Hive SDK · v0.1.0

The audit layer for AI agents that pay each other.

You get four tools packaged into Python and TypeScript libraries: HAHS receipts, SpectralZK proofs that don't reveal secrets, SHOD's six-gate checks, and ViewKey's selective sharing. A receipt made in one language checks out fine in the other. No prover network. No trusted setup. Checks run offline in ~50 ms.

pippip install hive-protocol
npmnpm install @hive-protocol/sdk
npmnpm install x402-hive

What the Hive SDK is.

It's a library that any agent, server, or function can use on its own. It signs a receipt, good enough for an audit, for every action it takes. It also checks any other agent's receipt offline in about 50 ms. No prover network. No trusted setup. No call to an outside service needed.

It ships in Python and TypeScript, and both languages build the exact same JSON bytes. So a receipt made in Python checks out fine in TypeScript, and the other way around. An adapter wraps any x402 payment in the same audit envelope, and your payment code doesn't change.

Everything is MIT-licensed and runs on your own machine. The four tools, HAHS, SpectralZK, SHOD, and ViewKey, are the same ones covered by our patent applications HIVE-2026-MNK-001 and HIVE-2026-SZK-001.

How to use it.

Three patterns cover almost every integration. Each is one import and a handful of lines.

1. Sign an action
Any agent. Any backend.

Call hive.hahs.issue(…) the moment your agent does something that matters: a tool call, a database write, a payment. You get a signed receipt with a fixed, repeatable ID. Store it, attach it to an event bus, or anchor it.

2. Gate a payment
SHOD before money moves.

Wrap any spend in hive.shod.check(…). Six checks run before signing: an allowlist, a daily cap, a per-recipient cap, a price window, a trust tier, and an anomaly score. Even when a check fails, that failure gets signed too.

3. Disclose selectively
ViewKey lenses.

One receipt works for three different audiences. The holder sees the full body. A regulator sees the policy and the verdict. The other party in the deal sees only the fields they're allowed to see. Each view is locked to its audience with an HMAC code, and nothing needs to be signed twice.

Drop this in front of x402: import { HiveX402Adapter } from 'x402-hive'. Every x402 payment now gives you a HAHS receipt, plus an optional SpectralZK proof on the side. Your payment code does not change.

Why this sets you apart.

Other agent stacks just log to a database. Other payment rails settle a payment, then forget about it. Hive gives every action a signature you can carry anywhere and check anywhere. It's the same kind of proof that auditors, regulators, and business partners already trust elsewhere.

Checks run offline in ~50 ms

No prover network. No trusted setup. No call out to a remote service. Check a receipt on an edge worker, a laptop with no internet connection, or a regulator's offline review machine.

Python and TypeScript match, byte for byte

A receipt made in Python checks out in TypeScript and back again, matching down to the exact bytes of the JSON. That's built on the RFC 8785 JCS standard plus a fixed dollar-string format.

Patent-pending tools

HAHS receipts and SpectralZK's no-trusted-setup proof method are covered by Hive's patent applications, which are still pending. If you build with the SDK and use these tools as they're designed, you get a license at no cost.

Checks happen before the money moves

SHOD's checks run before a payment gets signed, not as an alert after the fact. The receipt records what the rule was, what got checked, and what the result was. Other payment rails make you piece that trail together later. Hive gives it to you upfront.

Drops right in over x402

If you already use x402, the adapter is a single import. Hive becomes your audit layer, and you don't have to switch facilitators, chains, or payment tools.

MIT license, nothing locking you in

The tools, the schemas, and both SDKs are MIT-licensed. The Hive backend is optional. You can check receipts and run governance with just the SDK. The network is what gives you extra leverage on top of that.

Four tools that work together.

You can call any of these four tools from either SDK with the same arguments, and you get the same result down to the byte. The canon directory has the full specs, schemas, and reference checkers.

HAHS
Signed receipts

A fixed SHA-256 fingerprint over RFC 8785 JCS bytes, signed with Ed25519. spec

SpectralZK
Zero-knowledge proofs

A proof that an action followed a private rule, without showing the rule itself. Built on Schnorr, a Pedersen-blinded Merkle path, and Fiat-Shamir. spec

SHOD
Six-gate governance

Six checks run right when the signature happens: an allowlist, a daily cap, a per-recipient cap, a price window, a trust tier, and an anomaly z-score. spec

ViewKey
Selective disclosure

Different views locked with HMAC codes for the holder, the regulator, and the other party in the deal, so nobody sees a receipt they shouldn't.

Quickstart

Sign in one language, check it in the other. Both SDKs build the same RFC 8785 JCS bytes.

Python
TypeScript
x402-hive
# pip install hive-protocol
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from hive import hahs, shod, viewkey
from hive.viewkey import AUDIENCE_REGULATOR, ViewKey

# 1. pre-flight outbound governance
gate = shod.GateStack.default(
    allowlist=["openrouter.ai"],
    daily_cap_usd=500,
    price_window=(0.001, 0.02),
)
result = gate.evaluate(recipient="openrouter.ai", amount_usd=145, unit_price_usd=0.0058)
assert result.ok, result.short()

# 2. sign the receipt
sk = Ed25519PrivateKey.generate()
receipt = hahs.issue(
    symbol="SIU-LLM70B-T0-ZK-US",
    units=25000,
    amount_usd=145.0,
    recipient="openrouter.ai",
    issuer_sk=sk,
)
ok, reason = hahs.verify(receipt)

# 3. lens for regulator audit (recipient stripped)
vk = ViewKey.generate(AUDIENCE_REGULATOR)
audit = viewkey.lens(receipt, vk)
// npm install @hive-protocol/sdk
import { hahs, shod, viewkey } from "@hive-protocol/sdk";

// 1. pre-flight outbound governance
const gate = shod.GateStack.default({
  allowlist: ["openrouter.ai"],
  dailyCapUsd: 500,
  priceWindow: [0.001, 0.02],
});
const result = gate.evaluate({ recipient: "openrouter.ai", amountUsd: 145, unitPriceUsd: 0.0058 });
if (!result.ok) throw new Error(result.short());

// 2. sign the receipt
const sk = new Uint8Array(32);
crypto.getRandomValues(sk);
const receipt = await hahs.issue({
  symbol: "SIU-LLM70B-T0-ZK-US",
  units: 25000,
  amountUsd: 145,
  recipient: "openrouter.ai",
  issuerSk: sk,
});
const { ok, reason } = await hahs.verify(receipt);

// 3. lens for regulator audit
const vk = viewkey.ViewKey.generate(viewkey.AUDIENCE_REGULATOR);
const audit = viewkey.lens(receipt, vk);
// npm install x402-hive
import { HiveX402Adapter } from "x402-hive";
import * as shod from "@hive-protocol/sdk/shod";

const adapter = new HiveX402Adapter({
  issuerSk,
  gate: shod.GateStack.default({ dailyCapUsd: 500, priceWindow: [0.0001, 100] }),
});

// your existing x402 flow, unchanged
const payment = await yourFacilitator.charge({ /* ... */ });

// attach the audit layer
const { receipt, spectralProof, audit } = await adapter.attest({
  paymentId: payment.txHash,
  network: "base-usdc",
  resource: payment.resource,
  amount: payment.amount,
  decimals: 6,
});

// audit is what you ship to your auditor / S3 / SIEM

See tampering caught live

Make a fresh HAHS receipt right in your browser. Change one byte. Watch the signature break. This uses the same tools, the same crypto, the same Ed25519 path as the real SDK, running on Web Crypto.

The receipt

click "Issue receipt" to start

Verifier

The checker rebuilds the SHA-256 fingerprint over RFC 8785 JCS bytes and checks the Ed25519 signature. It uses the same logic as hive verify in the CLI.

Benchmarks

Measured on regular, off-the-shelf hardware. Hive checks work offline because the math itself is the proof. There's no round-trip to a facilitator, no zkVM compile step, no trusted setup. SpectralZK proves three things at once (the hidden input, that it's in the set, and that it meets the rule) in a single Schnorr-style exchange.

OperationHive SDKx402 facilitator round-tripAleo zkVM verify
HAHS receipt verify ~50 ms (offline) ~500 to 900 ms (RPC + verify) n/a
SpectralZK NIZK verify ~57 ms (offline) n/a (no NIZK) ~120 to 250 ms plus zkVM bootstrap
SHOD six-gate evaluation <1 ms (deterministic) n/a (none) n/a (none)
Prover network required no facilitator required Aleo node network
Trusted setup none n/a Aleo universal SRS

Pricing

The SDKs are MIT-licensed and free to run forever. What you pay for is the audit layer on top: anchored receipts, an issuer identity checked against our registry, signed compliance bundles, and our hosted checker. Free-tier receipts carry a visible upgrade footer, and you can't remove it without breaking the signature. Pay in USDC on Base, no card needed.

Free
$0/forever
For evaluation and personal projects
  • 100 receipts/day
  • Local offline verify, unlimited
  • SpectralZK proofs, unlimited
  • SHOD gates, unlimited
  • No anchored receipts
  • No registry-verified issuer
  • Upgrade footer embedded
Install the SDK
Scale
$499/mo
For high-volume facilitators and platforms
  • Unlimited receipts
  • Every receipt anchored by default
  • Dedicated API key + SLA
  • 5 issuer DIDs, 25 signing keys
  • Custom anchor cadence (1-60 min)
  • Sub-1s verifier latency
  • Slack support
Pay with USDC · Get API key
Enterprise
$5k+/yr
Compliance bundles for regulated industries
  • Everything in Scale
  • Signed compliance policy bundles
  • HIPAA, FINRA CAT, OFAC, SOC-2
  • On-prem verifier image
  • Audit-grade documentation
  • Custom SHOD gates
  • Named compliance officer
Contact sales
Settlement: USDC on Base · Treasury:
0x15184Bf50B3d3F52b60434f8942b7D52F2eB436E
x402 adapter routes 5 bps per payment to the treasury for the audit envelope.

Source

All three packages are MIT-licensed, and SDK users get a permanent, free patent license for SpectralZK.