Security Model

Authentication & Authorization

Privy Integration

• Unified Web2 (email) + Web3 (wallet) authentication

• OAuth support: Google, Discord, GitHub

• Session management with secure tokens

Wallet Authentication

• WalletConnect/AppKit integration

• MetaMask, Phantom, Solflare support

• Chainless wallet connection

Data Protection

Input Validation

• JSON Schema validation via AJV for all inputs

• SSRF protection with URL allowlists

• Path traversal prevention

• File type validation (MIME checking)

Rate Limiting

Sandbox Security

• WebContainer isolation for code execution

• No access to host filesystem

• Network request filtering

• Resource limits enforced