# SecKav Security SDK v3.0.0

**Lightweight API Security for Enterprises** - One-click protection for your APIs

[![npm version](https://badge.fury.io/js/%40seckav%2Fsecurity-sdk.svg)](https://badge.fury.io/js/%40seckav%2Fsecurity-sdk)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue.svg)](https://www.typescriptlang.org/)

## 🚀 Quick Start

Protect your APIs in under 2 minutes with just one line of code:

```bash
npm install @seckav/security-sdk
```

```javascript
const express = require('express');
const { createSecKavMiddleware } = require('@seckav/security-sdk');

const app = express();

// One-line API security
app.use(createSecKavMiddleware({
  apiKey: 'your_api_key',
  organizationId: 'your_org_id'
}));

// Your APIs are now protected!
app.get('/api/users', (req, res) => {
  res.json({ users: [] });
});

app.listen(3000);
```

## 🛡️ What It Protects Against

- **DDoS Attacks** - Intelligent rate limiting with burst control
- **SQL Injection** - Real-time malicious payload detection
- **XSS Attacks** - Cross-site scripting prevention
- **Brute Force** - IP-based attack mitigation
- **Suspicious Activity** - Behavioral threat detection
- **Geo-based Threats** - Country-level blocking
- **Bot Attacks** - User-agent filtering

## 🏢 Perfect For

- **Startups** - Get enterprise-grade security from day one
- **MSMEs** - Affordable protection that scales with you
- **Enterprises** - Lightweight security that doesn't slow you down
- **Developers** - Security that's actually developer-friendly

## 🌟 Key Features

### ⚡ Lightning Fast Setup
- **One-line integration** - No complex configuration
- **Framework agnostic** - Works with Express.js, Next.js, and more
- **Zero dependencies** - Minimal impact on your bundle size
- **TypeScript ready** - Full type support included

### 🔒 Enterprise-Grade Security
- **Real-time threat detection** - Stop attacks as they happen
- **Adaptive rate limiting** - Smart throttling that learns
- **Security analytics** - Detailed insights and reporting
- **Fail-open architecture** - Never breaks your application

### 📊 Built-in Analytics
- **Request monitoring** - Track API usage patterns
- **Security events** - Real-time threat notifications
- **Performance metrics** - Response time analysis
- **Geographic insights** - See where requests come from

## 📖 Frameworks Supported

### Express.js
```javascript
const express = require('express');
const { createSecKavMiddleware } = require('@seckav/security-sdk');

const app = express();
app.use(createSecKavMiddleware({
  apiKey: 'your_api_key',
  organizationId: 'your_org_id'
}));
```

### Next.js
```javascript
// middleware.js
import { createSecKavNextMiddleware } from '@seckav/security-sdk';

export default createSecKavNextMiddleware({
  apiKey: 'your_api_key',
  organizationId: 'your_org_id'
});

export const config = {
  matcher: '/api/:path*'
};
```

### TypeScript
```typescript
import { createSecKavMiddleware, SecKavConfig } from '@seckav/security-sdk';

const config: SecKavConfig = {
  apiKey: 'your_api_key',
  organizationId: 'your_org_id',
  features: {
    rateLimit: true,
    security: true,
    analytics: true
  }
};

app.use(createSecKavMiddleware(config));
```

## ⚙️ Configuration Options

```javascript
const config = {
  // Required
  apiKey: 'your_api_key',
  organizationId: 'your_org_id',
  
  // Optional
  apiUrl: 'https://api.seckav.com',  // Custom API endpoint
  timeout: 5000,                     // Request timeout (ms)
  debug: false,                      // Enable debug logging
  
  // Features
  features: {
    rateLimit: true,                 // Enable rate limiting
    security: true,                  // Enable threat detection
    analytics: true,                 // Enable usage analytics
    encryption: false,               // Enable E2E encryption
    misconfigurationScanning: false  // Enable config scanning
  },
  
  // Error handling
  onError: (error) => {
    console.log('Security error:', error);
  }
};
```

## 🔧 Advanced Usage

### Custom Rate Limiting
```javascript
const sdk = new SecKavSDK({
  apiKey: 'your_api_key',
  organizationId: 'your_org_id'
});

// Check rate limit manually
const result = await sdk.checkRateLimit('/api/endpoint', 'GET', 'client-id');
if (!result.allowed) {
  return res.status(429).json({ error: 'Rate limited' });
}
```

### Security Settings
```javascript
const securitySettings = await sdk.getSecuritySettings('your_jwt_token');
console.log('Current security configuration:', securitySettings);
```

### Analytics Data
```javascript
// Get SDK information
const info = sdk.getInfo();
console.log('Enabled features:', info.enabledFeatures);
console.log('SDK version:', info.version);
```

## 🚨 Error Handling

The SDK uses a **fail-open** architecture - if there's an error, your API continues to work:

```javascript
app.use(createSecKavMiddleware({
  apiKey: 'your_api_key',
  organizationId: 'your_org_id',
  onError: (error) => {
    // Log errors but don't break the application
    console.error('SecKav error:', error.message);
    
    // Optional: Send to your monitoring service
    monitoring.reportError(error);
  }
}));
```

## 📈 Getting Started

### 1. Sign Up
Visit [seckav.com](https://seckav.com) to create your account

### 2. Create Organization
Set up your organization and get your API key

### 3. Install SDK
```bash
npm install @seckav/security-sdk
```

### 4. Integrate
Add one line of code to protect your APIs

### 5. Monitor
View real-time security analytics in your dashboard

## 🔍 Monitoring & Analytics

Once integrated, you'll get access to:

- **Real-time Security Dashboard** - Live threat monitoring
- **API Usage Analytics** - Request patterns and trends
- **Security Event Logs** - Detailed attack information
- **Performance Metrics** - Response time and throughput
- **Geographic Insights** - Request origin mapping
- **Threat Intelligence** - Attack pattern analysis

## 🛠️ Development

### Local Development
```javascript
app.use(createSecKavMiddleware({
  apiKey: 'sk_test_your_test_key',
  organizationId: 'org_test_your_org',
  debug: true  // Enable detailed logging
}));
```

### Production
```javascript
app.use(createSecKavMiddleware({
  apiKey: process.env.SECKAV_API_KEY,
  organizationId: process.env.SECKAV_ORG_ID,
  debug: false
}));
```

## 🤝 Support

- **Documentation**: [docs.seckav.com](https://docs.seckav.com)
- **Support Email**: support@seckav.com
- **GitHub Issues**: [github.com/seckav/security-sdk/issues](https://github.com/seckav/security-sdk/issues)
- **Community**: [community.seckav.com](https://community.seckav.com)

## 📜 License

MIT License - see [LICENSE](LICENSE) file for details.

## 🚀 Why SecKav?

> **"Security shouldn't be an afterthought"**

Most companies implement security after they've been attacked. SecKav lets you build security into your application from day one with:

- ✅ **Zero Configuration** - Works out of the box
- ✅ **Enterprise Grade** - Used by companies worldwide
- ✅ **Developer Friendly** - Security that doesn't slow you down
- ✅ **Affordable** - Pricing that scales with your business
- ✅ **Reliable** - 99.9% uptime SLA
- ✅ **Global** - Edge locations worldwide

---

**Protect your APIs today. Start with SecKav.**

[Get Started →](https://seckav.com) | [View Docs →](https://docs.seckav.com) | [See Pricing →](https://seckav.com/pricing) 