MAF

Initializing MAF System...

v2.0 Now Available

Request Intelligence

MAF brings context, continuity, and intent detection to every request.
Stop attacks before they execute.

Get Started

View Documentation

Star on GitHub

What is MAF?

How MAF Works

Request

MAF Middleware

Context

Risk Engine

Decision

Backend

ALLOW

Legitimate traffic passed to backend with zero latency.

BLOCK

Malicious requests rejected immediately at the edge.

CHALLENGE

Suspicious activity triggered implicit/explicit challenges.

DROP_SESSION

Session invalidated silently due to behavioral anomaly.

Architecture Stack

Backend

Node.js, Express

Session Store

Redis

Logs

MongoDB

AI

Ollama, OpenRouter

Dashboard

React

Orchestration

n8n

Audit Integrity

Blockchain (Optional)

Why Developers Love MAF

Runs as middleware or SDK

Rules-first, AI-optional

No latency spikes

Circuit breaker for AI

Zod-based config validation

Replayable security decisions

On-prem and Docker support

Privacy-safe logging (no secrets or tokens)

Threats MAF Stops

Session Replay & Cookie Theft

Credential Stuffing

API Abuse & Automation

Device Fingerprint Spoofing

Prompt Injection

CSRF & Replay

Insider Misuse

Third-party Abuse

Developer First

Drop-in middleware.
Zero redesign.

Integrate MAF into your existing Node.js or Express backend in minutes. No complex setup, sidecars, or architecture overhaul required.

Type-safe configuration
Zero-latency by default with "monitor" mode
Works with all major Node.js frameworks

server.ts — MAF Integration

123456789101112

const express = require('express');

const { mafaiExpress } = require('mafai');

const app = express();

app.use(express.json());

app.use(mafaiExpress({ apiKey: "YOUR_MAF_APP_KEY", engineUrl: "http://your-engine-ip:3001/evaluate" }));

master*TypeScript JSX

Ln 7, Col 12UTF-8

Developer Workflow

Monitor

Start in monitoring mode to observe traffic without blocking.

Tune

Use session replays to fine-tune your security rules.

Enforce

Turn on blocking mode to stop attacks in real-time.

Live Request Intelligence

Visualize risk scores, analyze request timelines, and replay sessions to understand attacker behavior.

MAF Dashboard - Live Monitor

Active Sessions

1,248

Threats Blocked

142

Avg Risk Score

Global Traffic

23.4k

Request Volume (Last 1h)

Recent Alerts

Credential Stuffing detected

192.168.1.104

2m ago

Risk: 85

SQL Injection attempt

10.0.0.42

5m ago

Risk: 92

Abnormal Rate Limit

172.16.0.2

12m ago

Risk: 65

New Device Access

192.168.1.55

18m ago

Risk: 45

Give Your Backend Intelligence,
Not Just Filters

Start Securing Requests

Read Documentation

Join Community

What is MAF?

How MAF Works

Architecture Stack

Backend

Session Store

Logs

AI

Dashboard

Orchestration

Audit Integrity

Why Developers Love MAF

Threats MAF Stops

Session Replay & Cookie Theft

Credential Stuffing

API Abuse & Automation

Device Fingerprint Spoofing

Prompt Injection

CSRF & Replay

Insider Misuse

Third-party Abuse

Drop-in middleware. Zero redesign.

Developer Workflow

Monitor

Tune

Enforce

Live Request Intelligence

Recent Alerts

Give Your Backend Intelligence, Not Just Filters

Drop-in middleware.
Zero redesign.

Give Your Backend Intelligence,
Not Just Filters