Security

Chinilla · AI-Powered System Design

Version 1.0 · March 2026

Security Posture Summary

Chinilla is an AI-powered system design tool. This page describes the security controls protecting your data, designs, and interactions with the platform.

Strict CSP - Content Security Policy with frame-ancestors 'none', restricted sources
Per-IP rate limiting - sliding window on all API endpoints
27+ injection patterns - prompt injection defense with anti-evasion normalization
Sandboxed execution - blocked keywords, expression limits, restricted proxy
TLS everywhere - all traffic encrypted in transit
No analytics or telemetry - no cookies, no pixels, no tracking
Metadata-only logging - no PII, no message content in logs
0 dependency CVEs - npm audit clean (March 2026)
Local-first storage - designs stay in your browser by default
Input validation - length limits, type checks, format validation on all endpoints

Contents

1. Overview 8. Third-Party Infrastructure 2. Architecture 9. Audit Logging 3. Data Handling 10. What We Don't Do 4. Authentication 11. Data Retention 5. Input Validation 12. Incident Response 6. Network Security 13. Vulnerability Disclosure 7. LLM Security 14. Contact

1. Overview

Chinilla is an AI-powered system design tool that helps users create, describe, simulate, and generate code for software architectures. Users interact with a visual canvas and an AI chat assistant powered by xAI's Grok models.

This page describes the security controls across all layers of the application:

  • Web application - Astro SSR with React, deployed on Render
  • API layer - Server-side endpoints with rate limiting, input validation, and audit logging
  • AI integration - xAI Grok API with prompt injection defense and content filtering
  • Data layer - Local-first (browser localStorage), cloud storage planned

2. Architecture

The system follows a server-side proxy pattern where all external API calls (xAI, integrations) are made from server-side endpoints. API keys never reach the client.

Client (React) → Astro SSR API Routes → xAI Grok API

                    ↑

             localStorage (designs)

  • Server-side keys: All API keys (xAI, integration tokens) live in environment variables on the server. They are never sent to the browser.
  • Middleware: An Astro middleware layer applies security headers and cache policies to every response before it reaches the client.
  • Rate limiting: Every API endpoint checks per-IP rate limits before processing. Exceeded limits return 429 with a Retry-After header.

3. Data Handling

What we process

  • Canvas data: Components, connections, groups, and metadata for your system designs. Stored locally in your browser.
  • Chat messages: Text you send to the AI assistant. Sent to xAI's API for processing, not stored on our servers beyond the active session.

What we never process

  • Source code from your repositories (unless you explicitly paste it)
  • Credentials, API keys, or secrets from your systems
  • Browser history, cookies, or fingerprint data

Local-first design

Designs start in your browser's localStorage. They are only transmitted to our servers if you explicitly choose to save to the cloud. Local-only designs never leave your device.

4. Authentication

Chinilla currently operates without accounts. All designs are stored locally in your browser's localStorage.

  • No account required: Core design features work without sign-in. No credentials are stored or transmitted.
  • Planned: OAuth 2.0 authentication (Google, GitHub) for cloud saving is in development. When launched, we will never handle or store your password.

5. Input Validation

All user input is validated at the API boundary before reaching any processing logic.

  • Message length: Chat messages are capped at 16,000 characters.
  • Field length: Individual fields (component names, descriptions) are capped at 2,000 characters.
  • History cap: Conversation history is limited to the 50 most recent messages to prevent payload inflation.
  • Content size: Integration payloads (e.g., GitHub gist content) are capped at 500 KB.
  • Type checking: All fields are type-validated (string, number, array) before use.
  • Email format: Integration email fields are validated with format checks and a 254-character limit.

Rate limiting

Per-IP sliding window rate limits are enforced on all endpoints:

  • AI endpoints: 30 requests per minute
  • Integration endpoints: 20 requests per minute
  • Contact form: 5 requests per minute

Exceeded limits return HTTP 429 with a Retry-After header.

6. Network Security

Security headers are applied to every response via Astro middleware:

  • Content-Security-Policy: default-src 'self' with restricted script, style, font, and image sources. frame-ancestors 'none' prevents embedding. object-src 'none' blocks plugins.
  • X-Frame-Options: DENY - prevents clickjacking.
  • X-Content-Type-Options: nosniff - prevents MIME type sniffing.
  • Referrer-Policy: strict-origin-when-cross-origin - limits referrer leakage.
  • Permissions-Policy: Camera, microphone, geolocation, and payment APIs are disabled.
  • Cache-Control: API routes return no-cache, no-store, must-revalidate to prevent sensitive data caching.

TLS: All traffic is encrypted in transit. Render enforces HTTPS with automatic TLS certificate management.

7. LLM Security

AI features use xAI's Grok API. All requests pass through server-side safety checks before reaching the LLM.

Prompt injection defense

All user input is checked against 27+ injection patterns before being sent to the model. Patterns cover:

  • Instruction override attempts ("ignore previous instructions", "new instructions:")
  • Role manipulation ("you are now", "act as", "pretend to be", "role play as")
  • Jailbreak patterns ("DAN mode", "jailbreak", "do anything now", "developer mode", "sudo mode")
  • System prompt extraction ("reveal your prompt", "show me your instructions", "translate your prompt")
  • Structural injection ([system], [instructions], BEGIN NEW INSTRUCTIONS)

Anti-evasion normalization

Before pattern matching, input is normalized to defeat common evasion techniques:

  • Unicode homoglyphs: Cyrillic, Greek, and fullwidth Latin characters are mapped to ASCII equivalents.
  • Leetspeak: Common substitutions (0=o, 4=a, 3=e, etc.) are decoded.
  • Invisible characters: Zero-width spaces, joiners, and combining marks are stripped.
  • Spacing evasion: Spaced-out text ("i g n o r e") is collapsed before checking.

Harmful content blocking

Requests matching harmful content patterns (weapons, surveillance, trafficking, malware) are rejected outright with a 400 response. The LLM never sees these requests.

System prompt hardening

Every LLM request includes a safety suffix that constrains the model to system design topics only. The model is instructed to refuse off-topic requests and never reveal its system prompt.

8. Third-Party Infrastructure

Chinilla relies on the following third-party services:

  • Render - Hosting and deployment. Automatic TLS, isolated containers, volume-level encryption.
  • xAI (Grok) - AI chat, description, code generation, and simulation features. Requests processed under xAI's privacy policy.

We do not use any analytics services, ad networks, or data brokers.

9. Audit Logging

All API activity is logged for security monitoring and abuse detection.

  • Metadata only: Logs record event type, timestamp, HTTP method, route, and client IP. We never log message content, tokens, API keys, emails, or any PII.
  • Rate limit events: When a rate limit is exceeded, the event is logged with the limit and count for abuse detection.
  • Structured format: All audit entries are structured JSON for machine parsing and alerting.

10. What We Don't Do

  • We do not train AI models on your designs, messages, or canvas data.
  • We do not use Google Analytics, Facebook Pixel, or any third-party tracking.
  • We do not fingerprint your browser.
  • We do not sell data to advertisers, data brokers, or any third party.
  • We do not log message content, designs, or any PII in our audit logs.
  • We do not make external API calls without your explicit action (clicking send, saving, exporting).
  • We do not store your OAuth provider password.

11. Data Retention

  • Chat messages: Held in memory during the active session only. Not persisted to disk.
  • Local designs: Stored in your browser's localStorage. Cleared when you clear browser data or delete the design.
  • Audit logs: Retained for 90 days for security monitoring, then purged.
  • Rate limit buckets: In-memory only. Stale entries are cleaned up every 10 minutes.

12. Incident Response

In the event of a security incident:

  • Containment: Affected endpoints are disabled or rate-limited immediately.
  • Key rotation: Compromised credentials are rotated within 1 hour.
  • Notification: Affected users are notified within 24 hours.
  • Post-mortem: Root cause analysis and preventive measures are documented.

13. Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

  • Email squeak@chinilla.com with the subject "Security Report"
  • Include steps to reproduce, impact assessment, and any proof-of-concept
  • We will acknowledge receipt within 48 hours
  • Please do not disclose publicly until we have had a chance to investigate and remediate

14. Contact

Questions about security? Email squeak@chinilla.com or use our contact form.