Your MCP server is getting hammered by agents you didn't authorize. A free tier is open to the world. A premium tool is one runaway loop away from torching your LLM budget. You need a gate.
So I went shopping. Four projects ship something that calls itself an MCP gate today. I wired each one against a test server, ran a handful of tool calls through it, and wrote down what hurt.
Here's the honest comparison.
PayGated (paygated.dev)
This is the closest thing captcha-mcp has to a named competitor. PayGated wraps MCP tools with a Stripe-backed payment gate. Self-hosted, MIT-licensed, "no monthly SaaS bills." It's a clean piece of work.
The catch is Stripe itself. To accept payment, you need a Stripe account in good standing, which means KYC, a bank, and a country Stripe operates in. Your callers need a Stripe customer record too, so every agent identity needs an email and a card on file before it can pay you a dime.
PayGated does OAuth 2.1 + PKCE for the auth half and machine-to-machine flow for headless agents. That works if your callers can hold an API key. It's also the only one in this list with a real revenue model out of the box if you're already inside the Stripe ecosystem.
Good fit: US-based MCP devs whose callers are corporate agents with billing relationships.
Bad fit: anonymous agents, weekend-project monetization, anyone outside Stripe's footprint.
APort (aport.io)
APort isn't really a gate. It sits in front of the gate. The pitch is "verifiable credentials for AI agents" using W3C VC standards. An agent presents a passport, APort checks the signature against a registry, your MCP server reads the verification result from a pre-tool hook and decides whether to run the tool.
That's a different layer of the stack. APort answers "who is this agent." It doesn't answer "did they pay" or "should I rate-limit them." You'd compose APort with something else that does the metering.
This is less a competitor and more a partnership shape. If you're already paying per call with captcha-mcp, APort's audit log could record who paid for what under whose authority. Worth a look if your buyers care about provenance more than monetization.
Good fit: enterprise contexts where auditors will ask which agent did what.
Bad fit: you just want to stop abuse and don't have a passport infrastructure problem yet.
AgentSign (agentsign.dev)
AgentSign is the Ed25519-passport flavor of the same identity layer. Every agent gets a signed identity document. The server verifies the signature, looks up a trust score, gates the tool on that score. Clean cryptographically, but again, it's identity not metering.
There's no payment rail and no abuse-prevention mechanism if a signed agent decides to hammer your endpoint legitimately. The trust score is the only knob. That's a different product than "charge me 10 sats and let me through."
I'd use it if I were building a multi-agent system and needed a who-signed-this layer. I would not use it to stop a runaway loop.
Good fit: multi-agent systems with reputation tracking.
Bad fit: rate-limiting, micropayments, anything where you want the abuser to pay the cost of abuse.
captcha-mcp (the one I'm shipping)
This is the project I work on, so call this biased. The pitch: gate any MCP tool with proof-of-work for free callers and a 10-sat Lightning invoice for callers who want to skip the CPU work. No Stripe account on either side. No KYC. No user database.
const { PayMCP } = require('paymcp');
const { CaptchaPowProvider } = require('@powforge/captcha-paymcp-provider');
const { LnbitsPaymentProvider } = require('@powforge/paymcp-l402-provider');
PayMCP(mcp, {
providers: [
new CaptchaPowProvider({ captchaUrl: 'https://captcha.powforge.dev' }),
new LnbitsPaymentProvider({ lnbitsUrl: process.env.LNBITS_URL, lnbitsApiKey: process.env.LNBITS_KEY, satsAmount: 10 }),
],
});
Tag a tool with { _meta: { price: 1 } } and it's gated. PoW path grinds a SHA-256 challenge in a few seconds of CPU. Lightning path mints a BOLT11 invoice and waits for the preimage. The calling agent picks whichever it can satisfy.
The reason I built it this way: Stripe's KYC wall is fine for US SaaS but it kills the long tail. A solo dev in any country can spin up an LNBits wallet in a minute and start collecting sats. An agent author can fund a Lightning wallet with $1 and make 10,000 calls. Nobody's filling out a W-9.
Good fit: anonymous agents, public APIs, micropayment-per-call, anyone outside Stripe's footprint.
Bad fit: enterprise customers who want a credit card receipt, high-throughput callers who can't afford the PoW seconds.
The decision
If your callers are corporate agents with billing relationships, PayGated. If they're anonymous and you want to monetize the long tail without paperwork, captcha-mcp. If your problem is "who is this agent" and not "did they pay," APort or AgentSign sit at a different layer and you'll probably end up running one of them next to a payment gate, not instead of one.
I picked PoW plus Lightning because it's the only path I've seen that works for a developer in Argentina, a research bot in a CI pipeline, and a side-project MCP server that doesn't want a Stripe account. Your tradeoffs may land you somewhere else. Just know which gate you're picking and why.
@powforge/captcha-mcp on npm: https://www.npmjs.com/package/@powforge/captcha-mcp
Hosted captcha server: https://captcha.powforge.dev
Top comments (0)