Four canonical primitives — HAHS receipts, SpectralZK zero-knowledge proofs, SHOD six-gate governance, ViewKey selective disclosure — packaged into Python and TypeScript libraries. Cross-language byte-compatible. No prover network. No trusted setup. Offline verify in ~50 ms.
A self-contained library that lets any agent, server, or function emit a cryptographically signed, audit-grade receipt for every action it takes — and verify any other agent’s receipt offline in about 50 ms. No prover network. No trusted setup. No external service call required.
It ships in Python and TypeScript with byte-identical canonical JSON, so a receipt issued in one language verifies in the other. An adapter wraps any x402 payment in the same audit envelope without touching the underlying payment code.
Everything is MIT-licensed and runs locally. The four primitives — HAHS, SpectralZK, SHOD, ViewKey — are the same primitives behind the patent applications HIVE‑2026‑MNK‑001 and HIVE‑2026‑SZK‑001.
Three patterns cover almost every integration. Each is one import and a handful of lines.
Call hive.hahs.issue(…) at the moment an agent does something that matters — a tool call, a database write, a payment. You get a signed receipt with a deterministic ID. Store it, attach it to an event bus, or anchor it.
Wrap any spend in hive.shod.check(…). Six gates — allowlist, daily cap, per‑recipient cap, price window, trust tier, anomaly score — run before signing. Gate failures are themselves signed.
One receipt, three audiences. Holder sees the full body. Regulator sees the policy and the verdict. Counterparty sees only the fields they’re entitled to. Audience‑bound HMAC, no re‑signing.
Drop in front of x402: import { HiveX402Adapter } from 'x402-hive' — every x402 payment emits a HAHS receipt and an optional SpectralZK sidecar. Your payment code does not change.
Other agent stacks log to a database. Other payment rails settle then forget. Hive gives every action a portable, verifiable signature — the same instrument auditors, regulators, and counterparties already trust elsewhere.
No prover network. No trusted setup. No call out to a remote service. Verify a receipt on an edge worker, an air‑gapped laptop, or a regulator’s offline review machine.
A receipt issued in Python verifies in TypeScript and vice versa, down to the canonical JSON bytes. RFC 8785 JCS + canonical USD string format.
HAHS scope receipts and SpectralZK NIZK without trusted setup are covered by Hive’s pending applications. Builders adopting the SDK get a license at no cost as long as they use the canonical primitives.
SHOD gates run before a payment is signed, not as a post‑hoc alert. The receipt records what the policy was, what was checked, and what the verdict was — the audit trail other rails ask you to assemble after the fact.
If you already use x402, the adapter is one import. Hive becomes your audit layer without you switching facilitators, chains, or payment surfaces.
The primitives, the schemas, and both SDKs are MIT. The Hive backend is optional — you can verify and govern with the SDK alone. The network is where the leverage lives.
Every primitive is callable from either SDK with the same arguments and returns the same byte-level artifacts. The canon directory hosts the full specifications, schemas, and reference verifiers.
NIZK that an action satisfied a private policy. Schnorr + Pedersen-blinded Merkle path + Fiat-Shamir. spec
Allowlist · Daily cap · Per-recipient cap · Price window · Trust tier · Anomaly z-score — enforced at signature time. spec
Audience-bound HMAC lenses (holder / regulator / counterparty) without revealing receipts to the wrong party.
Sign in one language, verify in the other. The two SDKs canonicalize over the same RFC 8785 JCS bytes.
# pip install hive-protocol from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey from hive import hahs, shod, viewkey from hive.viewkey import AUDIENCE_REGULATOR, ViewKey # 1. pre-flight outbound governance gate = shod.GateStack.default( allowlist=["openrouter.ai"], daily_cap_usd=500, price_window=(0.001, 0.02), ) result = gate.evaluate(recipient="openrouter.ai", amount_usd=145, unit_price_usd=0.0058) assert result.ok, result.short() # 2. sign the receipt sk = Ed25519PrivateKey.generate() receipt = hahs.issue( symbol="SIU-LLM70B-T0-ZK-US", units=25000, amount_usd=145.0, recipient="openrouter.ai", issuer_sk=sk, ) ok, reason = hahs.verify(receipt) # 3. lens for regulator audit (recipient stripped) vk = ViewKey.generate(AUDIENCE_REGULATOR) audit = viewkey.lens(receipt, vk)
// npm install @hive-protocol/sdk import { hahs, shod, viewkey } from "@hive-protocol/sdk"; // 1. pre-flight outbound governance const gate = shod.GateStack.default({ allowlist: ["openrouter.ai"], dailyCapUsd: 500, priceWindow: [0.001, 0.02], }); const result = gate.evaluate({ recipient: "openrouter.ai", amountUsd: 145, unitPriceUsd: 0.0058 }); if (!result.ok) throw new Error(result.short()); // 2. sign the receipt const sk = new Uint8Array(32); crypto.getRandomValues(sk); const receipt = await hahs.issue({ symbol: "SIU-LLM70B-T0-ZK-US", units: 25000, amountUsd: 145, recipient: "openrouter.ai", issuerSk: sk, }); const { ok, reason } = await hahs.verify(receipt); // 3. lens for regulator audit const vk = viewkey.ViewKey.generate(viewkey.AUDIENCE_REGULATOR); const audit = viewkey.lens(receipt, vk);
// npm install x402-hive import { HiveX402Adapter } from "x402-hive"; import * as shod from "@hive-protocol/sdk/shod"; const adapter = new HiveX402Adapter({ issuerSk, gate: shod.GateStack.default({ dailyCapUsd: 500, priceWindow: [0.0001, 100] }), }); // your existing x402 flow, unchanged const payment = await yourFacilitator.charge({ /* ... */ }); // attach the audit layer const { receipt, spectralProof, audit } = await adapter.attest({ paymentId: payment.txHash, network: "base-usdc", resource: payment.resource, amount: payment.amount, decimals: 6, }); // audit is what you ship to your auditor / S3 / SIEM
Generate a fresh HAHS receipt in your browser. Mutate one byte. Watch the signature break. Same primitives, same crypto, same Ed25519 path as the production SDK — running on Web Crypto.
Measured on commodity hardware. Hive verifies offline because the math is the prover — there is no facilitator round-trip, no zkVM compile step, no trusted setup. SpectralZK proves three statements (preimage + membership + satisfaction) in a single Schnorr-style transcript.
| Operation | Hive SDK | x402 facilitator round-trip | Aleo zkVM verify |
|---|---|---|---|
| HAHS receipt verify | ~50 ms (offline) | ~500–900 ms (RPC + verify) | — |
| SpectralZK NIZK verify | ~57 ms (offline) | — (no NIZK) | ~120–250 ms + zkVM bootstrap |
| SHOD six-gate evaluation | <1 ms (deterministic) | — (none) | — (none) |
| Prover network required | no | facilitator required | Aleo node network |
| Trusted setup | none | n/a | Aleo universal SRS |
The SDKs are MIT-licensed and run forever. The paid surface is the audit envelope: anchored receipts, registry-verified issuer identity, signed compliance bundles, and the upstream verifier. Free-tier receipts carry a visible upgrade footer that cannot be removed without breaking the signature. USDC on Base, no card needed.
All three packages are MIT-licensed with a perpetual royalty-free patent grant for SpectralZK to SDK users.
Four primitives, CLI, 25 tests, two end-to-end examples. pip install hive-protocol
Four primitives, 16 tests, cross-language byte-compatible with hive-py. npm i @hive-protocol/sdk
Drop-in audit adapter for any x402 facilitator. Emits HAHS receipt + SpectralZK sidecar on every payment. npm i x402-hive