Drop-In Available Patent Pending

AmpliHive rides on your system.
Install it, and your LLM starts getting a signature.

One npm install or pip install. Your LLM key never leaves your network. Every response comes back with a post-quantum certificate (ML-DSA-65, the government's post-quantum signature standard under FIPS 204) bound to your tenant DID. Anyone with the cert can check where the response came from. No corpus access required.

One line. Two languages.

Install the Drop-In

Pick the language you already use. Both SDKs work the same way: sign(), wrap(), verify(). No rebuilding your architecture. No proxy. No change to your data path.

JS / TS @hivery/amplihive

Node ≥ 18 · ESM · TypeScript types included
$ npm install @hivery/amplihive
import { AmpliHive } from "@hivery/amplihive";
import OpenAI from "openai";

const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });
const hive   = new AmpliHive({
  tenantDid: "did:hive:acme",
  apiKey: process.env.AMPLIHIVE_API_KEY,
});

// Your LLM stays on your side.
const llm = await openai.chat.completions.create({
  model: "gpt-4o-mini",
  messages: [{ role: "user", content: prompt }],
});
const text = llm.choices[0].message.content;

// AmpliHive signs the (prompt, response) pair.
const cert = await hive.sign({ prompt, response: text });
console.log(cert.certificate.alg);  // "ML-DSA-65"

Python amplihive

Python ≥ 3.9 · httpx · 0 native deps
$ pip install amplihive
from openai import OpenAI
from amplihive import AmpliHive

openai = OpenAI(api_key=os.environ["OPENAI_API_KEY"])
hive   = AmpliHive(
    tenant_did="did:hive:acme",
    api_key=os.environ["AMPLIHIVE_API_KEY"],
)

# Your LLM stays on your side.
llm = openai.chat.completions.create(
    model="gpt-4o-mini",
    messages=[{"role": "user", "content": prompt}],
)
text = llm.choices[0].message.content

# AmpliHive signs the (prompt, response) pair.
cert = hive.sign(prompt=prompt, response=text)
print(cert.certificate.alg)  # "ML-DSA-65"
LLM key transmits
Never
Cert algorithm
ML-DSA-65
Verify is
Public
Pricing
$0.06/1M
Live · No login required

Try it now

Five stages, one ML-DSA-65 certificate, in the same call: COMPILE, COMPRESS, AMPLIFY, CERTIFY, WRITEBACK. Pick a partner attribution and watch it bind into the signed payload. Tamper any byte and verify fails.

Co-brand Partner id is bound into the signed cert payload (unforgeable).
Result
Status: idle. Click “Sign with AmpliHive” to start.

Partner revenue share: live calculator

Every signed call carries an unforgeable partner_id in the cert. We accumulate. The partner gets the share they negotiated. No reconciliation theater. The ledger is the signed payload.
$0.06 / 1M
30%
$900.00
At 1B signed calls/month co-branded through a partner, that comes to $18,000 / mo at the default 30% share, on inference traffic the partner is already monetizing. Negotiate the share. Drag the numbers below.
Defense in depth

Why the widget can't be hacked once it's on the counter

The drop-in is a sealed transit layer. It carries proof, not power. If anything in transit gets altered, the certificate breaks.

Corpus lives behind the line

The tenant corpus lives on AmpliHive servers, sealed to your DID. Attackers on the customer host can't enumerate it. Retrieval runs over a 256-dim hashing-trick embedding, not a model fingerprint.

Forgery requires our private key

Every cert is ML-DSA-65. Even with full access to the widget binary, an attacker can't mint a valid certificate. They can verify one. They can't sign one.

Tamper-evident in transit

The certificate binds prompt_hash, response_sha256, and enrichment_sha256 in one payload. Alter any byte of either text after signing and verify() returns ok: false.

Questions buyers ask

FAQ

Does my LLM provider key ever leave my network?

No. The widget calls your LLM client. Only the prompt text, response text, and your tenant DID traverse to AmpliHive.

Can I run the LLM through AmpliHive instead?

Yes. hive.wrap(callLlm, { promptText }) seals your call: AmpliHive does not need the key, just the function. Same cert at the end.

How do I verify after the fact?

POST the certificate to /v1/amplify/verify. Optionally include the original prompt and response for full hash-binding checks.

What does it cost?

Free up to 1,000 signed calls per month. After that, $0.06 per 1M calls. USDC on Base.

Which models does it work with?

Any model. AmpliHive works the same way no matter which LLM provider you use: OpenAI, Anthropic, Fireworks, Together, OpenRouter, self-hosted, all supported. Pass a custom extractor for non-OpenAI response shapes.

What is the IP status?

Patent Pending. Provisional patents filed. IP protection in place.