Edge-native · Zero-trust · Open Source

The Anti-CAPTCHA.

GAIT v2 is a drop-in, edge-native proof-of-humanity layer. It verifies real users through kinematic entropy—no puzzles, no widgets, no tracking.

Get Started View Documentation

contact-form.html

protected by gait-v2

57%

of all internet traffic is bots.

AI Scrapers

Legacy CAPTCHAs can't distinguish a GPT crawl from a real visitor — they see both as humans.

Spam & Abuse

Bots solve CAPTCHA farms for $0.20/1,000 solves. Your protection is just a line item in someone's OpEx.

Headless Browsers

Playwright and Puppeteer run real Chromium — they pass JS fingerprinting and render the DOM like a human.

How GAIT Works

1

Drop the Script

            <!-- One line -->

            <script src="gait-v2.min.js"></script>

One line of JS records natural human entropy — mouse velocity, scroll cadence, keystroke rhythm — all client-side.

2

User Acts Naturally

Mouse paths, scrolls, and keystrokes create a unique behavioral signature that bots can't mimic convincingly.

3

Edge Verifies

// Cloudflare Worker

HMAC · Kinematic Score · Nonce

< 20ms response

Your Cloudflare Worker validates the proof cryptographically. Bots are blocked in under 20ms at the edge — before they ever hit your origin.

Add It to Your Form in 30 Seconds

That's it. No backend changes required.

your-form.html

<form action="/contact" method="POST" data-guard="v2">
  <input type="email" name="email" required />
  <textarea name="message" required></textarea>
  <button type="submit">Send</button>
</form>

<!-- Insert before </body> -->
<script src="/gait-v2.min.js"
        data-challenge="https://gait.YOUR_WORKER.dev/hg-challenge">
</script>
      

No backend changes

No third-party widget

Zero user friction

Built for Developers, Not Bots

Every feature designed around real engineering constraints.

Kinetic Proof

Measures speed variance, path tortuosity, and angle jitter. Bots produce flat, linear motion — humans don't.

Zero Friction

Completely invisible to real users. No widget, no popup, no challenge. The behavioral proof happens passively.

Privacy First

Raw events stay on the client. Only hashed entropy descriptors touch the server. GDPR and CCPA friendly by design.

Stateless

No database needed. HMAC-signed nonces expire automatically. Scale to millions of requests with zero session storage.

Headless Traps

Detects Playwright, Puppeteer, Selenium, and zero-hardware browser profiles through behavioral and environmental signals.

Self-Hosted

Runs on your own Cloudflare account. You own the data, the logic, and the keys. No vendor lock-in, ever.

The Gait Stack

Two products. Two different jobs.

	GAIT v2 — Available Now	GAIT v3 — Coming Soon
Customer	SaaS, fintech, apps, signup flows	Publishers, media companies, SEO blogs
Pain Solved	"Bots spam my forms and cost me money"	"AI is eating my content and killing my ad revenue"
Market	Proven, steady	Exploding right now
Technical Risk	Low	High (SEO, false positives)
Sales Cycle	Developer-led, self-serve	Enterprise B2B

You are looking at the v2 repository. v2 is the action gate. v3 will be the content vault — follow the repo for updates.

How GAIT Compares

	GAIT v2	reCAPTCHA	Turnstile
Third-party widget
Cross-site tracking
Kinematic entropy proof
JS fingerprinting only
Self-hosted / own keys
Edge-native (<20ms)
Open source

How It Works Under the Hood

Browser Interaction

Real user fills form, moves mouse, scrolls

Nonce Challenge

Unique cryptographic nonce generated per session

Entropy Signature

Mouse velocity + scroll cadence + keystroke rhythm → hashed proof

Cloudflare Worker Attestation

HMAC Verify + Kinematic Score → Allow / Block

Your Server (sees only valid requests)

POST request hits origin only after edge verification passes

Frequently Asked Questions

Will this affect my SEO?

No. GAIT v2 only intercepts POST requests. All GET requests pass through untouched — including search engine crawlers.

Is it accessible?

Yes. The entropy recorder falls back to keystroke timing and dwell analysis for users who navigate without a mouse. No visual challenge ever appears.

What is the license?

GAIT v2 is open-source under a Non-Commercial License. See the repo for details.

What about v3?

GAIT v3 will introduce the Render Vault to protect published content from AI scrapers. Follow the repo for updates.