{"id":17517,"library":"brownstone-middleware","title":"Brownstone AI Access Control for Express","description":"This `brownstone-middleware` package, currently at version 0.1.4, integrates with Express.js applications to manage and monetize AI agent access. It operates by detecting known AI crawlers and bots based on their user-agents. The middleware offers capabilities for logging AI hits (metering), enforcing access policies by blocking unauthorized agents with a 403 status, and injecting licensing metadata into HTML responses via a `<meta name=\"ai-usage\">` tag. This allows AI systems to directly read usage terms. A key differentiator is its reliance on an external Brownstone API for comprehensive analytics, centralized licensing configuration, and robust bot detection, providing developers with granular control over how their content is accessed and used by AI models. The project is actively maintained, with ongoing updates to agent detection and API features.","status":"active","version":"0.1.4","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","ai","licensing","middleware","express","bot-detection","crawlers"],"install":[{"cmd":"npm install brownstone-middleware","lang":"bash","label":"npm"},{"cmd":"yarn add brownstone-middleware","lang":"bash","label":"yarn"},{"cmd":"pnpm add brownstone-middleware","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core web framework integration; peer dependency for the middleware function.","package":"express","optional":false}],"imports":[{"note":"The package is primarily designed for CommonJS (CJS) environments, as shown in the official usage examples. While some bundlers or Node.js with `type: module` might handle ESM imports, `require()` is the officially supported and most reliable method for `0.x` versions.","wrong":"import brownstone from 'brownstone-middleware';","symbol":"brownstone","correct":"const brownstone = require('brownstone-middleware');"}],"quickstart":{"code":"const express = require(\"express\");\nconst brownstone = require(\"brownstone-middleware\");\n\nconst app = express();\nconst BROWNSTONE_API_KEY = process.env.BROWNSTONE_API_KEY ?? \"your-brownstone-api-key\";\n\napp.use(\n  brownstone({\n    apiKey: BROWNSTONE_API_KEY,\n    metering: true,\n    enforcement: true,\n    license: {\n      model: \"paid\",\n      rate: \"$0.001-per-1000-tokens\",\n      permission: \"allowed\",\n    },\n  }),\n);\n\napp.get(\"/\", (req, res) => {\n  res.send(\"<html><head></head><body>Hello, AI world!</body></html>\");\n});\n\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n  console.log(`Express server listening on port ${PORT}`);\n  console.log('Try visiting / with an AI user-agent (e.g., GPTBot) to see metering and enforcement in action.');\n});","lang":"javascript","description":"Initializes an Express application with Brownstone middleware, enabling AI bot detection, logging, and optional enforcement of licensing rules, along with injecting license metadata into HTML responses."},"warnings":[{"fix":"Obtain an API key from `brownstoneai.dev` and pass it as the `apiKey` option to the middleware configuration object.","message":"An `apiKey` is mandatory for both `metering` and `enforcement` features to function. Without a valid key, the middleware will operate in a passive detection-only mode or throw errors if an API call is attempted.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Ensure your application serves HTML responses for paths where AI meta-tag injection is desired.","message":"The `<meta name=\"ai-usage\">` tag injection only occurs for HTML responses. If your application primarily serves JSON or other content types, this specific feature will not be active for those routes.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Monitor the package's GitHub repository and npm release notes for changes before upgrading, especially in production environments.","message":"As a pre-1.0 package (current version 0.1.4), internal APIs and configuration options are subject to change in minor or patch releases without strict adherence to SemVer for breaking changes. Developers should review release notes carefully.","severity":"breaking","affected_versions":"<1.0.0"},{"fix":"Regularly update the `brownstone-middleware` package to benefit from the latest AI agent detection rules. Consider supplementing with other bot detection strategies if maximum coverage is critical.","message":"Brownstone middleware relies on user-agent strings for AI detection. While a comprehensive list is provided, custom or rapidly evolving AI agents might not be immediately recognized, potentially bypassing metering or enforcement.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Ensure you are using `const brownstone = require('brownstone-middleware');` if your project is CommonJS. If using ESM, a bundler might be needed to handle the CJS package, or await official ESM support in future versions.","cause":"Attempting to import `brownstone-middleware` using ES Module syntax (`import`) in a CommonJS environment, or misinterpreting the default export.","error":"TypeError: brownstone is not a function"},{"fix":"Provide a valid `apiKey` string, obtained from `brownstoneai.dev`, to the middleware options object: `brownstone({ apiKey: 'your_valid_key', metering: true })`.","cause":"The `apiKey` option was either omitted, empty, or contained an invalid key when `metering` or `enforcement` was enabled in the middleware configuration.","error":"Brownstone API Error: API Key missing or invalid."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}