ContextPilot implements multiple layers of security to protect your data and ensure safe operation.

All user inputs are validated before processing:

• Content Length Limits: Content is limited to 10,000 characters by default
• Tag Validation: Maximum 20 tags, each up to 50 characters
• Character Sanitization: Control characters and null bytes are removed
• Empty Input Rejection: Empty or whitespace-only inputs are rejected

All text inputs are automatically sanitized:

• Removal of null bytes (\x00)
• Removal of control characters (except newlines and tabs)
• Trimming of leading/trailing whitespace
• Preservation of valid Unicode characters

Cross-Origin Resource Sharing (CORS) is configurable via environment variables:

CONTEXTPILOT_CORS_ORIGINS=["http://localhost:3000", "https://yourdomain.com"]

Security Best Practice: Never use ["*"] in production. Always specify exact allowed origins.

Enable API key authentication for production deployments:

CONTEXTPILOT_ENABLE_AUTH=true
CONTEXTPILOT_API_KEY=your-secure-random-key-here

When enabled, all API requests must include the header:

X-API-Key: your-secure-random-key-here

Generating a Secure API Key:

python -c "import secrets; print(secrets.token_urlsafe(32))"

Built-in limits prevent abuse:

• Maximum contexts per request: 20 (configurable)
• Maximum content length: 10,000 characters (configurable)
• Maximum tags per context: 20 (configurable)

Configure via environment variables:

CONTEXTPILOT_MAX_CONTEXTS_PER_REQUEST=20
CONTEXTPILOT_MAX_CONTENT_LENGTH=10000
CONTEXTPILOT_MAX_TAG_COUNT=20

Copy .env.example to .env and configure:

# Security Settings
CONTEXTPILOT_ENABLE_AUTH=true
CONTEXTPILOT_API_KEY=your-secure-key

# CORS Settings
CONTEXTPILOT_CORS_ORIGINS=["https://yourdomain.com"]

# Rate Limits
CONTEXTPILOT_MAX_CONTENT_LENGTH=10000
CONTEXTPILOT_MAX_CONTEXTS_PER_REQUEST=20

• Enable authentication (ENABLE_AUTH=true)
• Generate and set a secure API key
• Configure specific CORS origins (no wildcards)
• Set appropriate rate limits
• Use HTTPS/TLS in production
• Keep dependencies updated
• Enable logging and monitoring
• Regular security audits

✅ Input Injection: All inputs are validated and sanitized
✅ Content Length Attacks: Strict length limits enforced
✅ Unauthorized Access: Optional API key authentication
✅ CORS Violations: Configurable allowed origins
✅ Malformed Unicode: Proper unicode handling

⚠️ DDoS Attacks: Use a reverse proxy (nginx, Cloudflare) with rate limiting
⚠️ Replay Attacks: Implement request signing or nonces if needed
⚠️ Data at Rest: No encryption of in-memory data (use encrypted storage in production)
⚠️ Network Eavesdropping: Always use HTTPS/TLS

Always deploy behind HTTPS in production:

server {
    listen 443 ssl;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    location / {
        proxy_pass http://localhost:8000;
    }
}

Deploy behind nginx or similar for:

• Rate limiting
• SSL termination
• Request filtering
• Static file serving

Keep dependencies updated:

pip list --outdated
pip install -U <package>

Monitor for suspicious activity:

• Failed authentication attempts
• Unusual request patterns
• Input validation failures

If you discover a security vulnerability, please email: [email protected]

Do not open public GitHub issues for security vulnerabilities.

• Data is stored in-memory by default (no persistence)
• No data is sent to external services (except model downloads)
• Embeddings are generated locally

If storing personal data:

• Implement data deletion on request
• Consider data encryption at rest
• Implement access logging
• Add consent mechanisms

• OWASP API Security Top 10
• FastAPI Security Documentation
• Python Security Best Practices