Session verification
Protected application surfaces are session-gated and server handlers verify user identity before trusting browser requests.
Back to docs
Rilev Security Model
Rilev security is layered around verified sessions, explicit browser-request defenses, bounded input handling, ownership proof, and provider-specific verification for integrations.
Request-origin protection
State-changing browser surfaces are expected to enforce origin-aware checks so ambient browser credentials cannot be abused from another site.
Bounded JSON bodies
Request parsing should use bounded body readers with prototype-pollution guards instead of unbounded raw JSON parsing.
Rate limits
Abuse-sensitive surfaces use throttling and per-context controls to reduce credential attacks, spam, and resource exhaustion.
Ownership proof
Data-plane access uses session ownership checks and one-way proof rather than trusting client-supplied identifiers alone.
Provider verification
Provider callback surfaces are not browser actions. They are isolated from browser-origin assumptions and should rely on provider verification.
Security boundary
Rilev treats identity, data-plane access, payments, and AI integrations as separate trust boundaries. A request being authenticated is not enough by itself; sensitive data access also needs ownership proof.
Public integration surfaces are designed around their own trust model, such as scoped authorization grants, hashed tokens, provider signatures, or scoped live-context grants.