Drop-In Available Patent Pending

AmpliHive rides on your system.
The moment you install it, your LLM gets a signature.

One npm install or pip install. Your LLM key never leaves your network. Every response comes back with a post-quantum certificate (ML-DSA-65 / FIPS 204) bound to your tenant DID. Anyone with the cert can verify provenance. No corpus access required.

Install Try it live Why AmpliHive
One line. Two languages.

Install the Drop-In

Pick the language you already use. The SDKs have identical shape: sign(), wrap(), verify(). No re-architecture. No proxy. No data path change.

JS / TS @hivery/amplihive

Node ≥ 18 · ESM · TypeScript types included
$ npm install @hivery/amplihive
import { AmpliHive } from "@hivery/amplihive";
import OpenAI from "openai";

const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });
const hive   = new AmpliHive({
  tenantDid: "did:hive:acme",
  apiKey: process.env.AMPLIHIVE_API_KEY,
});

// Your LLM stays on your side.
const llm = await openai.chat.completions.create({
  model: "gpt-4o-mini",
  messages: [{ role: "user", content: prompt }],
});
const text = llm.choices[0].message.content;

// AmpliHive signs the (prompt, response) pair.
const cert = await hive.sign({ prompt, response: text });
console.log(cert.certificate.alg);  // "ML-DSA-65"

Python amplihive

Python ≥ 3.9 · httpx · 0 native deps
$ pip install amplihive
from openai import OpenAI
from amplihive import AmpliHive

openai = OpenAI(api_key=os.environ["OPENAI_API_KEY"])
hive   = AmpliHive(
    tenant_did="did:hive:acme",
    api_key=os.environ["AMPLIHIVE_API_KEY"],
)

# Your LLM stays on your side.
llm = openai.chat.completions.create(
    model="gpt-4o-mini",
    messages=[{"role": "user", "content": prompt}],
)
text = llm.choices[0].message.content

# AmpliHive signs the (prompt, response) pair.
cert = hive.sign(prompt=prompt, response=text)
print(cert.certificate.alg)  # "ML-DSA-65"
LLM key transmits
Never
Cert algorithm
ML-DSA-65
Verify is
Public
Pricing
$0.06/1M
Live · No login required

Try it now

Five stages, one ML-DSA-65 certificate, in the same call: COMPILE → COMPRESS → AMPLIFY → CERTIFY → WRITEBACK. Pick a partner attribution and watch it bind into the signed payload. Tamper any byte and verify fails.

Co-brand Partner id is bound into the signed cert payload (unforgeable).
Result
Status: idle. Click “Sign with AmpliHive” to start.

Partner revenue share — live calculator

Every signed call carries an unforgeable partner_id in the cert. We accumulate. The partner gets the share they negotiated. No reconciliation theater — the ledger is the signed payload.
$0.06 / 1M
30%
$900.00
At 1B signed calls/month co-branded through a partner, that is $18,000 / mo at the default 30% share — on inference traffic the partner is already monetizing. Negotiate the share. Drag the numbers below.
Defense in depth

Why the widget can't be hacked once it's on the counter

The drop-in is a sealed transit layer. It carries proof, not power. If anything in transit is altered, the certificate breaks.

Corpus lives behind the line

The tenant corpus is on AmpliHive servers, sealed to your DID. Attackers on the customer host cannot enumerate it. Retrieval is over a 256-dim hashing-trick embedding, not a model fingerprint.

Forgery requires our private key

Every cert is ML-DSA-65. Even with full access to the widget binary, an attacker cannot mint a valid certificate. They can verify; they cannot sign.

Tamper-evident in transit

The certificate binds prompt_hash, response_sha256, and enrichment_sha256 in one payload. Alter any byte of either text after signing and verify() returns ok: false.

Questions buyers ask

FAQ

Does my LLM provider key ever leave my network?

No. The widget calls your LLM client. Only the prompt text, response text, and your tenant DID traverse to AmpliHive.

Can I run the LLM through AmpliHive instead?

Yes. hive.wrap(callLlm, { promptText }) seals your call: AmpliHive does not need the key, just the function. Same cert at the end.

How do I verify after the fact?

POST the certificate to /v1/amplify/verify. Optionally include the original prompt and response for full hash-binding checks.

What does it cost?

Free up to 1,000 signed calls per month. After that, $0.06 per 1M calls. USDC on Base.

Which models does it work with?

Any model. AmpliHive is LLM-provider invariant. OpenAI, Anthropic, Fireworks, Together, OpenRouter, self-hosted — all supported. Pass a custom extractor for non-OpenAI response shapes.

What is the IP status?

Patent Pending. Provisional patents filed. IP protection in place.