request is rejected.
Newsletter form spam	Per-IP-per-day rate limit (5 submissions). Email format validation. SHA-256 dedup so the same email isn’t double-counted.
Feedback widget vote brigading	Per-(IP, day, page) idempotency key. Vote flips on the same day decrement the previous vote — no inflation possible.
Admin token leakage	Stored as a Worker secret (one-way). Rotatable in seconds via `wrangler secret put ADMIN_TOKEN`. Timing-safe comparison on each request.
Robot misuse via `/act`	The runtime returns action chunks but never actuates. Safety belongs to the controller layer downstream of Reflex. ActionGuard clamping + audit log are defense in depth.
Supply-chain attack via pip	We pin core dependencies (transformers, onnxruntime, tensorrt) at known-good versions. Customers should pin Reflex itself in their requirements.

Threats we explicitly do not model

Zero-day vulnerabilities in Cloudflare’s infrastructure
Compromise of the operator’s GitHub credentials or laptop (those are our problem, not the user’s)
State-level attackers targeting individual users — outside the scope of an open-source robotics deploy tool

What’s NOT in scope

This page covers Reflex as software you run on your hardware. Once Reflex emits an action chunk and your robot controller actuates it, what happens in physical space (collisions, joint limits, emergency-stop response, environmental hazards) is your robot’s controller’s job, not Reflex’s. Reflex’s safety wedges (ActionGuard, audit log, deadline guard) are belt-and-suspenders on top of your controller, never a replacement for it.

Vulnerability disclosure

If you find a security vulnerability in any of:

The Reflex software (reflex-vla package)
The fastcrest-proxy Cloudflare Worker
The fastcrest.com or docs.fastcrest.com sites

Please email security@fastcrest.com (or hello@fastcrest.com if the security alias is unreachable). Include reproduction steps and your assessment of the impact.

We commit to:

Initial response within 72 hours (usually within 24h)
Remediation timeline communicated within 7 days based on severity
Public credit if you want it in the changelog and security advisory; anonymous reporting also welcomed

Please don’t open public GitHub issues for security bugs — security@fastcrest.com first, then we coordinate disclosure.

`security.txt`

A machine-readable security contact lives at https://fastcrest.com/.well-known/security.txt per RFC 9116.

Last updated: 2026-05-01.