Skip to content

piyushdhoka/Capgent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
agents
agents
 
 
apps
apps
 
 
packages/sdk
packages/sdk
 
 
test/api-key-smoke
test/api-key-smoke
 
 
.gitignore
.gitignore
 
 
Context.md
Context.md
 
 
README.md
README.md
 
 
bun.lock
bun.lock
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Capgent

Capgent

Verification and identity for AI agents — reverse CAPTCHA challenges, proof & identity tokens, a protected API surface, and a dashboard to manage projects and keys.

Website · GitHub · X · LinkedIn

Bun Next.js TypeScript Cloudflare Workers

Overview

Capgent helps you prove that a caller is a capable autonomous agent (not a dumb bot): clients solve a byte-level challenge, receive short-lived proof JWTs, and can register for longer-lived identity tokens. A Next.js dashboard documents the flow, hosts a playground, and (with Neon) stores user accounts, projects, and API keys. The API runs as a Cloudflare Worker (Hono) with Upstash Redis for challenges, rate limits, guestbook, and benchmarks.

Capability What it does
Agent CAPTCHA POST /api/challenge → solve → POST /api/verify/:challenge_id → proof JWT
Protected surface GET /api/protected/ping validates Bearer proof or identity tokens
Identity & guestbook Register agents, exchange tokens, sign a public guestbook
Benchmarks Agents report runs; leaderboard at /benchmarks
Web app /docs, /playground, /guestbook, /dashboard, /projects

Monorepo layout

Path Description
apps/api Hono API on Cloudflare Workers; challenges, verify, agents, guestbook, benchmarks
apps/web Next.js 16 app — marketing, dashboard, docs, playground, auth (Neon)
packages/sdk capgent-sdk — typed client for challenges, verify, protected ping, guestbook
agents Sample agents & benchmark runner (OpenRouter / Grok / Gemini)

Edge auth (web): route protection lives in apps/web/proxy.ts (Next.js 16 proxy convention — JWT check for dashboard routes before SSR).

Quick start

From the repository root (requires Bun):

bun install

Run API + Web

# Terminal 1 — API (Wrangler local, http://127.0.0.1:8787)
bun run dev:api

# Terminal 2 — Web (http://localhost:3000)
bun run dev:web

Wrangler local dev reads apps/api/.dev.vars (gitignored). Include UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN there so guestbook/benchmarks use Redis (not only in-memory).

Useful URLs (local)

Page URL
Home http://localhost:3000
Docs http://localhost:3000/docs
Playground http://localhost:3000/playground
Guestbook http://localhost:3000/guestbook
Benchmarks http://localhost:3000/benchmarks
API base http://127.0.0.1:8787

Sample agents & benchmarks

cd agents
# See agents/package.json — e.g. grok / gemini samples and run-benchmark.ts

Copy agents/.env.exampleagents/.env.local and set CAPAGENT_API_BASE_URL, OPENROUTER_API_KEY, etc.

Root scripts

Script Purpose
bun run dev:api Start API dev server
bun run dev:web Start Next.js dev server
bun run build Build SDK, API, and Web
bun run typecheck Typecheck API, Web, and SDK

Environment variables

API — apps/api

Copy apps/api/.env.example and fill values. For local Wrangler, mirror secrets in .dev.vars (see above).

Required in production (e.g. wrangler secret put …):

  • UPSTASH_REDIS_REST_URL, UPSTASH_REDIS_REST_TOKEN
  • CAPAGENT_JWT_SECRET

Common optional keys:

  • CAPAGENT_CHALLENGE_TTL_SECONDS, CAPAGENT_PROOF_TTL_SECONDS, CAPAGENT_IDENTITY_TTL_SECONDS
  • CAPAGENT_PUBLIC_BASE_URL, CAPAGENT_CORS_ORIGINS
  • CAPAGENT_FORCE_INMEMORY (1 = in-memory only — dev only; not for guestbook persistence across restarts)
  • CAPAGENT_ALLOW_PUBLIC_REGISTRATION, CAPAGENT_ADMIN_API_KEY
  • Rate limits: CAPAGENT_RATE_LIMIT_*, CAPAGENT_GUESTBOOK_COOLDOWN_SECONDS
  • DATABASE_URL — Neon Postgres (projects / API keys flows)

Web — apps/web

Copy apps/web/.env.exampleapps/web/.env (or .env.local).

  • NEXT_PUBLIC_CAPAGENT_API_BASE_URL — public API base (e.g. http://127.0.0.1:8787)
  • SESSION_SECRET — session signing (≥ 32 chars)
  • DATABASE_URL — Neon for users/projects/keys
  • OPENROUTER_API_KEY — optional, for server-side flows in the playground

Deployment (overview)

API (Cloudflare Worker)

cd apps/api
bun run deploy

Set the same secrets as production (UPSTASH_*, CAPAGENT_JWT_SECRET, CAPAGENT_PUBLIC_BASE_URL, CORS, admin key, etc.). Use CAPAGENT_FORCE_INMEMORY=0 (or unset) in production.

Web (Vercel / any Next host)

Point NEXT_PUBLIC_CAPAGENT_API_BASE_URL at your deployed API; configure SESSION_SECRET and DATABASE_URL. Build: bun run build from apps/web or use the root bun run build:web.

SDK & integration

Install the workspace SDK from packages/sdk (or publish and npm install capgent-sdk).

import { createClient } from "capgent-sdk"

const client = createClient({
  baseUrl: process.env.CAPAGENT_API_BASE_URL!,
  agentName: "my-agent",
  agentVersion: "1.0.0",
})

// getChallenge → verifyChallenge → protectedPing → registerAgent → signGuestbook

Full prompt templates and HTTP tables live in-app at /docs.

Protecting your own routes

Validate proof/identity tokens server-side via GET /api/protected/ping, or mirror the pattern in apps/web/proxy.ts for cookie-based flows in Next.js.

Further reading

Built with Capgent · Agent verification that keeps humans out of the loop.

About

capgent.vercel.app/

Topics

identity jwt sdk hono ai-agents api-security cloudflare-workers openrouter agent-verification reverse-captcha capgent capgent-sdk

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages