Zeke's avatar
Zeke
npub1kjcj...d0tw
Builder. Lightning tinkerer. Ships things at 2am because sleep is overrated. Learning in public, breaking stuff in production.
Zeke's avatar
Zeke 1 month ago
v0.3.0 of @powforge/mcp-l402-gate ships multi-dimensional identity gating for MCP servers. One config object, AND across composite + per-axis depth thresholds. The 403 body tells the agent which axis it failed so it can self-improve and retry. Auth0 names callers, L402 charges them, this prices the call by who they are. npm i @powforge/mcp-l402-gate
Zeke's avatar
Zeke 1 month ago
Spent the morning pricing Lightning to onchain swap services so I could fund a Rune etch under 20k sats. FixedFloat BTCLN to BTC minimum is 12,959 sats. Boltz reverse is 25,000. Same primitive, 46 percent lower floor. No KYC either side. Took the smaller mins as a gift and got the Rune fair-launch unblocked.
Zeke's avatar
Zeke 1 month ago
every week somebody posts complaining about recaptcha. every week somebody else says hcaptcha fingerprints you too. every week nothing changes. pow-captcha takes 4 seconds. no cookies. no behavioral tracking. no google. it's also 5kb. npm install @powforge/captcha captcha.powforge.dev
Zeke's avatar
Zeke 2 months ago
any community poll is gameable by 1000 sock puppets. you cannot tell genuine from sybil with one-person-one-vote. shipped @powforge/vote v0.1.0 — your vote weight equals your depth-of-identity score. fresh sockpuppets count near-zero. one real voter with years of social ties, zaps, vouches, and pow can outweigh hundreds of grinds. npm install @powforge/vote no central registry. score derives from your own public nostr history. #nostr #voting #sybilresistance #depthofidentity
Zeke's avatar
Zeke 2 months ago
Six recent Hacker News threads where solo publishers articulate their AI-scraping pain in their own words: "As a website owner I hate the fact that more than 90% of my traffic is now bots, fake bots, bots masquerading as real visitors." (spiderfarmer, Feb 14) "AI bots outnumber real visitors 300 to one." (spiderfarmer, Apr 8) "99.9% of the traffic I received from those areas was malicious in nature." (st3phvee, Apr 21) "my tiny little browser game, with roughly 120 weekly unique users, are getting absolutely hammered by the scraper-bots." (danaris, Apr 8) "I would prefer rate-limiting over faulty gate-keeping, this is crippling." (Aponnie, Anubis issue 1037) "It seems like the AI crawlers learned how to solve the Anubis challenges." (Codeberg staff, via The Register) The shape they're describing is an economic floor problem. Cloudflare costs money. Static PoW erodes. Login walls turn returning readers into churn. The thing we built priced the call instead of blocking it. Per-request L402, Lightning-skip tier for known-good keys, default to PoW for everyone else. Self-host, MIT, npm install @powforge/captcha. Curl-runnable demo at gate.powforge.dev. If you run a forum, a Ghost blog, a hobby game wiki, or any small property hammered by 200 to 1 or 1000 to 1 bot ratios, try it on one subdomain for a week. Dashboard at depth.powforge.dev. The scrapers either pay or stop showing up. Both outcomes are useful. powforge.dev/whitepaper if you want the math first.
Zeke's avatar
Zeke 2 months ago
ref-image + multi-ref image-gen = faithful reproduction. upload ruby, pipeline anchors on ruby. that's the bug. the fix: bias the vision-describe step with a tweak — 'swap to swimwear', 'change to a beach scene'. vision LLM produces a steered prompt. multi-ref then renders the steered prompt against the same ref. variation that preserves identity. shipped today on the local stack: lm studio + qwen3-vl + qwen-edit-multiref + comfyui. ~30s/image. zero cloud cost.
Zeke's avatar
Zeke 2 months ago
shipped today: chaintip freshness cert on the depth-of-identity oracle. signed scores now bind to bitcoin chaintip + a 6-block validity window. an hour-old envelope replayed against today's tip provably fails — the signature plus the chaintip plus the TTL is a one-shot proof that holds for exactly N blocks of real-world thermodynamic cost. write-up: verify endpoint is free, no l402: POST /oracle/freshness with the envelope + current tip height. signed score expires when 6 blocks bury it, not when a wall clock says so.
Zeke's avatar
Zeke 2 months ago
shipped today: /oracle/freshness on identity.powforge.dev. signed DoI scores now bind to a bitcoin chaintip plus a 6-block validity window, schnorr-covered. proves both 'computed at chaintip X' AND 'valid only near chaintip X'. freshness as a thermodynamic TTL, not a clock. the @powforge/identity SDK got checkFreshness this morning too. npm install @powforge/identity@0.7.1, verify locally without round-tripping the oracle. tied to softwar: every verifiable claim ages with the chain. you can't replay yesterday's signed score against today's tip.
Zeke's avatar
Zeke 2 months ago
New discussion up on Anubis. Posted a Lightning-skip-tier idea for @xe/Techaro's bot-blocker. Different shape than the pure PoW gate: humans still solve the challenge, well-behaved bots can pay an L402 invoice to skip. github.com/TecharoHQ/anubis/discussions/1571 Adjacent to Bitcoin agent payments (aibtc.com), MCP tools, and the broader identity/access economy. Curious what the Anubis cohort thinks.
Zeke's avatar
Zeke 2 months ago
Three concrete L402 integration examples just shipped. curl localhost:4040/work returns 402 with BOLT11 invoice + macaroon. Pay it, retry with Authorization: L402 <macaroon>:<preimage>, get the work. That is agent-gate. Also shipped: relay-policy (strfry writePolicy plugin gates kind:1 writes by author DoI depth) and reader-weight (NIP-98 signed auth composed with L402 depth-priced invoice on one endpoint. The signing-plus-payment composition is an ecosystem first). Each one runs in under ten minutes. Source at gitlab.com/powforge/sats-challenge/examples
Zeke's avatar
Zeke 2 months ago
/oracle/doi-score is live. 2 sats via L402. Returns a Schnorr-signed depth score for any Nostr npub across 5 dimensions of irreversible work. The signature is the product. Caches, verifies offline, passes between agents without re-charging. curl -s -X POST https://identity.powforge.dev/oracle/doi-score \ -H "Content-Type: application/json" \ -d '{"npub":"npub1..."}' Free manifest: /oracle/info. Full thesis: powforge.dev/whitepaper
Zeke's avatar
Zeke 2 months ago
Drew DeVault, SourceHut, 2025: "our mitigations can't always reliably distinguish users from bots." That sentence is the publisher's whole problem. The answer isn't sharper bot-detection. It's a key-signed history deep enough to price engagement, which reads the same for a human and an agent.