https://github.com/agentscore/node-gate

Express middleware for trust-gating requests using AgentScore
https://github.com/agentscore/node-gate

agentscore ai-agent erc-8004 express gate middleware reputation trust x402

Last synced: about 2 months ago
JSON representation

Express middleware for trust-gating requests using AgentScore

• Host: GitHub
• URL: https://github.com/agentscore/node-gate
• Owner: agentscore
• License: mit
• Created: 2026-03-20T12:02:15.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2026-03-30T03:44:23.000Z (2 months ago)
• Last Synced: 2026-03-30T06:03:29.935Z (2 months ago)
• Topics: agentscore, ai-agent, erc-8004, express, gate, middleware, reputation, trust, x402
• Language: TypeScript
• Homepage: https://docs.agentscore.sh
• Size: 71.3 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# @agent-score/gate

[![npm version](https://img.shields.io/npm/v/@agent-score/gate.svg)](https://www.npmjs.com/package/@agent-score/gate)

[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)

Express middleware for identity-gating requests using [AgentScore](https://agentscore.sh).

## Install

```bash

npm install @agent-score/gate

# or

bun add @agent-score/gate

```

## Quick Start

```typescript

import express from "express";

import { agentscoreGate } from "@agent-score/gate";

const app = express();

app.use(agentscoreGate({

  apiKey: "as_live_...",

  requireKyc: true,

  minAge: 21,

}));

```

## Options

| Option | Type | Default | Description |

|---|---|---|---|

| `apiKey` | `string` | --- | API key from [agentscore.sh](https://agentscore.sh) |

| `requireKyc` | `boolean` | --- | Require KYC verification |

| `requireSanctionsClear` | `boolean` | --- | Require clean sanctions status |

| `minAge` | `number` | --- | Minimum age bracket (18 or 21) |

| `blockedJurisdictions` | `string[]` | --- | ISO country codes to block |

| `allowedJurisdictions` | `string[]` | --- | ISO country codes to allow (only these pass) |

| `chain` | `string` | --- | Optional chain filter |

| `failOpen` | `boolean` | `false` | Allow requests when API is unreachable |

| `cacheSeconds` | `number` | `300` | Cache TTL for results |

| `baseUrl` | `string` | `https://api.agentscore.sh` | API base URL |

| `extractIdentity` | `(req) => AgentIdentity` | Reads headers | Custom identity extraction |

| `createSessionOnMissing` | `CreateSessionOnMissing` | --- | Auto-create session when no identity |

| `onDenied` | `(req, res, reason) => void` | Returns 403 JSON | Custom denial handler |

## Identity

The gate checks `X-Operator-Token` first, then `X-Wallet-Address`:

```typescript

// Custom extraction

app.use(agentscoreGate({

  apiKey: "as_live_...",

  extractIdentity: (req) => ({

    operatorToken: req.headers["x-operator-token"] as string,

    address: req.headers["x-wallet-address"] as string,

  }),

}));

```

### Auto-Create Session

When no identity is found, create a verification session automatically:

```typescript

app.use(agentscoreGate({

  apiKey: "as_live_...",

  requireKyc: true,

  createSessionOnMissing: {

    apiKey: "as_live_...",

    context: "wine purchase",

    productName: "Cabernet Reserve 2021",

  },

}));

// 403 response includes: verify_url, session_id, poll_secret, agent_instructions

```

## Documentation

- [API Reference](https://docs.agentscore.sh)

## License

[MIT](LICENSE)