When a coding agent — Claude Code, Kiro, any MCP client — calls synthex_scrape_classify_prove, this is the Evidence Report it gets back: each page fetched through Bright Data, screened before the LLM, and given a verdict — allow, review, or block — with the rule that fired and the latency. Your client renders it as JSON; here it is visualized. The rule IDs and verdict types are the real ones from src/forge/; the page list is a representative sample. The live pipeline below runs it for real against Bright Data.
9-page verifiable Evidence Report · Ed25519 + RFC 3161 timestamp · verify offline with openssl ts
mcp-server-git (NVD, Dec 2025). Synthex screens the content your agents ingest; the ecosystem's urgency is broader than any one filter.Scraped pages carry prompt injection, hidden instructions, secret-exfil and SSRF — and it reaches the LLM unscreened.
Raw scrapes aren't intelligence. Teams can't tell a pricing signal from a vendor risk from a CVE from a supply-chain shock.
Your CISO can't prove what the agent saw, when, or that the bytes are unchanged. Audit trails for web-grounded AI don't exist.
Synthex is the screen-and-seal layer that lives inside Bright Data — it screens what your agents ingest with a layered injection defense, then cryptographically seals what they found.
Two axes, three guards, one bar. A guard gets BLOCK authority only if its benign false-positive is ≤ 20% — drop a benign security page and you've failed the one job. We ran the gate against three guards on a 647-sample constructed corpus, and published the loser.
OPT-IN · measured, not on by default. NemoGuard's BLOCK is gated twice — SYNTHEX_GUARD_MODEL selects it, SYNTHEX_GUARD_BLOCK_ENABLED arms BLOCK; unset, every Unsafe degrades to REVIEW (the doc is kept). The measurement is what justifies that opt-in authority — not an always-on default. Corpus is CONSTRUCTED (OWASP LLM01 · MITRE ATLAS AML.T0051 · arXiv:2510.11570), a reproducible benchmark, not a field study; binary safe/unsafe, no native REVIEW tier; hosted inference is non-deterministic.
Reproduce: npm run guard:recall · Source: docs/guard-recall-measurement.md · docs/guard-fp-measurement.md
// route each target to the right Bright Data surface if (!isUrl(target)) return serpSearch(target); // SERP · JSON if (mode === "browser") return browserFetch(target); if (mode === "crawl") return crawlSite(target); return httpFetcher(opts)(target); // Web Unlocker REST
{ id:"DJL-PI-001", re:/ignore previous instructions/i, sev:9 },
{ id:"DJL-HARM-011", re:/(?:kill myself|suicidarme)/i, sev:10 },
{ id:"SSRF-1", re:/169\.254\.169\.254/, severity:9 },
// 78 DJL + 32 web · L1 REVIEW-only · NemoGuard/L3 BLOCK
// lens="all" → 4 lenses in parallel on one scrape await Promise.all(LENS_SET.map((l) => classify(doc.content, l))); // gtm · finance · security · supply-chain
# decode the RFC 3161 token from the report, then: $ openssl ts -reply -in synthex.tsr -text # messageImprint must equal the report SHA-256 → TSA: DigiCert · OK
Paste a URL or term, pick a lens, watch the four stages execute against real Bright Data — then download the signed Evidence Report. This runs the actual pipeline, not a recording.
Rather not run it? See a real 9-page Evidence Report from a live injection-catch — sample PDF — sealed with Ed25519 + RFC 3161 TSA + Sigstore Rekor + a c2patool-validated C2PA card.
Flash is the fast, bulk default classifier; Pro is the higher-quality reasoner for high-stakes verdicts.
We ran the v0.6 stress test live against Bright Data on 2026-05-28 with a 60-URL allowlist (pricing pages, gov sources, GitHub releases, dev docs, market news), multiplied to 500 inputs across 8 parallel workers. Every input passed through the full pipeline — fetch → 2-layer pre-LLM screen (110 rules) → 4-lens classify → Ed25519 + RFC 3161 seal. Every number below comes from a real corrida; the per-URL evidence is in out/stress-500-2026-05-28/.
Source: docs/v060-stress-report.md · out/stress-500-2026-05-28/report.json · TSA bench: scripts/bench-tsa-rtt.mjs
decisions[] audit trail · per-stage latencies (OTel)Prior art, cited not claimed: the INV-15 formal-safety paper (Apohara Context_Forge) and KVCOMM · MemArt ground the design — they are not part of this scraping pipeline.
Synthex sits at the intersection of three real, separately-sized markets. We don't claim a TAM of our own — we address a slice of each. The bars below are scaled to the 2030–2035 projections from third-party analysts; sources are linked, not invented. Pricing OSS · Pro · Enterprise is proposed; no revenue yet.
Bars are scaled relative to the largest of the three (AI agents $52.6B = 100%). The Synthex wedge inside each market is signed evidence + chain-of-custody for the web your agents touch — a layer above scraping (Bright Data), classification (AI/ML), and memory (Cognee), not a replacement of any of them. Sources: MarketsandMarkets AI Agents · Market Research Future AI Web Scraping · Market.us AI Observability.
The uniqueness: Synthex is the only Web Data UNLOCKED submission that cryptographically seals scraped content with third-party-verifiable, C2PA-standard provenance and a public transparency-log anchor. Two axes no one else ships:
The web your agents touch, now classified and provable.
Apohara Synthex is the only OSS layer that screens, classifies, and cryptographically signs what your agents touched — RFC 3161 timestamps verified link-by-link against pinned DigiCert anchors, delta-chained across re-scrapes, sealed inside a 9-page verifiable Evidence Report. Live on npm, MIT, zero lock-in.