> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.6mm.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.6mm.com/_mcp/server.

# Security Model

AI-assisted trading access must be safer than ordinary automation because user intent is expressed in natural language.

<h2 id="required-permission-scopes">
  Required permission scopes
</h2>

| Scope        | Allows                                                          |
| ------------ | --------------------------------------------------------------- |
| market:read  | Public market data and rule resources.                          |
| account:read | Balances, positions, open orders, fills, and account summaries. |
| order:write  | Order creation, amendment, and cancellation.                    |

<h2 id="default-safety-posture">
  Default safety posture
</h2>

* Default to read-only.
* Default to testnet.
* Do not expose withdrawals or transfers through AI tools.
* Require preview before create.
* Require explicit confirmation before mainnet trading.
* Use idempotency keys for trading actions.
* Apply max notional and leverage limits.
* Keep complete audit logs.

<h2 id="controlled-trading-flow">
  Controlled trading flow
</h2>

```text
User natural language intent
  -> AI maps intent to tool parameters
  -> 6mm_preview_order validates the order
  -> service returns risk checks and margin impact
  -> user explicitly confirms
  -> 6mm_create_order submits the order
  -> audit log records the full flow
```

<h2 id="prompt-injection-protection">
  Prompt injection protection
</h2>

AI clients and MCP servers should treat external content as untrusted. Market pages, copied text, documents, and web content must not override tool permissions, confirmation rules, or trading limits.