Every message to Luna passes through an 11-layer security pipeline organized into four architectural phases. Each layer maps to a specific threat category and degrades independently — no single point of failure can produce a harmful interaction.
Four principles govern every layer in the pipeline. Select a phase from the sidebar to see how each principle manifests in specific implementation decisions.
Each layer fails gracefully without cascading. A database outage doesn't block crisis response. A model outage doesn't expose infrastructure details. No single failure produces a harmful interaction.
Summarize, search, and organize modes bypass chat-specific layers (crisis detection, tone validation, history cap, output filtering, chip parsing) — they only require JWT auth and rate limiting. These modes process the user's own saved content, not live conversation, so chat safety layers don't apply.
Input sanitization, system prompt instructions, and output filtering address the same threat (prompt injection) at three different points. The architecture assumes any single layer can be bypassed — safety depends on the combination, not on any individual layer being perfect.
Account deletion runs through its own Edge Function with its own security pipeline — separate auth verification, cascade ordering, and error handling. Mixing destructive operations into the chat pipeline would create unnecessary coupling between safety contexts.