| Hi HN, creator here. Some context on what this is and why I built it: The problem: I was building an agent-facing API and realized there's no standard way to verify that a client is actually an AI agent. API keys prove identity but not capability. Traditional CAPTCHAs prove humanity — the opposite of what I needed. How it works: imrobot generates deterministic challenge pipelines using composable string operations (base64, rot13, hex encode, reverse, etc.). An LLM parses the instructions, executes each step, and returns the result in ~0.3 seconds. A human would need to manually decode each transformation — technically possible but impractical. Technical highlights:
- Zero external dependencies (~15KB)
- Multi-framework: React, Vue, Svelte, Web Components, or headless API
- Built-in REST server using only Node.js http module (no Express)
- Deterministic, stateless verification
- DOM-embedded challenges for browser-based agents npm: https://www.npmjs.com/package/imrobot I'm open to feedback on the approach. Specifically curious about: Is deterministic string pipeline verification the right primitive, or are there better approaches? What edge cases should I be thinking about for production use? |