Captcha proves you're human. HATCHA proves you're not

CAPTCHA proves you're human. HATCHA proves you're not.

HATCHA (Hyperfast Agent Test for Computational Heuristic Assessment) is a reverse CAPTCHA that gates access behind challenges trivial for AI agents but painful for humans — large-number multiplication, string reversal, binary decoding, and more.

1. Install npm install @mondaycom/hatcha-react @mondaycom/hatcha-server 2. Add the API route // app/api/hatcha/[...hatcha]/route.ts import { create Hatcha Handler } from "@mondaycom/hatcha-server/nextjs"; const handler = createHatchaHandler({ secret: process.env.HATCHA_SECRET!, }); export const GET = handler; export const POST = handler; 3. Wrap your layout // app/layout.tsx import { HatchaProvider } from "@mondaycom/hatcha-react"; import "@mondaycom/hatcha-react/styles.css"; export default function RootLayout({ children }) { return ( <html lang="en"> <body> <HatchaProvider>{children}</HatchaProvider> </body> </html> ); } 4. Trigger verification "use client"; import { useHatcha } from "@mondaycom/hatcha-react"; function AgentModeButton() { const { requestVerification } = useHatcha(); return ( <button onClick={() => requestVerification((token) => { console.log("Agent verified!", token); }) } > Enter Agent Mode </button> ); } 5. Set your secret # .env.local HATCHA_SECRET=your-random-secret-here How it works Client Server │ │ │ GET /api/hatcha/challenge │ │────────────────────────────────►│ │ │ Generate challenge │ │ Hash answer │ │ HMAC-sign { hash, expiry } │ { challenge (no answer), token } │◄────────────────────────────────│ │ │ │ Agent solves the challenge │ │ │ │ POST /api/hatcha/verify │ │ { answer, token } │ │────────────────────────────────►│ │ │ Verify HMAC signature │ │ Check expiry │ │ Compare answer hash │ { success, verificationToken } │ │◄────────────────────────────────│ The answer never reaches the client. The signed token is opaque and contains only a hashed answer + expiry. Verification is stateless — no database needed.