HiveWidget is the customer-side trust layer for AI. Your LLM call stays where it is. After the response returns, the widget runs a 5-stage pipeline — COMPILE, COMPRESS, AMPLIFY, CERTIFY, WRITEBACK — and hands back an ML-DSA-65 (FIPS 204) post-quantum certificate. The cert binds prompt_hash, response_sha256, enrichment_sha256, tenant_did, and partner_id. Tamper with any of them and the signature breaks. Public verify, no shared secret.
One umbrella, one pipeline, five tools. Each tool answers one question a human actually asks. No marketing words you have to translate.
Squeezes prompts 3-4× before they hit the model. Same output quality. 60-76% token savings. Runs at CCACW stage 2.
Hardens prompts against negation attacks, jailbreak templates, hallucination triggers before send. Runs at CCACW stage 1.
Pulls your tenant’s corpus into the prompt at call time. Persistent memory. Runs at CCACW stage 3.
Zero-knowledge proof that the corpus content injected into a prompt is a genuine member of your committed corpus — without revealing what it is. Trustless attestation. Runs alongside CCACW stage 4.
Speculative coordinator. Predicts the LLM response, pre-stages the next AMPLIFY, pre-caches the next COMPRESS. Cuts pipeline latency 40% on existing hardware.
FEDERATION shares structural learning across tenants (gradients only, never content). MESH replicates the corpus to every edge PoP so Singapore traffic doesn’t round-trip to Virginia.
smsh is not a separate product — it is the service level. Think of it like card tiers. Same card, different included features.
COMPRESS only. Ed25519 receipt. Base inference savings.
COMPRESS + PQ-sealed receipt (ML-DSA-65 + SLH-DSA). Regulated workloads.
Full CCACW: COMPRESS + COMPILE + AMPLIFY + Certify + Writeback. Corpus moat.
Full CCACW + PQ-sealed envelope + VERIFY-ready. The full stack.
All tools + ORACLE + MESH + FEDERATION. Partner-resident instance. Your IAM, your corpus, Hyperscale overage on smshPQMax.
Full breakdown with Enterprise commit ladder (10% / 25% / 40% / 50% off at Hyperscale). /pricing/#inference
HiveWidget does not route your inference. It does not see your provider key. It does not change your latency budget. It sits next to your LLM call, hashes the inputs, runs five fast stages, and returns a signed certificate plus an enriched payload. Your customer’s data path stays exactly where it is. The only thing that changes is that every response is now provably yours, provably untampered, and provably attributed.
npm i @hivery/amplihive or pip install amplihive. Construct one client with your tenant DID. Wrap or sign. Done.
Fireworks, Cloudflare AI Gateway, OpenRouter, Together, OpenAI, Anthropic, Bedrock, vLLM, Ollama, your private cluster. We extract response text from any standard shape and sign whatever you handed us.
NIST-standardized lattice signatures. Sig 3,309 bytes, pubkey 1,952 bytes. Verifier needs nothing but the cert. No shared secret. No HSM dependency on the verifier side.
Total round-trip is ~6ms p95 plus the ML-DSA-65 sign (~60ms). Off your critical path. The customer’s LLM latency story is unchanged.
The widget canonicalizes the prompt + response, computes prompt_hash (SHA-256 over UTF-8 bytes after whitespace canonicalization) and response_sha256 (SHA-256 over the raw response bytes). Anyone re-deriving these from the original text will get a bit-identical match. This is the audit anchor.
prompt_hash "sha256:f8a3\u20269c1d" response_sha256 "sha256:b27e\u202641a8" // re-derive from text \u2192 byte-identical
Long phrases that appear in regulated workloads — legal review, financial analysis, healthcare summarization, code review — get reversibly compressed to single tokens. Honest reduction depends on prompt density:
Reduction is reported per-call. Customers see exactly what they saved.
tokens_in 119 tokens_out 26 token_reduction_pct 78.15
Every tenant gets a structurally-isolated corpus. AMPLIFY pulls the relevant prior facts, patterns, and prior signed responses for this tenant and threads them into the output as enrichment, with a confidence score. The enrichment is hashed into enrichment_sha256 and bound into the same signature. The corpus is yours alone — no cross-tenant bleed, ever.
enrichment_sha256 "sha256:97c4\u2026a0b1" confidence 0.87 corpus_hits_count 12
The payload — tenant DID, prompt hash, response hash, enrichment hash, partner ID, timestamp — is serialized canonically and signed under FIPS 204’s ML-DSA-65. Sig is 3,309 bytes. Pubkey is 1,952 bytes. Sign latency is ~60ms; verify is ~17ms. Public verify endpoint at POST /v1/amplify/verify — no shared secret, anyone can audit.
amplihive_overhead_p50 4.47 ms amplihive_overhead_p95 6.05 ms mldsa65_sign_ms 59.76 mldsa65_verify_ms 16.76
The certified response is written back into the tenant corpus. Every signed call makes the next one slightly smarter, slightly cheaper, and adds defensible switching cost. This is the tenant moat: the longer you run on HiveWidget, the more provably-yours your corpus becomes. Disable with writeback: false if you don’t want it.
writeback.id 8129 writeback.kind "signed_response" // future AMPLIFY draws from this
Most “trust” layers ship one of these. HiveWidget ships eight, signed under the same cert, in the same call.
ML-DSA-65 / FIPS 204. Quantum-safe. NIST-standardized. Public verify.
Per-tenant corpus, writeback default-on. Switching cost compounds per call.
25–78% reduction on dense domain prompts. Honest %, reported per call.
Output-side amplify from corpus + powers. Hashed into the same signature.
partner_id bound INSIDE the signed payload. Flip a byte, signature breaks.
3-case verify in the UI: clean, tampered response, tampered partner_id.
Pre-wired partner pages. Private label on the table. White-label SDK namespace negotiable.
Every signed call carries the partner ID. Share is a SQL query, not a reconciliation call.
Re-derivable. Hit POST /v1/amplify/bench against hivemorph.onrender.com and watch.
Everything that matters is signed. Tamper with any field below and verify returns signature_valid: false.
The most common. Customer keeps their provider key, calls their LLM, then calls hive.sign({ prompt, response }). Widget never sees the API key. Widget never routes inference.
hive.wrap(() => openai.chat.completions.create(req), { promptText }). The widget invokes the customer’s LLM function, extracts the response text, signs in one shot. One block of code instead of two.
// JS / TS — split mode (most common) import OpenAI from "openai"; import { AmpliHive } from "@hivery/amplihive"; const llm = new OpenAI({ apiKey: process.env.OPENAI_API_KEY }); const hive = new AmpliHive({ tenantDid: "did:hive:acme", apiKey: process.env.AMPLIHIVE_API_KEY, partnerId: "fireworks", // optional, bound into cert }); const prompt = "Draft a 3-clause SaaS indemnity."; const r = await llm.chat.completions.create({ model: "claude_sonnet_4_6", messages: [{ role: "user", content: prompt }], }); const text = r.choices[0].message.content; const cert = await hive.sign({ prompt, response: text }); // // cert.certificate.alg \u2192 "ML-DSA-65" // cert.certificate.payload.tenant_did \u2192 "did:hive:acme" // cert.certificate.payload.partner_id \u2192 "fireworks" // cert.compression.token_reduction_pct \u2192 78.15 (when dense) // cert.stages.{compile,compress,amplify,certify,writeback}
# Python — split mode import openai from amplihive import AmpliHive hive = AmpliHive( tenant_did="did:hive:acme", api_key=os.environ["AMPLIHIVE_API_KEY"], partner_id="cloudflare", # optional, bound into cert ) prompt = "Summarize this MRI report at the patient level." r = openai.chat.completions.create( model="gpt_5_5", messages=[{"role": "user", "content": prompt}], ) text = r.choices[0].message.content cert = hive.sign(prompt=prompt, response=text) # cert.certificate.alg \u2192 "ML-DSA-65" # cert.certificate.payload.partner_id \u2192 "cloudflare" # cert.compression \u2192 {"tokens_in": ..., "tokens_out": ..., "token_reduction_pct": ...}
# Python — HiveCompute mode (tier-routed, USDC-settled) from amplihive import HiveCompute hive = HiveCompute( tenant_did="did:hive:acme", api_key=os.environ["AMPLIHIVE_API_KEY"], wallet_key=os.environ["BASE_WALLET_KEY"], # pays 0.02 USDC per call ) # tier="T1_STANDARD" picks cheapest qualifying model (Claude Sonnet 4.6 today) # tier="T2_HIGH" routes to GPT-5.5 / Opus 4.7 / Gemini 3.1 Pro result = hive.complete( prompt="Audit this 1099 for ALCOA compliance.", tier="T2_HIGH", partner_id="alcoa-agentguard", ) # result.text \u2192 the response # result.model_used \u2192 "claude_opus_4_7" # result.cert.payload.tenant_did \u2192 "did:hive:acme" # result.cert.payload.counterparty_did \u2192 "did:eth:0x..." # result.cert.payload.price_atomic \u2192 20000 (0.02 USDC) # result.cert.alg \u2192 "ML-DSA-65"
The widget extracts response text from any standard shape and signs whatever you handed it. Bring your provider, keep your provider key, keep your latency budget.
The widget signs any provider you bring. When you route through HiveCompute, you get tier-based selection across seven frontier models from OpenAI, Anthropic, and Google. No open-weights filler, no random Llama forks, no gimmicks. Tier T0 for classification, T1 for standard agent work, T2 for audit-grade reasoning. Same signed cert at every tier.
Bring your own provider key in split mode and the widget never sees it. Route through HiveCompute and we pick the cheapest model that clears your tier, signed under ML-DSA-65, settled in USDC on Base.
Bank, hospital, gov, pharma, insurer, law firm, F500 procurement. Their CISO asks: “Can you prove this response wasn’t tampered? Can you prove it was generated for our tenant, not someone else’s?” HiveWidget is the yes.
Install & tryYour customers ask you for compliance. You don’t want to build a PQ signing infra. You don’t want to compete with your own customers’ trust layer. White-label HiveWidget. partner_id=you is in every cert. Revenue share is provable.
AI Gateway, MCP gateway, agent platform, RAG SaaS. You need the audit and provenance story to close enterprise. Bind partner_id=<your-platform> into every cert. Customer-side install, zero data exfil, full provenance.
By default the widget hashes inputs locally and posts the cleartext to /v1/amplify/sign so AMPLIFY can run against the tenant corpus. If you want hash-only mode (no body crosses the wire), pass amplify: false and you ship only hashes. The cert still signs the same fields.
No. The widget runs after your LLM returns. AmpliHive overhead is 4.47ms p50 / 6.05ms p95. ML-DSA-65 sign is ~60ms. Your customer sees the LLM response on the same TTFT as before; the cert arrives a fraction of a second later. If you want sealed-mode parallelism, use wrap().
partner_id tamper-proof?It’s a field inside the canonical payload that gets signed. Change it to any other value — even one character — and the ML-DSA-65 signature no longer verifies. You can’t forge a Fireworks-attributed cert without Fireworks’ signing key, because there isn’t a Fireworks signing key — the tenant key signs, and the partner_id is just bound into the payload alongside the hashes.
One POST to /v1/amplify/verify with the cert plus (optionally) the original prompt and response. Returns signature_valid: true|false and per-field hash-match booleans. No shared secret. No API key required. Anyone with the cert can audit.
Set writeback: false at client construction (or per-call skip_writeback: true). The cert is still issued. AMPLIFY still reads from your existing corpus. The new signed response just doesn’t append. Use this for ephemeral workloads or when the tenant corpus is read-only.
Quantum. ML-DSA-65 is NIST’s FIPS 204 standardized lattice-based signature, designed to be secure against quantum adversaries. Ed25519 is not. Federal procurement and serious enterprise procurement increasingly require PQ-ready cryptography. ML-DSA-65 gets you on that list. Ed25519 does not.
Yes. The widget doesn’t care which provider generated the response. Pass the text into sign(). Or pass an extract function to wrap() that pulls text out of your custom response shape. vLLM, Ollama, custom HTTP — all fine.
$0.06 per 1M signed calls. Partner share negotiable (default 30% in our calculators). For volume above 1B/month, contact us. Reseller terms.
Sign a real (prompt, response). Watch the 5-stage pipeline. Tamper the response. Tamper the partner_id. The signature breaks. That’s the close.