v0.1 — open source — MIT license

 ██╗  ██╗ █████╗ ████████╗ ██████╗██╗  ██╗ █████╗
 ██║  ██║██╔══██╗╚══██╔══╝██╔════╝██║  ██║██╔══██╗
 ███████║███████║   ██║   ██║     ███████║███████║
 ██╔══██║██╔══██║   ██║   ██║     ██╔══██║██╔══██║
 ██║  ██║██║  ██║   ██║   ╚██████╗██║  ██║██║  ██║
 ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝    ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝

Hyperfast Agent Test for Computational Heuristic Assessment

CAPTCHA proves you're human.
HATCHA proves you're not.

Get Started
scroll
The Problem

Agents need identity. CAPTCHA blocks them.

AI agents are becoming first-class users of the web. But every CAPTCHA treats them as threats. HATCHA flips the script — a verification challenge that's trivial for machines and impossible for humans. Gate agent-only features, verify automated workflows, or add a layer of computational proof to any interaction.

Stateless
No database required. HMAC-signed tokens.
Fast
Sub-second verification. No external API calls.
Extensible
Register custom challenge types at runtime.
Protocol

How it works

01
Challenge
Server generates a challenge and HMAC-signs it. The answer never leaves the server.
02
Solve
Agent receives the prompt and computes the answer. Trivial for machines, painful for humans.
03
Verify
Answer is verified server-side against the signed token. Stateless — no database needed.
hatcha://protocol-flow
Client                              Server
  │                                   │
  │  GET /api/hatcha/challenge        │
  │──────────────────────────────────►│
  │                                   │  Generate challenge
  │                                   │  Hash answer (SHA-256)
  │                                   │  HMAC-sign { hash, expiry }
  │  { challenge (no answer), token } │
  │◄──────────────────────────────────│
  │                                   │
  │  Agent solves the challenge       │
  │                                   │
  │  POST /api/hatcha/verify          │
  │  { answer, token }                │
  │──────────────────────────────────►│
  │                                   │  Verify HMAC signature
  │                                   │  Check expiry
  │                                   │  Compare answer hash
  │  { success, verificationToken }   │
  │◄──────────────────────────────────│
Challenge Types

5 built-in challenges

Each challenge is designed to be trivial for AI agents but painful for humans. Register your own custom types at runtime.

×math
5-digit × 5-digit multiplication
TTL 30s
string
Reverse a 60–80 char random string
TTL 30s
#count
Count a letter in ~250 characters
TTL 30s
sort
Find k-th smallest in 15 numbers
TTL 30s
01binary
Decode binary octets to ASCII
TTL 30s
Quickstart

Up and running in 3 minutes

01 — Install
terminal
$ npm install @mondaycom/hatcha-react @mondaycom/hatcha-server
02 — Add API Route
app/api/hatcha/[...hatcha]/route.ts
// One handler for both challenge + verify
import { createHatchaHandler } from "@mondaycom/hatcha-server/nextjs"

const handler = createHatchaHandler({
  secret: process.env.HATCHA_SECRET!,
});

export const GET = handler;
export const POST = handler;
03 — Add to Your App
app/layout.tsx
import { HatchaProvider } from "@mondaycom/hatcha-react"
import "@mondaycom/hatcha-react/styles.css"

export default function RootLayout({ children }) {
  return (
    <HatchaProvider>
      {children}
    </HatchaProvider>
  );
}
your-component.tsx
import { useHatcha } from "@mondaycom/hatcha-react"

function AgentGate() {
  const { requestVerification } = useHatcha();

  return (
    <button onClick={() => requestVerification(console.log)}>
      Enter Agent Mode
    </button>
  );
}
built bymonday.com