/** * Governance Block — Cryptographic governance metadata for HTML embedding. * * Embeds signed provenance, terms, and revocation primitives directly into * web pages so ANY crawler (not just MCP clients) ingests governance metadata * alongside content. * * Two channels, same primitives: * HTML: governance block embedded in page — evidence layer (proof terms were served) * MCP: full enforcement — terms must be accepted before content is served * * Compatible with: C2PA (provenance), RSL (licensing), W3C JSON-LD Signatures * Novel contribution: revocation propagation + per-artifact-type obligations */ export type UsagePermission = 'permitted' | 'prohibited' | 'compensation_required' | 'attribution_required'; export interface GovernanceTerms { /** Can agents use this for real-time inference/RAG? */ inference?: UsagePermission; /** Can agents use this to train/fine-tune models? */ training?: UsagePermission; /** Can agents redistribute or republish this content? */ redistribution?: UsagePermission; /** Can agents create derivative works? */ derivative?: UsagePermission; /** Can agents cache this content locally? */ caching?: UsagePermission; /** Custom terms (key-value) */ custom?: Record; /** Human-readable license reference */ license_url?: string; /** Terms version (for settlement pinning) */ version?: string; } export interface RevocationPolicy { /** What happens to cached copies when this content is revoked? */ cached_copy: 'delete' | 'retain_with_notice' | 'no_obligation'; /** What happens to RAG chunks derived from this content? */ rag_chunk: 'delete' | 'quarantine' | 'no_obligation'; /** What happens to embeddings derived from this content? */ embedding: 'quarantine' | 'flag_for_review' | 'no_obligation'; /** What happens to models fine-tuned on this content? */ fine_tune: 'no_future_use' | 'retraining_required' | 'no_obligation'; /** What happens to synthetic derivatives? */ synthetic: 'compensation_only' | 'delete' | 'no_obligation'; } export interface GovernanceBlock { /** APS protocol identifier */ '@context': 'https://aeoess.com/governance/v1'; '@type': 'GovernanceBlock'; /** DID of the content publisher */ source_did: string; /** SHA-256 hash of the content body */ content_hash: string; /** When the content was published */ published_at: string; /** When the governance block was generated */ governance_generated_at: string; /** Machine-readable licensing terms */ terms: GovernanceTerms; /** What happens when content is revoked */ revocation_policy: RevocationPolicy; /** Ed25519 signature over canonical(everything except signature) */ signature: string; /** When the governance block expires (AV-3: replay prevention) */ expires_at?: string; /** AV-5: SHA-256 hash of the skill implementation this block governs. * Binds the governance declaration to a specific skill, preventing * one skill from presenting another skill's governance block. */ skill_hash?: string; } export declare const DEFAULT_REVOCATION_POLICY: RevocationPolicy; export interface GenerateGovernanceBlockInput { /** Content body to hash (the article text, not the full HTML) */ content: string; /** Publisher's public key (hex) */ publicKey: string; /** Publisher's private key (hex) for signing */ privateKey: string; /** Licensing terms */ terms: GovernanceTerms; /** Revocation policy (defaults to strict) */ revocationPolicy?: RevocationPolicy; /** Publication timestamp (defaults to now) */ publishedAt?: string; /** Expiry timestamp (AV-3: replay prevention). If set, the block is invalid after this time */ expiresAt?: string; /** AV-5: Skill implementation content. If provided, SHA-256 hash is computed and included * in the block, binding governance to this specific implementation. */ skillContent?: string; } export declare function generateGovernanceBlock(input: GenerateGovernanceBlockInput): GovernanceBlock; export interface GovernanceBlockVerification { /** Is the Ed25519 signature valid? */ signatureValid: boolean; /** Does the content hash match the provided content? */ contentHashValid: boolean; /** Does the DID resolve to the signing key? */ didConsistent: boolean; /** Is the block past its expires_at? False when no expiry is set. */ expired: boolean; /** Overall: all checks pass */ valid: boolean; /** Human-readable errors */ errors: string[]; } export declare function verifyGovernanceBlock(block: GovernanceBlock, content: string, publicKey: string, options?: { /** AV-5: If provided, verify the block's skill_hash matches this content */ skillContent?: string; }): GovernanceBlockVerification; /** * Render a governance block as an HTML script tag for embedding in any web page. * * Usage: Insert the returned string anywhere in your HTML or . * Every crawler that reads the page ingests this block alongside the content. * * Example output: * */ export declare function renderGovernanceHTML(block: GovernanceBlock): string; /** * Render as a meta tag alternative (for strict CSP environments). * The full block is base64-encoded in the content attribute. */ export declare function renderGovernanceMeta(block: GovernanceBlock): string; /** * Parse a governance block from HTML content. * Looks for