Sealed sign-in for developers

Send a proof,
not the key.

Your secret never leaves your device.
Don't hand keys to AI — sign-in for the agent era.

import { generateSealProof } from '@lemmaoracle/seal'

const { proof } = await generateSealProof({ apiKey, nonce })
// The key stays on the device. Only the proof reaches the server.
Try live

3-step ZK
sign-in flow

Generate a proof in your browser, sign in without sending your secret. Live on Monad Testnet.

Try Live →
Free · No signup
AI READY
For agents

Use with
AI agents

Drop into MCP servers or any AI agent stack. Docs and recipes for keyless delegation.

Read Docs →
Public · Open Source

ETHGlobal Open Agents 2026 finalist.
Compatible standards — MCP · A2A · x402 · C2PA · W3C VC

What changes when you adopt Seal

Hold less.
Prove more.

Most leaks come from data you didn't need to hold. Seal removes the data from the equation — your servers, your logs, your AI agent context.

Before
Device Sends key Server holds keys Breach = leak
After
Key stays on device Sends proof only Server holds proofs only Breach is worthless
Without Seal
With Seal
API keys live in your AI agent's context, exposed to logs and prompt injection.
Only proofs live in context. Nothing valuable to leak.
Your server stores user secrets. Every breach exposes them all.
Your server holds nothing of the user. Breach reveals proofs only.
Weeks of auth work: key management, rotation, audit, compliance review.
One SDK line. Ship sign-in in an afternoon.
Static, broad permissions. AI agents act with full credentials.
Per-call ephemeral proofs. Scoped, time-bound, revocable.
0
keys stored
on your server
1
line of SDK
to integrate
0.4s
average proof
generation
Try Seal → Free · No signup Read the docs → Pricing →

What Seal makes possible

Build the agent era
at the speed of proof.

Try Seal → Talk to the team →

Free · No signup · Live on Monad Testnet