Documentation

HexaEight Developer Documentation

HexaEight gives any agent, human, or machine a cryptographic identity and the ability to derive an Asymmetric Shared Key (ASK) with any peer — including peers that have never been provisioned. This documentation covers the .NET Bridge (source of truth), the language SDKs that wrap it, and the wire format every implementation speaks.

Where to start

If you want to…	Go here
Send your first encrypted message in 5 minutes	Quickstart
Understand what an "envelope" is and why two variants exist	Envelopes
Understand how shared keys are derived without exchange	ASK (Shared Keys)
Look up a specific Bridge method	.NET Bridge API
Implement the wire format from scratch	Wire Format

Three layers, one identity

Every HexaEight integration is composed of three layers. Knowing where you sit makes the rest of the docs easier to navigate.

Layer	Responsibility	Lives in
0 — Crypto	Identity, ASK derivation, envelope encrypt/decrypt	`HexaEight.Bridge` (.NET)
1 — Transport	How the envelope reaches its destination (HTTP, ntfy, webhooks, MQ, …)	Each language SDK (Node, Python, …)
2 — Application	Storage policy, sender abstractions, deny-lists, app logic	Your code

Why this split? The cryptographic core is identical in every language because every SDK wraps the same .NET Bridge. Only Layer 1 and Layer 2 are language-specific. This is what lets a Python agent talk to a Node agent talk to a .NET agent without any interop layer beyond the wire format.

SDK status

SDK	Package	Status
.NET Bridge	`HexaEight.Bridge` on NuGet	preview9 — shipping
Node.js	`@hexaeight/sdk` on npm	wrapper update against preview9 in progress
Python	`hexaeight-sdk` on PyPI	in progress
Browser	WASM via Bridge	planned

For AI agents reading this site

A plain-text mirror of the entire API surface is available at /llms-full.txt. The high-level index lives at /llms.txt and follows the llms.txt convention. Both are JS-free, server-rendered, and intended to be consumed directly by retrieval pipelines.

License

The Bridge SDK and all language wrappers are released under Apache-2.0. The cryptographic core libraries (HexaEightASKClientLibrary, HexaEightJWTLibrary) are closed source and patent-pending but free to use under the same identity license.