Metadata-Version: 2.4
Name: antsilk
Version: 0.1.0
Summary: Drop-in security middleware for Python ASGI apps.
Author-email: brianchenhao <brianchenjunhao@gmail.com>
License: MIT
Project-URL: Homepage, https://antsilk.com
Project-URL: Documentation, https://docs.antsilk.com
Project-URL: Source, https://github.com/brianchenhao/antsilk
Project-URL: Issues, https://github.com/brianchenhao/antsilk/issues
Project-URL: Changelog, https://github.com/brianchenhao/antsilk/blob/main/CHANGELOG.md
Keywords: security,waf,middleware,asgi,fastapi,starlette
Classifier: Development Status :: 3 - Alpha
Classifier: Framework :: FastAPI
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Provides-Extra: test
Requires-Dist: pytest>=8.0; extra == "test"
Requires-Dist: httpx>=0.27; extra == "test"
Requires-Dist: fastapi>=0.110; extra == "test"
Provides-Extra: docs
Requires-Dist: mkdocs>=1.6; extra == "docs"
Requires-Dist: mkdocs-material>=9.5; extra == "docs"
Dynamic: license-file

# antsilk

[![tests](https://github.com/brianchenhao/antsilk/actions/workflows/test.yml/badge.svg)](https://github.com/brianchenhao/antsilk/actions/workflows/test.yml)
[![coverage](https://img.shields.io/badge/coverage-98%25-brightgreen)](https://github.com/brianchenhao/antsilk/actions/workflows/test.yml)
[![PyPI](https://img.shields.io/pypi/v/antsilk.svg)](https://pypi.org/project/antsilk/)
[![Python](https://img.shields.io/pypi/pyversions/antsilk.svg)](https://pypi.org/project/antsilk/)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)

**Drop-in security middleware for Python ASGI apps.**

`antsilk` is a small, zero-dependency middleware that sits in front of
your FastAPI / Starlette / Litestar app and does the boring half of web
security for you. Two lines of glue and every incoming request gets
rate-limited, scanned for SQL injection / XSS / path traversal, checked
against an IP threat-intel blocklist, and inspected for suspicious
headers. Blocks are recorded as structured events in a local SQLite
ledger.

## Install

```bash
pip install antsilk
```

## Two-line install

```python
from fastapi import FastAPI
from antsilk import AntsilkMiddleware

app = FastAPI()
app.add_middleware(AntsilkMiddleware)
```

Restart your server. Antsilk is now active with defaults:

- 60 requests per minute per IP
- threat-intel from FireHOL Level 1 + Spamhaus DROP, refreshed every 6h
- SQLi / XSS / path-traversal regex over URL, query, non-UA headers
- structural header check (missing UA, bad UA, malformed Cookie)
- events written to `./antsilk_events.db` (SQLite, WAL mode)

## What it catches

| Layer            | What it catches                                                         | Response |
| ---------------- | ----------------------------------------------------------------------- | -------- |
| **threat-intel** | Traffic from IPs on FireHOL Level 1 or Spamhaus DROP                     | 403       |
| **rate limit**   | Per-IP token bucket; default 60 req/min                                 | 429       |
| **headers**      | Missing User-Agent, `sqlmap`/`nikto`/`masscan`/`nmap`, malformed Cookie  | 403       |
| **patterns**     | SQLi, XSS, path traversal regex over path / query / non-UA headers      | 403       |

## Why

- **Zero runtime dependencies.** Standard library only. Every dep is
  friction for adopters and a supply-chain risk.
- **`< 1ms` p99 latency overhead** on a typical FastAPI route.
- **Sensible defaults.** Two-line install gives you a real WAF on day one.
- **Pluggable.** Swap `SQLiteSink` for `JSONLinesSink`, or write your own.
- **Carve-outs that match how apps actually look.** Webhooks bypass rate
  limit; user-content endpoints bypass pattern scan; payment endpoints
  bypass threat-intel — all wired through `RouteRule`.

## Docs

- [Quickstart](docs/quickstart.md)
- [Configuration](docs/configuration.md)
- [Rules](docs/rules.md)
- [Per-route overrides](docs/per-route-overrides.md)

Full docs site: `docs.antsilk.com` (coming online with the v0.1.0 launch).

## Status

`v0.1.0` — first published release. Public API frozen during the
`v0.1.x` line; breaking changes wait for `v0.2.0` after a deprecation
warning. Body scanning is deferred to `v0.3.0`.

## License

MIT
