brownstone-middleware 0.1.0

package/README.md

@@ -0,0 +1,80 @@
+# brownstone-middleware
+
+Express middleware for detecting, logging, and enforcing licensing around AI agent access to your application.
+
+Brownstone identifies AI crawlers and bots by their user-agent, injects licensing metadata into your HTML responses, and optionally logs hits and blocks unauthorized AI access — all in a few lines of code.
+
+## Install
+
+```bash
+npm install brownstone-middleware
+```
+
+## Usage
+
+```js
+const express = require("express");
+const brownstone = require("brownstone-middleware");
+
+const app = express();
+
+app.use(
+  brownstone({
+    apiKey: "your-brownstone-api-key",
+    metering: true,
+    enforcement: true,
+    license: {
+      model: "paid",
+      rate: "$0.001-per-1000-tokens",
+      permission: "allowed",
+    },
+  })
+);
+
+app.get("/", (req, res) => {
+  res.send("<html><head></head><body>Hello</body></html>");
+});
+```
+
+## How it works
+
+1. Each incoming request is checked for a known AI user-agent
+2. If an AI is detected and `metering` is enabled, the hit is logged to your Brownstone dashboard
+3. If `enforcement` is enabled, the request is checked against your site's license — blocked AIs receive a `403` response
+4. A `<meta name="ai-usage">` tag is injected into every HTML response so AI crawlers can read your licensing terms directly from the page
+
+## Options
+
+| Option | Type | Required | Description |
+|---|---|---|---|
+| `apiKey` | string | Yes (if metering or enforcement enabled) | Your Brownstone site API key |
+| `metering` | boolean | No | Log AI hits to the Brownstone API |
+| `enforcement` | boolean | No | Block AIs based on your site's configuration |
+| `license` | object | No | License info injected into HTML meta tag |
+| `license.model` | string | No | `"free"` or `"paid"` |
+| `license.rate` | string | No | e.g. `"$0.001-per-1000-tokens"` |
+| `license.permission` | string | No | `"allowed"`, `"restricted"`, or `"blocked"` |
+
+## Detected AI agents
+
+Brownstone detects the following bots out of the box:
+
+- ChatGPT (OpenAI)
+- Claude (Anthropic)
+- BingAI (Microsoft)
+- Perplexity
+- Gemini (Google)
+- Grok (xAI)
+- Meta AI
+- Common Crawl
+- Cohere
+- Diffbot
+- Bytespider (ByteDance)
+
+## Get an API key
+
+Register your site and get an API key at [brownstone.dev](https://brownstone.dev) (coming soon) or by running the Brownstone API locally.
+
+## License
+
+MIT

package/index.js

@@ -0,0 +1,3 @@
+// index.js
+
+module.exports = require("./src/brownstone");

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "brownstone-middleware",
+  "version": "0.1.0",
+  "description": "Express middleware for detecting, logging, and enforcing licensing around AI agent access",
+  "main": "index.js",
+  "files": [
+    "index.js",
+    "src/"
+  ],
+  "scripts": {
+    "test": "node --test test/detectAI.test.js"
+  },
+  "peerDependencies": {
+    "express": ">=4.0.0"
+  },
+  "keywords": [
+    "ai",
+    "licensing",
+    "middleware",
+    "express",
+    "bot-detection",
+    "crawlers"
+  ],
+  "author": "Gisselle Petty",
+  "license": "MIT",
+  "type": "commonjs"
+}

package/src/brownstone.js

@@ -0,0 +1,40 @@
+// brownstone.js
+
+const detectAI = require("./detectAI");
+const injectMetadata = require("./injectMetadata");
+const logHit = require("./meterUsage");
+const checkLicense = require("./enforce");
+const logUnknown = require("./logUnknown");
+const serveLlmsTxt = require("./serveLlmsTxt");
+
+function brownstone(options = {}) {
+  return async function (req, res, next) {
+    if (serveLlmsTxt(req, res, options)) return;
+
+    const userAgent = req.headers["user-agent"] || "";
+    const aiSource = detectAI(userAgent);
+
+    // Inject meta tag into HTML responses
+    injectMetadata(res, options);
+
+    if (!aiSource) {
+      if (options.metering) await logUnknown(req, options);
+      return next();
+    }
+
+    if (options.metering) {
+      await logHit(aiSource, req, options);
+    }
+
+    if (options.enforcement) {
+      const allowed = await checkLicense(aiSource, options);
+      if (!allowed) {
+        return res.status(403).send("AI blocked.");
+      }
+    }
+
+    next();
+  };
+}
+
+module.exports = brownstone;

package/src/detectAI.js

@@ -0,0 +1,26 @@
+// detectAI.js
+
+const aiAgents = [
+  { name: "ChatGPT", ua: ["ChatGPTBot", "OAI-SearchBot"] },
+  { name: "Claude", ua: ["ClaudeBot", "Claude-Web", "Anthropic"] },
+  { name: "BingAI", ua: ["Bingbot", "EdgeAI"] },
+  { name: "Perplexity", ua: ["PerplexityBot"] },
+  { name: "Gemini", ua: ["Google-Extended", "Googlebot-Extended"] },
+  { name: "Grok", ua: ["xAI"] },
+  { name: "Meta", ua: ["meta-externalagent", "FacebookBot"] },
+  { name: "CommonCrawl", ua: ["CCBot"] },
+  { name: "Cohere", ua: ["cohere-ai"] },
+  { name: "Diffbot", ua: ["Diffbot"] },
+  { name: "Bytespider", ua: ["Bytespider"] },
+];
+
+function detectAI(userAgent = "") {
+  for (const agent of aiAgents) {
+    if (agent.ua.some((str) => userAgent.includes(str))) {
+      return agent.name;
+    }
+  }
+  return null;
+}
+
+module.exports = detectAI;

package/src/enforce.js

@@ -0,0 +1,17 @@
+// enforce.js
+
+async function checkLicense(aiSource, options) {
+  const response = await fetch("http://localhost:4000/check", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": options.apiKey,
+    },
+    body: JSON.stringify({ ai: aiSource }),
+  });
+
+  const data = await response.json();
+  return data.allowed;
+}
+
+module.exports = checkLicense;

package/src/injectMetadata.js

@@ -0,0 +1,23 @@
+// injectMetadata.js
+
+function injectMetadata(res, licenseOption) {
+  const originalSend = res.send;
+
+  res.send = function (body) {
+    if (typeof body === "string" && body.includes("</head>")) {
+      const license = licenseOption.license || {};
+      const content = [
+        license.model || "free",
+        license.rate || null,
+        license.permission || "allowed",
+      ]
+        .filter(Boolean)
+        .join("|");
+      const metaTag = `<meta name="ai-usage" content="${content}">`;
+      body = body.replace("</head>", `${metaTag}</head>`);
+    }
+    return originalSend.call(this, body);
+  };
+}
+
+module.exports = injectMetadata;

package/src/logUnknown.js

@@ -0,0 +1,25 @@
+// logUnknown.js
+
+async function logUnknown(req, options) {
+  const userAgent = req.headers["user-agent"] || "";
+  if (!userAgent) return;
+
+  try {
+    await fetch("http://localhost:4000/unknown-hit", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-api-key": options.apiKey,
+      },
+      body: JSON.stringify({
+        userAgent,
+        path: req.originalUrl,
+        ip: req.ip,
+      }),
+    });
+  } catch (err) {
+    console.error("Unknown bot log failed:", err.message);
+  }
+}
+
+module.exports = logUnknown;

package/src/meterUsage.js

@@ -0,0 +1,18 @@
+// meterUsage.js
+
+async function logHit(aiSource, req, options) {
+  await fetch("http://localhost:4000/log", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": options.apiKey,
+    },
+    body: JSON.stringify({
+      ai: aiSource,
+      path: req.originalUrl,
+      ip: req.ip,
+    }),
+  });
+}
+
+module.exports = logHit;

package/src/serveLlmsTxt.js

@@ -0,0 +1,35 @@
+// serveLlmsTxt.js
+
+function generateLlmsTxt(options) {
+  const license = options.license || {};
+  const lines = [];
+
+  lines.push(`# ${options.name || "This site"}`);
+  lines.push("");
+  lines.push("> AI licensing terms for this site, powered by Brownstone.");
+  lines.push("");
+
+  lines.push("## License");
+  lines.push("");
+  if (license.model) lines.push(`- Model: ${license.model}`);
+  if (license.rate) lines.push(`- Rate: ${license.rate}`);
+  if (license.permission) lines.push(`- Permission: ${license.permission}`);
+  lines.push("");
+
+  lines.push("## Contact");
+  lines.push("");
+  lines.push("- Licensing powered by Brownstone: https://brownstone.dev");
+
+  return lines.join("\n");
+}
+
+function serveLlmsTxt(req, res, options) {
+  if (req.method === "GET" && req.path === "/llms.txt") {
+    res.setHeader("Content-Type", "text/plain");
+    res.send(generateLlmsTxt(options));
+    return true;
+  }
+  return false;
+}
+
+module.exports = serveLlmsTxt;