Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lintliot.com/llms.txt

Use this file to discover all available pages before exploring further.

LintLiot follows semantic versioning. Minor versions (v1.x) add new features and remain backward-compatible. The SDK, API, and dashboard are released together.

v1.3 — Advanced security tools

Current release v1.3 introduces the Pentest Engine for dynamic application testing, a full Route Sensitivity dashboard, cross-framework SDK adapters, and a streamlined GitHub App installation flow.

Pentest Engine (DAST)

LintLiot now includes a Dynamic Application Security Testing engine that discovers your application’s routes and tests them against OWASP Top 10 vulnerabilities (A01–A10).
  • Route discovery — the SDK registers your routes automatically via registerRoutes(), registerExpressRoutes(), or registerKoaRoutes(). Alternatively, upload an OpenAPI spec for endpoint discovery.
  • Attack modules — SQLi, XSS, CSRF, IDOR, broken authentication, security misconfiguration, and more.
  • CVSS v3.1 scoring — every finding includes a risk score with proof-of-concept request/response capture.
  • Dashboard UI — manage scans and review findings from the Pentest page in the dashboard.

Route sensitivity dashboard

The Route Sensitivity page in the dashboard gives you visibility and control over which URL patterns receive graduated protection:
  • View all active rules (built-in and custom) in one place.
  • Create custom rules with your own path patterns, protection levels, and enforcement actions.
  • Test any path against your rule set before deploying changes.
  • Changes take effect in under 60 seconds via Edge Config propagation.

Cross-framework SDK adapters

The SDK now ships framework-specific adapters as named exports. All four adapters are stable and covered by the route sensitivity and pentest route discovery systems: 
import { withLintliot } from '@lintliot/sdk/next'      // Next.js
import { lintliotPlugin } from '@lintliot/sdk/fastify'  // Fastify
import { lintliotKoa } from '@lintliot/sdk/koa'         // Koa
import { createLintliot } from '@lintliot/sdk'          // Express and others

GitHub App installation flow

You can now install the LintLiot GitHub App directly from the dashboard. The app binds to your repository and handles webhook registration automatically — no manual webhook URL setup required.

AI agent-ready onboarding

The npx lintliot init command now produces copy-paste-ready output optimized for AI coding assistants. Every step prints the exact environment variable, file, and code snippet to add, so AI agents can complete the integration without additional prompts.

v1.2 — Network effect

v1.2 built out the global threat intelligence network, introduced the CVE pipeline, and added the badge and webhook alert integrations.

Global IP blocklist with Edge Config propagation

LintLiot now maintains a shared cross-app blocklist. When an IP address attacks any app on the platform, it is added to the global blocklist and propagated to every other LintLiot-protected app via Vercel Edge Config within 60 seconds. The blocklist check runs in under 1ms on every request — before any application code executes.

CVE pipeline

A background process monitors NVD and GHSA for new CVEs every 6 hours. When a CVE matches a package found in your scan findings, LintLiot sends an alert to every affected app and deploys a corresponding WAF threat rule to Edge Config.

”Secured by LintLiot” badge

Every Pro and above app gets a live SVG badge that displays the current Security Score: 
<a href="https://lintliot.com/verify/my-app">
  <img src="https://app.lintliot.com/api/verify/my-app/badge.svg"
       alt="Secured by LintLiot"
       width="180" />
</a>
The badge is cached at the edge with a 5-minute TTL and updates automatically as your score changes.

Slack and PagerDuty webhooks

Team and Enterprise customers can now route critical security alerts to Slack channels or PagerDuty services. Configure alert destinations from the dashboard under Settings → Alerts.

v1.1 — Behavioral protection

v1.1 introduced the 7-day learning phase, impossible travel detection, session fingerprinting, the Public Security Certificate, and Emergency Lockdown.

Behavioral baselines and learning mode

After installation, LintLiot enters a 7-day passive observation window. During this period it builds five statistical baselines per app:
  • Traffic baseline — requests per minute by hour of day and day of week (168 data points)
  • Geographic baseline — request distribution by country
  • User behavior baseline — requests per session, unique endpoint spread
  • Authentication baseline — login attempts per hour, failure rate
  • Data access baseline — records returned per API response
On day 8, a single button in the dashboard switches from standard thresholds to personalized, app-specific thresholds. Rate limiting, anomaly detection, and the WAF all recalibrate to what is normal for your app specifically.

Impossible travel detection

When a user account authenticates from two geographic locations that cannot be reached in the time elapsed at commercial aviation speeds (900 km/h), LintLiot:
  1. Invalidates the second session automatically.
  2. Logs an auth.impossible_travel event with severity CRITICAL.
  3. Sends an immediate push notification.
  4. Adds the source IP to the global blocklist.

Session fingerprinting

Every session gets a fingerprint from five signals: IP subnet (35%), browser User-Agent (25%), Accept-Language header (15%), Accept-Encoding header (10%), and platform/OS (15%). If a session token is presented with a fingerprint that differs by more than 60% from the original, the request is challenged and the event is logged as auth.session_hijack_attempt.

Public Security Certificate

Every app on Pro and above gets a public certificate page at: 
https://lintliot.com/verify/[app-slug]
The page shows the Security Score, active protections, compliance framework pass rates, and threats blocked in the last 30 days. No authentication required — share the link in pitch decks and enterprise sales emails.

Emergency Lockdown

Team and Enterprise customers can activate Emergency Lockdown from the Monitor page. When active, all write operations (POST, PUT, PATCH, DELETE) are blocked and per-IP rate limits drop to 1 request per minute. A banner appears across all dashboard pages while lockdown is active. Lockdown lifts automatically after 1 hour or when you press the button again.

v1.0 — Foundation

v1.0 shipped the core LintLiot platform: SDK with WAF middleware, the four-level code scanner, the compliance engine, the real-time dashboard, and GitHub integration.

SDK and Request Shield

  • Core LintliotClient with protect() middleware for Express, Fastify, Koa, and Next.js
  • Web Application Firewall with 150+ regex patterns covering SQLi, XSS, SSTI, SSRF, path traversal, command injection, and more
  • Bot detection using 12-signal browser fingerprint scoring
  • Adaptive rate limiting (baseline-relative after learning mode)
  • IP allowlist and blocklist management

Code scanner (four-level analysis)

  • Level 1 — Pattern: 80+ regex rules for hardcoded secrets and dangerous function calls
  • Level 2 — AST Semantic: TypeScript and JavaScript AST analysis for SQL injection, XSS, unsafe deserialization
  • Level 3 — Data Flow: Taint tracking from user input to database writes, filesystem operations, and eval()
  • Level 4 — Context: Dependency CVE correlation, IaC misconfiguration detection, secrets in config files

Compliance engine

Automatic mapping of security events to compliance controls for SOC 2 Type II, GDPR, HIPAA, PCI-DSS v4.0, and ISO 27001. Compliance PDF generation (client-side, no server round trip). Full audit trail with hashed event chain.

Security Score

A 0–100 score that recalculates in real time based on open findings, active threats, compliance control status, and module configuration. The score drives the public Security Certificate and the dashboard overview.

GitHub integration

GitHub webhook receiver for push and pull_request events. Scan jobs are queued asynchronously and results are posted back to the pull request as inline comments with suggested fixes.

Dashboard

Real-time SSE-powered dashboard covering: Overview, Scanner, Shield, Permissions, Vault, Monitor, Intelligence, Compliance, Settings, and more. Billing and plan management available from the Settings page.