Connect-the-dots visual challenge with combinatorial state shuffling between every move. Validates motor pattern, timing distribution, replay protection, and shuffle integrity in a sealed binary signed by the same trust anchor as every other Validiti SKU. Free, self-hosted, forever.
Three statements, no jargon.
A connect-the-dots visual CAPTCHA where the tile board reshuffles between every connection. Solving it requires both visual recognition and human-shaped motor patterns — AI agents that breeze past 2024-era CAPTCHAs trip on the second half.
Free for every customer, forever, no usage cap. You self-host. Validiti operates exactly one piece of infrastructure for this product: a public signed signature feed that ships bot-family patterns to every receiver.
Same engine, same trust anchor, same Titus runtime defense as every other Validiti SKU. ShiftCAPTCHA is the introduction; the other 17 SKUs are how the company makes money.
The same sealed engine in five wrappers. Pick whichever your stack already runs.
Slim Python 3.13 base + tini + non-root + healthcheck + persistent volume. Multi-arch (amd64/arm64).
docker run -p 8080:8080 \ ghcr.io/validiti/shiftcaptcha:latest
Deployment + Service + Ingress + ConfigMap + PVC + ServiceAccount, tuned for read-only root + non-root user. Multi-replica supports a shared signing keypair.
helm install shiftcaptcha \ oci://ghcr.io/validiti/shiftcaptcha
PyInstaller-packed single file. No Python install required on the host. Linux x86_64 + arm64 today; macOS shapes follow.
./shiftcaptcha
Full systemd unit + nginx reverse-proxy snippet + conffiles preserved across upgrades. Drops the engine in /usr/lib/shiftcaptcha; state in /var/lib/shiftcaptcha.
apt install shiftcaptcha # or dnf install shiftcaptcha
2,000 trials per attacker class, three difficulties, run against the same sealed engine that ships in every shape above. We publish the worst number, not the best.
| Attacker class | What it does | Pass rate (medium) |
|---|---|---|
| naive_linear | 2-point straight line, instant | 0.00% |
| bezier_no_noise | smooth bezier, no noise | 0.00% |
| wrong_order | correct paths, reversed order | 0.00% |
| replay_attack | reuse previous submission against new shuffle | 0.00% |
| bartimaeus_basic | typical bot library: bezier + Gaussian noise | 2.30% |
| bartimaeus_humanized | Validiti's own visual-attack engine, humanized | 20.30% |
| straight_segments | known gap: evenly-spaced points, realistic timing | 47.65% |
signatures.validiti.com/captcha/feed.jsonl and propagate to every customer instance within one poll interval. Open the full benchmark report →
Three reasons. They're the same three reasons we charge for everything else.
Distribution. The other 17 SKUs need to reach developers. ShiftCAPTCHA is the path: a small, useful, well-built thing a developer will install on a Tuesday afternoon — and now Validiti is in the room.
Cost. There is no Validiti-hosted CAPTCHA endpoint. Customers run the package on their own hardware. The only Validiti-operated infrastructure is the drift signature feed: a static JSONL file behind nginx, bandwidth measured in kilobytes per signature. Operational cost rounds to zero.
Every instance, every shape. The same trust chain Validiti's other SKUs ride on.
shift_captcha.cpython-...so, signed by the BIN-1..BIN-9 trust anchor (pubkey fingerprint 8c51880cd4..., the same key that signs every Validiti binary).seal_verify.assert_sealed_binary() recomputes SHA-256, validates the Ed25519 signature, and confirms the embedded pubkey matches the manifest. Mismatch → process exits before the first request.os._exit in milliseconds; the container is recycled by the orchestrator before another request lands.signatures.validiti.com/captcha/feed.jsonl. Receivers verify each signature against the embedded BIN trust anchor, drop expired, apply the active set.VERIFIED_HUMAN / VERIFIED_BOT / PARTIAL / NO_SOURCE / EXPIRED / REPLAY — the same vocabulary Validiti Provenance uses for every other claim.Everything that touches the engine is free. Three small lines remain.