Support Runtime Safety

Separate source truth from runtime context

AnswerLattice public pages should describe the support knowledge layer without exposing drafts, raw tickets, audit logs, private account records, or workspace internals.

Use runtime controls

• Allowed origins restrict where widget config can run.
• Blocked routes keep sensitive surfaces out of widget mounting.
• Safe page context avoids private identifiers.
• Owner review controls answer changes.

Keep cost claims bounded

Public runtime copy can mention bounded delivery and cache-aware support paths, but it should not imply unlimited backend reads, unrestricted provider calls, or hidden customer data access.