append-only · publicly auditable · BLAKE3-merkle
Hive Transparency Log

The public Merkle log for every signed agent receipt.

Certificate Transparency, for AI agents. Every Hive receipt minted anywhere — across any rail, any chain, any model — is submitted to a single append-only public log. Anyone can submit. Anyone can audit. Anyone can mirror. The agent web finally has a substrate.

See the four endpoints Read the spec
RFC 6962 — CERTIFICATE TRANSPARENCY BLAKE3 MERKLE ED25519 SIGNED TREE HEAD SUBMIT-AND-FORGET

Why this changes endpoint discovery forever

Today, every proof system is an island. Stripe signs its own logs, Coinbase signs its own logs, every model provider has its own audit trail — and none of them are mutually verifiable. Hive Transparency flips this. One public log. One canonical Merkle root signed every minute. Every receipt addressable forever. Once gateways and browsers start checking inclusion proofs by default, every other proof system on earth either submits to the log or becomes illegible. That is the substrate move. That is the inversion.

— Four endpoints. That is the whole API.

Smaller than DNS. More auditable than git.

POST ct.thehiveryiq.com/v1/submit Submit any signed receipt. Returns inclusion proof.
GET ct.thehiveryiq.com/v1/sth Signed Tree Head — the canonical Merkle root, refreshed every minute.
GET ct.thehiveryiq.com/v1/proof/<leaf_hash> Inclusion proof for any leaf. Verifiable offline.
GET ct.thehiveryiq.com/v1/entries?start=N&end=M Stream entries by index. Anyone can mirror the whole log.
— Submit anything signed

One curl. Every receipt becomes auditable forever.

# Submit any signed receipt — Hive, Stripe, x402, AP2, MCP tool call, Coinbase Commerce
curl -X POST https://ct.thehiveryiq.com/v1/submit \
  -H "Content-Type: application/json" \
  -d '{"envelope": <your_signed_object>}'

# Response: signed inclusion proof
{
  "leaf_hash": "blake3:7f2a...",
  "tree_size": "4,718,209",
  "sth_signature": "ed25519:i6-Wo01...",
  "audit_path": ["blake3:...", "blake3:...", ...],
  "timestamp": "2026-05-29T11:04:33Z",
  "canonical_url": "https://thehiveryiq.com/r/?id=blake3:7f2a..."
}
— Verify offline

Inclusion proofs are math. No network required.

# Verify a Hive Transparency inclusion proof — pure math, offline
import blake3
from hive_ct import verify_inclusion

ok = verify_inclusion(
  leaf=signed_receipt_bytes,
  audit_path=proof["audit_path"],
  sth_root=signed_tree_head["root_hash"],
  sth_signature=signed_tree_head["signature"],
  trust_anchor="ed25519:i6-Wo01AwSD1eAhSSC3e3VCTEYFXehGNOVdC5iobuBc"
)
# True if and only if this exact receipt is in the canonical log
— Spec — RFC-style, deliberately boring

Hive Transparency v1 — the entire spec on one page.

  • HASH BLAKE3-256 over the canonical CBOR encoding of the submitted envelope
  • TREE Merkle binary tree, RFC 6962 hashing scheme, BLAKE3 in place of SHA-256
  • STH CADENCE Signed Tree Head emitted every 60 seconds, even if empty
  • STH SIGNATURE Ed25519 by did:hive:hivetrust-issuer-001
  • PQ FUTURE ML-DSA-65 co-signature shipped behind feature flag, hot-swappable
  • SUBMIT WINDOW Leaves appear in the next STH within 60s — guaranteed
  • MIRROR Full log freely cloneable via /v1/entries — no rate limit on public mirror addresses
  • GOSSIP STHs published to a public X feed + RSS + IPFS pin every minute for split-view detection
  • ABUSE Submitter rate-limit only — no content moderation. The log is plumbing.
  • TRUST ANCHOR Single Ed25519 key, rotated annually with overlap window
  • CANONICAL URL Every leaf gets a permanent backlink at /r/?id=<leaf_hash>
— Why it wins

The CT precedent is exact.

01

Google flipped HTTPS in 10 years.

Certificate Transparency went from "novel idea" to "Chrome requirement" by being the cheapest, dullest, most auditable substrate. Every TLS cert on earth is now in CT. We do the same for agent receipts.

02

Submit-and-forget. No vendor lock.

The log accepts any signed object — Hive, Stripe, AP2, x402, Coinbase Commerce, an opaque OpenAI tool_call signature. We do not parse content. We just provably append.

03

The kill switch is the verifier.

Once browsers and gateways check inclusion proofs by default, anything NOT in the log is visibly unsigned. That is the inversion. We do not ask permission. We ship the verifier extension and let physics carry it.

— Integrations

Already wired. The plumbing is in place.

A

Every Hive mint auto-submits

Every receipt emitted via /try/, the SDKs, or the inference bus lands in the log within 60s. Free. Automatic.

B

Rosetta-normalized rails

Paste any Stripe webhook, x402 receipt, AP2 mandate — Rosetta normalizes and the log accepts it. /rosetta

C

Public canonical backlink

Every leaf gets a permanent URL at /r/?id=<leaf_hash>. Every receipt becomes a citation. Forever.

Submit your first proof.

One curl. No signup. Forever in the log.

Mint a receipt first → Wire it into your stack