Guard

Dashboard overview metrics page
Dashboard bot metrics page
Policy configuration page
Client-facing security challenge

Inspiration

Modern APIs face an ever-growing threat from automated bot traffic, scraping, and DDoS attacks. Traditional solutions are either too expensive, too complex to deploy, or lack the intelligence needed to distinguish between legitimate users and sophisticated bots. We were inspired by the challenge of building a production-ready solution that combines:

Edge computing power - Leveraging Vercel's global edge network for sub-50ms latency worldwide
AI intelligence - Using machine learning to detect sophisticated bots that bypass traditional rule-based systems
Developer experience - Making enterprise-grade protection accessible through a beautiful, intuitive dashboard

The goal was to create something that doesn't just block bots, but intelligently protects APIs while maintaining excellent performance for legitimate users. We wanted to build a system that learns, adapts, and provides complete visibility into what's happening at the edge.

What it does

Guard is an intelligent edge load balancer with AI-powered bot detection that protects your APIs at the edge. It combines smart load balancing, real-time bot detection, rate limiting, and comprehensive observability into a single, production-ready solution.

Core Features

AI-Powered Bot Detection

Heuristic-based scoring combined with an optional PyTorch AI classifier
Detects sophisticated bots that bypass traditional rules
Configurable thresholds with multiple action types (allow, challenge, throttle, block, reroute)
Challenge token system with hCaptcha integration for proof-of-human verification

Smart Load Balancing

Multiple strategies: weighted round-robin, latency-aware, health-aware, sticky sessions
Automatic backend health monitoring
Real-time latency tracking and optimization
Policy-based routing with path pattern matching

Advanced Rate Limiting

Per-IP, subnet, session, or endpoint-based limits
Sliding window implementation with burst protection
Dynamic rate limit adjustment during bot attacks
Configurable per-policy limits

Complete Observability

Full request journey tracing in Sentry
Real-time metrics dashboard with bot score distributions
Performance monitoring with span-level details
Automated remediation system that responds to attacks

Modern Admin Dashboard

Dark-mode interface built with shadcn/ui
Real-time metrics and analytics
Policy management with visual builders
Multi-domain support with per-domain metrics

How we built it

Architecture

Guard is built on a modern, edge-first architecture:

Request → Edge Middleware → Feature Extraction → Rate Limiting → Bot Detection (Heuristics + AI) → Load Balancing → Proxy → Backend

Technology Stack

Frontend & Edge Runtime

Next.js 16 with App Router for the dashboard and API routes
Vercel Edge Runtime for sub-50ms global latency
React 19 with TypeScript for type safety
shadcn/ui + Tailwind CSS v4 for the modern dashboard UI
Recharts for data visualization

Backend Services

Upstash (Redis) for rate limiting and caching
PostgreSQL (Neon) for configuration and metrics storage
FastAPI microservice for AI bot classification using PyTorch
hCaptcha for challenge verification

Observability & Monitoring

Sentry for error tracking, performance monitoring, and custom metrics
Full request journey tracing with breadcrumbs
Custom metrics for bot scores, decisions, and backend performance
Webhook integration for automated remediation

Security & Infrastructure

IP address hashing with SHA-256 for privacy compliance
JWT-based challenge tokens with IP binding
HTTP-only cookies for security
Fail-open architecture to prevent single points of failure

Key Implementation Details

Edge Middleware Pipeline

Feature extraction from requests (IP, url, headers, user agent, geo)
Rate limiting with sliding window algorithm
Bot scoring using heuristics (8+ rules) and optional AI classifier
Backend selection based on configured strategy
Request proxying with header injection

AI Bot Detection

Trained PyTorch model on real bot traffic patterns (sourced from multiple datasets)
Feature extraction from request characteristics
Blended scoring between heuristics and AI
Performance monitoring to detect model drift

Observability Integration

Every request creates a Sentry transaction
Child spans for each pipeline stage
Breadcrumbs for decision reasoning
Custom metrics for aggregation and alerting

Fail-Safe Design

Graceful degradation if Redis/Postgres unavailable
Fallback to heuristics-only if AI service fails
Default configurations for zero-downtime operation

Challenges we ran into

1. Edge Runtime Limitations

Challenge: Vercel Edge Runtime doesn't allow arbitrary CNAME records to route to the service (it requires them all to be listed in the Domains list for the project)

Solution:

Leveraged the Vercel API to add new domains to the Domains list automatically

2. AI Service Integration

Challenge: Integrating a Python PyTorch service with the Edge runtime while maintaining low latency and handling failures gracefully.

Solution:

Built a FastAPI microservice that can be deployed separately
Implemented timeout and retry logic with fallback to heuristics-only
Created a blended scoring system that combines both approaches
Added performance monitoring to detect when AI service is unavailable or degraded

3. Real-time Metrics Collection

Challenge: Edge runtime can't directly write to PostgreSQL, but we needed real-time metrics for the dashboard.

Solution:

Created an HTTP API endpoint (/api/metrics/record) that Edge runtime calls
Implemented batching and async processing to avoid blocking requests
Designed a hybrid storage approach: Redis for rate limits, Postgres for analytics

4. Observability in Edge Runtime

Challenge: Getting comprehensive traces and breadcrumbs from Edge runtime to Sentry with proper context.

Solution:

Implemented custom Sentry instrumentation for Edge runtime
Created structured breadcrumbs for each decision point in the pipeline
Added span-level attributes for filtering and analysis
Fixed missing exception transmission by ensuring proper async flushing

6. Multi-Domain Support

Challenge: Supporting multiple domains with isolated metrics and configurations while maintaining performance.

Solution:

Implemented domain-based querying in all storage functions
Created domain selector UI in the dashboard
Normalized domain names (lowercase, trimmed) for consistent querying
Added domain context to all metrics and traces

Accomplishments that we're proud of

Intelligent Bot Detection

Our dual-layer approach (heuristics + AI) provides:

Detection of sophisticated bots that bypass traditional rules
Performance monitoring to detect model drift
Blended scoring for optimal accuracy
Challenge system for proof-of-human verification

Complete Observability

Every request is fully traceable:

Full journey visualization in Sentry (feature extraction → rate limit → bot detection → routing → proxy)
Span-level performance metrics
Rich breadcrumbs showing decision reasoning
Custom metrics for aggregation and alerting
Integration with Sentry's Seer AI debugger

Automated Remediation

Built an intelligent system that:

Detects bot attacks in real-time using multiple signals
Automatically adjusts rate limits during attacks
Integrates with Sentry webhooks for event-driven responses
Provides detailed metrics on attack patterns

What we learned

Edge Computing Best Practices

Async patterns matter: Proper async/await and timeout handling is critical in Edge runtime
Fail-open is essential: Protection systems must never become bottlenecks
Hybrid architectures work: Combining Edge and Node.js runtimes for different needs
Observability is challenging: But essential for debugging edge functions

AI Integration in Production

Fallbacks are mandatory: AI services can fail, degrade, or be slow
Performance monitoring is crucial: Need to detect model drift and accuracy issues
Blended approaches work best: Combining rule-based and ML systems provides reliability and intelligence
Latency matters: AI calls must be fast or have timeouts