🔐 Security Event Risk Engine
Security Event → Risk Evaluation → Decision A lightweight, test-driven security risk evaluation engine for backend systems.
🚀 What is this?
A backend-oriented security engine that evaluates user actions (events) and determines risk level & enforcement decision based on context signals.
Typical use cases:
Abuse / fraud prevention
Permission & authentication anomaly detection
Rate-limit & challenge decisioning
🧠 Core Design Security Event ↓ Event Builder (normalize / validate) ↓ Security Evaluator (rules / signals) ↓ Risk Level + Decision
Event-driven (JSON contract)
Rule + signal based (extensible)
Deterministic & testable (no hidden magic)
📦 Example Input / Output Security Event (Input) { "action": "CREATE_PROPERTY", "actor": { "role": "HOST", "isAuthenticated": true }, "signals": { "requestRate": 1 } }
Risk Evaluation (Output) { "riskLevel": "LOW", "decision": "ALLOW" }
🧪 Test Strategy Test Case Scenario Expected Result TC-01 Authenticated HOST LOW / ALLOW TC-02 Unauthenticated user HIGH / BLOCK TC-03 High request rate MEDIUM / CHALLENGE TC-04 ❌ Invalid / hallucinated output Rejected
✅ E2E tests with Jest
✅ Negative Contract Tests (prevent LLM hallucination)
✅ JSON fixture–driven
⚙️ CI / Quality
GitHub Actions CI
Auto test on every push
Node.js 18 / 20 compatible
npm test
📁 Project Structure src/ ├─ securityEventBuilder.js ├─ securityEvaluator.js tests/ └─ security.e2e.test.js docs/ ├─ requirements.md ├─ basic-design.md └─ test-spec.md
💡 Why this project?
This project demonstrates:
Security-oriented backend design
Clear contracts & deterministic behavior
Test-first thinking
Production-style CI discipline
🧑💻 Author
Built as a backend architecture & security design showcase. Optimized for technical interviews & real-world discussions.