@solinkify/gate
v0.1.1
Published
Creator middleware for Next.js — blocks AI scrapers with HTTP 402 paywall, monetizes ethical AI agents on Solana.
Maintainers
perbanggaReadme
@solinkify/gate
Monetize your content from AI scrapers — one middleware, zero friction for humans.
@solinkify/gate is a Next.js middleware that intercepts AI bot traffic, returns HTTP 402 Payment Required with a machine-readable payment manifest, and lets through only verified paying agents — while human visitors never notice a thing.
Built on Solana. Payments go through on-chain Escrow PDA. No custodial wallets, no middlemen.
How It Works
Human browser ──────────────────────────────▶ Your content (pass-through)
AI scraper (no pay) ──▶ detectBot() ──▶ 402 + PaymentManifest ──▶ blocked
AI agent (paid) ──▶ detectBot() ──▶ verifyPayment() ──────▶ Your content- Every request is checked against a known AI bot User-Agent list
- Unrecognized bots or human browsers pass through untouched
- Known AI bots without a valid payment header receive
HTTP 402with a JSON manifest - Ethical AI agents (using
@solinkify/gate-sdk) attach a payment proof header and get verified on-chain before being served
Zero SEO impact. Search engine crawlers (Googlebot, Bingbot, DuckDuckBot) are not in the block list and pass through freely — your content remains fully indexed. Only AI scraping bots are gated.
Googlebot / Bingbot / DuckDuckBot ──▶ pass through ✅ (SEO unaffected)
GPTBot / ClaudeBot / PerplexityBot ──▶ 402 blocked ❌ (must pay)Quick Start
1. Install
npm install @solinkify/gate2. Create or update middleware.ts at your project root
import { protectFromAI } from '@solinkify/gate';
export default protectFromAI({
wallet: 'YOUR_CREATOR_WALLET_ADDRESS', // Your Solana wallet (SOL goes here via Escrow)
price: 0.001, // SOL per request
endpointId: 'your-endpoint-id', // Unique identifier for this content gate
});
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
};3. Deploy
That's it. AI scrapers hitting your site will now receive a 402 Payment Required response. Human visitors are unaffected.
Protection Scope
@solinkify/gate works at the domain level — one middleware.ts file covers your entire Next.js project. The matcher in export const config controls exactly which pages are protected.
Protect everything (default):
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
};Protect only specific sections:
export const config = {
// Only protect premium articles and API content routes
matcher: ['/articles/:path*', '/premium/:path*', '/api/content/:path*'],
};Protect everything except public pages:
export const config = {
// Block AI on all pages except /about, /pricing, and /blog
matcher: ['/((?!_next|favicon.ico|about|pricing|blog).*)'],
};One endpointId covers one domain. If you run multiple Next.js projects, register a separate endpoint for each on the Solinkify Gate dashboard.
Configuration
protectFromAI(config: GateConfig)
| Option | Type | Default | Description |
|---|---|---|---|
| wallet | string | required | Your Solana wallet address. Payments are routed via on-chain Escrow PDA — funds never leave the contract until you release them. |
| price | number | required | Price per request in SOL (e.g. 0.001). |
| endpointId | string | '' | Unique ID for this gate — obtained when you register your endpoint on the Solinkify Gate dashboard. Used to identify the content endpoint in the payment manifest and to derive the on-chain endpoint_config PDA. Must be unique within your account, but does not need to be globally unique across all creators. |
| protectedPaths | string[] | ['/*'] | Path patterns to protect. Supports exact match and glob wildcard (e.g. ['/articles/*', '/api/data']). |
| excludePaths | string[] | [] | Paths to always allow through, regardless of bot detection. Takes priority over protectedPaths. |
| detection | 'basic' \| 'strict' | 'basic' | Bot detection sensitivity. basic blocks only high-confidence matches. strict also blocks medium-confidence generic bots. |
| customMessage | string | 'Content protected by Solinkify Gate' | Human-readable message included in the 402 response body. |
| apiUrl | string | 'https://api.solinkify.com' | Verification API endpoint. Use the default for Solinkify-managed verification. |
Path Pattern Examples
protectFromAI({
wallet: 'YOUR_WALLET',
price: 0.001,
endpointId: 'my-blog',
// Only protect content routes
protectedPaths: ['/articles/*', '/api/content/*'],
// Always allow health checks and public pages
excludePaths: ['/health', '/about', '/api/public/*'],
});402 Response Format
When a known AI bot is detected without a valid payment, the middleware returns:
Status: 402 Payment Required
Headers:
X-Solinkify-Gate: 1.0
X-Payment-Required: true
WWW-Authenticate: Solinkify-Payment realm="<wallet>", price="<price>"
Content-Type: application/jsonBody:
{
"error": "Payment Required",
"message": "Content protected by Solinkify Gate",
"price": 0.001,
"currency": "SOL",
"payment": {
"escrow_address": "YOUR_CREATOR_WALLET_ADDRESS",
"payment_id": "",
"endpoint_id": "your-endpoint-id",
"expires_at": 1715000000
},
"info": {
"sdk": "https://npm.im/@solinkify/gate-sdk",
"docs": "https://solinkify.io/gate"
}
}Note on
escrow_address: Despite the name, this field contains the creator's wallet address — not an Escrow PDA address. The SDK uses it to derive the actual Escrow PDA on-chain via["gate_escrow", agent_pubkey, payment_id]. The field name reflects its role as the ultimate destination of funds after release.
Note on
endpoint_id: This is the unique identifier you set when registering your gate on the Solinkify Gate dashboard. It is stored on-chain as part of yourendpoint_configPDA. Pass it asendpointIdin yourprotectFromAI()config so agents can derive the correct PDA for payment.
The payment object contains everything an ethical AI agent needs to initiate an on-chain payment and retry the request.
Verified Request Headers
When a payment is successfully verified, the middleware passes the request through and sets:
X-Solinkify-Verified: true
X-Solinkify-Bot: OpenAI // or Anthropic, Perplexity, etc.Your application can read these headers downstream to log, rate-limit, or customize responses for paying AI agents.
Detected AI Bots
The following providers are detected by User-Agent matching (high confidence):
| Provider | User-Agent Patterns |
|---|---|
| OpenAI | GPTBot, ChatGPT-User, OAI-SearchBot |
| Anthropic | ClaudeBot, Claude-Web, anthropic-ai |
| Perplexity | PerplexityBot, Perplexity-User |
| Google | Google-Extended, Bard |
| ByteDance | Bytespider |
| CommonCrawl | CCBot |
| Cohere | cohere-ai, Cohere-AI |
| Diffbot | Diffbot |
| Mistral | MistralAI-User |
| Solinkify | Solinkify-AI-Agent (ethical agent — can pay and pass) |
Generic patterns (bot, crawler, spider) are also detected at medium confidence — blocked only when detection: 'strict' is set.
Detection Modes
basic (default)
Blocks only high-confidence matches — known AI providers by exact User-Agent string. Safe for production; no false positives on human browsers.
strict
Also blocks medium-confidence matches — generic User-Agent strings containing bot, crawler, or spider. Useful for high-value content where you want to catch unknown scrapers. May occasionally affect monitoring tools or uptime checkers; combine with excludePaths as needed.
Ethical AI Agents
AI agents that want to access gated content ethically can do so automatically using @solinkify/gate-sdk:
import { GateClient } from '@solinkify/gate-sdk';
const client = new GateClient({
wallet: agentKeypair, // Agent's Solana keypair
rpcUrl: 'https://api.devnet.solana.com',
maxPricePerRequest: 0.01, // Will refuse to pay more than this
});
const { response } = await client.fetchProtected('https://your-site.com/articles/ai-research');
const content = await response.json();The SDK handles the full payment flow automatically:
- Detects
402response and parses the manifest - Locks SOL into on-chain Escrow PDA via Solana smart contract
- Retries the request with
x-solinkify-paymentheader - Creator releases payment from Escrow after content is delivered
Escrow & Payment Flow
Payments never go directly to the creator wallet. All funds are held in a Solana Program-Derived Address (Escrow PDA) and released automatically — no manual action required from the creator:
AI Agent ──▶ fetch() ──▶ 402 Payment Required
│
▼
Agent locks SOL into Escrow PDA
(agent pays rent for escrow account)
│
▼
Agent retries with payment proof
│
▼
Content delivered
│
▼
Agent calls release_payment() on-chain
│
┌────────────────┼──────────────────┐
▼ ▼ ▼
99% → Creator 0.75% → Operator 0.25% → Admin
│
▼
Escrow PDA closed → rent refunded → AgentTwo release paths are supported by the smart contract:
- Normal release — Agent calls
release_payment()after receiving content. Can be triggered immediately. - Timeout release — Anyone can call
release_payment()after 3600 seconds (1 hour) if the agent fails to release. Ensures creators are never locked out.
The entire flow is trustless and automated. Creators receive SOL with zero manual steps.
Smart contract: 2q2KWtZbKakmsuoGNVtc9fkPvcs5xdmtVzPHb5zUXXt8 (Devnet)
Requirements
- Next.js 14 or 15 (App Router or Pages Router — middleware runs at the edge)
- Node.js 18+
- A Solana wallet address (devnet or mainnet)
Known Limitations
These are current MVP limitations planned for post-hackathon:
- One endpoint displayed per wallet — Multiple endpoints per wallet are supported on-chain (each
endpointIdderives a unique PDA), but the dashboard currently displays only the first registered endpoint. Multi-endpoint management UI is planned. - Dashboard filter per endpoint — The earnings dashboard shows all transactions across all endpoints combined. Per-endpoint filtering is planned.
- Devnet only — The smart contract is currently deployed on Solana Devnet. Mainnet deployment is planned post-audit.
License
MIT — see LICENSE
Part of the Solinkify ecosystem.