RelintioAgent in-process agent for Python ASGI runtimes.
Project description
relintio-agent (Python)
Note on Features & Quotas: Advanced features (like Bot Challenge and Custom Shield Pages) are tied to your subscription plan. If you exceed your monthly API quota, the agent will operate in a degraded mode (basic protection) before ultimately failing-open to prevent locking you out of your own site. All configuration rules are centrally managed via the dashboard.
Python in-process agent for ASGI runtimes (FastAPI/Starlette/etc).
Install
pip install relintio-agent
FastAPI usage
from fastapi import FastAPI
from relintio_agent.asgi import UltimateProtectorMiddleware
app = FastAPI()
app.add_middleware(
UltimateProtectorMiddleware,
license_key="UP_LIVE_...",
api_url="https://relintio.com/api",
)
Zero-code-ish usage (env wrapper)
If you can change how the app is created (but don't want to paste config into code), wrap the ASGI app using env vars:
import os
from fastapi import FastAPI
from relintio_agent import wrap_asgi_app
app = wrap_asgi_app(FastAPI())
# env:
# UP_LICENSE_KEY=UP_LIVE_...
# UP_API_URL=https://relintio.com/api
Optional: sitecustomize bootstrap
The platform can generate a sitecustomize.py helper inside the Python auto bundle.
If that file is on PYTHONPATH, Python auto-imports it on startup.
Set UP_ASGI_APP="module:app" and it will best-effort wrap that object automatically (fail-open).
Risk Scoring Engine (v0.9.6)
Every request is evaluated using an additive 0-100 signal-based score. Signals include:
| Signal | Weight | Description |
|---|---|---|
| Empty User-Agent | +50 | No UA header sent |
| Short User-Agent | +25 | UA < 20 characters |
| No Accept-Language | +20 | Missing browser locale header |
| Generic Accept | +15 | Wildcard */* only |
| Connection: close | +10 | Non-persistent connection |
| POST without Referer | +15 | Form submission without origin |
| Rate burst | +35 | Token-bucket exhaustion |
Response Tiers
| Tier | Score Range | Behavior |
|---|---|---|
| ALLOW | 0–39 | Request proceeds normally |
| SLOW | 40–59 | 2-second asyncio.sleep to exhaust scanners |
| CHALLENGE | 60–74 | Browser verification challenge |
| DECOY | 75–84 | Serves fake maintenance page |
| BLOCK | 85–100 | Hard block with configured response |
Token-Bucket Rate Limiter
Default: 8 tokens/sec, burst capacity of 24. Route-aware multipliers give extra capacity to static assets. Memory-safe with 5-minute eviction via asyncio-compatible dict.
Notes
- PyPI distribution name:
relintio-agent - Import path:
relintio_agent(recommended) - Legacy import path still supported:
ultimateprotector_agent
Options
license_key(required)api_url(required) e.g.https://relintio.com/apisync_interval_seconds(default:60)allow_sample_rate(default:0.01)only_paths: list[str] exact (/checkout) or prefix (/product/*)except_paths: list[str]only_regex: str (Python regex)
Geo Enrichment
When CDN geo headers (CF-IPCountry, etc.) are absent, the agent calls the platform's /api/agent/geo-lookup endpoint.
The server resolves the country using local MaxMind GeoLite2 databases — zero external API calls, zero cost, microsecond latency.
Results are cached in-memory (24h TTL) to minimize round-trips.
Changelog
0.9.3
- Import path alignment -
relintio_agentis now the documented import path, withultimateprotector_agentkept as a compatibility alias. - Version telemetry alignment - Runtime telemetry now reports
0.9.3, matching the PyPI package version and release tag.
0.5.0
- Additive risk-scoring engine — 0-100 signal-based scoring with 7 weighted signals.
- 5-tier graduated response — ALLOW, SLOW (
asyncio.sleep(2.0)), CHALLENGE, DECOY, BLOCK. - Token-bucket rate limiter — Replaces fixed-window counter. 8 tokens/sec, 24 burst, route-aware multipliers.
risk_scoretelemetry — Agent-calculated score forwarded to server in log payload.
0.3.0
- Geo enrichment architecture hardened — The server-side
/api/agent/geo-lookupendpoint now performs local MaxMind GeoLite2 lookups instead of proxying toipinfo.io. Agent behaviour is unchanged; the improvement is server-side.
0.2.0
- HMAC payload verification — Rules payloads are now authenticated with HMAC-SHA256 before decryption. Requires platform ≥ 2026-04.
X-Agent-Versionheader — Sent on every/verifyrequest for dashboard version tracking.outdatedstatus handling — If the cloud responds withoutdated, the agent fails open and stops protecting until updated.
0.1.1
- Initial stable release with AES-256-CBC encrypted rules sync.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file relintio_agent-0.9.7.tar.gz.
File metadata
- Download URL: relintio_agent-0.9.7.tar.gz
- Upload date:
- Size: 24.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9ab421063d8a5683082e3f7d23c11a6e1e967666d8423f2a4297212fae251440
|
|
| MD5 |
46817259f321b4caf13ae65663318615
|
|
| BLAKE2b-256 |
1a2b09df1bfe0f87e07675bc7ab3a94e5be5ba8955a565ef443909275126557c
|
File details
Details for the file relintio_agent-0.9.7-py3-none-any.whl.
File metadata
- Download URL: relintio_agent-0.9.7-py3-none-any.whl
- Upload date:
- Size: 27.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2b77f0d8bdcd56a903a98018ff1d13b6ebf51b75576d47a66a49b84e92263126
|
|
| MD5 |
70b36d48b4969036c29b5780264d4e7e
|
|
| BLAKE2b-256 |
4584e7ebaa62e932f530e037e1cf6caa880f4f2397d5cd7eee2e651ca310e501
|