PowForge vs Sats4AI
Sats4AI runs a clean L402 server: 10-minute macaroons, Lightning preimage proof, no accounts, no KYC.
The wire format is correct. The abuse model is not. Sats4AI's own documentation
spells out the gap, and that gap is exactly what @powforge/mcp-l402-gate closes.
"The system provides no persistent per-agent identity — only stateless payment-proof authentication. This means autonomous agents cannot build reputation or receive preferential treatment across sessions."Source: sats4ai.com/l402 documentation (also confirmed via Glama listing, May 2026).
How Sats4AI and PowForge compare
| Feature | PowForge mcp-l402-gate | Sats4AI |
|---|---|---|
| L402 per-call billing | Yes | Yes |
| Lightning Network native | Yes | Yes |
| Open source, self-hostable | Yes (MIT) | Yes (open spec, hosted SaaS) |
| Agent identity score | Schnorr-signed Depth-of-Identity per pubkey | None |
| Persistent reputation across sessions | Yes — DoI score persists per Nostr pubkey | None — stateless macaroon only |
| First-call abuse protection | Yes — minScore threshold rejects fresh wallets | Post-hoc refund-bucket fee only |
| Threshold-gated access (reject score < N) | Yes — single config field minScore |
Not available |
| Drop-in middleware for any MCP server | Yes — Express + MCP tool factory | Hosted service, not a middleware |
Sats4AI's failure-bucket fee ("first 2 failures free, then 2-sat penalty per refund") is a payment-side post-hoc deduction, not a pre-call identity check. A fresh wallet pays the same toll as a 6-month-old one until the operator stops letting them.
Five-line integration
npm install @powforge/mcp-l402-gate
const { mcpL402Middleware } = require('@powforge/mcp-l402-gate');
const gate = mcpL402Middleware({ satsAmount: 10, minScore: 10 });
app.use('/api/your-tool', gate, handler);
// Caller pays 10 sats AND has a DoI score >= 10. Cheap sybils bounce.
Set minScore: 0
to skip the identity check entirely (pure L402, same shape as Sats4AI). Set
minScore: 40
for tools that burn real GPU.
Why identity matters when you sell tool calls
Under bare L402, a throwaway wallet pays the same as a trusted agent. Both produce a valid macaroon, both settle a real invoice, both look identical at the wire. Sats4AI's own documentation acknowledges this: agents cannot build reputation across sessions, and operators cannot give preferential treatment to known callers.
Identity scoring lets you charge differently per caller reputation, gate expensive tools by trust tier, or reject low-score callers entirely. The toll alone catches volume; toll plus reputation catches the determined attacker who would happily pay 10 sats from a fresh node every minute to drain your GPU budget.
The score itself is a Schnorr-signed Depth-of-Identity attestation tied to a Nostr pubkey, computed from observable irreversible work across four dimensions. Non-transferable by construction — the rails are Nostr keys plus a chaintip cert, so an attacker cannot buy a 6-month-old reputation token from another wallet the way they can with transferable ERC-8004 NFTs.
Add the identity layer
Drop-in npm middleware. Same L402 wire format as Sats4AI, plus the missing reputation gate.
npm install @powforge/mcp-l402-gate