# LintLiot ## Docs - [AGENTS](https://docs.lintliot.com/AGENTS.md) - [Emergency lockdown: make your app read-only instantly](https://docs.lintliot.com/dashboard/emergency-lockdown.md): How to activate emergency lockdown during an active attack, what it does to your app, how to lift it, and which plan includes it. - [LintLiot dashboard: your security command center](https://docs.lintliot.com/dashboard/overview.md): A guided tour of every page in the LintLiot dashboard — what each one shows, how live data streams in, and what to expect during your first seven days. - [Security Certificate: share your security posture publicly](https://docs.lintliot.com/dashboard/security-certificate.md): How to use your LintLiot Security Certificate page and badge to demonstrate security posture in pitch decks, sales emails, and GitHub READMEs. - [Understanding your LintLiot Security Score](https://docs.lintliot.com/dashboard/security-score.md): How your 0–100 Security Score is calculated, what each score band means, what causes it to drop, and the fastest ways to raise it. - [Behavioral anomaly detection with LintLiot](https://docs.lintliot.com/features/anomaly-detection.md): LintLiot detects impossible travel, credential stuffing, data exfiltration, and API abuse. No rules to write — call recordAuthFailure and recordDataRead in your handlers. - [Automated compliance reports with LintLiot](https://docs.lintliot.com/features/compliance.md): Generate SOC 2, GDPR, HIPAA, PCI-DSS v4.0, and ISO 27001 compliance reports in seconds. Every security event maps to compliance controls automatically. - [Automated DAST pentesting with LintLiot](https://docs.lintliot.com/features/pentest.md): LintLiot's pentest engine scans your live app for OWASP Top 10 vulnerabilities. Register routes via the SDK or OpenAPI spec and start a scan from the dashboard. - [Baseline-relative rate limiting with LintLiot](https://docs.lintliot.com/features/rate-limiting.md): LintLiot adapts rate limits to your app's real traffic after a 7-day learning phase. Limits are set relative to your baseline, not a generic number. - [Field-level encryption with The Vault](https://docs.lintliot.com/features/vault.md): LintLiot Vault encrypts PII fields with AES-256-GCM before they reach your database. Decrypt on read, rotate keys with zero downtime, and works in Edge runtimes. - [WAF and bot detection with LintLiot](https://docs.lintliot.com/features/waf.md): LintLiot's WAF blocks SQL injection, XSS, SSRF, and 12 other attack categories automatically. Bot detection and account takeover protection are included. - [How LintLiot works: learning mode and request lifecycle](https://docs.lintliot.com/how-it-works.md): What happens to every request, how the 7-day learning mode builds behavioral baselines, how enforcement activates on Day 8, and how the Security Score is calculated. - [LintLiot: App security that installs in 2 minutes](https://docs.lintliot.com/index.md): LintLiot protects your app with WAF, secret scanning, rate limiting, anomaly detection, and compliance reports. One command to install. - [LintLiot: full-stack security for indie developers](https://docs.lintliot.com/introduction.md): LintLiot protects your SaaS app across six layers — WAF, rate limiting, anomaly detection, encryption, compliance, and pentest — with one install command. - [Get started: install LintLiot and protect your app](https://docs.lintliot.com/quickstart.md): Create an account, install the SDK, run init, and send your first protected request. Your Security Score appears and learning mode begins automatically. - [LintLiot REST API reference for all endpoints](https://docs.lintliot.com/reference/api.md): Full reference for the LintLiot REST API. Covers authentication, apps, events, scanner, shield, compliance, pentest, route sensitivity, and the public verification endpoint. - [LintLiot changelog: release history and new features](https://docs.lintliot.com/reference/changelog.md): Release notes for every LintLiot version. Track new features, platform improvements, and SDK updates from v1.0 through the current v1.3 release. - [LintLiot CLI reference: init and scan commands](https://docs.lintliot.com/reference/cli.md): Complete reference for the LintLiot CLI. Use npx lintliot init to set up protection in under 90 seconds and npx lintliot-scan to find secrets, IaC misconfigs, and code vulnerabilities. - [LintLiot pricing plans: Free, Pro, Team, Enterprise](https://docs.lintliot.com/reference/pricing.md): Compare LintLiot plans and feature availability. From the free tier for solo developers to Enterprise for unlimited teams, find the plan that fits your app and budget. - [LintLiot SDK configuration reference](https://docs.lintliot.com/sdk/configuration.md): Full reference for LintliotConfig: module toggles, anomaly thresholds, route sensitivity rules, lockdown bypass paths, and all protect() options. - [Add LintLiot to your Express application](https://docs.lintliot.com/sdk/express.md): Protect your Express app with a single app.use call. Includes WAF, rate limiting, bot detection, permission guards, and route sensitivity. - [Add LintLiot to your Fastify application](https://docs.lintliot.com/sdk/fastify.md): Register the LintLiot plugin as your first Fastify plugin to protect every route. Includes a request decorator, permission guards, and per-route rate limits. - [Install the LintLiot SDK for Node.js and TypeScript](https://docs.lintliot.com/sdk/installation.md): Add LintLiot to your JavaScript or TypeScript app in under two minutes. One package, one init command, and your app is protected. - [Add LintLiot to your Koa application](https://docs.lintliot.com/sdk/koa.md): Mount the LintLiot middleware before your Koa router to protect every route. Includes ctx.state context, permission guards, and per-route rate limits. - [Add LintLiot to your Next.js App Router project](https://docs.lintliot.com/sdk/next.md): Protect your Next.js app with a single middleware.ts file. Runs on the Edge Runtime before any page or API route with zero config.