PowForge vs AgentAuth
AgentAuth ships a payment-enabled MCP gateway with a clean Ed25519 self-authenticating UUID.
The shape is right: pay-per-call plus a stable per-agent identifier. The
rails are different, and so is what the identity actually means
after the second call. AgentAuth runs on x402 / USDC / Base with a transferable key.
@powforge/mcp-l402-gate runs on Lightning with a
continuous identity score that compounds across sessions — the same caller pays
a lower effective toll over time.
AgentAuth is a solid project. @agentauth/mcp has been on npm since June 2025,
open-source MIT, and it solves a real problem: pay-per-call MCP without a backend session.
This is not a takedown. If you are already on EVM rails — Coinbase AgentKit,
Base, x402 — AgentAuth fits that stack. PowForge fits a different one: Bitcoin-native
operators who want Lightning settlement and an identity layer that is non-transferable and
gets sharper the longer a caller sticks around.
How AgentAuth and PowForge compare
| Feature | PowForge mcp-l402-gate | AgentAuth (@agentauth/mcp) |
|---|---|---|
| Payment rail | Bitcoin Lightning (L402 macaroon + LNBits) | x402 / USDC on Base & Ethereum |
| Settlement | Instant, final, no bank account | EVM wallet + USDC custody required |
| Key binding | Nostr key + chaintip cert (non-transferable) | Ed25519 keypair (wallet-exportable, transferable) |
| Identity persistence | Score persists; reputation accrues to the key | Stable UUID per session, no behavioral state |
| Continuous scoring | Yes — DoI 0-100, 5-dim, Schnorr-signed | No — UUID is binary same/different |
| Reputation that compounds | Yes — same caller pays less over time | No — every call priced identically |
| Sybil resistance | NIP-89 vouch graph + chaintip anchor | Per-call payment is the only deterrent |
| Self-hostable | Fully (MIT, drop-in Express middleware) | Gateway is open; some server components closed |
| Open source | Yes — MIT, all packages | Yes — MIT (gateway repo) |
| Language / ecosystem | Node.js + npm — Bitcoin / Lightning / Nostr | Node.js + npm — EVM / Coinbase AgentKit / x402 |
| npm package | @powforge/mcp-l402-gate |
@agentauth/mcp |
| First-call abuse cap | Yes — minScore threshold rejects fresh keys |
Per-call USDC payment only |
AgentAuth's per-call USDC payment is real friction for adversaries — but it is the same friction for everyone. A fresh wallet pays the same as a 6-month-old caller. Continuous scoring lets you charge less to known-good callers without lowering the floor for unknown ones.
Five-line integration on the Lightning side
npm install @powforge/mcp-l402-gate
const { mcpL402Middleware } = require('@powforge/mcp-l402-gate');
const gate = mcpL402Middleware({ satsAmount: 10, minScore: 10 });
app.use('/api/your-tool', gate, handler);
// Caller pays 10 sats (Lightning) AND has a DoI score >= 10.
// Repeat callers accrue score; you can tier them lower over time.
Same shape as @agentauth/mcp:
drop-in middleware, no backend session. The wedge is the rail (Lightning vs USDC) and the
identity model (continuous score vs stable UUID). Set
minScore: 0
to skip identity entirely (pure L402, closest direct comparison to AgentAuth's per-call shape).
Why a continuous score beats a stable UUID
AgentAuth's UUID answers one question: is this the same agent as last time? That is enough to deduplicate, enough to throttle, enough to ban. It is not enough to price. Two agents with the same UUID-age look identical at the wire, even if one has been calling cleanly for 90 days and the other was minted last hour.
A continuous score answers a different question: how much trust has this key earned? The Depth-of-Identity oracle computes a 0-100 score across five dimensions (Nostr WoT depth, chain anchor age, vouch density, behavioral history, Lightning settlement track record), Schnorr-signs it, anchors freshness to the Bitcoin chaintip. A repeat caller gets cheaper calls. A fresh wallet gets the floor.
Non-transferable by construction. AgentAuth's Ed25519 key is structurally transferable — it can be exported, sold, or rotated, and the new holder inherits the UUID cleanly. The PowForge identity binding uses a Nostr key plus a chaintip cert, so an attacker cannot buy a 6-month-old reputation token from another wallet the way they can with transferable ERC-8004 NFTs or wallet-exportable keypairs.
Lightning rails are not a feature flag. If your buyer base is Bitcoin-native — paid podcasts, sats-priced API surfaces, agent-to-agent settlement — the EVM detour (acquire USDC, hold a Base wallet, pay gas) is real friction. Lightning settlement is sub-second, final, and needs no bank account on either side.
AgentAuth answers "same agent?" PowForge answers "how trusted?" — and prices the call accordingly.
Add Lightning rails + a score that compounds
Drop-in npm middleware. Bitcoin Lightning settlement, non-transferable identity, continuous DoI score.
npm install @powforge/mcp-l402-gate