TEST ARTIFACT · Phase 2 · Wiring complete · H33-Key ✓ Live · Governance Replay ✓ Live · Cryptographic APIs ✓ Live (transactional) · HATS + Agent-008 Coming Soon (endpoints Phase 4)
TEST ARTIFACT · Phase 2 · Wiring · H33-Key only · GET /api/v1/keys + /credentials/dashboard + /credentials/{reference} · file:// → Coming Soon · hosted → Live/Empty · rotate/revoke still Coming Soon
TEST ARTIFACT · Phase 1 · Truth · Desktop-only visual review · every widget Live · Loading · Empty · or Coming Soon · zero backend touched · H33-Key doctrine intact
TEST ARTIFACT · Step 0.5 · HTML Reconciliation · Runtime Composition + H33-Key Virtualized Provider Keys · no backend · no production · no Truth cleanup (comes next)
Decision Operations Center
What decisions require you today?
Pricing
System healthy
Operate / Overview
Welcome,
Your Operating Environment is where every governed decision, receipt, and agent invocation lives.
Initialize it to mint your Operating Authority, then import your first Provider Key so applications receive an h33k_... reference — not the raw secret.
Machine Credentials
LoadingAttempting GET /api/v1/credentials/dashboard …
🟢 Managed
🟡 Unmanaged
Migration target
🔵 Materializations · 24h
🔄 Rotations · 30d
🧾 Receipts
🔗 References
Human-Owned Credentials
Board metric · goal 0 · every human-owned credential is a governance risk H33-Key can absorb.
Recent decisions
Loading
No decisions yet. When agents execute governed actions under your Operating Authority, they appear here with cryptographic receipts.
Recent audit events
Loading
No audit events yet. Materializations, rotations, and grants will land here as they happen.
Operate / Decisions
Loading Attempting GET /api/v1/audit/events (decisions view) …
All ·
Blocked ·
Pending ·
Cleared ·
Verified ·
Decisions
total · blocked
No decisions yet. When agents execute governed actions under your Operating Authority, each one lands here with its dimensions (authority / policy / evidence / preconditions), its replay handle, and its receipt.
Operate / Operations
Coming Soon HATS (/api/v1/hats/*) and Agent-008 (/api/v1/agent-008/*) endpoints ship as Phase 4 backend work per PRODUCT_API_COMPOSITION.md Section 6.
Operate / Evidence
Loading Attempting GET /api/v1/audit/events (filter=receipt) …
PAP receipts · 30d
Independently verifiable
Active attestations
Expiring this week
Build / Products / APIs
Live 12 Cryptographic APIs endpoints in live scan · POST /auth/full-stack · /fhe/* · /crypto/* · /zkp/prove · /bundled/* · Test Live wiring lands in Phase 3.

Products & APIs

Configure your FHE backends, signature schemes, routing, and add-on services

FHE Backends — BFV-64
All backends include ZKP STARK + Dilithium-3 signature
H33 FLAGSHIP DEFAULT
H0 Turbo1u
~25 µs latency · Fastest path
Free tier included
H1 Standard1u
~50 µs latency · Balanced
All paid tiers
H33 Flagship1u
~100 µs latency · Default
Currently active
H2 Deep FHE2u
~185 µs · High depth circuits
All paid tiers
H-256 Max16u
~1,600 µs · Max security
All paid tiers
H33-BFV-32ARM1u
~13 µs · ARM NEON optimized
Graviton4 / Apple Silicon
CKKS — Approximate Arithmetic
For ML inference and approximate computation over encrypted floats
CKKS Turbo5u
~450 µs · Fast inference
4 multiplicative depth
CKKS Standard18u
~1,800 µs · Balanced precision
9 multiplicative depth
CKKS Precision72u
~7,200 µs · Maximum accuracy
15 multiplicative depth
Signature Add-ons
Dilithium-3+0u
NIST FIPS 204 · Always included
L2 Nested+2u
Ed25519 + Dilithium hybrid
H33-3-Key+3u
Ed25519 + Dilithium + FALCON
H33-Archival (4-Key)+5u
3-Key + SPHINCS+-128f · FIPS 205
Smart Routing
FHE-IQ Auto Routing +13u
Automatic backend selection, load balancing, and failover across FHE engines
Dynamic load balancing
Auto failover on error
FHE-IQ requires Pro tier or above
Bundled Pipeline Services
Four pre-assembled endpoint bundles from /docs/api/ — one call runs the complete pipeline
PATENT PENDING
1u default
Auth Complete
POST /auth/full-stack
Biometric FHE encrypt → inner product → 3-of-5 threshold decrypt → ZKP STARK prove → Dilithium-3 sign.
1.28ms · 1,148,018 auth/sec
1u + ZK
Encrypt + Prove
POST /fhe/encrypt + /zkp/prove
BFV or CKKS encrypt then immediately generate a ZKP STARK proof of the encryption — atomically.
2.0µs prove · 2.09ns verify
1–16u
Secure Compute
POST /fhe/compute
Operations on ciphertexts without decrypting — add, multiply, inner product, Euclidean distance.
0.26ms inner product · 8.2× SEAL
one-time
Key Ceremony
POST /crypto/dilithium/keygen
Distributed key generation using Shamir secret sharing across 5 threshold authorities.
3-of-5 · BFV + Dilithium + Kyber
Platform Products
Click any product to see tiers, unit costs, and volume pricing
H33-VaultNEW
Post-quantum document validation with FHE field encryption, Merkle proofs, and Dilithium attestation.
50–300u/doc
H33-ShareNEW
Cross-bank fraud intelligence with homomorphic computation, differential privacy, and Kyber secure aggregation.
5–35u/query
H33-ShieldNEW
Post-quantum secrets management with zero-knowledge verification, auto-rotation, and TEE-isolated display.
3–25u/op
H33-HealthNEW
HIPAA-compliant healthcare data protection with FHE computation on PHI and zero-knowledge eligibility checks.
3–25u/op
H33-KeyNEW
Universal post-quantum key encryption — Kyber-1024 wrapping, Dilithium-signed key material, hardware-bound attestation.
3–25u/op
H33-GatewayNEW
TEE-isolated API proxy — plaintext API keys never leave the Trusted Execution Environment. Dilithium audit trail.
35u/req
Storage EncryptionNEW
Encrypt, decrypt, field-level ops, and key rotation for data at rest with post-quantum protection.
1u/op
AI DetectionNEW
Sub-microsecond native Rust agents for harvest detection, side-channel analysis, and crypto health scoring.
5u/scan
BiometricsCORE
FHE-encrypted biometric enrollment and verification — face, fingerprint, iris — with ZKP proof of match.
50u/op
ZK LookupsVERIFICATION
Zero-knowledge STARK verification with in-process DashMap — 0.062µs per lookup, no trusted setup, SHA3-256.
Included
Add-on Services
KYC, AML, and identity verification — per-identity pricing, billed only on completed checks
PER-IDENTITY
KYC Basic$49
Per identity verified
• Identity document parse
• PEP & sanctions screen
• Audit-grade report PDF
KYC Enhanced$79
Per identity verified
• KYC Basic + biometric match
• Liveness + selfie capture
• Adverse media (180 day)
AML Screening$19
Per identity screened
• OFAC + EU + UK + UN lists
• Continuous re-screening
• Match-grade scoring
Full KYC/AML Bundle$99
Per identity · best value
• KYC Enhanced included
• AML Screening included
• Single signed evidence pack
ID Verify$9
Per identity check
• Doc authenticity scan
• MRZ + barcode extract
• 5-second decision
Operate / Replay
Loading Attempting GET /api/v1/audit/events (filter=replay) …
Replays · 30d
Hash match rate
Chain witnesses anchored
Mainnet chains
Build / Developers

Integration & SDKs

Quick-start code, environment management, and SDK references

Environments
Base URL
https://api.h33.ai/v1
Active H33-Key Reference
◌ Awaiting H33-Key · reference will appear as h33k_...
Quick Start
Active product
Generated from the active product. Every sample loads an h33k_... reference and demonstrates the governed-resolve flow — never a raw provider secret. The single h33 package with per-Module namespaces is canonical.
// 1. Install the SDK · one package · namespaces per Module // npm install @h33/sdk import { H33 } from '@h33/sdk' // 2. Load an H33-Key Reference · h33k_... only · never a raw provider secret const h33 = new H33() const key = await h33.key.load('h33k_9fA2c7...b41d') // 3. Governed resolve · purpose-bound · permitted or denied · always evidenced const verdict = await key.resolveFor({ purpose: 'auth.biometric.verify' }) if (verdict.status === 'denied') { // First-class outcome · not an error // verdict.reason ∈ { VIRTUALIZED_KEY_UNKNOWN, VIRTUALIZED_KEY_PURPOSE_NOT_ALLOWED, VIRTUALIZED_KEY_REVOKED } console.log(verdict.reason, verdict.receipt) return } // 4. Materialize for exactly ONE runtime use · secret never leaves resolve boundary const result = await verdict.use(async (secret) => h33.auth.verify({ biometric: captureData, userId: 'user_abc123', secret, // resolved plaintext · scoped to this call only })) // 5. Evidence receipt is attached to every governed resolve · replayable via Governance Replay console.log(result.verified, verdict.receipt.id())
Node.js / TypeScript
@h33/sdk · npm
npm install @h33/sdk
GitHub
Python
h33 · PyPI
pip install h33
GitHub
Rust
h33-sdk · crates.io
cargo add h33-sdk
GitHub
Go
sdk-go · GitHub
go get github.com/h33-ai/sdk-go
GitHub
Build / Integrations
Connected
Coming Soon
Connected integrations
Connected integrations will appear here as they are configured. Slack · PagerDuty · S3 · Splunk · Datadog · custom endpoints all supported once the integrations endpoint ships.
Available
Add new
SPLUNK
SIEM forwarding
Available
DATADOG
Observability
Available
Webhooks
Coming Soon
Webhook subscriptions
Active webhook subscriptions and delivery status will appear here once the webhooks endpoint ships. Signing secrets are minted server-side under H33-Key — never in the browser.
Build / API Access
H33-Key References · Virtualized Provider Keys
Developers never handle production secrets again. Import a provider secret once — applications and agents use only the h33k_... reference. Plaintext is never displayed and is materialized for exactly one governed runtime use.
Loading Attempting GET /api/v1/keys …
Lifecycle ImportReferenceGoverned resolveEvidenceRotateRevokeReplay
Active keys
Coming Soon
Requests · 30d
Revoked · last 7d
Approaching expiry
All ·
Production ·
Sandbox ·
Revoked ·
Name
Env
Purpose
Last used
Rate
Expiry
Status
Build / Configure Access
Configure Access · Purpose-bound governed resolve
Configuration for purpose-bound H33-Key resolve policies is Coming Soon. This surface will let you define allowed purposes per Reference, set rotation and revocation cadence, and preview the evidence emitted by every resolve.
Build / Test Live
Test Live · Governed resolve preview
Test Live is Coming Soon. When wired, this surface will execute a purpose-bound governed resolve against your selected H33-Key Reference and return one of: Permit + evidence receipt, or Deny with a first-class reason (VIRTUALIZED_KEY_UNKNOWN · VIRTUALIZED_KEY_PURPOSE_NOT_ALLOWED · VIRTUALIZED_KEY_REVOKED). Denied is not an error.
Build / Monitor Usage
Build / Docs / Guides

Knowledge Base

Product guides, integration examples, unit costs, and use cases

Account / Settings
Organization
Organization name
Displayed in evidence packages
Plan
Set on your account profile
Default region
Where evidence is archived
Coming Soon
OFAC TTL
Maximum age before precondition fails
Coming Soon
KYC TTL
Maximum counterparty KYC age
Coming Soon
Session & access
Console security defaults
Idle timeout
Auto sign-out after inactivity
Coming Soon
MFA requirement
Hardware key or TOTP for all members
Coming Soon
Admin IP allowlist
Restrict console access to specific networks
Coming Soon
SSO provider
Okta · SAML 2.0 · auto-provision on first login
Coming Soon
Data retention & defaults
Applies to all new agents + keys
PAP receipt retention
How long evidence stays online before cold-archive
Coming Soon
Replay log retention
Replay history kept hot
Coming Soon
Default agent freshness
Re-attestation interval for new agents
Coming Soon
Default notification channel
Where critical alerts route by default
Coming Soon
Default policy bindings
Policies auto-attached to new agents
Awaiting policy service
Legal & Compliance
Coming Soon
Compliance documents
Legal document status will appear here once the compliance-docs endpoint ships. Executed agreements, DPA references, HIPAA BAA, SOC 2 reports, and ISO certifications will be listed with real dates and versions.
Account / Team
Team
Manage members, roles, and per-member API-key scope restrictions.
Active members
Pending invitations
Roles in use
H33-Key References
Members
Pending invitations
No pending invitations. The invitation flow (send, resend, expire) activates when the team endpoint ships — planned for the Round 5 close of v25.
Role definitions
Capabilities granted by each role
ADMIN
Full access — settings, billing, keys, members, policies, decisions
Coming Soon
VP / OPS
Production keys + decision approvals + governance read
Coming Soon
POLICY ADMIN
Policy registry edits + delegation capsules
Coming Soon
AUDITOR
Read-only — evidence + replay + chain-witness export
Coming Soon
OPERATOR
Resolve blocked decisions + view operations · no key management
Coming Soon
Account / Billing

Credits & Billing

Monitor unit usage, choose your plan, and manage invoices

Current Balance
Coming Soon
Coming Soon
Lifetime usageComing Soon
Daily avg
Coming Soon
Est. days left
Coming Soon
Overage rate
Coming Soon
Auto-Recharge
Recharge when balance falls below
Recharge amount
Coming Soon
Plans
1 unit = 1 H33 Flagship BFV-64 operation · units compose linearly
Free
$0
one-time
1,000 units
✓ H0 Turbo only
✓ Dilithium-3
✓ 1 API key
✓ Community support
Starter
$349
one-time
5,000 units · $0.070/u overage
✓ All backends
✓ All signatures
✓ 2 API keys
✓ Email support 48hr
Business
$2,499
one-time
50,000 units · $0.050/u overage
✓ 20 API keys
✓ SOC 2 report
✓ 4hr support · 99.9% SLA
Growth
$6,999
one-time · 175K units
✓ Unlimited keys · Ded. AM
Scale
$17,999
one-time · 500K units
✓ 15min support · 99.99% SLA
Enterprise
$49,999
one-time · 1.5M units
✓ Slack · On-prem · ACH
Enterprise+
$99,999
one-time · 3M units
✓ 99.999% SLA · White-glove
Transaction History
Transaction history
Transactions endpoint pending. Purchase and usage history will appear here as it is recorded.
↑↓navigateopenescclose
Keyboard shortcuts
Resolve current decision
R
Replay this decision
P
Export evidence
E
Open search
/ or ⌘ K
Show this overlay
?
Close any panel
esc
Grant Access
Step 1 of 4 — Name & Environment
1
Name
2
Permissions
3
Restrictions
4
Review
Key Name (optional — auto-generated if blank)
Environment
Production
Live infrastructure, real credits
Staging
Live infra, pre-release testing
Development
Rate-limited, local dev
Leave blank to allow all IPs. Use CIDR notation for ranges.
Keys auto-rotate on expiry. Use shorter expiries for sensitive scopes.
Key name
Environment
Permissions
IP allowlistAll IPs
Rate limit500 req/sec
ExpiryNo expiry
Heads up: the key value is shown ONCE on the next screen. Copy it immediately — we don't store it after that.
Step 1 of 4

Revoke access

Revoke ? This cannot be undone. All requests using this key will start failing immediately.

Rotate credential

Rotating generates a new key. The previous key stays valid for 24 hours so you can swap it in your code without downtime.