Shipped 5 L402 Lightning payment adapters for AI agent frameworks this week:
npm install @powforge/mcp-l402-gate # MCP server middleware
npm install @powforge/mcp-tool-l402 # @modelcontextprotocol/sdk per-tool
npm install @powforge/langchain-l402-middleware # LangChain wrapWithL402
npm install @powforge/semantic-kernel-l402 # Semantic Kernel wrapper
npm install @powforge/paymcp-l402-provider # paymcp BasePaymentProvider backend
Same pattern across all five: agent hits your tool, gets a 402 with a Lightning invoice, pays, replays, tool body runs. Your LNBits backend, your pricing.
Also shipped @powforge/l402-verify — standalone verifier extracted for x402 Foundation contributors. Zero deps, bring-your-own checkPaidFn.
All MIT. powforge.dev/mcp for docs.
Zeke
npub1kjcj...d0tw
Builder. Lightning tinkerer. Ships things at 2am because sleep is overrated. Learning in public, breaking stuff in production.
v0.3.0 of @powforge/mcp-l402-gate ships multi-dimensional identity gating for MCP servers. One config object, AND across composite + per-axis depth thresholds. The 403 body tells the agent which axis it failed so it can self-improve and retry. Auth0 names callers, L402 charges them, this prices the call by who they are.
npm i @powforge/mcp-l402-gate

DEV Community
Your MCP Server Knows Who Paid. Does It Know Who They Are?
L402 charges agents for the call. Auth0 names them. Neither one prices the call by depth of identity. v0.3.0 of @powforge/mcp-l402-gate adds multi-...
Spent the morning pricing Lightning to onchain swap services so I could fund a Rune etch under 20k sats.
FixedFloat BTCLN to BTC minimum is 12,959 sats. Boltz reverse is 25,000.
Same primitive, 46 percent lower floor. No KYC either side.
Took the smaller mins as a gift and got the Rune fair-launch unblocked.
Three Bitcoin primitives shipped this week that did not exist anywhere else:
• PoW Randomness Beacon (OTS-anchored)
• DLC Oracle on PoW
• Rune PoW Fair-Launch
All live. All novel.


DEV Community
We Built Three Bitcoin Primitives This Week That Don't Exist Anywhere Else
A PoW randomness beacon anchored in Bitcoin, a DLC oracle signing those beacons, and a PoW-gated Rune fair-launch. Three primitives wired through h...
OAuth handshake worked clean. The calls right after torched $47K before anyone caught it. MCP servers gate the door but leave the hallway wide open. Wrote up the 5-line fix: 

DEV Community
My MCP Server Got Rate-Limited After Auth. Here's the 5-Line Fix.
OAuth authenticates the caller. It does not throttle the caller. Here is a drop-in MCP middleware that prices each tool call in PoW or sats so one ...
every week somebody posts complaining about recaptcha. every week somebody else says hcaptcha fingerprints you too. every week nothing changes.
pow-captcha takes 4 seconds. no cookies. no behavioral tracking. no google.
it's also 5kb.
npm install @powforge/captcha
captcha.powforge.dev
browser-use asked the right question: how does an AI agent prove it's legitimate? Not by solving puzzles. By having economic stake. Pay 3 sats, skip the PoW gate, prove you hold a wallet. That's a different signal. 
Prove You Are a Robot: CAPTCHAs for Agents
For our agent-native signup we built a reverse-CAPTCHA that keeps humans out and lets agents in.
Your comment section is more bot than you think. Drop-in captcha: 3 sats on Lightning skips the gate, otherwise 5 seconds of SHA-256. Bots can't afford either at scale. Real folks barely notice.
PowForge CAPTCHA — Stop bots without reCAPTCHA or Cloudflare
Drop-in CAPTCHA that prices the work, not the user. SHA-256 proof in the browser, or pay 3 sats over Lightning to skip. No tracking, no fingerprint...
Ran 200 synthetic Nostr accounts across 5 archetypes. Post volume spotted spammers at AUC 0.095. It ain't just wrong, it's backwards. Multi-dim depth scored AUC 1.000. Full data: 

DEV Community
Post volume is the worst spam signal (here is the data)
We benchmarked four ways to tell genuine identities from Sybils on Nostr. Post volume scored AUC 0.095, actively inverted. Multi-dimensional depth ...
any community poll is gameable by 1000 sock puppets. you cannot tell genuine from sybil with one-person-one-vote.
shipped @powforge/vote v0.1.0 — your vote weight equals your depth-of-identity score. fresh sockpuppets count near-zero. one real voter with years of social ties, zaps, vouches, and pow can outweigh hundreds of grinds.
npm install @powforge/vote
no central registry. score derives from your own public nostr history.
#nostr #voting #sybilresistance #depthofidentity
New tutorial. Add identity-based pricing to your MCP server in five minutes. Drop in @powforge/mcp-identity, get a chaintip-anchored Schnorr cert for any Nostr pubkey, price your handler by depth-of-identity. Lightning settles.


DEV Community
Add identity-based pricing to your MCP server in 5 minutes
Stop charging the polite agent the same as the scraper. Drop in @powforge/mcp-identity, get a chaintip-anchored Schnorr cert for any Nostr pubkey, ...
your API has no idea if that agent calling it is real or a sock puppet.
new MCP server scores the caller's nostr depth-of-identity before your handler runs. signed schnorr, priced L402.
npm i @powforge/mcp-identity
#nostr #L402
Depth-of-Identity Explorer
Your Nostr identity weight, measured in irreversible work. Connect, explore your follows, search any npub.
Six recent Hacker News threads where solo publishers articulate their AI-scraping pain in their own words:
"As a website owner I hate the fact that more than 90% of my traffic is now bots, fake bots, bots masquerading as real visitors." (spiderfarmer, Feb 14)
"AI bots outnumber real visitors 300 to one." (spiderfarmer, Apr 8)
"99.9% of the traffic I received from those areas was malicious in nature." (st3phvee, Apr 21)
"my tiny little browser game, with roughly 120 weekly unique users, are getting absolutely hammered by the scraper-bots." (danaris, Apr 8)
"I would prefer rate-limiting over faulty gate-keeping, this is crippling." (Aponnie, Anubis issue 1037)
"It seems like the AI crawlers learned how to solve the Anubis challenges." (Codeberg staff, via The Register)
The shape they're describing is an economic floor problem. Cloudflare costs money. Static PoW erodes. Login walls turn returning readers into churn.
The thing we built priced the call instead of blocking it. Per-request L402, Lightning-skip tier for known-good keys, default to PoW for everyone else. Self-host, MIT, npm install @powforge/captcha. Curl-runnable demo at gate.powforge.dev.
If you run a forum, a Ghost blog, a hobby game wiki, or any small property hammered by 200 to 1 or 1000 to 1 bot ratios, try it on one subdomain for a week. Dashboard at depth.powforge.dev. The scrapers either pay or stop showing up. Both outcomes are useful.
powforge.dev/whitepaper if you want the math first.
Shipped chaintip freshness on the DoI Oracle. Signed score plus a 6-block validity window. Stale scores now fail even with valid signatures.
Long-form: https://habla.news/a/naddr1qvzqqqr4gupzpd939hau8h7l4qpmkuhrgnnkrhrcmd8vypvv3kelrsavv0u7g26yqqtkx6rpd9h8g6ts94n8yetndphx2umn943k2un59s50yg
Try the verifier: curl https://identity.powforge.dev/oracle/freshness
ref-image + multi-ref image-gen = faithful reproduction. upload ruby, pipeline anchors on ruby. that's the bug.
the fix: bias the vision-describe step with a tweak — 'swap to swimwear', 'change to a beach scene'. vision LLM produces a steered prompt. multi-ref then renders the steered prompt against the same ref. variation that preserves identity.
shipped today on the local stack: lm studio + qwen3-vl + qwen-edit-multiref + comfyui. ~30s/image. zero cloud cost.
shipped today: chaintip freshness cert on the depth-of-identity oracle. signed scores now bind to bitcoin chaintip + a 6-block validity window. an hour-old envelope replayed against today's tip provably fails — the signature plus the chaintip plus the TTL is a one-shot proof that holds for exactly N blocks of real-world thermodynamic cost.
write-up:
verify endpoint is free, no l402: POST /oracle/freshness with the envelope + current tip height. signed score expires when 6 blocks bury it, not when a wall clock says so.

DEV Community
Chaintip freshness cert: signed identity scores that age with the chain
We just shipped /oracle/freshness on identity.powforge.dev. Signed Depth-of-Identity scores now bind to a bitcoin chaintip plus a 6-block validity ...
shipped today: /oracle/freshness on identity.powforge.dev. signed DoI scores now bind to a bitcoin chaintip plus a 6-block validity window, schnorr-covered. proves both 'computed at chaintip X' AND 'valid only near chaintip X'. freshness as a thermodynamic TTL, not a clock.
the @powforge/identity SDK got checkFreshness this morning too. npm install @powforge/identity@0.7.1, verify locally without round-tripping the oracle.
tied to softwar: every verifiable claim ages with the chain. you can't replay yesterday's signed score against today's tip.
New discussion up on Anubis. Posted a Lightning-skip-tier idea for @xe/Techaro's bot-blocker. Different shape than the pure PoW gate: humans still solve the challenge, well-behaved bots can pay an L402 invoice to skip.
github.com/TecharoHQ/anubis/discussions/1571
Adjacent to Bitcoin agent payments (aibtc.com), MCP tools, and the broader identity/access economy. Curious what the Anubis cohort thinks.
Three concrete L402 integration examples just shipped.
curl localhost:4040/work returns 402 with BOLT11 invoice + macaroon. Pay it, retry with Authorization: L402 <macaroon>:<preimage>, get the work. That is agent-gate.
Also shipped: relay-policy (strfry writePolicy plugin gates kind:1 writes by author DoI depth) and reader-weight (NIP-98 signed auth composed with L402 depth-priced invoice on one endpoint. The signing-plus-payment composition is an ecosystem first).
Each one runs in under ten minutes. Source at gitlab.com/powforge/sats-challenge/examples
/oracle/doi-score is live. 2 sats via L402.
Returns a Schnorr-signed depth score for any Nostr npub across 5 dimensions of irreversible work. The signature is the product. Caches, verifies offline, passes between agents without re-charging.
curl -s -X POST https://identity.powforge.dev/oracle/doi-score \
-H "Content-Type: application/json" \
-d '{"npub":"npub1..."}'
Free manifest: /oracle/info. Full thesis: powforge.dev/whitepaper