Guard Core

Guard Core is a security monitoring and management platform for teams running APIs in production. Most security tooling sits at the network edge and tells you little about what actually reaches your application code. Guard Core works from inside your apps instead. You add the open-source guard-core middleware to your FastAPI, Node, or Rust services. It blocks attacks at the request level — SQL injection, XSS, path traversal, brute-force attempts, and traffic from blocked regions or cloud providers — and reports every decision to a central control plane through a lightweight agent. From one dashboard you can: - Watch security events across every service in real time - Filter and rate-limit by IP, geography, or endpoint - Tune rules in passive mode before you start blocking - Push rule changes to all your apps instantly, with no redeploy - Get alerted the moment a threat is detected, plus a weekly report on attack patterns and trends Privacy and compliance are built in, not bolted on. Guard Core ships the full set of GDPR data-subject rights — access, export, erasure, rectification, restriction, and objection — as working endpoints, alongside consent management (including pre-auth cookie consent) and a six-year audit trail of every privacy action. Personal data is encrypted at rest with AES-256-GCM, IP addresses are hashed and anonymized, and configurable retention policies purge stale data automatically. When someone requests deletion, Guard Core runs a hard-delete cascade that also scrubs their records from connected sub-processors such as Stripe, Sentry, and New Relic. You get full security visibility without turning your monitoring into a privacy liability. Protection runs inside your application while management lives in Guard Core, so you get request-level blocking with full visibility into the traffic that matters: the requests reaching your code. Try it in the interactive playground, then connect your own services when you are ready.