Smart Mode

Smart Mode adjusts the proof-of-work difficulty in real time based on who's making the request and what page they're on. Clean traffic gets the lightest workload; abusive traffic gets the heaviest.

Enabling it

Open the site's Security tab in the console and toggle Smart Mode on for the relevant CAPTCHA config. When the toggle is off, the configured difficulty level is used for every request.

Threat tiers

The IP behind each challenge request is classified using Sokol's intelligence lists. The first matching tier wins and raises the configured base level:

Levels are clamped from Low to Almost Impossible. Low through Standard use PBKDF2/SHA-256; higher levels use memory-bound Argon2id.

Auth-page multiplier

Login and registration pages are the highest-value targets for credential stuffing and account creation abuse, so smart mode raises the difficulty one extra level when it detects one.

Detection happens in two ways:

1. Referer / Origin path. If the path contains any of the keywords login, register, signup, sign-up, sign_up or auth, the page is treated as an auth page automatically.
2. Explicit override. Add ?pageType=login (or register) to the challenge request if your URLs don't match the keywords above:

   GET /api/v1/sentinel/challenge?apiKey=...&pageType=login

   The browser widget exposes this via a page-type attribute.

Worked example

A request from a known VPN exit node hitting /account/login:

1. The configured baseline is Standard.
2. IP intel matches VPN/Proxy → Smart Mode adds two levels.
3. Referer path contains login → Sokol adds one more level.
4. The effective level is clamped at Almost Impossible.

What stays the same

• The verification flow is identical — clients still POST to /api/v1/sentinel/verify.
• The risk score in the verify response continues to reflect IP reputation regardless of which mode is active.
• Allowed-origin checks are enforced on every request (see Allowed Origins).