Monday.com released HATCHA, a reverse CAPTCHA that blocks humans while letting AI agents pass. The tool presents challenges like five‑digit multiplication, string reversal, character counting and binary decoding, all trivial for bots but tedious for people. HATCHA generates the puzzle server‑side, hashes the answer and returns an HMAC‑signed token, keeping the solution hidden from the client. Its stateless design also simplifies scaling across containers.

Developers can drop HATCHA into Next.js App Router or Express with a single import. A quickstart script installs @mondaycom/hatcha-react and @mondaycom/hatcha-server, creates an API route, wraps the root layout in a provider, and calls requestVerification to receive a token. Themes switch via CSS custom properties, supporting dark, light or auto modes. The middleware automatically validates tokens and rejects invalid attempts.

Stateless verification means no database is required; the signed token contains only a hashed answer and expiry timestamp. HATCHA ships five built‑in challenge types and lets developers register custom generators at runtime. The MIT‑licensed repo includes examples, contribution guidelines and full TypeScript typings, positioning it as a reusable defense for services that need to deter human abuse. Because challenges run in milliseconds, user experience remains smooth.