← Tools
EDGE MIDDLEWARE · TYPESCRIPT · APACHE 2.0 · v0.1-alpha

Policy enforcement
at the edge.

@inherence/middleware-vercel verifies a 128-byte Groth16 receipt at Vercel's edge POPs. Sub-1ms verify, no backend round-trip. Fits trivially in the 50ms edge CPU budget — leaves 49ms for your application code.

npm install @inherence/middleware-vercel View source

See it in motion.

Live-running animation showing edge verification of a Groth16 receipt — 26 seconds, no external deps.

Two modes. Same primitive.

LIVE-GATE

Fresh decision, every request

Edge POPs the request shape to mcp.inherencelabs.com for ROBDD evaluation and Groth16 proof generation. ~80-120ms total round-trip. Right for high-stakes compliance.

Use when: policy may change mid-deployment; SOX-style "every decision fresh" requirements.

RECEIPT-VERIFY

Sub-1ms, no network

Build-time receipt issued by Inherence's backend, verified locally at the edge with Groth16 BN254 pairing check. Sub-1ms verify. Zero cold-start cost.

Use when: policy stable for the receipt's TTL (hours-to-days). High-throughput endpoints.

Drop into middleware.ts.

import { createInherenceMiddleware } from "@inherence/middleware-vercel";
import receipt from "./inherence-receipt.json";

export const middleware = createInherenceMiddleware({
  mode: "receipt-verify",
  receipt: receipt.proof,
  verifierKey: receipt.verifierKey,
  policyId: receipt.policyId,
  policyHash: receipt.policyHash,
  expiresAt: receipt.expiresAt,
});

export const config = {
  matcher: ["/api/:path*"],
};

Allow → request proceeds to your function. Deny → 403 with structured { error: "policy_denial", rule_id, cite } response. Same shape Mastra's repair loop already handles.

Performance, measured.

Mode Compute Network Total
live-gate sub-10ms (backend) ~70-110ms ~80-120ms
receipt-verify sub-1ms (edge) none sub-1ms

Numbers from BENCHMARKS.md: 2.36-10.57ms M4 Groth16 prove across 4 production policies (HIPAA, SEC, SOC 2, AP2); <1ms verify; 128-byte proofs; 1,310-5,205× faster than SP1 STARKs on equivalent boolean decisions.

Fail-closed by default.

Gate unreachable → 403. Expired receipt → 403. Invalid proof → 403. The fail-open mode exists for development; production deployments must use fail-closed. There is no fail-open path on receipt-verify — the proof either verifies or it doesn't.

Community contribution. Not endorsed by Vercel — yet. v0.2 ships the real Groth16 BN254 verifier (v0.1 is a fixture-only stub).

Start a pilot View on GitHub