Skip to content

comanderanch/hashkey-bridge

BranchesTags

Repository files navigation

Hashkey Bridge

Crossover Translation Layer

Author: Anthony Hagerty — Haskell Texas

Version: 1.0.0 — March 15 2026

What This Is

Translation layer between two independent secure data transfer protocols.

hashkey-standalone  — network protocol
hashkey-airgap      — flash drive protocol

Bridge connects them without modifying either. Both protocols remain fully independent. Bridge activates only when crossover needed.

Requirements

  • Python 3.8 or higher
  • hashkey-standalone cloned at ~/hashkey-standalone
  • hashkey-airgap cloned at ~/hashkey-airgap

No pip dependencies. All standard library.

Installation

git clone https://github.com/comanderanch/hashkey-bridge
cd hashkey-bridge

Also required:

git clone https://github.com/comanderanch/hashkey-standalone ~/hashkey-standalone
git clone https://github.com/comanderanch/hashkey-airgap ~/hashkey-airgap

Three Crossover Actions

Action 1 — Network Authorizes Flash Drive

MAC authorized network machine signs a trust token onto a flash drive. Drive gains network trust level. No network credentials stored on drive.

python bridge.py authorize \
  /path/to/drive/drive_registry.json \
  your_network_uid \
  your_seed_phrase

Output:

Drive authorized by network station
Trust token written to drive registry
No credentials on drive — token only

When to use: You want a flash drive to be trusted by your network worker stations without putting network credentials onto the physical drive.

Action 2 — Flash Drive Injects to Network

Air gapped machine prepared fold on drive. Drive delivered to network station. Bridge injects fold into network pipeline. Sends as hash via network protocol. Air gap never touched network.

python bridge.py inject \
  /path/to/drive \
  your_network_uid \
  your_seed_phrase

Output:

Drive trust verified
Fold injected to network pipeline
Hash written to outgoing/
Ready for worker pickup
Air gap never touched the network

When to use: Isolated machine prepared a report or data package on flash drive. You need it to travel as network hash without the isolated machine ever connecting to anything.

Action 3 — Network Station Issues Drive

MAC authorized network machine creates a new flash package with network trust already sealed at creation.

python bridge.py issue \
  data.json \
  /path/to/output/drive \
  your_network_uid \
  your_seed_phrase

Output:

Drive package created
Network trust sealed at creation
Ready for distribution
Max 2 machines can authorize

When to use: You need to provision flash drives for field deployment from an authorized network station without the originator present at each destination.

Isolated Unit Deployment

Most important use case.

Deploy AIA or any secure system in a fully air gapped unit. Zero network connection ever. Updates and reports via flash only.

Setup isolated unit

# On isolated machine — clone airgap repo
git clone https://github.com/comanderanch/hashkey-airgap

Register machine to master drive:

cd /media/master_drive
python ~/hashkey-airgap/airgap_drive.py install

Unit is now operational.

Send update to isolated unit

On Texas authorized machine:

python bridge.py issue \
  operation_data.json \
  /media/flash_drive \
  ops_uid \
  ops_seed

Hand drive to courier. Courier delivers to isolated unit.

On isolated unit:

cd /media/flash_drive
python ~/hashkey-airgap/airgap_drive.py open

Unit receives operational data. Executes independently. No network ever touched.

Receive report from isolated unit

On isolated unit — prepare report:

python ~/hashkey-airgap/airgap_drive.py update report.json

Hand drive back to courier. Courier returns to authorized station.

On authorized station:

python bridge.py inject \
  /media/flash_drive \
  ops_uid \
  ops_seed

Report now in network pipeline. Texas receives as hash transmission. Full report rebuilt.

Security at Every Step

Drive stolen in transit:

No authorized machine = sealed
Attacker gets noise

Isolated unit compromised:

Drive ID required
MAC required
DNA token layer underneath
Three factors — all required
Bad actor gets nothing

Network station compromised:

Flash drives untouched
Isolated units untouched
Bridge logs all actions
Alert system fires

Architecture Rule

Network protocol never modified. Airgap protocol never modified. Bridge is translation only.

Each build works completely without bridge. Bridge adds capability — not dependency.

File Reference

bridge.py              three crossover actions
machine_auth.py        from standalone — network auth
hashkey_verifier.py    from standalone — verify hashes
airgap_drive.py        from airgap — drive operations
color_fold_encoder.py  shared encoder
data_to_fold.py        shared fold builder

docs/ARCHITECTURE.md
docs/ISOLATED_UNIT_PROTOCOL.md
docs/THREE_BUILD_MAP.md
docs/SESSION_FOLD_THREE_BUILDS.md

Related Projects

  • github.com/comanderanch/hashkey-standalone
  • github.com/comanderanch/hashkey-airgap
  • github.com/comanderanch/ai-core
  • github.com/comanderanch/dna-tokenizer

License

MIT License — see LICENSE file Free to use, modify, and distribute with attribution.

Disclaimer

This software is provided as-is for research and testing purposes. See DISCLAIMER.md for full terms. Use at your own risk. Not affiliated with Anthropic. Independent research project. Anthony Hagerty — Haskell Texas — 2026

Author

Anthony Hagerty — Independent Systems Architect Haskell Texas — No retreat. No surrender.

About

Crossover translation layer — network to air gap bridge — isolated unit AI deployment — network authorizes flash — flash injects to network — neither protocol modified

Topics

python security distributed-systems bridge hashkey air-gap ai-core dna-token

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages