A single middleware to classify every request, enforce trust-based access with OWS wallet signatures, and build verifiable reputation for the agent economy.
Install the package, add the middleware, and your API is protected.
import { Hono } from 'hono'
import { trustgate, trustgateDashboard } from 'trustgate-middleware'
import { serve } from '@hono/node-server'
const app = new Hono()
// Protect your API - done!
app.use('/api/*', trustgate({
payTo: '0xYourWallet'
}))
// Optional: add the monitoring dashboard
trustgateDashboard(app, {
rpId: 'rp_your_app_id',
signingKey: '0xYourSigningKey',
})
serve({ fetch: app.fetch, port: 3000 })OWS agents authenticate via EIP-191 wallet signatures and can enforce spend limits through the Policy Engine.
Agents sign a message with their OWS wallet:
trustgate:http://api.com:1720000000000TrustGate verifies the signature and classifies as ANON_BOT with owsVerified=true, giving a +5 identity score boost.
Custom OWS policy blocks overspend during surge pricing:
{ "maxPrice": 0.008, "trustgateApiUrl": "..." }If TrustGate surge-prices above the limit, the OWS wallet refuses to sign the payment.
Every request is classified based on identity strength, from verified humans to blocked bots.
World ID verified - cryptographically proven unique person
AgentKit registered - on-chain agent linked to human identity
OWS wallet signature - cryptographic identity proof
No identity - no wallet - no trust. Request rejected.
Based on Stanford's EigenTrust algorithm (Kamvar, Schlosser & Garcia-Molina, 2003). Every agent builds a reputation score from four factors.
World ID (50) > AgentKit (35) > OWS (20) > x402 (15) > Header (5)
Payment success, request regularity, endpoint diversity, pacing
Account age, volume, consistency
Inactivity decay, frequency spikes, failed payments, Sybil detection
TrustScore = Identity(0-50) + Behavior(0-25)
+ Reputation(0-15) - Risk(0-30)
Identity: World ID (50) > AgentKit (35) > OWS (20) > x402 (15) > Header (5)
Behavior: Payment success, request regularity, endpoint diversity, pacing
Reputation: Account age, volume, consistency
Risk: Inactivity decay, frequency spikes, failed payments, Sybil detectionBuild trust into your API with cryptographic identity, behavior scoring, and configurable access tiers.
Classify every API request into four trust tiers with cryptographic identity verification.
Set your own trust-based access tiers with x402 — define prices per identity level to monetize your API.
Open Wallet Standard for agent identity and spend governance - sign payments, enforce limits.
WebSocket dashboard shows every classification event live with particle visualization.
Server-side nullifier hash verification - fake headers are rejected, only real proofs accepted.
Three lines of code to protect your API - install with npm, add middleware, done.
Install TrustGate today and start classifying requests, building agent reputation, and enforcing trust through economics.