WE BEE THE
FUTURE OF
COMPUTE

The first agent-native cloud.
Containers had their decade. WASM's turn. See the difference.

GET STARTED FOR FREE

Illustrated scene of the Hives world — bee-themed workers, honeycomb data centers, and the WASM ecosystem

The post-container cloud.

WASM-native compute with sub-millisecond cold starts. Every workload sandboxed. Deployed in one command.

hive deploy — my-api

$ hive init my-api --template http

Creating project in ./my-api

Template: http-handler (Rust, WASI 0.2)

✓ Ready

$ hive deploy

Building → wasm32-wasip2

Uploading 342 KB → Comb

✓ Live → https://my-api.hives.sh

cold start p99: 0.8ms · wasmtime

InstaBoot

<1ms

Cold start p99. Snapshot restore, not instantiation.

Scale to Zero

Active CPU pricing.

Pay only when your function runs.

Active

Queues

● Exactly-once delivery
● DLQ, 30-day retention
● RESP3 wire protocol
● Fan-out + consumer groups

Cron

● Leader-elected, fires once
● Exponential backoff
● 90-day audit log
● Timezone-aware

Dual Runtime

A runtime for every workload.

Hives picks Wasmtime or Wasmer automatically. You never choose the engine — you choose the workload.

Wasmtime 40

WASI 0.2/0.3 · Component model · InstaBoot

Default0.3 Async

Wasmer 7.1

WASIX sockets · Edge.js · Proxy-Wasm

WASIXNode.js

RuntimeKind::select()

// runtime selection algorithm

if wasi_version == WASIX → Wasmer

if runner == NodeJs → Wasmer

if runner == ProxyWasm → Wasmer

default → Wasmtime

$ hive runtime select --wasi preview2 --runner http

→ Wasmtime (default for WASI 0.2/0.3)

Secure by default.

Every workload runs in its own WASM sandbox. Cross-tenant data flow is structurally impossible.

Sandbox isolation

CLUSTER

TENANT A

fn-1

fn-2

TENANT B

fn-1

fn-2

fn-3

TENANT C

fn-1

Encryption

AES-256

At rest and in transit. TLS 1.3. DNET encrypted overlay.

Compliance

● SOC 2 Type II
● ISO 27001:2022
● HIPAA ready (BAA available)
● GDPR + CCPA
● FedRAMP Moderate (in progress)

Capability gating

// host bindings per workload

network: deny_all

filesystem: none

memory: 256MB max

fuel: 1B instructions

stdio: captured

Agent workload

Sandboxed WASM runtime

Arsenal ACT

Scoped credentials

Taps HITL

Human approval loop

Silos database

Durable state

Audit log

Every action recorded

Agent Infrastructure

Built for agents.

AI agents need isolated compute, scoped credentials, human-in-the-loop approvals, durable state, and an audit trail. Hives gives you all of it.

●WASM sandbox = no agent can escape its isolation
●Arsenal ACTs = revocable, scoped credentials per agent
●Taps = swipe-to-approve before critical actions
●Silos = persistent Postgres per agent, branched per PR

Start building.

Deploy your first workload in under 10 minutes. Free tier included. Enterprise when you need it.

Start free →Talk to an expert

WE BEE THE
FUTURE OF
COMPUTE

The first agent-native cloud.
Containers had their decade. WASM's turn. See the difference.

GET STARTED FOR FREE

The post-container cloud.

WASM-native compute with sub-millisecond cold starts. Every workload sandboxed. Deployed in one command.

hive deploy — my-api

$ hive init my-api --template http

Creating project in ./my-api

Template: http-handler (Rust, WASI 0.2)

✓ Ready

$ hive deploy

Building → wasm32-wasip2

Uploading 342 KB → Comb

✓ Live → https://my-api.hives.sh

cold start p99: 0.8ms · wasmtime

InstaBoot

<1ms

Cold start p99. Snapshot restore, not instantiation.

Scale to Zero

Active CPU pricing.

Pay only when your function runs.

Active

Queues

● Exactly-once delivery
● DLQ, 30-day retention
● RESP3 wire protocol
● Fan-out + consumer groups

Cron

● Leader-elected, fires once
● Exponential backoff
● 90-day audit log
● Timezone-aware

Dual Runtime

A runtime for every workload.

Hives picks Wasmtime or Wasmer automatically. You never choose the engine — you choose the workload.

Wasmtime 40

WASI 0.2/0.3 · Component model · InstaBoot

Default0.3 Async

Wasmer 7.1

WASIX sockets · Edge.js · Proxy-Wasm

WASIXNode.js

RuntimeKind::select()

// runtime selection algorithm

if wasi_version == WASIX → Wasmer

if runner == NodeJs → Wasmer

if runner == ProxyWasm → Wasmer

default → Wasmtime

$ hive runtime select --wasi preview2 --runner http

→ Wasmtime (default for WASI 0.2/0.3)

Secure by default.

Every workload runs in its own WASM sandbox. Cross-tenant data flow is structurally impossible.

Sandbox isolation

CLUSTER

TENANT A

fn-1

fn-2

TENANT B

fn-1

fn-2

fn-3

TENANT C

fn-1

Encryption

AES-256

At rest and in transit. TLS 1.3. DNET encrypted overlay.

Compliance

● SOC 2 Type II
● ISO 27001:2022
● HIPAA ready (BAA available)
● GDPR + CCPA
● FedRAMP Moderate (in progress)

Capability gating

// host bindings per workload

network: deny_all

filesystem: none

memory: 256MB max

fuel: 1B instructions

stdio: captured

Agent workload

Sandboxed WASM runtime

Arsenal ACT

Scoped credentials

Taps HITL

Human approval loop

Silos database

Durable state

Audit log

Every action recorded

Agent Infrastructure

Built for agents.

AI agents need isolated compute, scoped credentials, human-in-the-loop approvals, durable state, and an audit trail. Hives gives you all of it.

●WASM sandbox = no agent can escape its isolation
●Arsenal ACTs = revocable, scoped credentials per agent
●Taps = swipe-to-approve before critical actions
●Silos = persistent Postgres per agent, branched per PR

Start building.

Deploy your first workload in under 10 minutes. Free tier included. Enterprise when you need it.

Start free →Talk to an expert

WE BEE THEFUTURE OFCOMPUTE

The post-container cloud.

A runtime for every workload.

Secure by default.

Built for agents.

Start building.

WE BEE THEFUTURE OFCOMPUTE

The post-container cloud.

A runtime for every workload.

Secure by default.

Built for agents.

Start building.

WE BEE THE
FUTURE OF
COMPUTE

WE BEE THE
FUTURE OF
COMPUTE