# Public Protocol Safety Model

## HTLC And Taproot Safety Model

The HTLC-style PEARL side is part of Black Pearl Market's public protocol design. It is safe to document because it is not a private infrastructure secret.

Security comes from public settlement constraints:

* PEARL-side settlement uses a Taproot lock transaction and Taproot release transaction;
* the release transaction targets the known buyer;
* the seller signs the intended release transaction, not a generic release;
* Taproot sighash `0x83` is part of the transaction-binding protection;
* the wallet-secured secret coordinates PEARL release and EVM escrow claim behavior;
* EVM escrow state controls buyer USDC claim/refund rules;
* explicit refund paths exist when the lifecycle expires.

Users should rely on official wallet flows, official app or bot flows, and verified contract addresses. Support will never ask for seed phrases or private keys.

This page describes protocol behavior only. It does not publish non-public infrastructure details, credential handling, service configuration, or operator procedures.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blackpearlmarket.com/threat-model/protocol-safety-model.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.