guardian-risk 0.2.1 → 0.3.1

package/README.md

@@ -2,13 +2,17 @@
 
 Configurable risk decision engine for TypeScript. Evaluate signals against rules and get an explainable risk score.
 
+**Production-ready** at `0.3.x` — zero runtime dependencies, hardened validation, async hooks, and official plugins for Express, Redis, VPN, browser, and logging.
+
 ## Install
 
 ```bash
 npm install guardian-risk
 ```
 
-## Usage
+## Usage (core only)
+
+No plugins required — sync `analyze()` works when no hooks are registered:
 
 ```typescript
 import { Guardian } from 'guardian-risk';
@@ -41,32 +45,49 @@ Install **core first**, then add only the plugins you need:
 | Package | Install | Purpose |
 |---------|---------|---------|
 | **guardian-risk** (this) | `npm i guardian-risk` | Core engine |
-| guardian-risk-express | `npm i guardian-risk-express` | Express request signals |
-| guardian-risk-browser | `npm i guardian-risk-browser` | Browser behavioral signals |
-| guardian-risk-redis | `npm i guardian-risk-redis` | Redis session counters |
+| guardian-risk-express | `npm i guardian-risk-express` | Express middleware + validated IP |
+| guardian-risk-redis | `npm i guardian-risk-redis` | Redis session counters + rate limits |
 | guardian-risk-vpn | `npm i guardian-risk-vpn` | VPN / proxy / Tor detection |
+| guardian-risk-browser | `npm i guardian-risk-browser` | Browser behavioral signals |
 | guardian-risk-logger | `npm i guardian-risk-logger` | Audit logging |
 
 ```bash
-# Example: Express + VPN + Logger stack
-npm install guardian-risk guardian-risk-express guardian-risk-vpn guardian-risk-logger
+npm install guardian-risk guardian-risk-express guardian-risk-redis guardian-risk-vpn guardian-risk-logger
+npm install ioredis   # optional, required for Redis in production
 ```
 
+### Production Express example
+
 ```typescript
+import express from 'express';
 import { Guardian } from 'guardian-risk';
-import { expressPlugin } from 'guardian-risk-express';
-import { vpnPlugin } from 'guardian-risk-vpn';
-import { loggerPlugin, analyzeAndLog } from 'guardian-risk-logger';
-
-const guardian = new Guardian()
-  .use(expressPlugin())
-  .use(vpnPlugin())
-  .use(loggerPlugin());
-
-analyzeAndLog(guardian);
+import { expressPlugin, guardianMiddleware } from 'guardian-risk-express';
+import { redisPlugin } from 'guardian-risk-redis';
+import { vpnPlugin, StaticIpProvider } from 'guardian-risk-vpn';
+import { loggerPlugin } from 'guardian-risk-logger';
+
+const app = express();
+app.set('trust proxy', 1);
+
+const template = new Guardian()
+  .use(expressPlugin({ trustProxy: true }))
+  .use(redisPlugin({ url: process.env.REDIS_URL, allowInMemoryFallback: false }))
+  .use(vpnPlugin({ provider: new StaticIpProvider({}), vpnScore: 25 }))
+  .use(loggerPlugin({ minScore: 20 }))
+  .rule({ name: 'Burst', when: (s) => (s.requestsInWindow as number) > 30, score: 40 });
+
+app.get('/health', (_req, res) => res.json({ ok: true }));
+
+app.use(
+  guardianMiddleware(template, {
+    blockAboveScore: 80,
+    onAnalyzeError: 'block',
+    exposeBlockDetails: false,
+  }),
+);
 ```
 
-> Plugin packages are early stubs — APIs may change before `1.0.0`.
+> Use your own IP intelligence provider in production (MaxMind, IPinfo, etc.) — not the dev-only `IpApiProvider`.
 
 ## Plugins API
 
@@ -76,11 +97,39 @@ import type { Plugin } from 'guardian-risk';
 const myPlugin: Plugin = {
   name: 'my-plugin',
   install(guardian) {
-    guardian.rule({ name: 'Custom', when: () => true, score: 10 });
+    guardian.beforeAnalyze(async ({ guardian: g }) => {
+      g.signal('customSignal', true);
+    });
   },
 };
 
-new Guardian().use(myPlugin);
+await new Guardian().use(myPlugin).analyzeAsync();
+```
+
+## Typed signals & presets
+
+```typescript
+import { defineSignals, applyRules, botDetectionRules } from 'guardian-risk';
+
+const bot = defineSignals<{ mouseLinearity: number; headlessUA: boolean }>();
+
+const guardian = applyRules(bot.create(), botDetectionRules)
+  .signal('mouseLinearity', 0.95)
+  .signal('headlessUA', true);
+
+const report = await guardian.analyzeAsync();
+```
+
+## Rule groups
+
+```typescript
+guardian.ruleGroup({
+  name: 'login',
+  maxScore: 40,
+  rules: [
+    { name: 'BruteForce', when: (s) => (s.loginAttempts as number) > 5, score: 45 },
+  ],
+});
 ```
 
 ## API
@@ -88,26 +137,48 @@ new Guardian().use(myPlugin);
 | Method | Description |
 |--------|-------------|
 | `guardian.signal(key, value)` | Add a signal |
+| `guardian.getSignal(key)` | Read a signal without modifying state |
 | `guardian.rule({ name, when, score, reason? })` | Register a rule |
+| `guardian.ruleGroup({ name, maxScore, rules })` | Register capped rule group |
 | `guardian.use(plugin)` | Install a plugin (once per name) |
-| `guardian.analyze()` | Run evaluation, returns `RiskReport` |
+| `guardian.beforeAnalyze(hook)` | Run hook before evaluation (async OK) |
+| `guardian.afterAnalyze(hook)` | Run hook after report is built |
+| `guardian.analyze()` | Sync analysis (only when no hooks registered) |
+| `guardian.analyzeAsync(context?)` | Async analysis with lifecycle hooks |
+| `guardian.fork()` | Clone rules/plugins for per-request use |
 | `guardian.reset()` | Clear signals (rules + plugins persist) |
 | `guardian.getInstalledPlugins()` | List installed plugin names |
 
+## Production checklist
+
+1. One **template** `Guardian` at startup; `fork()` or middleware per request
+2. `await analyzeAsync(req)` when plugins are installed
+3. `app.set('trust proxy', 1)` behind load balancers
+4. `REDIS_URL` set; `allowInMemoryFallback: false` in production
+5. Your own VPN/IP provider — not default external APIs
+6. `onAnalyzeError: 'block'` and `exposeBlockDetails: false` when blocking
+7. Browser/client signals are hints only — never sole auth factor
+
+Full details: [SECURITY.md](https://github.com/himanshu6306singh/guardian-risk/blob/main/SECURITY.md)
+
 ## Security
 
 - **Zero runtime dependencies** — minimal supply chain risk
 - **No install scripts** — nothing runs on `npm install`
+- String signals capped at 4 KB; `NaN`/`Infinity` rejected
 - Prototype pollution protection on signal keys
 - Rule `when()` errors isolated — engine stays stable
+- Hook timeout (10s); rules/plugins locked during `analyzeAsync()`
+- Deep-frozen matched rules in reports
 - Score bounds: ±10,000 per rule, ±1,000,000 total
-- Plugin `install()` failures throw `PluginInstallError` without registering
-- See [SECURITY.md](SECURITY.md) for vulnerability reporting
+
+See [SECURITY.md](https://github.com/himanshu6306singh/guardian-risk/blob/main/SECURITY.md) for vulnerability reporting.
 
 ## Links
 
 - [GitHub monorepo](https://github.com/himanshu6306singh/guardian-risk)
-- [All packages guide](https://github.com/himanshu6306singh/guardian-risk/blob/main/ECOSYSTEM.md)
+- [Migration guide](https://github.com/himanshu6306singh/guardian-risk/blob/main/MIGRATION.md)
+- [All packages](https://github.com/himanshu6306singh/guardian-risk/blob/main/ECOSYSTEM.md)
 
 ## License
 

package/dist/index.cjs

@@ -1,6 +1,7 @@
 'use strict';
 
 var crypto = require('crypto');
+var net = require('net');
 
 // src/constants/defaults.ts
 var DEFAULT_RISK_LEVELS = [
@@ -16,12 +17,38 @@ var MAX_SIGNALS = 1e3;
 var MAX_KEY_LENGTH = 256;
 var MAX_RULE_SCORE = 1e4;
 var MAX_TOTAL_SCORE = 1e6;
+var MAX_SIGNAL_STRING_LENGTH = 4096;
+var MAX_SESSION_ID_LENGTH = 128;
+var SESSION_ID_PATTERN = /^[a-zA-Z0-9._-]+$/;
+var HOOK_TIMEOUT_MS = 1e4;
 var BLOCKED_SIGNAL_KEYS = /* @__PURE__ */ new Set([
   "__proto__",
   "constructor",
   "prototype"
 ]);
 
+// src/hooks/runHooks.ts
+async function runHooks(hooks, context, timeoutMs = HOOK_TIMEOUT_MS) {
+  for (const hook of hooks) {
+    await runWithTimeout(() => hook(context), timeoutMs);
+  }
+}
+async function runWithTimeout(operation, timeoutMs) {
+  let timer;
+  const timeout = new Promise((_, reject) => {
+    timer = setTimeout(() => {
+      reject(new Error(`Guardian analyze hook timed out after ${timeoutMs}ms`));
+    }, timeoutMs);
+  });
+  try {
+    await Promise.race([Promise.resolve(operation()), timeout]);
+  } finally {
+    if (timer !== void 0) {
+      clearTimeout(timer);
+    }
+  }
+}
+
 // src/utils/resolveLevel.ts
 function resolveLevel(score, thresholds = DEFAULT_RISK_LEVELS) {
   for (const threshold of thresholds) {
@@ -41,11 +68,14 @@ var ReportBuilder = class {
   build(score, matchedRules, thresholds, analyzedAt = (/* @__PURE__ */ new Date()).toISOString()) {
     const reasons = matchedRules.map((rule) => rule.reason);
     const level = resolveLevel(score, thresholds);
+    const frozenRules = matchedRules.map(
+      (rule) => Object.freeze({ ...rule })
+    );
     const report = {
       score,
       level,
       reasons: Object.freeze([...reasons]),
-      matchedRules: Object.freeze([...matchedRules]),
+      matchedRules: Object.freeze(frozenRules),
       analyzedAt
     };
     return Object.freeze(report);
@@ -72,7 +102,8 @@ var RuleEvaluator = class {
           id: rule.id,
           name: rule.name,
           score: rule.score,
-          reason: rule.reason ?? rule.name
+          reason: rule.reason ?? rule.name,
+          ...rule.group !== void 0 ? { group: rule.group } : {}
         });
       }
     }
@@ -83,10 +114,24 @@ var RuleEvaluator = class {
 // src/score/ScoreCalculator.ts
 var ScoreCalculator = class {
   /**
-   * Sum scores from all matched rules, clamped to a safe maximum.
+   * Sum scores from matched rules, applying group caps when configured.
    */
-  calculate(matchedRules) {
-    const total = matchedRules.reduce((sum, rule) => sum + rule.score, 0);
+  calculate(matchedRules, groupCaps = []) {
+    const caps = new Map(groupCaps.map((cap) => [cap.name, cap.maxScore]));
+    const grouped = /* @__PURE__ */ new Map();
+    let ungroupedTotal = 0;
+    for (const rule of matchedRules) {
+      if (rule.group !== void 0) {
+        grouped.set(rule.group, (grouped.get(rule.group) ?? 0) + rule.score);
+      } else {
+        ungroupedTotal += rule.score;
+      }
+    }
+    let total = ungroupedTotal;
+    for (const [groupName, groupScore] of grouped) {
+      const cap = caps.get(groupName);
+      total += cap !== void 0 ? Math.min(groupScore, cap) : groupScore;
+    }
     if (!Number.isFinite(total)) {
       return 0;
     }
@@ -104,7 +149,13 @@ function validateSignalValue(value) {
     return true;
   }
   const type = typeof value;
-  return type === "string" || type === "number" || type === "boolean";
+  if (type === "string") {
+    return value.length <= MAX_SIGNAL_STRING_LENGTH;
+  }
+  if (type === "number") {
+    return Number.isFinite(value);
+  }
+  return type === "boolean";
 }
 function validateSignalKey(key) {
   if (typeof key !== "string" || key.length === 0) {
@@ -149,6 +200,14 @@ function validateRuleInput(input) {
       throw new TypeError(`Rule description exceeds maximum length of ${MAX_KEY_LENGTH}`);
     }
   }
+  if (input.group !== void 0) {
+    if (typeof input.group !== "string" || input.group.trim().length === 0) {
+      throw new TypeError("Rule group must be a non-empty string");
+    }
+    if (input.group.length > MAX_KEY_LENGTH) {
+      throw new TypeError(`Rule group exceeds maximum length of ${MAX_KEY_LENGTH}`);
+    }
+  }
 }
 function validatePlugin(plugin) {
   if (typeof plugin.name !== "string" || plugin.name.trim().length === 0) {
@@ -174,6 +233,22 @@ function validateRiskLevels(levels) {
     }
   }
 }
+function validateRuleGroupInput(input) {
+  if (typeof input.name !== "string" || input.name.trim().length === 0) {
+    throw new TypeError("Rule group name must be a non-empty string");
+  }
+  if (input.name.length > MAX_KEY_LENGTH) {
+    throw new TypeError(`Rule group name exceeds maximum length of ${MAX_KEY_LENGTH}`);
+  }
+  if (input.maxScore !== void 0) {
+    if (typeof input.maxScore !== "number" || !Number.isFinite(input.maxScore) || input.maxScore < 0) {
+      throw new TypeError("Rule group maxScore must be a non-negative finite number");
+    }
+  }
+  if (!Array.isArray(input.rules) || input.rules.length === 0) {
+    throw new TypeError("Rule group must contain at least one rule");
+  }
+}
 function generateId() {
   return crypto.randomUUID();
 }
@@ -235,6 +310,7 @@ var RiskEngine = class {
   }
   deps;
   rules = [];
+  groupCaps = [];
   thresholds;
   /**
    * Register a rule for evaluation.
@@ -251,13 +327,30 @@ var RiskEngine = class {
   getRules() {
     return this.rules;
   }
+  /**
+   * Get configured per-group score caps.
+   */
+  getGroupCaps() {
+    return this.groupCaps;
+  }
+  /**
+   * Cap the combined score of matched rules in a group.
+   */
+  setGroupCap(name, maxScore) {
+    const existing = this.groupCaps.findIndex((cap) => cap.name === name);
+    if (existing >= 0) {
+      this.groupCaps[existing] = { name, maxScore };
+      return;
+    }
+    this.groupCaps.push({ name, maxScore });
+  }
   /**
    * Run the full risk analysis pipeline.
    */
   analyze() {
     const signals = this.deps.signalStore.getAll();
     const matchedRules = this.deps.ruleEvaluator.evaluate(this.rules, signals);
-    const score = this.deps.scoreCalculator.calculate(matchedRules);
+    const score = this.deps.scoreCalculator.calculate(matchedRules, this.groupCaps);
     return this.deps.reportBuilder.build(score, matchedRules, this.thresholds);
   }
 };
@@ -275,7 +368,8 @@ var RuleBuilder = class {
       score: input.score,
       when: input.when,
       ...input.description !== void 0 ? { description: input.description } : {},
-      ...input.reason !== void 0 ? { reason: input.reason } : {}
+      ...input.reason !== void 0 ? { reason: input.reason } : {},
+      ...input.group !== void 0 ? { group: input.group } : {}
     };
     return rule;
   }
@@ -319,6 +413,15 @@ var PluginRegistry = class {
   has(name) {
     return this.installed.has(name);
   }
+  /**
+   * Copy installed plugin names from a template (used by Guardian.fork).
+   * Does not call install() — rules and hooks are copied separately.
+   */
+  adoptInstalled(names) {
+    for (const name of names) {
+      this.installed.add(name);
+    }
+  }
   /**
    * Get names of all installed plugins in registration order.
    */
@@ -328,12 +431,17 @@ var PluginRegistry = class {
 };
 
 // src/engine/Guardian.ts
-var Guardian = class {
+var Guardian = class _Guardian {
   signalStore;
   riskEngine;
   pluginRegistry = new PluginRegistry();
+  plugins = [];
+  beforeHooks = [];
+  afterHooks = [];
+  thresholds;
+  analyzing = false;
   constructor(config = {}) {
-    const thresholds = config.levels ?? DEFAULT_RISK_LEVELS;
+    this.thresholds = config.levels !== void 0 ? [...config.levels] : DEFAULT_RISK_LEVELS;
     if (config.levels !== void 0) {
       validateRiskLevels(config.levels);
     }
@@ -344,7 +452,7 @@ var Guardian = class {
       scoreCalculator: new ScoreCalculator(),
       reportBuilder: new ReportBuilder()
     };
-    this.riskEngine = new RiskEngine(deps, thresholds);
+    this.riskEngine = new RiskEngine(deps, this.thresholds);
   }
   /**
    * Add a signal value for risk evaluation.
@@ -353,21 +461,60 @@ var Guardian = class {
     this.signalStore.set(key, value);
     return this;
   }
+  /**
+   * Read a signal value without modifying state.
+   */
+  getSignal(key) {
+    return this.signalStore.get(key);
+  }
   /**
    * Register a rule. ID is auto-generated.
    */
   rule(input) {
+    this.assertNotAnalyzing("register rules");
     const rule = RuleBuilder.create(input);
     this.riskEngine.addRule(rule);
     return this;
   }
+  /**
+   * Register a named group of rules with an optional combined score cap.
+   */
+  ruleGroup(input) {
+    this.assertNotAnalyzing("register rule groups");
+    validateRuleGroupInput(input);
+    for (const ruleInput of input.rules) {
+      this.rule({ ...ruleInput, group: input.name });
+    }
+    if (input.maxScore !== void 0) {
+      this.riskEngine.setGroupCap(input.name, input.maxScore);
+    }
+    return this;
+  }
   /**
    * Install a plugin. Each plugin name may only be registered once.
    */
   use(plugin) {
+    this.assertNotAnalyzing("install plugins");
+    this.plugins.push(plugin);
     this.pluginRegistry.install(plugin, this);
     return this;
   }
+  /**
+   * Register a hook that runs before rule evaluation.
+   * Use for loading signals from requests, Redis, IP lookups, etc.
+   */
+  beforeAnalyze(hook) {
+    this.beforeHooks.push(hook);
+    return this;
+  }
+  /**
+   * Register a hook that runs after the report is built.
+   * Use for audit logging, metrics, or blocking responses.
+   */
+  afterAnalyze(hook) {
+    this.afterHooks.push(hook);
+    return this;
+  }
   /**
    * Returns names of installed plugins.
    */
@@ -375,22 +522,191 @@ var Guardian = class {
     return this.pluginRegistry.getInstalled();
   }
   /**
-   * Run risk analysis and return an immutable report.
+   * Run risk analysis synchronously (skips lifecycle hooks).
+   * Prefer {@link analyzeAsync} when hooks are registered.
    */
   analyze() {
+    if (this.beforeHooks.length > 0 || this.afterHooks.length > 0) {
+      throw new Error(
+        "Guardian has analyze hooks registered. Use analyzeAsync() instead of analyze()."
+      );
+    }
     return this.riskEngine.analyze();
   }
   /**
-   * Clear all signals. Rules and installed plugins persist across resets.
+   * Run lifecycle hooks, evaluate rules, and return an immutable report.
+   *
+   * @param context Optional caller context passed to hooks (e.g. Express `req`).
+   */
+  async analyzeAsync(context) {
+    this.analyzing = true;
+    try {
+      const analyzeContext = {
+        data: context,
+        guardian: this
+      };
+      await runHooks(this.beforeHooks, analyzeContext);
+      const report = this.riskEngine.analyze();
+      const afterContext = {
+        ...analyzeContext,
+        report
+      };
+      await runHooks(this.afterHooks, afterContext);
+      return report;
+    } finally {
+      this.analyzing = false;
+    }
+  }
+  /**
+   * Create an isolated copy sharing rules, plugins, and hooks.
+   * Each fork has its own signal store for safe concurrent use.
+   */
+  fork() {
+    const child = new _Guardian({ levels: [...this.thresholds] });
+    for (const rule of this.riskEngine.getRules()) {
+      child.riskEngine.addRule(rule);
+    }
+    for (const cap of this.riskEngine.getGroupCaps()) {
+      child.riskEngine.setGroupCap(cap.name, cap.maxScore);
+    }
+    child.plugins.push(...this.plugins);
+    child.pluginRegistry.adoptInstalled(this.pluginRegistry.getInstalled());
+    for (const hook of this.beforeHooks) {
+      child.beforeHooks.push(hook);
+    }
+    for (const hook of this.afterHooks) {
+      child.afterHooks.push(hook);
+    }
+    return child;
+  }
+  /**
+   * Clear all signals. Rules, plugins, and hooks persist across resets.
    */
   reset() {
     this.signalStore.clear();
     return this;
   }
+  assertNotAnalyzing(action) {
+    if (this.analyzing) {
+      throw new Error(`Cannot ${action} while analysis is in progress`);
+    }
+  }
 };
 
+// src/guardian/defineSignals.ts
+function defineSignals() {
+  return {
+    create(config) {
+      return new Guardian(config);
+    }
+  };
+}
+
+// src/presets/applyRules.ts
+function applyRules(guardian, rules) {
+  for (const rule of rules) {
+    guardian.rule(rule);
+  }
+  return guardian;
+}
+
+// src/presets/botDetection.ts
+var botDetectionRules = [
+  {
+    name: "LinearMouseMovement",
+    reason: "Mouse movement is unnaturally linear",
+    when: (s) => s.mouseLinearity > 0.9,
+    score: 25
+  },
+  {
+    name: "RequestBurst",
+    reason: "Unusually high request rate in short window",
+    when: (s) => s.requestBurst > 50,
+    score: 30
+  },
+  {
+    name: "HeadlessBrowser",
+    reason: "User agent indicates headless browser",
+    when: (s) => s.headlessUA === true,
+    score: 40
+  },
+  {
+    name: "NewSession",
+    reason: "Session is very new",
+    when: (s) => s.sessionAgeSeconds < 10,
+    score: 10
+  },
+  {
+    name: "HighRequestRate",
+    reason: "Too many requests per minute",
+    when: (s) => s.requestsPerMinute > 30,
+    score: 35
+  }
+];
+var loginProtectionRules = [
+  {
+    name: "BruteForceAttempts",
+    reason: "Multiple failed login attempts",
+    when: (s) => s.loginAttempts > 5,
+    score: 45,
+    group: "login"
+  },
+  {
+    name: "RapidLoginBurst",
+    reason: "Login attempts in rapid succession",
+    when: (s) => s.requestsPerMinute > 10,
+    score: 25,
+    group: "login"
+  }
+];
+function parseIpAddress(value) {
+  const trimmed = value.trim();
+  if (trimmed.length === 0 || trimmed.length > 45) {
+    return null;
+  }
+  return net.isIP(trimmed) === 0 ? null : trimmed;
+}
+function isPrivateIp(ip) {
+  const parsed = parseIpAddress(ip);
+  if (!parsed) {
+    return true;
+  }
+  if (net.isIP(parsed) === 4) {
+    if (parsed.startsWith("10.") || parsed.startsWith("127.") || parsed.startsWith("192.168.") || parsed.startsWith("169.254.") || parsed.startsWith("0.")) {
+      return true;
+    }
+    if (parsed.startsWith("172.")) {
+      const second = Number(parsed.split(".")[1]);
+      if (second >= 16 && second <= 31) {
+        return true;
+      }
+    }
+    if (parsed.startsWith("100.")) {
+      const second = Number(parsed.split(".")[1]);
+      if (second >= 64 && second <= 127) {
+        return true;
+      }
+    }
+    return false;
+  }
+  const lower = parsed.toLowerCase();
+  return lower === "::1" || lower.startsWith("fc") || lower.startsWith("fd") || lower.startsWith("fe80");
+}
+function sanitizeSessionId(value) {
+  const trimmed = value.trim();
+  if (trimmed.length === 0 || trimmed.length > MAX_SESSION_ID_LENGTH) {
+    return null;
+  }
+  if (!SESSION_ID_PATTERN.test(trimmed)) {
+    return null;
+  }
+  return trimmed;
+}
+
 exports.DEFAULT_RISK_LEVELS = DEFAULT_RISK_LEVELS;
 exports.Guardian = Guardian;
+exports.HOOK_TIMEOUT_MS = HOOK_TIMEOUT_MS;
+exports.MAX_SIGNAL_STRING_LENGTH = MAX_SIGNAL_STRING_LENGTH;
 exports.PluginAlreadyInstalledError = PluginAlreadyInstalledError;
 exports.PluginInstallError = PluginInstallError;
 exports.PluginRegistry = PluginRegistry;
@@ -399,4 +715,11 @@ exports.RuleBuilder = RuleBuilder;
 exports.RuleEvaluator = RuleEvaluator;
 exports.ScoreCalculator = ScoreCalculator;
 exports.SignalStore = SignalStore;
+exports.applyRules = applyRules;
+exports.botDetectionRules = botDetectionRules;
+exports.defineSignals = defineSignals;
+exports.isPrivateIp = isPrivateIp;
+exports.loginProtectionRules = loginProtectionRules;
+exports.parseIpAddress = parseIpAddress;
 exports.resolveLevel = resolveLevel;
+exports.sanitizeSessionId = sanitizeSessionId;