Silker AISilker AI
Get started

Getting started

Frameworks & deployment

Three integration surfaces share one detection engine: the Node SDK, the Next.js edge adapter, and the standalone reverse proxy. Choose by stack and hosting model.

Node SDK

The default integration. Works with any Node framework. Set SILKER_API_KEY in the environment; the SDK picks it up automatically.

Express

server.js
import express from 'express';
import { initSilker, middleware } from '@silker-ai/agent';

const app = express();

initSilker();            // hooks outgoing fetch (SSRF), starts telemetry
app.use(middleware());   // inspects incoming requests

app.listen(3000);

NestJS

Apply the Express-compatible middleware globally in your bootstrap file.

main.ts
import { NestFactory } from '@nestjs/core';
import { initSilker, middleware } from '@silker-ai/agent';
import { AppModule } from './app.module';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);

  initSilker();
  app.use(middleware());

  await app.listen(3000);
}
bootstrap();

Fastify

Wrap the middleware with fastify-express or run it inside a hook.

server.js
import Fastify from 'fastify';
import middie from '@fastify/middie';
import { initSilker, middleware } from '@silker-ai/agent';

const app = Fastify();
await app.register(middie);

initSilker();
app.use(middleware());

await app.listen({ port: 3000 });

Next.js (App Router / Edge)

The Express middleware does not run on the Edge runtime. Use the edge-safe adapter from @silker-ai/agent/next, which returns a handler compatible with middleware.ts. It uses a lower-false-positive base feature set and is always fail-open.

middleware.ts
import { nextMiddleware } from '@silker-ai/agent/next';

export const middleware = nextMiddleware();

export const config = {
  matcher: '/api/:path*',
};
On serverless/edge, pass waitUntil (Vercel) so telemetry is delivered after the response without blocking the request. See SDK configuration.

Docker reverse proxy (no code changes)

For non-Node stacks (PHP, Python, Go, Java, Ruby), run the proxy as a sidecar in front of your app. The pre-built image inspects traffic and forwards it upstream - no code changes.

docker
docker run -d \
  -p 8080:8080 \
  -e SILKER_TARGET=http://your-app:3000 \
  -e SILKER_API_KEY=sk_your_key \
  ghcr.io/niceappspl/silker-proxy:latest

Apps hosted on Vercel / Netlify

Your app stays where it is. Run the Silker proxy on Railway, Fly.io, or Render (one container), point SILKER_TARGET at your app URL, then point your custom domain at the proxy. Traffic flows: user → proxy → your-app.

docker
docker run -d \
  -p 8080:8080 \
  -e SILKER_TARGET=https://your-app.vercel.app \
  -e SILKER_API_KEY=sk_your_key \
  ghcr.io/niceappspl/silker-proxy:latest

Cloudflare Workers

The edge-safe core also powers a Cloudflare Worker for low-latency inspection at the edge. Deploy it in front of your origin and set your API key as a Worker secret.

Behind Cloudflare or another WAF, you can set disableLegacySecurity: true to avoid duplicate CSRF/SSRF/IDOR/Host-header checks. See SDK configuration.