Foundation / Getting Started

Developer protection product boundary, modules, and integration path.

7 categories27 pagesUpdated Jan 1, 1970

# Introduction Cosantoir Developer Protection gives application teams one runtime layer for request budgets, WAF decisions, IP intelligence, email validation, signup risk, bot protection, and billable SaaS usage attribution. ## Runtime Modules - Rate limiting for request budgets, bursts, and route-aware keys. - Shield WAF for managed detections and custom expressions. - IP intelligence for geography, ASN, proxy, VPN, and Tor signals. - Email validation for syntax, domain, disposable, and MX checks. - Signup protection for combined abuse decisions. - Bot protection for fingerprinting, verified bots, and scoring. ## Product Surfaces 1. apps/developer for docs, the runtime control room, and the official console surface. 2. services/dev-protection for control-plane policy CRUD, tenancy, decision logs, usage, and analytics. 3. services/dev-eval for runtime evaluation of the protection modules. 4. services/api-gateway when auth or routing changes are required for developer API traffic. ## Integration Model - Use the framework package directly when one matches your JavaScript stack: @cosantoir/next, @cosantoir/express, @cosantoir/hono, @cosantoir/fastify, @cosantoir/bun, @cosantoir/deno, @cosantoir/nestjs, or @cosantoir/sveltekit. - Use github.com/cosantoir/cosantoir-go for Go services. - Use the cosantoir Python package for FastAPI, Flask, workers, and Python services. - Use the cosantoir Rust crate for Axum, Actix, workers, and Rust services. - Use @cosantoir/node for direct runtime calls or custom adapters. - Any other service can call the runtime backend contract directly when you are not using an SDK package. - Google Cloud Run works cleanly with the backend contract because the runtime only needs a runtime API key and the request context your app already has. ## Required Inputs - A runtime API key scoped to the modules you intend to call. This identifies the billable workspace, project, site, environment, and policy set behind the request. - Optional advanced overrides only when you are testing a local API origin or using bearer auth in an internal multi-site tool. - A stable application userId per request when you want SaaS-user attribution, quota buckets, and audit trails to point back to your own customer or tenant. > For the actual install and framework examples, continue with Quickstart.

Last updated Jan 1, 1970
Start of docs