H33-128 (BFV)H33-256 (L5)H33-CKKS (Float)H33-TFHE (Gates)TFHE BootstrapFHE-IQ (Auto)H33-CompileFHE OverviewZK LookupsZKP-AIRBiometricsZK-KYCZK-PhishZK-TrustlessZK-VerifyArchiveSignH33-3-KeyH33-GatewayH33-MPCPQC ArchitectureDeviceProofH33-Agent-ZeroAI ComplianceBotShieldFraudShieldH33-HealthH33-KeyH33-ShareH33-ShieldH33-VaultMedVaultQuantumVaultVaultKeyEncrypted SearchStorage Encryption
Continuous Monitoring
Continuous Control MonitoringContinuous AttestationOperational Integrity
AI Governance
AI Agent GovernanceContinuous AI GovernanceAgent AttestationAgent Replay
Privacy & Chains
Privacy LayerZK-AttestationChain-Agnostic PrivacyDigital Asset Governance
Infrastructure
Governance ReplayPost-Quantum ConversionAttestation APIPost-Quantum APICyber Claim Verification
HATS Protocol
HATS StandardHATS SpecificationVerification GuaranteesConformance SuiteProtocol Stability
Compliance
SOC 2 Type IIISO 27001HIPAA BAAGDPRPCI DSSNIST FIPS 203/204FedNow
Operational Architecture
Governance GraphReplay EngineVerification ModelEvidence ChainsFederation
Cryptographic Infrastructure
H33-74 Proof BundlesCryptographic ProfilesConformance SuiteH33-ChaosCompatibility GuaranteesCompare
Validation
Adversarial ValidationDeterministic ReplayConformance VectorsAgent Benchmarks
Verification
Public VerifierSession Replay ExplorerGovernance ReplayIndependent Verification
Live Systems
Live API TestLive AuthenticationEncrypted ComputeAI Classification
Performance
BenchmarksH33 vs SEALWhite PaperHICS Code Scoring
Verifier CLITypeScript SDKMCP SDKGitHub
References
API ReferenceAgent SpecificationSchemasConformance VectorsDocumentation
Cyber Insurance (HATS)BankingGovernmentHealthcareLaw FirmsPayments (WireProof)Tokenization
PricingDemo
Log InGet API Key
Home Developers @h33/commerce SDK
v0.1.0 MIT 35 circuits 113 tests passing

@h33/commerce

Proof-of-payment without identity disclosure. Three API calls. Ten minutes. Developer sees approved: true, never sees customer identity. 35 circuits handle the complexity -- you never touch one. PQ-signed with ML-DSA-65 + FALCON-512 + SLH-DSA-128f.

$ npm install @h33/commerce

1. Quick Start

TypeScript import { H33Commerce } from '@h33/commerce'; // 1. Initialize (API key from env or constructor) const commerce = new H33Commerce({ apiKey: process.env.H33_API_KEY, }); // 2. Create a privacy-preserving invoice const invoice = await commerce.createInvoice({ amount: 49.99, currency: 'USD', }); // 3. Customer pays -- you get a 32-byte commitment, not identity console.log(invoice.commitment); // "a1b2c3...64 hex chars" console.log(invoice.qrPayload); // render this with any QR library // 4. Check settlement const settlement = await commerce.getSettlement(invoice.commitment); console.log(settlement.approved); // true // 5. Verify -- publicly, no API key needed const proof = await commerce.verify(invoice.commitment); console.log(proof.valid); // true console.log(proof.complianceValid); // true (KYC/AML passed, identity hidden)

That is the complete integration. Three calls: create, settle, verify. The H33Commerce class handles compliance circuits, PQ signing, commitment generation, and settlement verification. You never see the customer's identity. The 35 circuits prove compliance to the regulator while proving privacy to the user.

2. Key Concepts

ConceptDescription
Commitment A 32-byte hex string that represents a payment without revealing payer identity. This is the universal identifier -- pass it to getSettlement() and verify().
Invoice Created by the merchant. Contains the amount, currency, commitment, expiration, and a QR payload for customer-facing payment flows.
Settlement The result of payment processing. Contains approved, compliance status, attestation commitment, and the PQ-signed proof key. Merchants see approval status, never customer identity.
Verification Public, unauthenticated proof retrieval. Anyone with a commitment can verify that payment was approved, compliance passed, and the attestation is PQ-signed. No API key needed.
Circuits 35 privacy circuits handle KYC, AML, sanctions screening, age verification, and jurisdiction checks. You never configure, deploy, or interact with a circuit directly.
PQ Signing Every attestation is signed with three independent PQ families: ML-DSA-65, FALCON-512, and SLH-DSA-128f. Breaks iff lattices, NTRU, and stateless hash functions are simultaneously broken.

3. Exports

Class

H33Commerce

Primary integration surface. Handles invoicing, settlement, verification, webhooks, and health checks.

Class

H33Error

Typed error with code, message, and status. Thrown on all API failures.

Type

Invoice

Response from createInvoice(). Contains commitment, QR payload, expiration, and total.

Type

Settlement

Response from getSettlement(). Contains approval status, compliance result, and proof key.

Type

Verification

Response from verify(). Public proof of payment validity and compliance status.

Type

Health

Response from health(). Service status, circuit count, and test suite results.

4. API Reference

4.1. H33Commerce

The primary integration class. Wraps all commerce endpoints into five methods.

Constructor

new H33Commerce(config?: H33CommerceConfig)
PropertyTypeDefaultDescription
apiKeystringH33_API_KEY envAPI key. Falls back to environment variable
baseUrlstringhttps://privacy.h33.aiAPI base URL
timeoutMsnumber30000Request timeout in milliseconds
webhookSecretstringH33_WEBHOOK_SECRET envSecret for webhook signature verification

Methods

createInvoice()

async createInvoice(params: CreateInvoiceParams): Promise<Invoice>

Create a privacy-preserving invoice. Returns a 32-byte commitment and QR payload for customer-facing flows.

ParameterTypeRequiredDescription
amountnumberYesInvoice amount (e.g. 49.99)
currencystringYesISO 4217 currency code (e.g. 'USD')
taxnumberNoTax amount to add
expiresInnumberNoExpiration in seconds (default: 3600)
itemsLineItem[]NoArray of line items for itemized invoices
idempotencyKeystringNoIdempotency key to prevent duplicate invoices

getSettlement()

async getSettlement(commitment: string): Promise<Settlement>

Retrieve the settlement status for a payment commitment. Returns approval status, compliance result, and the PQ-signed proof key.

verify()

async verify(commitment: string): Promise<Verification>

Public verification of a payment commitment. No API key is required. Anyone with the commitment can verify payment validity and compliance status.

health()

async health(): Promise<Health>

Check service health. No API key is required. Returns service status, active circuit count, and test suite results.

verifyWebhook()

verifyWebhook(payload: string | Buffer, signature: string): boolean

Verify the authenticity of a webhook payload using the configured webhookSecret. Returns true if the signature is valid. Use this before processing any webhook event.

5. Response Types

5.1. Invoice

FieldTypeDescription
invoiceIdstringUnique invoice identifier
commitmentstring32-byte hex commitment (64 hex chars). The universal payment identifier
totalCentsnumberTotal amount in cents (e.g. 4999)
totalstringFormatted total (e.g. "49.99")
currencystringISO 4217 currency code
expiresAtstringISO-8601 expiration timestamp
qrPayloadstringEncoded payload for QR code rendering

5.2. Settlement

FieldTypeDescription
invoiceIdstringInvoice this settlement belongs to
approvedbooleanWhether the payment was approved
settlementStatusstringSettlement state: 'settled', 'pending', 'failed'
complianceValidbooleanWhether all compliance circuits passed
attestationCommitmentstringPQ-signed attestation commitment
verifiedAtstringISO-8601 timestamp of verification
proofKeystringKey for retrieving the full cryptographic proof

5.3. Verification

FieldTypeDescription
validbooleanWhether the commitment is valid and verifiable
approvedbooleanWhether the payment was approved
complianceValidbooleanWhether compliance circuits passed
attestationCommitmentstringPQ-signed attestation commitment
verifiedAtstringISO-8601 timestamp of verification

5.4. Health

FieldTypeDescription
statusstringService status: 'healthy', 'degraded', 'down'
servicestringService identifier
circuitsnumberNumber of active privacy circuits (35)
tests_passingnumberNumber of passing tests (113)

6. Framework Examples

6.1. Next.js API Route

Next.js // app/api/checkout/route.ts import { NextResponse } from 'next/server'; import { H33Commerce } from '@h33/commerce'; const commerce = new H33Commerce(); export async function POST(req: Request) { const { amount, currency, items } = await req.json(); const invoice = await commerce.createInvoice({ amount, currency, items, expiresIn: 1800, // 30 minutes }); // Return commitment + QR -- never customer identity return NextResponse.json({ invoiceId: invoice.invoiceId, commitment: invoice.commitment, qrPayload: invoice.qrPayload, total: invoice.total, expiresAt: invoice.expiresAt, }); }

6.2. Express

Express import express from 'express'; import { H33Commerce, H33Error } from '@h33/commerce'; const app = express(); const commerce = new H33Commerce(); app.post('/api/invoice', async (req, res) => { try { const invoice = await commerce.createInvoice(req.body); res.json(invoice); } catch (err) { if (err instanceof H33Error) { res.status(err.status).json({ code: err.code, message: err.message }); } else { res.status(500).json({ error: 'Internal server error' }); } } }); app.get('/api/settlement/:commitment', async (req, res) => { const settlement = await commerce.getSettlement(req.params.commitment); res.json(settlement); }); app.get('/api/verify/:commitment', async (req, res) => { const proof = await commerce.verify(req.params.commitment); res.json(proof); }); app.listen(3000);

7. QR Code Rendering

The invoice.qrPayload field contains an encoded payment string ready for any QR library. Render it on a checkout page, email, or receipt -- the customer scans, pays, and the merchant never sees their identity.

React import QRCode from 'qrcode.react'; function CheckoutQR({ invoice }: { invoice: Invoice }) { return ( <div> <QRCode value={invoice.qrPayload} size={256} level={"H"} /> <p>Total: {invoice.total} {invoice.currency}</p> <p>Expires: {invoice.expiresAt}</p> </div> ); }
Node.js (Server-side) import QRCode from 'qrcode'; // Generate QR as data URL for embedding in HTML const dataUrl = await QRCode.toDataURL(invoice.qrPayload, { errorCorrectionLevel: 'H', width: 256, }); // Or save as PNG await QRCode.toFile('./invoice-qr.png', invoice.qrPayload);

8. Webhooks

Register a webhook URL in your H33 dashboard to receive real-time payment events. Always verify the signature before processing.

8.1. Events

EventDescription
payment.verifiedPayment has been verified by the compliance circuits. The customer has paid and all checks passed.
payment.settledPayment has been fully settled. Funds are available.

8.2. Webhook Handler

Express import { H33Commerce } from '@h33/commerce'; const commerce = new H33Commerce({ webhookSecret: process.env.H33_WEBHOOK_SECRET, }); app.post('/webhooks/h33', express.raw({ type: 'application/json' }), (req, res) => { const signature = req.headers['x-h33-signature'] as string; // Always verify before processing if (!commerce.verifyWebhook(req.body, signature)) { return res.status(401).json({ error: 'Invalid signature' }); } const event = JSON.parse(req.body.toString()); switch (event.type) { case 'payment.verified': console.log('Payment verified:', event.commitment); // Update order status break; case 'payment.settled': console.log('Payment settled:', event.commitment); // Release goods/services break; } res.status(200).json({ received: true }); });

Always use express.raw() (not express.json()) for the webhook route so you receive the raw body for signature verification. Parsing the body before verification defeats the purpose.

9. Error Handling

All API errors throw H33Error with a typed code, human-readable message, and HTTP status.

TypeScript import { H33Commerce, H33Error } from '@h33/commerce'; try { const invoice = await commerce.createInvoice({ amount: -10, currency: 'USD', }); } catch (err) { if (err instanceof H33Error) { console.log(err.code); // "invalid_amount" console.log(err.message); // "Amount must be positive" console.log(err.status); // 400 } }

9.1. Error Codes

CodeStatusDescription
invalid_amount400Amount must be a positive number
invalid_currency400Currency code is not a valid ISO 4217 code
invoice_not_found404No invoice exists for the given commitment
invoice_expired410Invoice has expired and can no longer be paid
double_payment409This invoice has already been paid
amount_mismatch400Payment amount does not match invoice amount
rate_limited429Too many requests. Back off and retry with exponential delay
missing_auth401API key is missing or invalid. Set H33_API_KEY env or pass to constructor

10. How It Works

  1. Invoice creation -- createInvoice() generates a 32-byte commitment and registers the invoice with the privacy layer at https://privacy.h33.ai.
  2. Customer payment -- The customer scans the QR code or uses the commitment to pay. 35 privacy circuits run KYC, AML, sanctions screening, age verification, and jurisdiction checks -- all without revealing identity to the merchant.
  3. Settlement -- getSettlement() returns approved: true when all circuits pass and payment clears. The merchant never sees who paid.
  4. PQ attestation -- Every settlement is signed with ML-DSA-65, FALCON-512, and SLH-DSA-128f. Three independent mathematical hardness assumptions. The attestation commitment is independently verifiable.
  5. Public verification -- verify() requires no API key. Auditors, regulators, and counterparties can independently confirm payment validity and compliance status using only the commitment.

The merchant sees approved: true. The regulator sees compliance proof. The customer retains privacy. All three are cryptographically guaranteed by the same 32-byte commitment.

11. Related Resources

GitHub Repository Wire Proof Tokenization Privacy Layer ZK-KYC Full API Reference @h33/agent SDK @h33/mcp SDK Pricing PCI DSS Compliance FedNow