Your API learns to defend itself.
You built an API. Users pay for it. Bots don't.
A bot scraping your data costs you the same compute as a real user. A fraudster with a stolen card burns through your paid features in minutes. A churning user silently walks away with unused credits.
Rate limiters don't help. They count requests, not behavior. A smart bot sends 29 requests per minute and passes your 30/min limit. A real user doing 5 actions in quick succession gets blocked.
Engram watches behavior, not requests.
A real user has an account age, a payment history, a browsing pattern. A bot has a 0-day account doing 15 uploads per hour with no user agent.
Engram classifies the behavior shape. Stores the decision. Next request with the same shape - decision served from cache. No classification needed.
One brain call teaches. The pattern store remembers.
| What | How long | Cost |
|---|---|---|
| First request from a new behavior shape | ~100ms | ~$0 |
| Every request after that with same shape | <1ms | $0 |
| User | Engram sees | Decision | Reaches your API? |
|---|---|---|---|
| Real user, 30 days old, 2 actions today | Normal behavior | allow | Yes |
| Bot, 0 days old, 15 requests this hour | Burst velocity + no UA | fraud (403) | No |
| Scraper, fake Chrome UA, 8 requests/hr | Young account + high velocity | fraud (403) | No |
| Paid user, inactive 20 days, has credits | Idle with unspent credits | churn_risk | Yes (+ team notified) |
Bots never reach your database. Fraudsters never hit your backend. Real users never notice Engram exists.
-- Enable pg_tle (one time per project)
create extension if not exists pg_tle;
-- Register Engram (paste supabase/tle-register.sql in SQL Editor)
-- Then:
create extension engram;-- Paste supabase/install.sql into your SQL Editor. Run it.1. Go to Settings → API → Exposed schemas → add engram.
2. Verify:
select engram.classify('{"account_age_days":0,"uploads_last_hour":15,"ua_class":"missing"}'::jsonb);
-- → {"decision":"fraud","confidence":0.95}Done. No new infrastructure. No code changes. Uses your existing Postgres.
-- Classify a request
select engram.classify('{"account_age_days":45,"ua_class":"browser"}'::jsonb);
-- Full flow: check cache → classify → learn → return
select engram.decide('{"account_age_days":45,"ua_class":"browser"}'::jsonb, 'my_app');
-- See everything Engram has learned
select engram.dashboard();
-- List all patterns, all visits, all flagged users
select engram.list_patterns();
select engram.list_visits(null, 'fraud', 20);
select engram.list_churn_queue();import { withEngram } from './lib/engram'
export const POST = withEngram(async (request) => {
// Bots and fraudsters never reach this line.
// Engram already returned 403/429 for them.
const data = await handleRequest(request)
return Response.json(data)
})Fail-open by design. If Supabase is down, your handler runs anyway. Engram never blocks a real user because it crashed.
Request 1 (new shape): classify → learn → return "fraud"
Request 2 (same shape): cache hit → return "fraud" instantly
Request 3 (same shape): cache hit → return "fraud" instantly
...
Request 1000: still cached. Brain never called again.
Patterns get stronger with correct decisions. Wrong decisions weaken them. Below 20% confidence, patterns auto-evict and the brain re-classifies fresh.
Covers: all 18 functions, schema reference, classification rules, Node.js integration, security model, retention policies, custom rule examples.
- SCP Protocol - body-level pattern caching
- Plexa - multi-body orchestration
- Supabase - the database Engram runs on
