captcha-mcp vs x402-mcp vs AgentAuth vs Cloudflare ARC
Four ways to gate an MCP server against autonomous agents without OAuth, API keys, or accounts. All four landed in npm or as IETF drafts in the last twelve months. They occupy adjacent — but different — lanes, and most teams pick the wrong one because the comparison page does not exist until now. This is that page. Pure documentation, no outreach. If a fit exists, it should be obvious by the end of the table.
x402-mcp (the npm package described in Vercel's launch blog) is a clean payment-per-call wrapper on x402.
@agentauth/mcp is a real per-agent identity layer.
Cloudflare ARC/ACT is the IETF Privacy Pass family arriving as a standards-track
anonymous rate-limiter for AI traffic. None of these are wrong. They serve different
buyers. The wedge for @powforge/captcha-mcp is the buyer who wants a free
tier paid in CPU-seconds with a Lightning skip for paying agents —
no USDC, no Base wallet, no platform-issued credential.
@powforge/captcha-mcp occupies is the intersection of three properties:
free PoW tier
Lightning paid skip
MCP-native transport
— confirmed unoccupied by any other public npm package or IETF draft as of 2026-05-13.
How the four primitives compare
| Property | @powforge/captcha-mcp | x402-mcp | @agentauth/mcp | Cloudflare ARC/ACT |
|---|---|---|---|---|
| Free tier | Yes — PoW solve (~5–10 s CPU) | No — every call paid | No — every call paid | Yes — but issued by AI platform, not earned |
| Paid tier rail | Bitcoin Lightning (L402, 3 sats) | USDC on Base (x402) | USDC on Base/Ethereum (x402) | n/a — credential, not payment |
| Identity model | Optional Nostr key + Schnorr-signed DoI score | None — wallet address only per call | Stable Ed25519 UUID per agent | Anonymous credential token (platform-issued) |
| MCP transport | stdio + HTTP-streamable | stdio + HTTP-streamable | stdio | Demo only — not packaged as MCP server |
| License | MIT | MIT | MIT | IETF draft (Privacy Pass WG); Cloudflare impl proprietary |
| Install command | npx -y @powforge/captcha-mcp |
npm i x402-mcp (unscoped) |
npx -y @agentauth/mcp |
No npm package; platform integration |
| npm package | @powforge/captcha-mcp |
x402-mcp |
@agentauth/mcp |
n/a |
| Source | github.com/zekebuilds-lab/captcha-mcp | github.com/ethanniser/x402-mcp | github.com/substrates-ai/mcp-gateway | IETF Privacy Pass WG |
| Settlement chain | Bitcoin (off-chain via Lightning) | Base (L2 Ethereum) | Base / Ethereum | None — credentials, not payments |
| Free-tier mechanism | SHA-256 PoW solve, server-verified | n/a | n/a | Platform issuer mints credential to recognised AI client |
| MCP tools exposed | 3 — challenge, verify, status |
n+1 — your tools + paidTool({price}) wrapper |
n — wrap your tools behind UUID + x402 gate | n/a |
| Smoke command | npx -y @powforge/captcha-mcp --http & curl localhost:3200/sse |
npx x402-mcp && mcp-inspect |
npx -y @agentauth/mcp --help |
Cloudflare-side integration only |
Cells marked "n/a" indicate the property does not apply to that primitive's design, not that the primitive is weaker. Cloudflare ARC/ACT is a credential-issuance layer, not a payment rail; comparing settlement chain or smoke install command is category-mismatched but useful to know up front.
Three commands, three lanes
# captcha-mcp — PoW free tier, Lightning paid skip npx -y @powforge/captcha-mcp # x402-mcp — pay-per-call USDC, no free tier (Vercel blog primitive) npm install x402-mcp # then wrap your tools: paidTool({ price: '$0.001', ... }) # agentauth-mcp — Ed25519 UUID + per-call USDC npx -y @agentauth/mcp
Cloudflare ARC/ACT is not a one-liner — it is a Privacy Pass issuer/verifier handshake baked into a platform's edge. If you operate behind Cloudflare and your callers are AI platforms that already speak Privacy Pass, you can adopt it via Cloudflare's Private Rate Limiting product; it is not a drop-in npm dependency the way the three packages above are.
When to pick which
captcha-mcp
You want a free tier so casual or one-off agents can try the tool without writing a check. You speak Bitcoin / Lightning natively, and your paid tier should be 3-sat invoices, not USDC. Identity is optional and additive.
x402-mcp
You already ship on Vercel or Next.js. Your buyers hold USDC on Base. Pay-per-call is the model and a free tier would be abused. The paidTool({price}) wrapper is the most ergonomic surface you will find on the EVM side.
AgentAuth
You need a stable per-agent identifier alongside payment — the UUID lets you ban, throttle, or whitelist by agent across sessions. EVM-native, same x402 wire format as Vercel's package, plus the identity field.
Cloudflare ARC/ACT
You operate at the edge behind Cloudflare and your callers are AI platforms that participate in Privacy Pass issuance (OpenAI, Anthropic, etc). Anonymous rate-limiting without identity, no payment rail. Standards-track, not vendor-locked.
Why a free PoW tier is its own category
The other three primitives all require something the caller already owns — a USDC balance, a registered wallet, or a credential issued by a participating platform. PoW requires only CPU time, and any agent that runs code has CPU. That makes the free tier the lowest-onboarding surface in the comparison: a fresh agent script can solve a 14-bit SHA-256 in 5–10 seconds and call the tool without ever holding a token.
The trade is honesty about volume. PoW does not stop a determined attacker — it prices the attack. A 14-bit difficulty SHA-256 costs the attacker the same CPU-seconds it costs a legit caller; what changes is the marginal cost of thousands per second vs tens per minute. Pair the PoW tier with a 3-sat Lightning skip for callers whose CPU is worth more than their sats, and you get both lanes priced on the same gate.
Why Lightning and not USDC for the paid tier? Sub-second final settlement, no bank account either side, no L2 gas, no token approval flow. For 3-sat tools the EVM detour (acquire USDC, sign approval, pay gas) is structural friction the same size as the payment itself. L402 plus Lightning is the only rail where the toll is smaller than the ceremony.
Why this is not a takedown. If your buyers already hold USDC on Base or
already sit behind Cloudflare's Privacy Pass-aware edge, you are not the buyer for
captcha-mcp, and that is fine. The lanes do not collide on the same call —
they collide on which world the operator lives in.
Three primitives price the call. One prices the work — in CPU-seconds or sats, the agent's choice.
Add the free-PoW + Lightning-skip tier
Drop-in MCP server. Three tools over stdio or HTTP. Stdlib only. No accounts, no API keys.
npx -y @powforge/captcha-mcp
Sources: Vercel — Introducing x402-mcp · Cloudflare — Private Rate Limiting · IETF Privacy Pass WG · MCP spec 2025-11-25. Comparison data verified against npm registry on 2026-05-13. If a fact has changed since publish, open an issue on the captcha-mcp repo.