@gouravniit/zero-trust-api-monitor 1.0.0

package/.env.example

@@ -0,0 +1,48 @@
+# Server Configuration
+PORT=3000
+NODE_ENV=development
+
+# Redis Configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=
+
+# PostgreSQL Configuration
+POSTGRES_HOST=localhost
+POSTGRES_PORT=5432
+POSTGRES_DB=api_monitoring
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=
+
+# ML Service Configuration
+ML_SERVICE_URL=http://localhost:5000
+ML_INFERENCE_TIMEOUT=10000
+
+# LLM Configuration
+LLM_PROVIDER=openai
+OPENAI_API_KEY=
+ANTHROPIC_API_KEY=
+
+# Security Thresholds
+ANOMALY_THRESHOLD_ALERT=31
+ANOMALY_THRESHOLD_THROTTLE=61
+ANOMALY_THRESHOLD_QUARANTINE=81
+ANOMALY_THRESHOLD_BLOCK=96
+
+# Throttle Configuration
+THROTTLE_LATENCY_MS=500
+QUARANTINE_PAYLOAD_LIMIT=1000
+STEP_UP_CHALLENGE_TIMEOUT=300000
+
+# Feature Store TTL (seconds)
+FEATURE_TTL_PROFILE=2592000
+FEATURE_TTL_SEQUENCE=3600
+FEATURE_TTL_GEOLOCATION=86400
+
+# Dashboard Configuration
+DASHBOARD_PORT=3001
+ENABLE_WEBSOCKET=true
+
+# Deployment Mode
+SHADOW_MODE=true
+ENABLE_AUTO_THROTTLE=false

package/API_INTEGRATION_GUIDE.md

@@ -0,0 +1,329 @@
+# API Integration Guide - Zero-Trust Monitoring
+
+## Overview
+
+The Zero-Trust API Monitor works as a **middleware layer** that sits between your API consumers (partners) and your actual API endpoints. It monitors all traffic passing through it.
+
+## How It Works
+
+```
+Partner API Request → Zero-Trust Monitor → Your Real API → Response → Monitor → Partner
+                           ↓
+                    Behavioral Analysis
+                    Anomaly Detection
+                    Threat Response
+```
+
+## Integration Methods
+
+### Method 1: Express Middleware (Recommended)
+
+If you have an existing Express.js API, integrate the monitor as middleware:
+
+#### Step 1: Install in Your Existing API
+
+```javascript
+// your-api/server.js
+import express from 'express';
+import { telemetryCollector } from './path/to/collector/collector';
+import { throttleEngine } from './path/to/security/throttle-engine';
+
+const app = express();
+
+// Add monitoring middleware BEFORE your routes
+app.use(throttleEngine.middleware());  // Enforce throttle rules
+app.use(telemetryCollector.middleware());  // Collect telemetry
+
+// Your existing API routes
+app.get('/api/accounts/:id', (req, res) => {
+    // Your existing code
+    res.json({ account: 'data' });
+});
+
+app.listen(3000);
+```
+
+### Method 2: Reverse Proxy (Production)
+
+Use the monitor as a reverse proxy in front of your existing APIs:
+
+#### Step 1: Configure Proxy in `src/index.ts`
+
+```typescript
+import { createProxyMiddleware } from 'http-proxy-middleware';
+
+// Add to your routes
+this.app.use('/api', createProxyMiddleware({
+    target: 'http://your-actual-api:8080',  // Your real API
+    changeOrigin: true,
+    onProxyReq: (proxyReq, req, res) => {
+        // Telemetry is already collected by middleware
+    }
+}));
+```
+
+#### Step 2: Update Docker Compose
+
+```yaml
+services:
+  api-monitor:
+    environment:
+      - BACKEND_API_URL=http://your-api:8080
+```
+
+### Method 3: API Gateway Integration
+
+Deploy as a sidecar to your API Gateway (Kong, AWS API Gateway, etc.)
+
+## Partner Registration
+
+### How Partners Are Identified
+
+Partners are automatically identified by:
+
+1. **API Key** (from `Authorization: Bearer <key>` header)
+2. **Partner ID** (from `X-Partner-ID` header)
+3. **IP Address** (fallback)
+
+### Example Partner Request Format
+
+```bash
+curl https://your-api.com/api/accounts/123 \
+  -H "Authorization: Bearer sk_live_abc123xyz" \
+  -H "X-Partner-ID: partner_fintech_alpha" \
+  -H "Content-Type: application/json"
+```
+
+### Partner Data Format
+
+The system automatically creates profiles for partners. No manual registration needed!
+
+**Automatic Profile Creation:**
+```json
+{
+  "partnerId": "partner_fintech_alpha",
+  "apiKeyHash": "sha256_hash_of_key",
+  "createdAt": 1705564800000,
+  "lastUpdated": 1705651200000,
+  "statistics": {
+    "avgPayloadSize": 1024,
+    "requestsPerHour": 150,
+    "commonEndpoints": {
+      "/api/accounts": 100,
+      "/api/transactions": 50
+    }
+  }
+}
+```
+
+## Real-World Integration Example
+
+### Scenario: You have a Banking API
+
+**Your Current Setup:**
+```
+Partners → Your API (port 8080)
+```
+
+**With Zero-Trust Monitor:**
+```
+Partners → Monitor (port 3000) → Your API (port 8080)
+```
+
+### Implementation
+
+#### 1. Update Your API to Run on Different Port
+
+```javascript
+// your-banking-api/server.js
+app.listen(8080);  // Change from 3000 to 8080
+```
+
+#### 2. Configure Monitor to Proxy to Your API
+
+```typescript
+// src/index.ts (in the monitor)
+import { createProxyMiddleware } from 'http-proxy-middleware';
+
+// Add after telemetry middleware
+this.app.use('/api', createProxyMiddleware({
+    target: 'http://localhost:8080',  // Your banking API
+    changeOrigin: true,
+    pathRewrite: {
+        '^/api': '/api'  // Keep path as-is
+    }
+}));
+```
+
+#### 3. Update Partner Documentation
+
+Tell your partners to use:
+```
+OLD: https://api.yourbank.com/accounts
+NEW: https://api.yourbank.com/accounts  (same URL!)
+```
+
+Just add the header:
+```
+X-Partner-ID: their_partner_id
+```
+
+## Configuration
+
+### Environment Variables
+
+```bash
+# .env
+# Your backend API
+BACKEND_API_URL=http://localhost:8080
+
+# Partner identification
+PARTNER_ID_HEADER=X-Partner-ID
+API_KEY_HEADER=Authorization
+
+# Monitoring settings
+SHADOW_MODE=true  # Start in monitoring-only mode
+ENABLE_AUTO_THROTTLE=false  # Don't block yet
+```
+
+## Testing the Integration
+
+### 1. Start Your Existing API
+```bash
+cd your-api
+npm start  # Runs on port 8080
+```
+
+### 2. Start the Monitor
+```bash
+cd api-monitoring
+docker-compose up -d  # Runs on port 3000
+```
+
+### 3. Test a Request Through the Monitor
+```bash
+# This goes through the monitor to your API
+curl http://localhost:3000/api/accounts/123 \
+  -H "Authorization: Bearer test_key" \
+  -H "X-Partner-ID: partner_test"
+```
+
+### 4. Check the Dashboard
+Open http://localhost:3001 - you should see:
+- Partner "partner_test" appear
+- Request count increase
+- Anomaly score calculated
+
+## Partner Onboarding Flow
+
+### For New Partners
+
+1. **Partner makes first API call** with their API key
+2. **Monitor automatically creates profile** in Redis
+3. **Baseline learning begins** (1-2 weeks recommended)
+4. **Anomaly detection activates** after sufficient data
+
+### For Existing Partners
+
+1. **Enable shadow mode** first
+2. **Let monitor observe** for 1-2 weeks
+3. **Review anomaly scores** in dashboard
+4. **Tune thresholds** if needed
+5. **Enable auto-throttle** when confident
+
+## API Endpoints for Partner Management
+
+### Get Partner Status
+```bash
+GET /api/partner/:partnerId/status
+```
+
+Response:
+```json
+{
+  "partnerId": "partner_fintech_alpha",
+  "profile": {
+    "requestsPerHour": 150,
+    "avgPayloadSize": 1024
+  },
+  "avgAnomalyScore": 15,
+  "throttleState": null
+}
+```
+
+### Manually Restore Partner
+```bash
+POST /api/partner/:partnerId/restore
+Content-Type: application/json
+
+{
+  "reason": "False positive resolved"
+}
+```
+
+## Production Deployment
+
+### Architecture
+
+```
+Internet → Load Balancer → Zero-Trust Monitor → Your API Cluster
+                                ↓
+                          Redis (profiles)
+                          PostgreSQL (audit logs)
+```
+
+### Docker Compose for Production
+
+```yaml
+version: '3.8'
+services:
+  monitor:
+    image: your-registry/api-monitor:latest
+    environment:
+      - BACKEND_API_URL=http://your-api:8080
+      - REDIS_HOST=redis
+      - SHADOW_MODE=false
+      - ENABLE_AUTO_THROTTLE=true
+    depends_on:
+      - redis
+      - your-api
+  
+  your-api:
+    image: your-registry/your-api:latest
+    ports:
+      - "8080:8080"
+  
+  redis:
+    image: redis:7-alpine
+    volumes:
+      - redis-data:/data
+```
+
+## FAQ
+
+### Q: Do I need to modify my existing API?
+**A:** No! The monitor works as a proxy. Just point partners to the monitor instead.
+
+### Q: How do partners get registered?
+**A:** Automatically! First request creates their profile.
+
+### Q: What if I don't want to use X-Partner-ID header?
+**A:** Configure `PARTNER_ID_HEADER` to use a different header, or use API key hashing.
+
+### Q: Can I use this with REST, GraphQL, gRPC?
+**A:** Yes for REST and GraphQL. gRPC requires additional configuration.
+
+### Q: How do I migrate existing partners?
+**A:** Enable shadow mode, let them make requests normally, profiles auto-create.
+
+## Next Steps
+
+1. ✅ **Test locally** with the demo endpoints
+2. ✅ **Integrate with your API** using proxy method
+3. ✅ **Run in shadow mode** for 1-2 weeks
+4. ✅ **Review dashboard** for anomalies
+5. ✅ **Enable auto-throttle** when ready
+
+## Support
+
+See the main [README.md](file:///Users/gouravniitdev/Desktop/Applications/API%20Monitoring/README.md) for more details.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 FIS Global
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,288 @@
+# @gouravniit/zero-trust-api-monitor
+
+[![npm version](https://badge.fury.io/js/%40gouravniit%2Fzero-trust-api-monitor.svg)](https://www.npmjs.com/package/@gouravniit/zero-trust-api-monitor)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+Zero-Trust API monitoring with behavioral analysis, anomaly detection, and automated threat response for fintech APIs.
+
+## Features
+
+- 🔍 **Behavioral Baselining** - Learns normal API usage patterns per partner
+- 🚨 **Real-time Anomaly Detection** - Detects unusual behavior using statistical analysis
+- 🛡️ **Automated Threat Response** - 5-level response system (Monitor → Alert → Throttle → Quarantine → Block)
+- 🤖 **LLM-Powered Analysis** - AI-driven threat classification and recommendations
+- 📊 **Real-time Dashboard** - Beautiful monitoring interface
+- ⚡ **High Performance** - <1ms overhead, async processing
+- 🔒 **Privacy-First** - Zero PII collection, GDPR/PCI-DSS compliant
+
+## Installation
+
+```bash
+npm install @gouravniit/zero-trust-api-monitor
+```
+
+## Quick Start
+
+```javascript
+const express = require('express');
+const { createMonitor } = require('@gouravniit/zero-trust-api-monitor');
+
+const app = express();
+
+// Initialize monitor
+const monitor = await createMonitor({
+  redis: {
+    host: 'localhost',
+    port: 6379
+  },
+  security: {
+    shadowMode: true  // Start in monitoring-only mode
+  }
+});
+
+// Add monitoring middleware
+app.use(monitor.middleware());
+
+// Your API routes
+app.get('/api/accounts/:id', (req, res) => {
+  res.json({ id: req.params.id, balance: 1000 });
+});
+
+app.listen(3000);
+```
+
+## TypeScript Support
+
+```typescript
+import { createMonitor, MonitorConfig } from '@gouravniit/zero-trust-api-monitor';
+
+const config: MonitorConfig = {
+  redis: {
+    host: process.env.REDIS_HOST || 'localhost',
+    port: 6379
+  },
+  security: {
+    shadowMode: false,
+    enableAutoThrottle: true
+  }
+};
+
+const monitor = await createMonitor(config);
+app.use(monitor.middleware());
+```
+
+## How It Works
+
+The monitor sits between your API consumers (partners) and your API endpoints:
+
+```
+Partner Request → Monitor → Your API → Response → Monitor → Partner
+                     ↓
+              Behavioral Analysis
+              Anomaly Detection
+              Threat Response
+```
+
+### Automatic Partner Profiling
+
+Partners are automatically identified and profiled on their first request:
+
+```bash
+curl https://your-api.com/endpoint \
+  -H "Authorization: Bearer partner_api_key" \
+  -H "X-Partner-ID: partner_fintech_alpha"
+```
+
+The monitor automatically:
+1. Creates a behavioral profile
+2. Learns normal patterns (payload sizes, endpoints, timing)
+3. Detects anomalies in real-time
+4. Responds to threats automatically
+
+## Configuration
+
+### Environment Variables
+
+```bash
+# Redis (required)
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=your_password
+
+# Security Settings
+SHADOW_MODE=true                    # Monitor only, no blocking
+ENABLE_AUTO_THROTTLE=false         # Enable automatic blocking
+
+# Thresholds (0-100)
+ANOMALY_THRESHOLD_ALERT=31         # Generate alert
+ANOMALY_THRESHOLD_THROTTLE=61      # Add latency
+ANOMALY_THRESHOLD_QUARANTINE=81    # Require re-auth
+ANOMALY_THRESHOLD_BLOCK=96         # Temporary block
+
+# LLM (optional)
+LLM_PROVIDER=openai                # or 'anthropic'
+OPENAI_API_KEY=your_key
+```
+
+## Advanced Usage
+
+### Access Individual Components
+
+```javascript
+const { 
+  telemetryCollector,
+  baselineEngine,
+  throttleEngine,
+  securityCopilot,
+  featureStore 
+} = require('@gouravniit/zero-trust-api-monitor');
+
+// Custom alert handling
+throttleEngine.onAlert((response) => {
+  console.log('Threat detected:', {
+    partnerId: response.partnerId,
+    action: response.action,
+    score: response.anomalyScore
+  });
+  
+  // Send to your alerting system
+  sendToSlack(response);
+});
+
+// Manual partner management
+await throttleEngine.restorePartner('partner_id', 'False positive');
+```
+
+### Get Partner Status
+
+```javascript
+const status = await featureStore.getProfile('partner_fintech_alpha');
+console.log(status);
+// {
+//   partnerId: 'partner_fintech_alpha',
+//   statistics: {
+//     requestsPerHour: 150,
+//     avgPayloadSize: 1024,
+//     commonEndpoints: { '/api/accounts': 100 }
+//   }
+// }
+```
+
+## Dashboard
+
+Access the real-time monitoring dashboard:
+
+```bash
+npm run dashboard
+# Open http://localhost:3001
+```
+
+Features:
+- Live partner risk scores
+- Anomaly score trends
+- Active alerts
+- Manual throttle controls
+
+## Deployment
+
+### Docker
+
+```yaml
+version: '3.8'
+services:
+  api-monitor:
+    image: your-registry/api-monitor
+    ports:
+      - "3000:3000"
+    environment:
+      - REDIS_HOST=redis
+      - SHADOW_MODE=false
+    depends_on:
+      - redis
+  
+  redis:
+    image: redis:7-alpine
+```
+
+### Kubernetes
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-monitor
+spec:
+  containers:
+  - name: monitor
+    image: your-registry/api-monitor
+    env:
+    - name: REDIS_HOST
+      value: redis-service
+```
+
+## Non-Node.js Applications
+
+The monitor works with **any** backend language! Deploy as a standalone proxy:
+
+```yaml
+services:
+  # Your Python/Java/Go API
+  your-api:
+    image: your-api:latest
+    ports:
+      - "8080:8080"
+  
+  # Monitor (protects your API)
+  monitor:
+    image: zero-trust-monitor
+    ports:
+      - "3000:3000"
+    environment:
+      - BACKEND_API_URL=http://your-api:8080
+```
+
+See [NON_NODEJS_GUIDE.md](./NON_NODEJS_GUIDE.md) for details.
+
+## API Reference
+
+### `createMonitor(config?)`
+
+Creates and initializes the monitor.
+
+**Parameters:**
+- `config.redis` - Redis connection settings
+- `config.security` - Security configuration
+
+**Returns:** `Promise<Monitor>`
+
+### `Monitor`
+
+**Properties:**
+- `middleware()` - Express middleware
+- `featureStore` - Access to behavioral profiles
+- `throttleEngine` - Threat response engine
+- `telemetryCollector` - Request collector
+- `shutdown()` - Graceful shutdown
+
+## Documentation
+
+- [API Integration Guide](./API_INTEGRATION_GUIDE.md)
+- [Non-Node.js Guide](./NON_NODEJS_GUIDE.md)
+- [NPM Publishing Guide](./NPM_PUBLISHING_GUIDE.md)
+
+## Examples
+
+See the [examples](./examples) directory for:
+- Express.js integration
+- TypeScript usage
+- Custom alert handling
+- Multi-language deployment
+
+## License
+
+MIT © FIS Global
+
+## Support
+
+- 📧 Issues: https://github.com/fis-global/zero-trust-monitor/issues
+- 📖 Docs: https://github.com/fis-global/zero-trust-monitor