For Developers

Build agents with identity
from day one.

OAuth wasn't built for ephemeral agents. PKI wasn't built for autonomous machines. HexaEight is the cryptographic identity primitive: derive a key for any destination, including agents that haven't been provisioned yet.

See the three-line demo View pricing
Quickstart

You can encrypt to an agent
that doesn't exist yet.

We know that sounds wrong. Three lines of code prove it.

1
Activate an identity
hexaeight-activate

Binds the identity to this machine. Creates the env-file your agent uses to authenticate.

2
Bundle the Bridge SDK
@hexaeight/sdk

In your language: .NET and Node.js shipping today. Python in preview, Browser SDK forthcoming. Go, Rust, Java planned.

3
Encrypt to any identity
he.encryptTo(peer, msg, ask)

Derive the key for any destination — even one not yet provisioned. Encrypt. The recipient decrypts with their own password.

agent.js Node.js · Preview 
// 1. Load your identity from the env-file.
const he = await HexaEight.connect({ envFile: './env-file' });

// 2. Derive a shared key for any destination identity.
//    Works even if the recipient hasn't been provisioned yet.
const ask = await he.fetchSharedKey('peer.example.com', currentKgt());

// 3. Encrypt. Move the bytes however you like.
const ciphertext = await he.encryptTo('peer.example.com', 'Hello!', ask);

// The recipient runs he.decryptFrom() with their own password.
// HexaEight never sees the plaintext. Transport is your call.
Transport-agnostic. Move ciphertext over HTTP(s), webhooks, MQTT, BLE, WhatsApp, Slack, Discord, Telegram, email, SMS, ntfy, even a USB stick. HexaEight gives you identity and encryption. The wire is your choice.
Read the developer guide
Bridge SDK Status

Drop into your stack

HexaEight.Bridge is the developer-friendly packaging on a mature cryptographic core. The JWT library has shipped 198.1K downloads over a long release history. The ASK client has shipped 132.7K downloads on the same release cadence. The Bridge SDK carries NuGet's Prefix Reserved verification. Don't take our word for it. Verify on NuGet.

.NET (C#) Prefix Reserved
HexaEight.Bridge · net8/9/10 multi-target · 105 downloads
Verify
Shipping
Node.js
@hexaeight/sdk · 3 transports built in
Verify
Shipping
Python
hexaeight-sdk · AI/ML critical path
Preview
Browser
HexaEightAgentClient · human-in-the-loop auth
Forthcoming
Go
tbd · via CoreCLR hosting
Planned
Rust
tbd · via CoreCLR hosting
Planned
Java
tbd · via CoreCLR hosting
Planned

What hurts today

OAuth needs a human

Browser redirect, consent prompt, refresh tokens. Agents run at machine speed. Nobody is awake at 3 AM to click through.

PKI doesn't scale to agents

CA chains, expiry windows, revocation lists. Provisioning a cert per agent breaks at 10,000 agents. Rotation theatre.

No way to talk to a future agent

Recipient must own a public key first. You can't encrypt to something that doesn't exist yet. Agents are spawned dynamically.

What HexaEight does

A primitive built for ephemeral agents

Activate identity with one command

hexaeight-activate runs locally, binds identity to your machine, produces an env-file. No browser, no OAuth dance.

Encrypt to identities that don't exist yet

The ASK primitive derives a key for any destination. The recipient activates later, derives the same key, decrypts. No prior coordination.

Bridge SDK wraps HTTP transport

Any framework that makes outbound HTTP calls works without code changes. LangChain, CrewAI, Semantic Kernel, Claude Agent SDK, Ollama, MCP.

Three transports built into @hexaeight/sdk

WebhookTransport for your own HTTP server. WebhookSiteTransport for zero-infra Socket.IO relay (the relay sees only ciphertext). NtfyTransport for unlimited messages via ntfy.sh.

Get Started

Hand it to your AI assistant. Or read the spec yourself.

Point Claude Code, Cursor, GitHub Copilot, or any coding agent at /llms.txt, a machine-readable index of HexaEight's APIs, install commands, and usage patterns. Your agent will write the integration for you.

For your AI agent
/llms.txt

Structured index of every endpoint, install command, code pattern, and reference doc. Drop the URL into your coding agent's context and let it implement the integration.

Open llms.txt
For you
Read How It Works

Full technical breakdown: Dead Drop Encryption, the ASK primitive, multi-agent routing, JWT signing pipeline, post-quantum security model.

Open the deep dive

When you're ready to deploy, pricing is monthly only. No hourly metering.

See pricing Per-core tiers