npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

synapse-agent-kit

v1.0.7

Published

TypeScript SDK for Web Bot Auth standard. Lightweight, zero-dependency implementation that adds cryptographic authentication to AI agent requests.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mavenjangmavenjang

Keywords

ai-agentweb-bot-authsurety-bondsynapse-protocolanti-bottypescriptsdkauthenticationblockchain

Readme

 ███████╗██╗   ██╗███╗   ██╗ █████╗ ██████╗ ███████╗███████╗
 ██╔════╝╚██╗ ██╔╝████╗  ██║██╔══██╗██╔══██╗██╔════╝██╔════╝
 ███████╗ ╚████╔╝ ██╔██╗ ██║███████║██████╔╝███████╗█████╗  
 ╚════██║  ╚██╔╝  ██║╚██╗██║██╔══██║██╔═══╝ ╚════██║██╔══╝  
 ███████║   ██║   ██║ ╚████║██║  ██║██║     ███████║███████╗
 ╚══════╝   ╚═╝   ╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝     ╚══════╝╚══════╝

Web Bot Auth SDK

Enterprise-grade TypeScript implementation of the Web Bot Auth standard

npm version License: MIT Build Status TypeScript Standard

DocumentationNPM PackageExamplesContributing

Overview

Synapse Agent Kit is a lightweight, zero-dependency TypeScript SDK that implements the Web Bot Auth standard. It provides cryptographic authentication for AI agents, preventing anti-bot blocking through HMAC-SHA256 signatures and economic accountability via on-chain surety bonds.

Why Web Bot Auth?

Modern web infrastructure increasingly blocks automated traffic—even from legitimate AI agents. Traditional solutions (IP rotation, browser fingerprinting) are fragile and expensive. Web Bot Auth solves this by:

  • Cryptographic Identity: Each request carries a verifiable signature
  • Economic Accountability: Agents stake collateral to prove trustworthiness
  • Standard Protocol: Works across any compliant service provider
  • Zero Friction: Drop-in replacement for fetch() with 3 lines of code

Architecture

graph LR
    A[AI Agent] -->|Initialize| B[Synapse SDK]
    B -->|Sign Request| C[HTTP Request]
    C -->|Add Headers| D[X-Synapse-Signature<br/>X-Synapse-Bond-ID<br/>X-Synapse-Timestamp]
    D -->|Send| E[Target Server]
    E -->|Verify| F[Signature Validator]
    F -->|Check Bond| G[On-Chain Registry]
    G -->|Authorized| H[Response]
    
    style B fill:#4CAF50
    style F fill:#2196F3
    style G fill:#FF9800

Flow:

  1. Agent initializes SDK with API key and Bond ID
  2. SDK signs each HTTP request with HMAC-SHA256
  3. Server validates signature and checks bond status
  4. Authorized requests proceed; invalid ones are rejected

Installation

npm install synapse-agent-kit

Requirements:

  • Node.js ≥ 18.0.0
  • TypeScript ≥ 5.0.0 (optional)

Quick Start

Basic Usage

import { Synapse } from 'synapse-agent-kit';

// Initialize with your credentials
const synapse = new Synapse({
  apiKey: 'sk_live_your_api_key',
  bondId: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb',
  agentId: 'my-agent-v1'
});

// Use exactly like fetch()
const response = await synapse.fetch('https://api.example.com/data');
const data = await response.json();

Test Mode (Sandbox)

Test your integration without spending real tokens:

const synapse = new Synapse({
  apiKey: 'sk_test_key',
  bondId: '0x000000000000000000000000000000000000dead', // Universal test ID
  debug: true
});

// All requests bypass cryptographic verification
await synapse.fetch('https://api.example.com/test');

Note: When using the test bond ID, you'll see: 🟨 SYNAPSE: Running in SANDBOX MODE (No real value bonded)

Examples

Price Monitoring Agent

const synapse = new Synapse({
  apiKey: 'sk_live_demo_abc123xyz789',
  bondId: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb',
  agentId: 'price-monitor-v1'
});

const stores = [
  'https://api.store-alpha.com/products/12345',
  'https://api.store-beta.com/v1/items/gaming-laptop',
  'https://api.store-gamma.com/pricing/electronics/67890'
];

for (const url of stores) {
  const response = await synapse.fetch(url);
  const data = await response.json();
  console.log(`Price: $${data.price}`);
}

POST Requests with Authentication

const response = await synapse.fetch('https://api.example.com/alerts', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    productId: '12345',
    targetPrice: 799.99,
    notifyEmail: '[email protected]'
  })
});

Server-Side Signature Verification

import { Synapse } from 'synapse-agent-kit';

// Extract headers from incoming request
const signature = req.headers['x-synapse-signature'];
const bondId = req.headers['x-synapse-bond-id'];
const timestamp = req.headers['x-synapse-timestamp'];

// Verify the signature
const isValid = Synapse.verifySignature(
  signature,
  apiKey,
  req.method,
  req.url,
  timestamp,
  bondId,
  req.body
);

if (!isValid) {
  return res.status(401).json({ error: 'Invalid signature' });
}

More examples: See examples/ directory for complete working samples.

API Reference

Constructor

new Synapse(config: SynapseConfig)

Parameters:

| Parameter | Type | Required | Description | |-----------|------|----------|-------------| | apiKey | string | ✅ | Your API key for signing requests | | bondId | string | ✅ | Your on-chain bond identifier (use 0x000000000000000000000000000000000000dead for testing) | | agentId | string | ❌ | Custom agent identifier (auto-generated if not provided) | | debug | boolean | ❌ | Enable debug logging (default: false) |

Methods

synapse.fetch(url, options?)

Drop-in replacement for the standard fetch() API with automatic authentication.

Returns: Promise<Response>

synapse.signRequest(method, url, body?)

Manually generate authentication headers for custom HTTP clients.

Returns: SynapseHeaders

Synapse.verifySignature(signature, apiKey, method, url, timestamp, bondId, body?)

Static method for server-side signature verification.

Returns: boolean

Authentication Headers

Synapse automatically adds the following headers to your requests:

| Header | Description | |--------|-------------| | X-Synapse-Bond-Id | On-chain surety bond identifier | | X-Synapse-Signature | HMAC-SHA256 signature of the request | | X-Synapse-Agent-Id | Unique agent identifier | | X-Synapse-Timestamp | Request timestamp (replay protection) | | X-Synapse-Version | Protocol version |

Security

  • HMAC-SHA256 Signing: Cryptographic request signatures
  • Replay Attack Prevention: Timestamp-based request validation
  • Timing-Safe Comparison: Prevents timing attacks on signature verification
  • Economic Accountability: Bond IDs provide real economic stake (production mode)

Provider Compatibility

This SDK implements the Web Bot Auth standard and works with any compatible bond provider:

  • SYNAPSE: Reference implementation with Polygon mainnet bonds
  • Custom Providers: Any service implementing the standard's signature protocol

To use a different provider, simply provide their bond ID and API key during initialization.

Contributing

We welcome contributions! Please see our Contributing Guide for details.

Quick Start:

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

MIT License - see LICENSE file for details.

Links

Support

For questions and support, please:

Built for the AI agent ecosystem

Made with ❤️ by the SYNAPSE team