Security Architecture
Short version of our internal docs/security-review.md. Updated each sprint.
Authorization
Postgres Row-Level Security is the last line. Every table denies by default; every migration ships with a pgTAP policy test; CI blocks merges that disable RLS or remove a policy test.
Confidentiality tiers
Ideas are private, syndicate, community, or public. Tier changes are append-only and emailed to the owner. Marketplace and investor discovery only see community and public content.
Secrets
No service keys in the browser bundle; CI checks for accidental leaks. Anthropic is used with enterprise / zero-retention settings in production.
Prompt-injection
User-submitted idea text is wrapped in <idea> tags. System prompts instruct the model to treat that content as untrusted and to ignore instructions inside. Outputs are schema-validated before persistence.
Coordinated disclosure
Report issues to security@moatdefender.com (alias to be created). Triage SLA: 24 hours. User comms within 72 hours for a confirmed breach.