Cosantoir Docs
Developer DashboardStart integrating
Browse Documentation

Foundation

Getting Started

IntroductionQuickstartArchitectureTroubleshootingDeployment Models

Platform

Frameworks (SDK)

Next.jsExpressHonoBunDenoNestJSSvelteKitAstroFastifyNode.jsNuxtGoRustPython + FastAPIPython + FlaskReact Router & RemixSolid StartKoaAdonisJSElysia

Capabilities

Blueprints

Signup Abuse ProtectionGlobal Rate LimitingBot Fingerprinting

Product

Core Platform

Web AppDashboardSync CenterAccount Security

Developers

Developer Tools

CLISDKsMCP

API Reference

OverviewAuthenticationErrorsRate LimitsIntegrations API

Guides

Slack AutomationPagerDuty EscalationWebhook AutomationPolicy Profiles

Operations

Operations

Deployment ChecklistMonitoringIncident ResponseBackup and Restore

Business

Billing and Plans

Pricing OverviewInvoices and RefundsEnterprise Contracts
On This Page
Choose this surfaceShared contractNeighbor surfacesPage guide
Server runtime@cosantoir/nestjs9 related surfaces

NestJS belongs to the same runtime contract, but it should still feel native to its own request boundary.

Guard and interceptor-oriented protection inside Nest applications. Choose the server package when handlers, hooks, or fetch semantics are the real request boundary. The page should help you choose this surface deliberately, compare it against its lane neighbors, and keep operator proof in reach while you wire the integration.

lane family

9

Server runtime

package line

1

@cosantoir/nestjs

contract vars

3

Shared across wrappers and native SDKs

operator lanes

2

Plus 2 native package families

@cosantoir/nestjs@cosantoir/express@cosantoir/hono@cosantoir/fastify@cosantoir/node@cosantoir/cli@cosantoir/mcpCOSANTOIR_GATEWAY_URLCOSANTOIR_API_KEYCOSANTOIR_SITE_IDpip install cosantoircosantoir logincosantoir-mcp@cosantoir/nestjs@cosantoir/express@cosantoir/hono@cosantoir/fastify@cosantoir/node@cosantoir/cli@cosantoir/mcpCOSANTOIR_GATEWAY_URLCOSANTOIR_API_KEYCOSANTOIR_SITE_IDpip install cosantoircosantoir logincosantoir-mcp

Surface fit

Choose this surface when the boundary is real, not convenient.

A better docs system tells you why this lane exists, what makes it distinct, and how it hands off to the rest of the platform.

Use this when

Choose the server package when handlers, hooks, or fetch semantics are the real request boundary.

Package line

@cosantoir/nestjs

The install and contract line should stay recognizable even when the request lifecycle changes.

First proof

Protect one real route, loader, or handler first, then read the resulting headers and decision state before broadening the rollout.

Install line

NestJS package install

bash
01pnpm add @cosantoir/nestjs @cosantoir/node
Install the surface that actually owns the request path. Do not start with a prettier abstraction and retrofit the boundary later.

Shared contract

Runtime identity

env
01COSANTOIR_GATEWAY_URL=http://localhost:4000
02COSANTOIR_API_KEY=dp_live_example
03COSANTOIR_SITE_ID=site_prod_web
These values should stay stable across framework wrappers, native SDKs, CLI probes, and MCP tools.

Contract discipline

The framework changes. The contract should not.

This is the point where the left rail, page body, and right rail need to agree: the package can change, but the gateway origin, runtime key, site id, and proof loop stay the same.

01

COSANTOIR_GATEWAY_URL

Keep this value aligned across application middleware, direct SDK probes, and operator tooling so the same request path stays explainable.

02

COSANTOIR_API_KEY

Keep this value aligned across application middleware, direct SDK probes, and operator tooling so the same request path stays explainable.

03

COSANTOIR_SITE_ID

Keep this value aligned across application middleware, direct SDK probes, and operator tooling so the same request path stays explainable.

Lane neighbors

Neighbor surfaces

A mature docs system makes adjacent choices visible. If this page is not the right boundary, the best alternative should already be in front of you.

Server runtime

Express

Middleware enforcement for existing Node API servers.

@cosantoir/express

Server runtime

Hono

Fetch-native protection for edge and lightweight runtimes.

@cosantoir/hono

Server runtime

Fastify

Fast pre-handler hooks for high-throughput APIs.

@cosantoir/fastify

Server runtime

Koa

Async middleware protection inside Koa request chains.

@cosantoir/koa

Server runtime

Elysia

Plugin entry point for Bun-native Elysia services.

@cosantoir/elysia

Server runtime

AdonisJS

HTTP middleware integration for AdonisJS applications.

@cosantoir/adonisjs

Handoff

Node.js

Direct evaluator client for custom servers, bespoke middleware order, and exact transport control.

@cosantoir/node

Handoff

CLI

Terminal lane for login, request probes, and telemetry-backed operator workflows.

@cosantoir/cli

Handoff

MCP

Model-facing tool server for safe policy and evaluator access.

@cosantoir/mcp

Launch route

Quickstart

Wire a first protected request and stop only when the receipt is explainable.

Control map

Architecture

Trace how the wrapper, gateway, evaluator, and dashboard stay on the same contract line.

Operator lane

CLI

Bootstrap credentials, run probes, and inspect runtime decisions without leaving the terminal.

Agent lane

MCP

Expose bounded runtime tools to model workflows without widening system reach.

Detailed guide

NestJS page guide

The framework-specific instructions live below, but they now sit inside a stronger system: lane fit above, contract line beside, neighbors nearby.

# NestJS Integration Leverage the NestJS wrapper to gate controller execution before business logic runs. ## Guard Example ``ts import { Controller, Get, UseGuards } from '@nestjs/common'; import { createCosantoir } from '@cosantoir/node'; import { CosantoirGuard } from '@cosantoir/nestjs'; const cosantoir = createCosantoir({ baseUrl: process.env.COSANTOIR_GATEWAY_URL!, apiKey: process.env.COSANTOIR_API_KEY!, siteId: process.env.COSANTOIR_SITE_ID! }); @Controller('api') @UseGuards(CosantoirGuard(cosantoir)) export class AppController { @Get('secure-data') getSecureData() { return { secured: true, message: 'Threat-free data!' }; } } ``

Last updated Mar 24, 2026