DoI Oracle
Price your API by who is calling. Fresh Sybils pay sats; deep-WoT pubkeys skip free.
Your L402 endpoint charges every caller the same sats. The scraper pool pays that all day. The human reader sometimes cannot. The Oracle returns a signed depth-of-identity score so you can decide.
One curl, one signed score
Free manifest, no Lightning needed. Returns the oracle's pubkey, current dimensions, score version, and TTL:
curl https://identity.powforge.dev/oracle/info
That endpoint is up right now. The priced lookup endpoint returns a Schnorr-signed score object you verify locally against signed_by. If we disappear tomorrow, scores you captured today still verify.
Each signed score is bound to a Bitcoin chaintip and ships a freshness window in blocks (default 6, ~60 min). Stale scores fail verification even when the signature still validates. Public verifier, no payment, no SDK required: https://identity.powforge.dev/oracle/freshness (GET with base64 score + current tip height, or POST a JSON body).
Timestamp witness, one sat
Got a payload you want to prove existed at a point in time? sha256 it, send the hash to /oracle/witness, get back a Schnorr-signed envelope that binds the hash to the current Bitcoin chaintip. Months later, the signature still validates and the bound chaintip is buried under a wall of hashpower. That's the receipt.
curl -X POST https://identity.powforge.dev/oracle/witness \
-H "Content-Type: application/json" \
-d '{"hash":"<64-hex sha256>","note":"optional ≤200 chars"}'
One sat per witness. No relay round-trip, no account, no spending limits. The verifier /oracle/witness/verify is free and unauthenticated, same as freshness, because verifying public signed material should never cost you sats. Powers softwar primitive #2 in the stack: anything you can hash, you can anchor.
What it does
- Returns a four-dimension depth score for any Nostr pubkey: social, access, vouch, economic. Composite weight plus a tier label (observer / participant / contributor / established / deep).
- Caches five minutes per pubkey so a hot caller costs you one round-trip every five minutes, not one per request. TTL baked into the manifest.
- L402-gated, one sat per call on cache hit, two sats fresh. Pay once, cache locally, verify the schnorr signature against the oracle pubkey you already know.
The four dimensions
Each dimension is log-scaled so spam yields diminishing returns. A diversity multiplier rewards accounts spread across dimensions; an account-age multiplier rewards time. Scoring is described in the whitepaper §4.
Note: a fifth dimension (spatial / kind:3333 cyberspace) was retired in v0.7 after a falsifiable test showed it was grind-cheap and Sybil-trivial. Honest naming: vouch is vouch, social is social, no aspirational labels. The SDK still exports computeSpatialDepth for back-compat, but the default dimensions list is four.
Use cases
- Relay operator. Meter spam and gate writes by DoI threshold. Fresh keys pay one sat to publish; established pubkeys publish free. Stops the keygen-flood without a paywall on real users.
- API operator. Tier rate-limits or pricing by caller DoI. Deep-WoT pubkeys get a higher quota or a discount. The bot pool pays full price every call; the human power user does not.
- Publisher or forum. Skip-tier high-DoI readers (free). Meter the rest at one sat per scrape. Answers the LLM-scraper-cost problem with a non-paywall answer that does not block humans.
Try it
Drop in any pubkey (npub or hex). The button below calls the live /oracle/info manifest and renders the response inline. No backend, no signup, no key required for the manifest call.
The priced score endpoint (/oracle/doi-score/<pubkey>) returns an L402 challenge on first call. Pay one sat, replay with the macaroon and preimage, get the signed score. The SDK below handles that dance for you.
/oracle/info manifest above is up.
Integration paths
npm SDK
Handles the L402 dance, caches locally, verifies the schnorr signature for you.
npm install @powforge/identity
const { oracle } = require('@powforge/identity');
const score = await oracle.lookup('npub1...');
console.log(score.composite, score.rank);
L402 endpoint
One fetch, one verification. Roll your own client in any language.
curl -i https://identity.powforge.dev/oracle/doi-score/<pk> # returns 402 + WWW-Authenticate macaroon # pay invoice; replay with preimage: curl -H "Authorization: L402 $MAC:$PRE" \ https://identity.powforge.dev/oracle/doi-score/<pk>
Whitepaper
The math. Log-scaling, diversity multiplier, account-age curve, Schnorr canonicalization.
open https://powforge.dev/whitepaper/ # §4 the construction # §6 Oracle as a product # §7 falsifiable measurement window
Get an API key, read the math, view the SDK
No self-serve signup yet, be honest about that. The free /oracle/info manifest is open. Priced calls are L402-gated; pay one sat, no account. For higher-volume keys (subscription pricing, per-pubkey caching policy, custom dimensions), email below.
The mechanism, briefly
The oracle queries five public Nostr relays for a pubkey's history, scores the four dimensions, and signs the result with the oracle's own Nostr key b4b12d...b44. Consumers read the signed object over L402, verify the signature locally, and cache for the TTL baked in. No trust in PowForge is required past verifying the public key you already know.
That property is load-bearing. Depth-of-identity is a cryptographic claim, not a database lookup. The whitepaper §4 covers the full construction and the falsifiable measurement window honored through 2026-05-03.
price the caller, not the request. energy is the universal key.