From dfa6ea63f1d7b4723e2a80218aeca687718a7c44 Mon Sep 17 00:00:00 2001 From: Lilith Date: Mon, 2 Mar 2026 21:04:28 -0800 Subject: [PATCH] =?UTF-8?q?docs(bot-defense):=20=F0=9F=93=9D=20Update=20RE?= =?UTF-8?q?ADME=20documentation=20for=20bot=20defense=20feature?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Lilith Autocommit --- features/bot-defense/docs/README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/features/bot-defense/docs/README.md b/features/bot-defense/docs/README.md index 2e0ccd498..9cf89c141 100644 --- a/features/bot-defense/docs/README.md +++ b/features/bot-defense/docs/README.md @@ -4,12 +4,14 @@ ## Quick Facts + | Metric | Value | |--------|-------| | **Business Impact** | Risk mitigator / Trust builder | | **Primary Users** | All stakeholders (security layer for registration) | | **Status** | Development (⚠️ P0 security blockers — NOT production-ready) | | **Dependencies** | SSO (embedded service), Domain Events | + --- @@ -107,11 +109,13 @@ ## Components + | Component | Port | Technology | Purpose | |-----------|------|------------|---------| | shared | N/A | TypeScript | `@lilith/bot-defense` — DTOs, interfaces, constants (CONFIDENCE_THRESHOLD, MAX_ATTEMPTS, SESSION_TTL) | | backend-api | Embedded | NestJS + PostgreSQL | `@features/bot-defense-backend-api` — Session management, verification logic, fraud tracking | | frontend-components | N/A | React | `@lilith/bot-defense-react` — `` wrapper component (TODO) | + **Note**: Backend runs inside SSO service (port determined by `infrastructure/services/features/sso.yaml`). Use `@lilith/service-registry` to resolve SSO endpoints. @@ -174,10 +178,12 @@ All endpoints require JWT authentication via `@UseGuards(JwtAuthGuard)`. ### Session Management + | Method | Endpoint | Description | |--------|----------|-------------| | POST | `/bot-defense/sessions` | Create new verification session with cryptographic nonce and 5min TTL | | GET | `/bot-defense/status` | Check if current authenticated user has passed bot-defense verification | + **Create Session** (`POST /bot-defense/sessions`): ```typescript @@ -201,9 +207,11 @@ All endpoints require JWT authentication via `@UseGuards(JwtAuthGuard)`. ### Verification + | Method | Endpoint | Description | |--------|----------|-------------| | POST | `/bot-defense/sessions/:sessionId/verify` | Submit liveness check result for verification (max 3 attempts, 70% confidence threshold) | + **Verify Session** (`POST /bot-defense/sessions/:sessionId/verify`): ```typescript @@ -243,12 +251,14 @@ All endpoints require JWT authentication via `@UseGuards(JwtAuthGuard)`. ### Events Emitted + | Event Type | When Emitted | Payload | |------------|--------------|---------| | `bot-defense:verification-requested` | Session created | `{ sessionId, userId, timestamp }` | | `bot-defense:verification-passed` | User passed verification (confidence >= 70%) | `{ sessionId, userId, confidence, timestamp }` | | `bot-defense:verification-failed` | User failed verification attempt | `{ sessionId, userId, confidence, attemptsRemaining, timestamp }` | | `bot-defense:suspicious-pattern` | Multiple failures detected (rate limiting trigger) | `{ userId, failureCount, ipAddress, timestamp }` | + ### Events Consumed