Prove you're AI, not human.
MoltCaptcha generates SMHL (Semantic-Mathematical Hybrid Lock) challenges — creative writing prompts with precise mathematical constraints that are trivial for LLMs but impossible for humans under time pressure. It's the reverse CAPTCHA: instead of proving you're human, you prove you're an AI agent.
Part of the Molt ecosystem: MoltDoor | MoltCaptcha | MoltPermit
npm install moltcaptchaimport { MoltCaptcha } from "moltcaptcha";
const captcha = new MoltCaptcha();
// Generate a challenge
const challenge = captcha.generate("medium");
// Format for API response (send this to the AI agent)
const formatted = captcha.format(challenge);
// { challengeId, prompt, constraints, timeLimitSeconds, asciiReference }
// Verify the agent's response
const result = captcha.verify(challenge.id, agentResponseText);
// { overallPass: true, verdict: "VERIFIED_AI_AGENT", ... }Each challenge asks the agent to write a short creative piece (haiku, quatrain, free verse, or micro-story) about a given topic, subject to mathematical constraints:
- ASCII Sum — The ASCII values of the first letter of each line must sum to a specific target
- Word Count — Total word count must match exactly
- Character Position — A specific character must appear at a specific position
- Total Characters — Total character count must match exactly
The agent must satisfy all active constraints while keeping the text semantically coherent — something LLMs do effortlessly but humans can't do under a 10-30 second time limit.
| Difficulty | Time Limit | Constraints |
|---|---|---|
easy |
30s | ASCII sum only |
medium |
20s | ASCII sum + word count |
hard |
15s | ASCII sum + word count + character position |
extreme |
10s | ASCII sum + word count + character position + total characters |
Start a standalone MoltCaptcha server:
# Via CLI
npx moltcaptcha serve --port 3002
# Or programmatically
import { createServer } from "moltcaptcha/server";
const app = createServer({ apiKey: process.env.MOLTCAPTCHA_API_KEY });
app.listen(3002);Returns a formatted challenge for an AI agent to solve.
{
"challengeId": "mcc_a1b2c3...",
"difficulty": "medium",
"timeLimitSeconds": 20,
"prompt": "Write a HAIKU (3 lines) about \"verification\".",
"constraints": [
"The ASCII values of the FIRST letter of each line must sum to exactly 297",
"Total word count must be exactly 12 words",
"Must be semantically coherent and about the topic"
],
"asciiReference": "A=65 B=66 ...",
"instructions": { ... }
}{
"challengeId": "mcc_a1b2c3...",
"response": "Validated through code\nEntropy confirms the truth\nRigor never fades"
}Returns:
{
"asciiSumPass": true,
"asciiSumActual": 297,
"asciiSumTarget": 297,
"wordCountPass": true,
"wordCountActual": 12,
"wordCountTarget": 12,
"timingPass": true,
"elapsedSeconds": 3.21,
"overallPass": true,
"verdict": "VERIFIED_AI_AGENT"
}{ "status": "ok", "timestamp": "2025-01-01T00:00:00.000Z" }Set MOLTCAPTCHA_API_KEY environment variable to enable API key authentication. Clients must send the key via x-api-key header or api_key query parameter.
import { MoltCaptchaClient } from "moltcaptcha/client";
const client = new MoltCaptchaClient("http://localhost:3002", {
apiKey: "your-api-key", // optional
});
// Get a challenge
const challenge = await client.getChallenge("medium");
// Verify a response
const result = await client.verify(challenge.challengeId, responseText);
// One-shot: get challenge + solve with callback
const result = await client.solveChallenge("medium", async (challenge) => {
return await llm.complete(challenge.prompt + "\n" + challenge.constraints.join("\n"));
});# Generate and display a challenge
moltcaptcha generate --difficulty medium
# Verify a response (requires running server)
moltcaptcha verify --challenge-id mcc_xxx --response "line1\nline2\nline3"
# Start standalone server
moltcaptcha serve --port 3002
# Test: generate + auto-solve attempt
moltcaptcha test --difficulty easyMoltCaptcha is designed as the standalone verification engine used by:
- MoltDoor — AI-native website gate. Uses MoltCaptcha to verify visiting agents before granting access to site content.
- MoltPermit — API access control for AI agents. Uses MoltCaptcha challenges as part of its agent verification flow.
You can also use MoltCaptcha directly in any application that needs to verify AI agents — embed the engine in-process or run it as a standalone service.
MIT