GUARD AGENT

Install Guard in 2 minutes

One file. One line of code. No package manager, no dependencies, no configuration files. Guard is open source — every line of code is readable and auditable.

Why install Guard?

Without Guard, 360Shield scans your site from the outside — 19 indicators across 5 dimensions. With Guard, 360Shield sees inside your application too — 57 indicators across 6 dimensions. More indicators means deeper analysis and a more accurate security assessment. Guard also enables real-time threat detection (AoM) and autonomous 360° protection.

1 Get your Agent Key

Log in to your DashboardGuard & API tab. Once a domain is verified, an agent key is auto-created for it. Click Show install next to the domain.

ada_agent_xxxxxxxxxxxxxxxxxxxx...

One key per domain. The key is bound to a single domain at creation — if it leaks, only that one domain is exposed (revoke + recreate from dashboard). Requires Basic plan or above. Note: Agent keys (ada_agent_*) are different from your master API key (ada_live_*) which is used by mobile + REST.

2 Download file, add one line

Download guard_flask.py (9 KB) → place in your project root.

# app.py — after app = Flask(__name__)
from guard_flask import shield
shield(app, key='ada_agent_YOUR_KEY', domain='example.com')

Alternative: set environment variables SHIELD_AGENT_KEY and SHIELD_DOMAIN instead of hardcoding.

3 Verify

Deploy your application and check your Dashboard within 5 minutes:

Guard ● Online — Agent is connected and sending heartbeats
SC expanded — 57 indicators now active across 6 dimensions for comprehensive assessment
AoM active — Real-time threat scoring with full traffic data

Not seeing Guard online? Check your application logs for [360Shield] messages. Common issues: invalid API key, outbound HTTPS blocked by firewall, or domain mismatch.

What Guard does — nothing more, nothing less

Monitors
Request metadata: IP, path, status, response time. 500-request buffer. Never captures user content.
Reports
Traffic summary + security config snapshot every 5 minutes. HMAC-SHA256 signed, HTTPS only.
Protects
Flood protection (50+ req/5min per IP → instant 429). Cloud commands: block IP, adjust limits.
Hardens
Adds security headers (X-Content-Type-Options, X-Frame-Options, HSTS). Removes Server/X-Powered-By.

What Guard sends to 360Shield

Sends
Traffic counts, bot ratio, status codes, response times
Debug mode, cookie settings, CSRF status
Secret key length (not the key itself)
Package versions for vulnerability detection
Never sends
User content, form data, request bodies
Passwords, tokens, API keys
Personal information, cookies, sessions
Source code or application logic

Guard communicates exclusively with 360shield.net over HTTPS. The API endpoint is hardcoded in every Guard file — verify by reading the source code.

Download Guard files

Pick the file matching your stack. Drop it into your project root and follow the install snippet for that framework. All files: zero dependencies, open source (MIT), stdlib only.

guard_flask.py
Flask · 9 KB
↓ Download
guard_django.py
Django · 7 KB
↓ Download
guard_fastapi.py
FastAPI · 6 KB
↓ Download
guard.php
PHP / WordPress · 8 KB
↓ Download
guard_node.js
Node.js / Express · 6 KB
↓ Download
Go to Dashboard