Beta Access: RINNAI is currently in beta on Solana Devnet. View Roadmap →

Security-First Architecture

RINNAI is built on a non-custodial foundation with multi-layer security and deterministic enforcement. Your keys, your funds, your control.

Security Layers

Multi-layer protection from intent to execution

Non-Custodial Architecture

RINNAI never holds your private keys or controls your funds. All transactions require your signature. You maintain complete custody at all times.

Policy Enforcement

Policies are enforced immutably on-chain via Solana programs. Constraints are validated before execution and cannot be bypassed by off-chain components.

PDA-Based Security

Program Derived Addresses ensure only authorized users can modify policies. PDAs provide cryptographic proof of ownership and authorization.

Complete Auditability

Every intent, plan, policy check, and execution is recorded on-chain. Full transparency enables verification by anyone at any time.

Threat Model

How RINNAI mitigates potential attack vectors

Compromised AI Agent

High

On-chain policy enforcement prevents execution outside bounds. Even if AI is compromised, it cannot exceed user-defined limits.

Malicious Intent Parsing

Medium

User reviews and signs all transactions. Policy validation occurs both off-chain and on-chain before execution.

Replay Attacks

Medium

Transaction nonces and timestamps prevent replay. Each execution is unique and verifiable on-chain.

Policy Manipulation

High

Policies are hashed and stored in PDAs controlled by user. Only user can modify policies through signed transactions.

Non-Custodial Architecture

What Does Non-Custodial Mean?

Non-custodial means you always control your private keys and funds. RINNAI agents never have access to your keys. All transactions are constructed off-chain and require your signature before submission.

How It Works

Agents generate execution plans and present them to you for approval. When you sign a transaction, it's submitted to the on-chain program which enforces your policy constraints. At no point can an agent access your funds without your explicit signature.

Deterministic Boundaries

Even after signing, the on-chain program enforces deterministic boundaries. If market conditions change or execution would violate your policy, the transaction fails safely. This prevents front-running, sandwich attacks, and unexpected outcomes.

Security Best Practices

  • Always verify contract addresses through official channels
  • Review transaction details before signing
  • Set conservative spending limits initially
  • Use program allowlists to restrict interactions
  • Enable notifications for all executions
  • Regularly review audit logs
  • Keep recovery phrase secure and offline
  • Test with small amounts first

Responsible Disclosure

If you discover a security vulnerability, please report it to us immediately. We take all reports seriously and will respond within 24 hours.

security@rinnai.xyz