@character-foundry/character-foundry 0.1.3 → 0.1.5

package/dist/federation.d.ts

@@ -1,2 +1,2951 @@
-export * from '@character-foundry/federation';
-//# sourceMappingURL=federation.d.ts.map
+import { z } from 'zod';
+
+declare const CCv3DataSchema: z.ZodObject<{
+	spec: z.ZodLiteral<"chara_card_v3">;
+	spec_version: z.ZodLiteral<"3.0">;
+	data: z.ZodObject<{
+		name: z.ZodDefault<z.ZodString>;
+		description: z.ZodDefault<z.ZodString>;
+		personality: z.ZodDefault<z.ZodNullable<z.ZodString>>;
+		scenario: z.ZodDefault<z.ZodString>;
+		first_mes: z.ZodDefault<z.ZodString>;
+		mes_example: z.ZodDefault<z.ZodNullable<z.ZodString>>;
+		creator: z.ZodDefault<z.ZodString>;
+		character_version: z.ZodDefault<z.ZodString>;
+		tags: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+		group_only_greetings: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+		creator_notes: z.ZodOptional<z.ZodString>;
+		system_prompt: z.ZodOptional<z.ZodString>;
+		post_history_instructions: z.ZodOptional<z.ZodString>;
+		alternate_greetings: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+		character_book: z.ZodNullable<z.ZodOptional<z.ZodObject<{
+			name: z.ZodOptional<z.ZodString>;
+			description: z.ZodOptional<z.ZodString>;
+			scan_depth: z.ZodOptional<z.ZodNumber>;
+			token_budget: z.ZodOptional<z.ZodNumber>;
+			recursive_scanning: z.ZodOptional<z.ZodBoolean>;
+			extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+			entries: z.ZodArray<z.ZodObject<{
+				keys: z.ZodArray<z.ZodString, "many">;
+				content: z.ZodString;
+				enabled: z.ZodBoolean;
+				insertion_order: z.ZodNumber;
+				case_sensitive: z.ZodOptional<z.ZodBoolean>;
+				name: z.ZodOptional<z.ZodString>;
+				priority: z.ZodOptional<z.ZodNumber>;
+				id: z.ZodOptional<z.ZodNumber>;
+				comment: z.ZodOptional<z.ZodString>;
+				selective: z.ZodOptional<z.ZodBoolean>;
+				secondary_keys: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+				constant: z.ZodOptional<z.ZodBoolean>;
+				position: z.ZodOptional<z.ZodEnum<[
+					"before_char",
+					"after_char"
+				]>>;
+				extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+				automation_id: z.ZodOptional<z.ZodString>;
+				role: z.ZodOptional<z.ZodEnum<[
+					"system",
+					"user",
+					"assistant"
+				]>>;
+				group: z.ZodOptional<z.ZodString>;
+				scan_frequency: z.ZodOptional<z.ZodNumber>;
+				probability: z.ZodOptional<z.ZodNumber>;
+				use_regex: z.ZodOptional<z.ZodBoolean>;
+				depth: z.ZodOptional<z.ZodNumber>;
+				selective_logic: z.ZodOptional<z.ZodEnum<[
+					"AND",
+					"NOT"
+				]>>;
+			}, "strip", z.ZodTypeAny, {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}, {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}>, "many">;
+		}, "strip", z.ZodTypeAny, {
+			entries: {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}[];
+			name?: string | undefined;
+			description?: string | undefined;
+			scan_depth?: number | undefined;
+			token_budget?: number | undefined;
+			recursive_scanning?: boolean | undefined;
+			extensions?: Record<string, unknown> | undefined;
+		}, {
+			entries: {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}[];
+			name?: string | undefined;
+			description?: string | undefined;
+			scan_depth?: number | undefined;
+			token_budget?: number | undefined;
+			recursive_scanning?: boolean | undefined;
+			extensions?: Record<string, unknown> | undefined;
+		}>>>;
+		extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+		assets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+			type: z.ZodEnum<[
+				"icon",
+				"background",
+				"emotion",
+				"user_icon",
+				"sound",
+				"video",
+				"custom",
+				"x-risu-asset"
+			]>;
+			uri: z.ZodString;
+			name: z.ZodString;
+			ext: z.ZodString;
+		}, "strip", z.ZodTypeAny, {
+			name: string;
+			type: "custom" | "icon" | "background" | "emotion" | "user_icon" | "sound" | "video" | "x-risu-asset";
+			uri: string;
+			ext: string;
+		}, {
+			name: string;
+			type: "custom" | "icon" | "background" | "emotion" | "user_icon" | "sound" | "video" | "x-risu-asset";
+			uri: string;
+			ext: string;
+		}>, "many">>;
+		nickname: z.ZodOptional<z.ZodString>;
+		creator_notes_multilingual: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+		source: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+		creation_date: z.ZodOptional<z.ZodNumber>;
+		modification_date: z.ZodOptional<z.ZodNumber>;
+	}, "strip", z.ZodTypeAny, {
+		name: string;
+		description: string;
+		personality: string | null;
+		scenario: string;
+		first_mes: string;
+		mes_example: string | null;
+		tags: string[];
+		creator: string;
+		character_version: string;
+		group_only_greetings: string[];
+		extensions?: Record<string, unknown> | undefined;
+		creator_notes?: string | undefined;
+		system_prompt?: string | undefined;
+		post_history_instructions?: string | undefined;
+		alternate_greetings?: string[] | undefined;
+		character_book?: {
+			entries: {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}[];
+			name?: string | undefined;
+			description?: string | undefined;
+			scan_depth?: number | undefined;
+			token_budget?: number | undefined;
+			recursive_scanning?: boolean | undefined;
+			extensions?: Record<string, unknown> | undefined;
+		} | null | undefined;
+		assets?: {
+			name: string;
+			type: "custom" | "icon" | "background" | "emotion" | "user_icon" | "sound" | "video" | "x-risu-asset";
+			uri: string;
+			ext: string;
+		}[] | undefined;
+		nickname?: string | undefined;
+		creator_notes_multilingual?: Record<string, string> | undefined;
+		source?: string[] | undefined;
+		creation_date?: number | undefined;
+		modification_date?: number | undefined;
+	}, {
+		name?: string | undefined;
+		description?: string | undefined;
+		extensions?: Record<string, unknown> | undefined;
+		personality?: string | null | undefined;
+		scenario?: string | undefined;
+		first_mes?: string | undefined;
+		mes_example?: string | null | undefined;
+		creator_notes?: string | undefined;
+		system_prompt?: string | undefined;
+		post_history_instructions?: string | undefined;
+		alternate_greetings?: string[] | undefined;
+		character_book?: {
+			entries: {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}[];
+			name?: string | undefined;
+			description?: string | undefined;
+			scan_depth?: number | undefined;
+			token_budget?: number | undefined;
+			recursive_scanning?: boolean | undefined;
+			extensions?: Record<string, unknown> | undefined;
+		} | null | undefined;
+		tags?: string[] | undefined;
+		creator?: string | undefined;
+		character_version?: string | undefined;
+		group_only_greetings?: string[] | undefined;
+		assets?: {
+			name: string;
+			type: "custom" | "icon" | "background" | "emotion" | "user_icon" | "sound" | "video" | "x-risu-asset";
+			uri: string;
+			ext: string;
+		}[] | undefined;
+		nickname?: string | undefined;
+		creator_notes_multilingual?: Record<string, string> | undefined;
+		source?: string[] | undefined;
+		creation_date?: number | undefined;
+		modification_date?: number | undefined;
+	}>;
+}, "strip", z.ZodTypeAny, {
+	data: {
+		name: string;
+		description: string;
+		personality: string | null;
+		scenario: string;
+		first_mes: string;
+		mes_example: string | null;
+		tags: string[];
+		creator: string;
+		character_version: string;
+		group_only_greetings: string[];
+		extensions?: Record<string, unknown> | undefined;
+		creator_notes?: string | undefined;
+		system_prompt?: string | undefined;
+		post_history_instructions?: string | undefined;
+		alternate_greetings?: string[] | undefined;
+		character_book?: {
+			entries: {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}[];
+			name?: string | undefined;
+			description?: string | undefined;
+			scan_depth?: number | undefined;
+			token_budget?: number | undefined;
+			recursive_scanning?: boolean | undefined;
+			extensions?: Record<string, unknown> | undefined;
+		} | null | undefined;
+		assets?: {
+			name: string;
+			type: "custom" | "icon" | "background" | "emotion" | "user_icon" | "sound" | "video" | "x-risu-asset";
+			uri: string;
+			ext: string;
+		}[] | undefined;
+		nickname?: string | undefined;
+		creator_notes_multilingual?: Record<string, string> | undefined;
+		source?: string[] | undefined;
+		creation_date?: number | undefined;
+		modification_date?: number | undefined;
+	};
+	spec: "chara_card_v3";
+	spec_version: "3.0";
+}, {
+	data: {
+		name?: string | undefined;
+		description?: string | undefined;
+		extensions?: Record<string, unknown> | undefined;
+		personality?: string | null | undefined;
+		scenario?: string | undefined;
+		first_mes?: string | undefined;
+		mes_example?: string | null | undefined;
+		creator_notes?: string | undefined;
+		system_prompt?: string | undefined;
+		post_history_instructions?: string | undefined;
+		alternate_greetings?: string[] | undefined;
+		character_book?: {
+			entries: {
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				insertion_order: number;
+				name?: string | undefined;
+				extensions?: Record<string, unknown> | undefined;
+				case_sensitive?: boolean | undefined;
+				priority?: number | undefined;
+				id?: number | undefined;
+				comment?: string | undefined;
+				selective?: boolean | undefined;
+				secondary_keys?: string[] | undefined;
+				constant?: boolean | undefined;
+				position?: "before_char" | "after_char" | undefined;
+				automation_id?: string | undefined;
+				role?: "system" | "user" | "assistant" | undefined;
+				group?: string | undefined;
+				scan_frequency?: number | undefined;
+				probability?: number | undefined;
+				use_regex?: boolean | undefined;
+				depth?: number | undefined;
+				selective_logic?: "AND" | "NOT" | undefined;
+			}[];
+			name?: string | undefined;
+			description?: string | undefined;
+			scan_depth?: number | undefined;
+			token_budget?: number | undefined;
+			recursive_scanning?: boolean | undefined;
+			extensions?: Record<string, unknown> | undefined;
+		} | null | undefined;
+		tags?: string[] | undefined;
+		creator?: string | undefined;
+		character_version?: string | undefined;
+		group_only_greetings?: string[] | undefined;
+		assets?: {
+			name: string;
+			type: "custom" | "icon" | "background" | "emotion" | "user_icon" | "sound" | "video" | "x-risu-asset";
+			uri: string;
+			ext: string;
+		}[] | undefined;
+		nickname?: string | undefined;
+		creator_notes_multilingual?: Record<string, string> | undefined;
+		source?: string[] | undefined;
+		creation_date?: number | undefined;
+		modification_date?: number | undefined;
+	};
+	spec: "chara_card_v3";
+	spec_version: "3.0";
+}>;
+/**
+ * Character Card v3 full structure
+ */
+export type CCv3Data = z.infer<typeof CCv3DataSchema>;
+/**
+ * Federation Types
+ *
+ * Core types for ActivityPub-based character card federation.
+ */
+/**
+ * Unique identifier for a federated card
+ * Format: {platform}:{id} or full URI
+ */
+export type FederatedCardId = string;
+/**
+ * Platform identifier
+ */
+export type PlatformId = "archive" | "hub" | "editor" | "sillytavern" | "risu" | "chub" | "custom";
+/**
+ * ActivityPub Actor representing a creator/user
+ */
+export interface FederatedActor {
+	/** ActivityPub context */
+	"@context"?: ActivityPubContext;
+	/** ActivityPub ID (URI) */
+	id: string;
+	/** Actor type */
+	type: "Person" | "Service" | "Application";
+	/** Display name */
+	name: string;
+	/** Username/handle */
+	preferredUsername: string;
+	/** Profile summary */
+	summary?: string;
+	/** Avatar URL */
+	icon?: string;
+	/** Inbox URL for receiving activities */
+	inbox: string;
+	/** Outbox URL for published activities */
+	outbox: string;
+	/** Followers collection URL */
+	followers?: string;
+	/** Following collection URL */
+	following?: string;
+	/** Public key for HTTP signatures */
+	publicKey?: {
+		id: string;
+		owner: string;
+		publicKeyPem: string;
+	};
+}
+/**
+ * ActivityPub context type - can be a string, or an array of strings and objects
+ */
+export type ActivityPubContext = string | (string | Record<string, unknown>)[];
+/**
+ * ActivityPub Object representing a character card
+ */
+export interface FederatedCard {
+	/** ActivityPub context */
+	"@context": ActivityPubContext;
+	/** Unique ID (URI) */
+	id: string;
+	/** Object type */
+	type: "Note" | "Article" | "Document";
+	/** Card name/title */
+	name: string;
+	/** Card description/summary */
+	summary?: string;
+	/** Full card content (JSON stringified CCv3Data) */
+	content: string;
+	/** Content media type */
+	mediaType: "application/json";
+	/** Creator actor */
+	attributedTo: string;
+	/** Publication timestamp */
+	published: string;
+	/** Last update timestamp */
+	updated?: string;
+	/** Tags/hashtags */
+	tag?: Array<{
+		type: "Hashtag";
+		name: string;
+		href?: string;
+	}>;
+	/** Attached assets */
+	attachment?: Array<{
+		type: "Document" | "Image" | "Audio";
+		mediaType: string;
+		url: string;
+		name?: string;
+	}>;
+	/** Source platform */
+	source?: {
+		platform: PlatformId;
+		id: string;
+		url?: string;
+	};
+	/** Card version */
+	"character:version"?: string;
+	/** Card spec version */
+	"character:spec"?: string;
+}
+/**
+ * ActivityPub Activity types for cards
+ */
+export type ActivityType = "Create" | "Update" | "Delete" | "Announce" | "Like" | "Follow" | "Undo" | "Fork" | "Install" | "Flag" | "Block";
+/**
+ * Platform role in federation topology
+ */
+export type PlatformRole = "publisher" | "hub" | "architect" | "consumer";
+/**
+ * Fork reference stored in card extensions
+ * Path: card.data.extensions['character-foundry'].forkedFrom
+ */
+export interface ForkReference {
+	/** Federated URI of the source card */
+	federatedId: string;
+	/** Source platform identifier */
+	platform: PlatformId;
+	/** Timestamp when forked */
+	forkedAt: string;
+	/** Source version hash at fork time */
+	sourceVersionHash?: string;
+}
+/**
+ * Fork notification received by source instance
+ */
+export interface ForkNotification {
+	/** Federated URI of the fork */
+	forkId: string;
+	/** Actor who created the fork */
+	actorId: string;
+	/** Platform where fork was created */
+	platform: PlatformId;
+	/** Timestamp of fork */
+	timestamp: string;
+}
+/**
+ * Install notification received by source instance
+ * Consumers (SillyTavern, Voxta) send these when a card is installed
+ */
+export interface InstallNotification {
+	/** Platform where card was installed */
+	platform: PlatformId;
+	/** Actor/user who installed (if known) */
+	actorId?: string;
+	/** Timestamp of installation */
+	timestamp: string;
+}
+/**
+ * Aggregated stats for a card
+ */
+export interface CardStats {
+	/** Total known installs across all platforms */
+	installCount: number;
+	/** Install counts per platform */
+	installsByPlatform: Partial<Record<PlatformId, number>>;
+	/** Fork count (separate from forkNotifications for efficiency) */
+	forkCount: number;
+	/** Like/favorite count */
+	likeCount: number;
+	/** Last time any stat was updated */
+	lastUpdated: string;
+}
+/**
+ * Install activity - consumer notifies hub about card installation
+ */
+export interface InstallActivity extends Omit<FederatedActivity, "type" | "object"> {
+	type: "Install";
+	/** Card URI that was installed */
+	object: string;
+	/** Platform where installed */
+	target?: {
+		type: "Application";
+		name: PlatformId;
+	};
+}
+/**
+ * ActivityPub Activity
+ */
+export interface FederatedActivity {
+	"@context": ActivityPubContext;
+	id: string;
+	type: ActivityType;
+	actor: string;
+	object: string | FederatedCard;
+	published: string;
+	to?: string[];
+	cc?: string[];
+}
+/**
+ * Sync state for a card across platforms
+ */
+export interface CardSyncState {
+	/** Local card ID */
+	localId: string;
+	/** Federated card ID (ActivityPub URI) */
+	federatedId: string;
+	/** Platform-specific IDs (only set for synced platforms) */
+	platformIds: Partial<Record<PlatformId, string>>;
+	/** Last sync timestamp per platform (only set for synced platforms) */
+	lastSync: Partial<Record<PlatformId, string>>;
+	/** Current version hash */
+	versionHash: string;
+	/** Sync status */
+	status: "synced" | "pending" | "conflict" | "error";
+	/** Conflict details if any */
+	conflict?: {
+		localVersion: string;
+		remoteVersion: string;
+		remotePlatform: PlatformId;
+	};
+	/** Fork reference if this card is a fork */
+	forkedFrom?: ForkReference;
+	/** Count of known forks of this card */
+	forksCount?: number;
+	/** References to known forks (capped at 100 to prevent unbounded growth) */
+	forkNotifications?: ForkNotification[];
+	/** Aggregated stats for this card */
+	stats?: CardStats;
+}
+/**
+ * Sync operation
+ */
+export interface SyncOperation {
+	type: "push" | "pull" | "delete" | "resolve" | "fork";
+	cardId: FederatedCardId;
+	sourcePlatform: PlatformId;
+	targetPlatform: PlatformId;
+	timestamp: string;
+}
+/**
+ * Sync result
+ */
+export interface SyncResult {
+	success: boolean;
+	operation: SyncOperation;
+	newState?: CardSyncState;
+	error?: string;
+}
+/**
+ * Platform adapter interface
+ * Each platform implements this to enable federation
+ */
+export interface PlatformAdapter {
+	/** Platform identifier */
+	readonly platform: PlatformId;
+	/** Platform display name */
+	readonly displayName: string;
+	/** Whether the platform is currently available */
+	isAvailable(): Promise<boolean>;
+	/** Get a card by local ID */
+	getCard(localId: string): Promise<CCv3Data | null>;
+	/** List all cards (with optional pagination) */
+	listCards(options?: {
+		limit?: number;
+		offset?: number;
+		since?: string;
+	}): Promise<Array<{
+		id: string;
+		card: CCv3Data;
+		updatedAt: string;
+	}>>;
+	/** Save/update a card */
+	saveCard(card: CCv3Data, localId?: string): Promise<string>;
+	/** Delete a card */
+	deleteCard(localId: string): Promise<boolean>;
+	/** Get card assets */
+	getAssets(localId: string): Promise<Array<{
+		name: string;
+		type: string;
+		data: Uint8Array;
+	}>>;
+	/** Get the last modified timestamp for a card */
+	getLastModified(localId: string): Promise<string | null>;
+}
+/**
+ * Federation hub configuration
+ */
+export interface FederationConfig {
+	/** This instance's ActivityPub actor */
+	actor: FederatedActor;
+	/** Registered platform adapters */
+	platforms: Map<PlatformId, PlatformAdapter>;
+	/** Sync state storage */
+	stateStore: SyncStateStore;
+	/** HTTP signature keys */
+	keys?: {
+		privateKey: string;
+		publicKey: string;
+	};
+}
+/**
+ * Sync state storage interface
+ */
+export interface SyncStateStore {
+	/** Get sync state for a card */
+	get(federatedId: string): Promise<CardSyncState | null>;
+	/** Save sync state */
+	set(state: CardSyncState): Promise<void>;
+	/** Delete sync state */
+	delete(federatedId: string): Promise<void>;
+	/** List all sync states */
+	list(): Promise<CardSyncState[]>;
+	/** Find by platform ID */
+	findByPlatformId(platform: PlatformId, platformId: string): Promise<CardSyncState | null>;
+}
+/**
+ * Federation event types
+ */
+export type FederationEventType = "card:created" | "card:updated" | "card:deleted" | "card:synced" | "card:conflict" | "card:forked" | "card:fork-received" | "card:installed" | "card:install-received" | "sync:started" | "sync:completed" | "sync:failed" | "sync:skipped" | "actor:followed" | "actor:unfollowed" | "moderation:report-received" | "moderation:action-taken" | "moderation:instance-blocked" | "moderation:instance-unblocked" | "moderation:policy-matched" | "moderation:policy-rejected";
+/**
+ * Federation event
+ */
+export interface FederationEvent {
+	type: FederationEventType;
+	timestamp: string;
+	data: unknown;
+}
+/**
+ * Event listener
+ */
+export type FederationEventListener = (event: FederationEvent) => void | Promise<void>;
+/**
+ * Fork activity - custom ActivityPub extension
+ */
+export interface ForkActivity extends Omit<FederatedActivity, "type" | "object"> {
+	type: "Fork";
+	/** Source card URI being forked */
+	object: string;
+	/** The newly created fork */
+	result: FederatedCard;
+}
+/**
+ * Fork operation result
+ */
+export interface ForkResult {
+	success: boolean;
+	operation: SyncOperation;
+	forkState?: CardSyncState;
+	sourceFederatedId?: string;
+	forkFederatedId?: string;
+	error?: string;
+}
+/**
+ * Inbox handler result
+ */
+export interface InboxResult {
+	accepted: boolean;
+	error?: string;
+	activityType?: ActivityType;
+}
+/**
+ * Inbox handler options
+ */
+export interface InboxHandlerOptions {
+	/** Fetch actor by ID for signature verification */
+	fetchActor: (actorId: string) => Promise<FederatedActor | null>;
+	/** Strict mode for signature validation */
+	strictMode?: boolean;
+	/** Maximum age for signatures in seconds (default 300) */
+	maxAge?: number;
+}
+/**
+ * ActivityPub Utilities
+ *
+ * Convert character cards to/from ActivityPub format.
+ */
+/**
+ * ActivityPub context for character cards
+ */
+export declare const ACTIVITY_CONTEXT: (string | {
+	character: string;
+	"character:version": {
+		"@id": string;
+	};
+	"character:spec": {
+		"@id": string;
+	};
+})[];
+/**
+ * Extended ActivityPub context for Fork activities
+ * Includes custom character-foundry namespace for fork semantics
+ */
+export declare const FORK_ACTIVITY_CONTEXT: (string | {
+	character: string;
+	"character:version": {
+		"@id": string;
+	};
+	"character:spec": {
+		"@id": string;
+	};
+	Fork: string;
+	forkedFrom: {
+		"@id": string;
+		"@type": string;
+	};
+})[];
+/**
+ * Extended ActivityPub context for Install activities
+ * Used by consumers (SillyTavern, Voxta) to notify hub about installations
+ */
+export declare const INSTALL_ACTIVITY_CONTEXT: (string | {
+	character: string;
+	Install: string;
+})[];
+/**
+ * Generate a unique ID for a federated card
+ *
+ * @security localId is URI-encoded to prevent path traversal and query injection.
+ * Characters like '/', '?', '#', and spaces are safely escaped.
+ */
+export declare function generateCardId(baseUrl: string, localId: string): string;
+/**
+ * Generate a unique ID for an activity using crypto-grade randomness
+ */
+export declare function generateActivityId(baseUrl: string): string;
+/**
+ * Convert a CCv3 card to ActivityPub FederatedCard format
+ */
+export declare function cardToActivityPub(card: CCv3Data, options: {
+	id: string;
+	actorId: string;
+	published?: string;
+	updated?: string;
+	sourcePlatform?: PlatformId;
+	sourceId?: string;
+	sourceUrl?: string;
+	attachments?: Array<{
+		type: "Image" | "Audio" | "Document";
+		mediaType: string;
+		url: string;
+		name?: string;
+	}>;
+}): FederatedCard;
+/**
+ * Extract CCv3 card from ActivityPub FederatedCard
+ */
+export declare function cardFromActivityPub(federatedCard: FederatedCard): CCv3Data;
+/**
+ * Create a Create activity for a new card
+ */
+export declare function createCreateActivity(card: FederatedCard, actorId: string, baseUrl: string, recipients?: {
+	to?: string[];
+	cc?: string[];
+}): FederatedActivity;
+/**
+ * Create an Update activity for a modified card
+ */
+export declare function createUpdateActivity(card: FederatedCard, actorId: string, baseUrl: string, recipients?: {
+	to?: string[];
+	cc?: string[];
+}): FederatedActivity;
+/**
+ * Create a Delete activity for a removed card
+ */
+export declare function createDeleteActivity(cardId: string, actorId: string, baseUrl: string, recipients?: {
+	to?: string[];
+	cc?: string[];
+}): FederatedActivity;
+/**
+ * Create an Announce (reshare) activity
+ */
+export declare function createAnnounceActivity(cardId: string, actorId: string, baseUrl: string, recipients?: {
+	to?: string[];
+	cc?: string[];
+}): FederatedActivity;
+/**
+ * Create a Like activity
+ */
+export declare function createLikeActivity(cardId: string, actorId: string, baseUrl: string): FederatedActivity;
+/**
+ * Create an Undo activity
+ */
+export declare function createUndoActivity(originalActivityId: string, actorId: string, baseUrl: string): FederatedActivity;
+/**
+ * Create a Fork activity for card derivation
+ *
+ * Fork activities notify the source instance that a card was forked.
+ * The forked card contains a reference to the source in its extensions.
+ */
+export declare function createForkActivity(sourceCardId: string, forkedCard: FederatedCard, actorId: string, baseUrl: string, recipients?: {
+	to?: string[];
+	cc?: string[];
+}): ForkActivity;
+/**
+ * Parse an incoming Fork activity
+ *
+ * @returns Parsed fork data or null if invalid
+ */
+export declare function parseForkActivity(activity: unknown): {
+	sourceCardId: string;
+	forkedCard: FederatedCard;
+	actor: string;
+	activityId: string;
+} | null;
+/**
+ * Create an Install activity for notifying hub about card installation
+ *
+ * Consumers (SillyTavern, Voxta) send this when a card is installed/saved.
+ */
+export declare function createInstallActivity(cardId: string, actorId: string, baseUrl: string, platform: PlatformId, recipients?: {
+	to?: string[];
+	cc?: string[];
+}): InstallActivity;
+/**
+ * Parse an incoming Install activity
+ *
+ * @returns Parsed install data or null if invalid
+ */
+export declare function parseInstallActivity(activity: unknown): {
+	cardId: string;
+	actor: string;
+	platform: PlatformId | null;
+	activityId: string;
+} | null;
+/**
+ * Create a minimal actor object
+ */
+export declare function createActor(options: {
+	id: string;
+	username: string;
+	displayName: string;
+	summary?: string;
+	icon?: string;
+	baseUrl: string;
+	publicKeyPem?: string;
+}): FederatedActor;
+/**
+ * Parse an incoming activity
+ */
+export declare function parseActivity(data: unknown): FederatedActivity;
+/**
+ * Sync Engine
+ *
+ * Handles synchronization of character cards across platforms.
+ */
+/**
+ * Sync Engine Options
+ */
+export interface SyncEngineOptions {
+	/** Base URL for this federation instance */
+	baseUrl: string;
+	/** Actor ID for this instance */
+	actorId: string;
+	/** State storage */
+	stateStore: SyncStateStore;
+	/** Auto-sync interval in ms (0 to disable) */
+	autoSyncInterval?: number;
+	/**
+	 * Use SHA-256 for change detection instead of fast 32-bit hash.
+	 *
+	 * Default: false (fast hash for backwards compatibility)
+	 * Recommended: true for federation sync across untrusted systems
+	 *
+	 * @security Fast hash has collision potential (~2^16 birthday bound).
+	 * SHA-256 is cryptographically secure but slightly slower.
+	 */
+	secureHashing?: boolean;
+}
+/**
+ * Sync Engine
+ * Coordinates synchronization between registered platforms
+ */
+export declare class SyncEngine {
+	private platforms;
+	private stateStore;
+	private baseUrl;
+	private actorId;
+	private listeners;
+	private autoSyncTimer?;
+	private secureHashing;
+	/**
+	 * Mutex flag to prevent concurrent syncAll() executions.
+	 * When autoSyncInterval triggers while a sync is in progress,
+	 * the new sync is skipped to prevent race conditions.
+	 */
+	private syncInProgress;
+	constructor(options: SyncEngineOptions);
+	/**
+	 * Generate a hash for change detection.
+	 * Uses SHA-256 if secureHashing is enabled, otherwise fast 32-bit hash.
+	 */
+	private hashCard;
+	/**
+	 * Register a platform adapter
+	 */
+	registerPlatform(adapter: PlatformAdapter): void;
+	/**
+	 * Unregister a platform adapter
+	 */
+	unregisterPlatform(platform: PlatformId): void;
+	/**
+	 * Get registered platforms
+	 */
+	getPlatforms(): PlatformId[];
+	/**
+	 * Add event listener
+	 */
+	on(event: FederationEventType, listener: FederationEventListener): void;
+	/**
+	 * Remove event listener
+	 */
+	off(event: FederationEventType, listener: FederationEventListener): void;
+	/**
+	 * Emit an event
+	 */
+	private emit;
+	/**
+	 * Push a card from one platform to another
+	 */
+	pushCard(sourcePlatform: PlatformId, sourceId: string, targetPlatform: PlatformId): Promise<SyncResult>;
+	/**
+	 * Pull a card from a remote platform to local
+	 */
+	pullCard(remotePlatform: PlatformId, remoteId: string, localPlatform: PlatformId): Promise<SyncResult>;
+	/**
+	 * Sync a card across all registered platforms
+	 */
+	syncCardToAll(sourcePlatform: PlatformId, sourceId: string): Promise<SyncResult[]>;
+	/**
+	 * Sync all cards from one platform to another
+	 */
+	syncPlatform(sourcePlatform: PlatformId, targetPlatform: PlatformId): Promise<SyncResult[]>;
+	/**
+	 * Sync all platforms with each other.
+	 *
+	 * Includes mutex protection to prevent concurrent executions when
+	 * triggered by autoSyncInterval. If a sync is already in progress,
+	 * subsequent calls are skipped and emit a 'sync:skipped' event.
+	 */
+	syncAll(): Promise<Map<string, SyncResult[]>>;
+	/**
+	 * Get sync state for a card
+	 */
+	getSyncState(federatedId: string): Promise<CardSyncState | null>;
+	/**
+	 * Find sync state by platform ID
+	 */
+	findSyncState(platform: PlatformId, platformId: string): Promise<CardSyncState | null>;
+	/**
+	 * Resolve a sync conflict by choosing a version
+	 */
+	resolveConflict(federatedId: string, resolution: "local" | "remote" | "merge", mergedCard?: CCv3Data): Promise<SyncResult>;
+	/**
+	 * Fork a card from a remote source
+	 *
+	 * Creates a local copy of a remote card with fork metadata stored in
+	 * the card's extensions and sync state. Optionally notifies the source
+	 * instance about the fork.
+	 *
+	 * @param sourceFederatedId - Federated URI of the source card
+	 * @param sourcePlatform - Platform where the source card resides
+	 * @param targetPlatform - Platform to save the fork to
+	 * @param options - Fork options
+	 */
+	forkCard(sourceFederatedId: string, sourcePlatform: PlatformId, targetPlatform: PlatformId, options?: {
+		modifications?: Partial<CCv3Data["data"]>;
+		notifySource?: boolean;
+		sourceInbox?: string;
+	}): Promise<ForkResult>;
+	/**
+	 * Create a forked card with fork metadata in extensions
+	 */
+	private createForkedCard;
+	/**
+	 * Handle incoming fork notification
+	 *
+	 * Called when another instance notifies us that they forked one of our cards.
+	 * Increments the fork count and stores the notification.
+	 */
+	handleForkNotification(activity: ForkActivity): Promise<void>;
+	/**
+	 * Handle incoming install notification
+	 *
+	 * Called when a consumer (SillyTavern, Voxta) notifies us that they installed one of our cards.
+	 * Increments the install count and stores the notification.
+	 */
+	handleInstallNotification(activity: InstallActivity): Promise<void>;
+	/**
+	 * Get stats for a card
+	 */
+	getCardStats(federatedId: string): Promise<CardStats | null>;
+	/**
+	 * Get fork count for a card
+	 */
+	getForkCount(federatedId: string): Promise<number>;
+	/**
+	 * Get install count for a card
+	 */
+	getInstallCount(federatedId: string): Promise<number>;
+	/**
+	 * Find all local forks of a source card
+	 */
+	findForks(sourceFederatedId: string): Promise<CardSyncState[]>;
+	/**
+	 * Stop the sync engine
+	 */
+	dispose(): void;
+}
+/**
+ * Sync State Stores
+ *
+ * Implementations for storing sync state.
+ */
+/**
+ * In-memory sync state store
+ * Useful for testing and single-session sync
+ */
+export declare class MemorySyncStateStore implements SyncStateStore {
+	private states;
+	get(federatedId: string): Promise<CardSyncState | null>;
+	set(state: CardSyncState): Promise<void>;
+	delete(federatedId: string): Promise<void>;
+	list(): Promise<CardSyncState[]>;
+	findByPlatformId(platform: PlatformId, platformId: string): Promise<CardSyncState | null>;
+	/**
+	 * Clear all states (for testing)
+	 */
+	clear(): void;
+	/**
+	 * Increment fork count and add notification
+	 */
+	incrementForkCount(federatedId: string, notification: ForkNotification): Promise<void>;
+	/**
+	 * Get fork count for a card
+	 */
+	getForkCount(federatedId: string): Promise<number>;
+	/**
+	 * Find all cards that are forks of a given source card
+	 */
+	findForks(sourceFederatedId: string): Promise<CardSyncState[]>;
+}
+/**
+ * JSON file-based sync state store
+ * Persists state to a JSON file
+ */
+export declare class FileSyncStateStore implements SyncStateStore {
+	private states;
+	private filePath;
+	private saveDebounce?;
+	private fs;
+	constructor(filePath: string, fs: {
+		readFile: (path: string, encoding: string) => Promise<string>;
+		writeFile: (path: string, data: string) => Promise<void>;
+		mkdir: (path: string, options: {
+			recursive: boolean;
+		}) => Promise<void>;
+	});
+	/**
+	 * Load state from file
+	 */
+	load(): Promise<void>;
+	/**
+	 * Save state to file (debounced)
+	 */
+	private scheduleSave;
+	/**
+	 * Save state to file immediately
+	 */
+	saveNow(): Promise<void>;
+	get(federatedId: string): Promise<CardSyncState | null>;
+	set(state: CardSyncState): Promise<void>;
+	delete(federatedId: string): Promise<void>;
+	list(): Promise<CardSyncState[]>;
+	findByPlatformId(platform: PlatformId, platformId: string): Promise<CardSyncState | null>;
+	/**
+	 * Increment fork count and add notification
+	 */
+	incrementForkCount(federatedId: string, notification: ForkNotification): Promise<void>;
+	/**
+	 * Get fork count for a card
+	 */
+	getForkCount(federatedId: string): Promise<number>;
+	/**
+	 * Find all cards that are forks of a given source card
+	 */
+	findForks(sourceFederatedId: string): Promise<CardSyncState[]>;
+}
+/**
+ * Storage interface (compatible with Web Storage API)
+ */
+export interface StorageInterface {
+	getItem(key: string): string | null;
+	setItem(key: string, value: string): void;
+	removeItem(key: string): void;
+}
+/**
+ * Create a state store backed by a Storage interface (e.g., localStorage in browser)
+ *
+ * @param key - Prefix key for storage entries
+ * @param storage - Storage interface (pass localStorage in browser, or a polyfill in Node.js)
+ */
+export declare function createLocalStorageStore(key: string, storage: StorageInterface): SyncStateStore;
+/**
+ * D1 Sync State Store
+ *
+ * Cloudflare D1-compatible implementation of SyncStateStore for production
+ * federation support on Cloudflare Workers.
+ */
+/**
+ * Minimal D1Database interface
+ * Compatible with Cloudflare Workers D1 API
+ */
+export interface D1Database {
+	prepare(query: string): D1PreparedStatement;
+	exec(query: string): Promise<D1ExecResult>;
+	batch<T = unknown>(statements: D1PreparedStatement[]): Promise<D1Result<T>[]>;
+}
+export interface D1PreparedStatement {
+	bind(...values: unknown[]): D1PreparedStatement;
+	first<T = unknown>(column?: string): Promise<T | null>;
+	run(): Promise<D1Result>;
+	all<T = unknown>(): Promise<D1Result<T>>;
+}
+export interface D1Result<T = unknown> {
+	results: T[];
+	success: boolean;
+	meta: {
+		duration: number;
+		changes: number;
+		last_row_id: number;
+		served_by?: string;
+	};
+}
+export interface D1ExecResult {
+	count: number;
+	duration: number;
+}
+/**
+ * D1-compatible implementation of SyncStateStore
+ *
+ * Stores federation sync state in Cloudflare D1 (SQLite).
+ *
+ * @example
+ * ```typescript
+ * const store = new D1SyncStateStore(env.DB);
+ * await store.init();
+ *
+ * // Use with SyncEngine
+ * const engine = new SyncEngine({
+ *   stateStore: store,
+ *   // ...
+ * });
+ * ```
+ */
+export declare class D1SyncStateStore implements SyncStateStore {
+	private db;
+	private tableName;
+	/**
+	 * Create a new D1SyncStateStore
+	 *
+	 * @param db - D1Database instance (from env.DB in Workers)
+	 * @param tableName - Table name for storing sync state (default: 'federation_sync_state')
+	 * @throws If tableName contains invalid characters (SQL injection prevention)
+	 */
+	constructor(db: D1Database, tableName?: string);
+	/**
+	 * Initialize the database table
+	 *
+	 * Creates the sync state table if it doesn't exist.
+	 * Safe to call multiple times (idempotent).
+	 */
+	init(): Promise<void>;
+	/**
+	 * Get sync state for a federated card ID
+	 */
+	get(federatedId: string): Promise<CardSyncState | null>;
+	/**
+	 * Save or update sync state
+	 */
+	set(state: CardSyncState): Promise<void>;
+	/**
+	 * Delete sync state for a federated card ID
+	 */
+	delete(federatedId: string): Promise<void>;
+	/**
+	 * List all sync states
+	 */
+	list(): Promise<CardSyncState[]>;
+	/**
+	 * Find sync state by platform-specific ID
+	 *
+	 * @param platform - Platform identifier
+	 * @param platformId - Platform-specific card ID
+	 * @returns Sync state if found, null otherwise
+	 */
+	findByPlatformId(platform: PlatformId, platformId: string): Promise<CardSyncState | null>;
+	/**
+	 * Find sync state by local ID
+	 *
+	 * @param localId - Local card ID
+	 * @returns Sync state if found, null otherwise
+	 */
+	findByLocalId(localId: string): Promise<CardSyncState | null>;
+	/**
+	 * Get count of all sync states
+	 */
+	count(): Promise<number>;
+	/**
+	 * List sync states by status
+	 *
+	 * @param status - Status to filter by
+	 * @returns Array of sync states with matching status
+	 */
+	listByStatus(status: CardSyncState["status"]): Promise<CardSyncState[]>;
+	/**
+	 * Clear all sync states (for testing)
+	 *
+	 * ⚠️  Use with caution - this deletes all data
+	 */
+	clear(): Promise<void>;
+	/**
+	 * Increment fork count and add notification for a source card
+	 *
+	 * Used when receiving a Fork activity to track that someone forked this card.
+	 * Notifications are capped at 100 to prevent unbounded growth.
+	 */
+	incrementForkCount(federatedId: string, notification: ForkNotification): Promise<void>;
+	/**
+	 * Get fork count for a card
+	 */
+	getForkCount(federatedId: string): Promise<number>;
+	/**
+	 * Find all cards that are forks of a given source card
+	 */
+	findForks(sourceFederatedId: string): Promise<CardSyncState[]>;
+	/**
+	 * Convert database row to CardSyncState
+	 */
+	private rowToState;
+}
+/**
+ * Base Platform Adapter
+ *
+ * Abstract base class for platform adapters.
+ */
+/**
+ * Card with metadata from adapter
+ */
+export interface AdapterCard {
+	id: string;
+	card: CCv3Data;
+	updatedAt: string;
+	createdAt?: string;
+}
+/**
+ * Asset from adapter
+ */
+export interface AdapterAsset {
+	name: string;
+	type: string;
+	data: Uint8Array;
+	mimeType?: string;
+}
+/**
+ * Abstract base adapter with common functionality
+ */
+export declare abstract class BasePlatformAdapter implements PlatformAdapter {
+	abstract readonly platform: PlatformId;
+	abstract readonly displayName: string;
+	/**
+	 * Check if platform is available
+	 */
+	abstract isAvailable(): Promise<boolean>;
+	/**
+	 * Get a card by local ID
+	 */
+	abstract getCard(localId: string): Promise<CCv3Data | null>;
+	/**
+	 * List all cards
+	 */
+	abstract listCards(options?: {
+		limit?: number;
+		offset?: number;
+		since?: string;
+	}): Promise<AdapterCard[]>;
+	/**
+	 * Save/update a card
+	 */
+	abstract saveCard(card: CCv3Data, localId?: string): Promise<string>;
+	/**
+	 * Delete a card
+	 */
+	abstract deleteCard(localId: string): Promise<boolean>;
+	/**
+	 * Get card assets
+	 */
+	abstract getAssets(localId: string): Promise<AdapterAsset[]>;
+	/**
+	 * Get last modified timestamp
+	 */
+	abstract getLastModified(localId: string): Promise<string | null>;
+	/**
+	 * Generate a new local ID using crypto-grade randomness
+	 */
+	protected generateId(): string;
+}
+/**
+ * In-memory adapter for testing
+ */
+export declare class MemoryPlatformAdapter extends BasePlatformAdapter {
+	readonly platform: PlatformId;
+	readonly displayName: string;
+	private cards;
+	private assets;
+	constructor(platform?: PlatformId, displayName?: string);
+	isAvailable(): Promise<boolean>;
+	getCard(localId: string): Promise<CCv3Data | null>;
+	listCards(options?: {
+		limit?: number;
+		offset?: number;
+		since?: string;
+	}): Promise<AdapterCard[]>;
+	saveCard(card: CCv3Data, localId?: string): Promise<string>;
+	deleteCard(localId: string): Promise<boolean>;
+	getAssets(localId: string): Promise<AdapterAsset[]>;
+	getLastModified(localId: string): Promise<string | null>;
+	/**
+	 * Set assets for a card (for testing)
+	 */
+	setAssets(localId: string, assets: AdapterAsset[]): void;
+	/**
+	 * Clear all data (for testing)
+	 */
+	clear(): void;
+	/**
+	 * Get card count
+	 */
+	count(): number;
+}
+/**
+ * HTTP Platform Adapter
+ *
+ * Adapter for platforms accessible via HTTP API.
+ */
+/**
+ * HTTP fetch function type
+ */
+export type FetchFn = (url: string, init?: RequestInit) => Promise<Response>;
+/**
+ * HTTP adapter configuration
+ */
+export interface HttpAdapterConfig {
+	/** Platform ID */
+	platform: PlatformId;
+	/** Display name */
+	displayName: string;
+	/** Base URL of the API */
+	baseUrl: string;
+	/** API endpoints */
+	endpoints: {
+		/** List cards: GET */
+		list: string;
+		/** Get card: GET (append /:id) */
+		get: string;
+		/** Create card: POST */
+		create: string;
+		/** Update card: PUT/PATCH (append /:id) */
+		update: string;
+		/** Delete card: DELETE (append /:id) */
+		delete: string;
+		/** Get assets: GET (append /:id) */
+		assets?: string;
+		/** Health check: GET */
+		health?: string;
+	};
+	/** Authentication header */
+	auth?: {
+		type: "bearer" | "api-key" | "basic";
+		token: string;
+		header?: string;
+	};
+	/** Custom fetch function (for Node.js or testing) */
+	fetch?: FetchFn;
+	/**
+	 * Request timeout in milliseconds.
+	 * Default: 30000 (30 seconds)
+	 *
+	 * @security Prevents hanging connections that could cause resource exhaustion.
+	 */
+	timeout?: number;
+	/** Response transformers */
+	transformers?: {
+		/** Transform list response to AdapterCard[] */
+		list?: (response: unknown) => AdapterCard[];
+		/** Transform get response to CCv3Data */
+		get?: (response: unknown) => CCv3Data;
+		/** Transform card to create request body */
+		create?: (card: CCv3Data) => unknown;
+		/** Transform card to update request body */
+		update?: (card: CCv3Data) => unknown;
+		/** Extract ID from create response */
+		extractId?: (response: unknown) => string;
+	};
+}
+/**
+ * Error thrown when resource ID validation fails
+ */
+export declare class InvalidResourceIdError extends Error {
+	readonly id: string;
+	readonly reason: string;
+	constructor(id: string, reason: string);
+}
+/**
+ * HTTP-based platform adapter
+ */
+export declare class HttpPlatformAdapter extends BasePlatformAdapter {
+	readonly platform: PlatformId;
+	readonly displayName: string;
+	private config;
+	private fetchFn;
+	private timeoutMs;
+	constructor(config: HttpAdapterConfig);
+	/**
+	 * Execute fetch with timeout using AbortController
+	 *
+	 * @security Prevents hanging connections that could cause resource exhaustion
+	 */
+	private fetchWithTimeout;
+	/**
+	 * Build headers for requests
+	 */
+	private buildHeaders;
+	/**
+	 * Build full URL with optional resource ID.
+	 *
+	 * @security ID is validated and encoded to prevent SSRF/path traversal.
+	 * @throws InvalidResourceIdError if ID contains malicious patterns
+	 */
+	private buildUrl;
+	isAvailable(): Promise<boolean>;
+	getCard(localId: string): Promise<CCv3Data | null>;
+	listCards(options?: {
+		limit?: number;
+		offset?: number;
+		since?: string;
+	}): Promise<AdapterCard[]>;
+	saveCard(card: CCv3Data, localId?: string): Promise<string>;
+	deleteCard(localId: string): Promise<boolean>;
+	getAssets(localId: string): Promise<AdapterAsset[]>;
+	getLastModified(localId: string): Promise<string | null>;
+}
+/**
+ * Create an HTTP adapter for Character Archive API
+ */
+export declare function createArchiveAdapter(baseUrl: string, apiKey?: string): HttpPlatformAdapter;
+/**
+ * Create an HTTP adapter for CardsHub API
+ */
+export declare function createHubAdapter(baseUrl: string, apiKey?: string): HttpPlatformAdapter;
+/**
+ * SillyTavern Platform Adapter
+ *
+ * Adapter for SillyTavern integration via plugin.
+ * This provides the interface that a SillyTavern plugin would implement.
+ */
+/**
+ * SillyTavern character format (simplified)
+ */
+export interface STCharacter {
+	/** Character filename/ID */
+	name: string;
+	/** Avatar filename */
+	avatar: string;
+	/** Character data (TavernCard format) */
+	data: {
+		name: string;
+		description: string;
+		personality: string;
+		scenario: string;
+		first_mes: string;
+		mes_example: string;
+		creator_notes?: string;
+		system_prompt?: string;
+		post_history_instructions?: string;
+		alternate_greetings?: string[];
+		character_book?: {
+			entries: Array<{
+				keys: string[];
+				content: string;
+				enabled: boolean;
+				[key: string]: unknown;
+			}>;
+			[key: string]: unknown;
+		};
+		tags?: string[];
+		creator?: string;
+		character_version?: string;
+		extensions?: Record<string, unknown>;
+	};
+}
+/**
+ * Usage stats for a character in SillyTavern
+ */
+export interface STCharacterStats {
+	/** Number of chats with this character */
+	chatCount?: number;
+	/** Total messages exchanged */
+	messageCount?: number;
+	/** Last time this character was used */
+	lastUsed?: string;
+	/** When the character was first added */
+	installedAt?: string;
+}
+/**
+ * Interface that SillyTavern plugin must implement
+ */
+export interface SillyTavernBridge {
+	/** Get all characters */
+	getCharacters(): Promise<STCharacter[]>;
+	/** Get a character by name/ID */
+	getCharacter(name: string): Promise<STCharacter | null>;
+	/** Save a character */
+	saveCharacter(character: STCharacter): Promise<string>;
+	/** Delete a character */
+	deleteCharacter(name: string): Promise<boolean>;
+	/** Get character avatar */
+	getAvatar(name: string): Promise<Uint8Array | null>;
+	/** Check if SillyTavern is available */
+	isConnected(): Promise<boolean>;
+	/**
+	 * Get usage stats for a character (optional)
+	 * SillyTavern plugins can implement this to report usage data back to hub
+	 */
+	getCharacterStats?(name: string): Promise<STCharacterStats | null>;
+	/**
+	 * Get stats for all characters (optional)
+	 * Returns a map of character name to stats
+	 */
+	getAllStats?(): Promise<Map<string, STCharacterStats>>;
+	/**
+	 * Notify hub that a card was installed (optional)
+	 * Called when a new character is added from federation
+	 * @param federatedId - The federated URI of the installed card
+	 * @param hubInbox - The hub's inbox URL to notify
+	 */
+	notifyInstall?(federatedId: string, hubInbox: string): Promise<void>;
+}
+/**
+ * Convert STCharacter to CCv3Data
+ */
+export declare function stCharacterToCCv3(st: STCharacter): CCv3Data;
+/**
+ * Convert CCv3Data to STCharacter
+ */
+export declare function ccv3ToSTCharacter(card: CCv3Data, filename?: string): STCharacter;
+/**
+ * SillyTavern adapter
+ * Requires a bridge implementation from the SillyTavern plugin
+ */
+export declare class SillyTavernAdapter extends BasePlatformAdapter {
+	readonly platform: PlatformId;
+	readonly displayName = "SillyTavern";
+	private bridge;
+	constructor(bridge: SillyTavernBridge);
+	isAvailable(): Promise<boolean>;
+	getCard(localId: string): Promise<CCv3Data | null>;
+	listCards(options?: {
+		limit?: number;
+		offset?: number;
+		since?: string;
+	}): Promise<AdapterCard[]>;
+	saveCard(card: CCv3Data, localId?: string): Promise<string>;
+	deleteCard(localId: string): Promise<boolean>;
+	getAssets(localId: string): Promise<AdapterAsset[]>;
+	getLastModified(localId: string): Promise<string | null>;
+	/**
+	 * Get stats for a character (if bridge supports it)
+	 */
+	getStats(localId: string): Promise<STCharacterStats | null>;
+	/**
+	 * Get stats for all characters (if bridge supports it)
+	 */
+	getAllStats(): Promise<Map<string, STCharacterStats> | null>;
+	/**
+	 * Notify hub about installation (if bridge supports it)
+	 */
+	notifyInstall(federatedId: string, hubInbox: string): Promise<boolean>;
+}
+/**
+ * Create a mock SillyTavern bridge for testing
+ */
+export declare function createMockSTBridge(): SillyTavernBridge & {
+	characters: Map<string, STCharacter>;
+	avatars: Map<string, Uint8Array>;
+	stats: Map<string, STCharacterStats>;
+	installNotifications: Array<{
+		federatedId: string;
+		hubInbox: string;
+	}>;
+};
+export interface WebFingerLink {
+	rel: string;
+	type?: string;
+	href: string;
+	template?: string;
+}
+export interface WebFingerResponse {
+	subject: string;
+	aliases?: string[];
+	properties?: Record<string, string>;
+	links: WebFingerLink[];
+}
+/**
+ * Handle WebFinger discovery request
+ *
+ * @param resource - The resource URI being requested (e.g. acct:user@domain)
+ * @param config - Federation configuration containing actor details
+ * @returns The WebFinger response object or null if not found
+ */
+export declare function handleWebFinger(resource: string, config: FederationConfig): WebFingerResponse | null;
+export interface NodeInfoLink {
+	rel: string;
+	href: string;
+}
+export interface NodeInfoDiscoveryResponse {
+	links: NodeInfoLink[];
+}
+export interface NodeInfoUsage {
+	users: {
+		total: number;
+		activeMonth?: number;
+		activeHalfyear?: number;
+	};
+	localPosts?: number;
+	localComments?: number;
+}
+export interface NodeInfoResponse {
+	version: string;
+	software: {
+		name: string;
+		version: string;
+	};
+	protocols: string[];
+	services: {
+		inbound: string[];
+		outbound: string[];
+	};
+	openRegistrations: boolean;
+	usage: NodeInfoUsage;
+	metadata: Record<string, unknown>;
+}
+/**
+ * Handle NodeInfo discovery request (/.well-known/nodeinfo)
+ *
+ * @param baseUrl - The base URL of the server (e.g. https://hub.example.com)
+ * @returns The NodeInfo discovery response
+ */
+export declare function handleNodeInfoDiscovery(baseUrl: string): NodeInfoDiscoveryResponse;
+/**
+ * Handle NodeInfo data request
+ *
+ * @param config - Federation configuration
+ * @param version - NodeInfo version ('2.0' or '2.1')
+ * @returns The NodeInfo response
+ */
+export declare function handleNodeInfo(config: FederationConfig, version?: "2.0" | "2.1"): NodeInfoResponse;
+/**
+ * Handle Actor profile request
+ *
+ * @param config - Federation configuration
+ * @returns The Actor JSON-LD object
+ */
+export declare function handleActor(config: FederationConfig): FederatedActor;
+/**
+ * Moderation Types
+ *
+ * Core types for federated moderation infrastructure.
+ * Provides tools for communities to self-moderate without imposing specific morality.
+ */
+/**
+ * Flag activity for reporting content/actors
+ * Per ActivityPub spec, Flag is delivered directly to target's inbox
+ */
+export interface FlagActivity {
+	"@context": ActivityPubContext;
+	id: string;
+	type: "Flag";
+	/** Reporter actor URI */
+	actor: string;
+	/** Reported content/actor URI(s) */
+	object: string | string[];
+	/** Report reason/description */
+	content?: string;
+	/** Report category (flexible string - communities define their own) */
+	category?: string;
+	published: string;
+	/** Target instance inbox */
+	to?: string[];
+}
+/**
+ * Block activity for instance-level blocking
+ */
+export interface BlockActivity {
+	"@context": ActivityPubContext;
+	id: string;
+	type: "Block";
+	/** Admin actor URI */
+	actor: string;
+	/** Blocked instance domain or actor URI */
+	object: string;
+	/** Block reason */
+	summary?: string;
+	published: string;
+}
+/**
+ * Report status - flexible string, communities define their own workflow
+ * Common values: 'pending', 'reviewing', 'resolved', 'dismissed', 'escalated'
+ */
+export type ReportStatus = string;
+/**
+ * Report category - flexible string, communities define their own categories
+ * Examples: 'spam', 'harassment', 'nsfw_unmarked', 'copyright', 'illegal_content', etc.
+ */
+export type ReportCategory = string;
+/**
+ * Moderation report record
+ */
+export interface ModerationReport {
+	/** Unique report ID */
+	id: string;
+	/** Reporter actor URI */
+	reporterActorId: string;
+	/** Reporter's instance domain */
+	reporterInstance: string;
+	/** Reported content/actor URI(s) */
+	targetIds: string[];
+	/** Report category */
+	category: ReportCategory;
+	/** Detailed description */
+	description: string;
+	/** Report status */
+	status: ReportStatus;
+	/** Associated Flag activity ID */
+	activityId: string;
+	/** Timestamp when created */
+	createdAt: string;
+	/** Timestamp of last update */
+	updatedAt: string;
+	/** Instance where report was received */
+	receivingInstance: string;
+	/** Whether the report was federated to target instance */
+	federatedToTarget: boolean;
+	/** Any additional context/metadata */
+	metadata?: Record<string, unknown>;
+}
+/**
+ * Action type - flexible string, communities define their own actions
+ * Examples: 'warn', 'delete', 'suspend', 'silence', 'ban', 'reject_report', 'escalate', 'restore'
+ */
+export type ActionType = string;
+/**
+ * Moderation action record - audit trail for moderator decisions
+ */
+export interface ModerationAction {
+	/** Unique action ID */
+	id: string;
+	/** Report this action addresses (optional - some actions are proactive) */
+	reportId?: string;
+	/** Moderator actor URI */
+	moderatorActorId: string;
+	/** Target of the action (actor or content URI) */
+	targetId: string;
+	/** Type of action taken */
+	actionType: ActionType;
+	/** Reason/justification for action */
+	reason: string;
+	/** When action was taken */
+	timestamp: string;
+	/** When action expires (for temporary actions like suspensions) */
+	expiresAt?: string;
+	/** Whether action is currently active */
+	active: boolean;
+	/** Previous action this reverses (for undo/restore) */
+	reversesActionId?: string;
+	/** Audit trail - who approved (for multi-mod workflows) */
+	approvedBy?: string[];
+	/** Additional metadata */
+	metadata?: Record<string, unknown>;
+}
+/**
+ * Instance block level
+ * - suspend: Full defederation, reject all activities
+ * - silence: Don't show in public feeds, but allow existing follows
+ * - reject_media: Accept text but reject media/assets
+ */
+export type InstanceBlockLevel = "suspend" | "silence" | "reject_media";
+/**
+ * Instance block record for defederation
+ */
+export interface InstanceBlock {
+	/** Unique block ID */
+	id: string;
+	/** Blocked instance domain (e.g., "evil.example.com") */
+	blockedDomain: string;
+	/** Block level */
+	level: InstanceBlockLevel;
+	/** Reason for block */
+	reason: string;
+	/** Admin who created block */
+	createdBy: string;
+	/** When block was created */
+	createdAt: string;
+	/** Whether block is active */
+	active: boolean;
+	/** Optional: public comment for transparency reports */
+	publicComment?: string;
+	/** Whether to announce block to federation peers */
+	federate: boolean;
+}
+/**
+ * Policy rule types
+ * - keyword: Text contains keyword (case-insensitive)
+ * - regex: Text matches regex pattern
+ * - tag: Card has specific tag
+ * - creator: Card from specific creator
+ * - instance: Card from specific instance domain
+ */
+export type PolicyRuleType = "keyword" | "regex" | "tag" | "creator" | "instance";
+/**
+ * Policy action on rule match
+ * - allow: Explicitly allow (bypass other checks, whitelist)
+ * - warn: Log warning, allow through
+ * - review: Queue for manual review
+ * - reject: Block entirely
+ * - quarantine: Accept but limit visibility
+ */
+export type PolicyAction = "allow" | "warn" | "review" | "reject" | "quarantine";
+/**
+ * Content policy rule
+ */
+export interface ContentPolicyRule {
+	/** Unique rule ID */
+	id: string;
+	/** Rule name for admin reference */
+	name: string;
+	/** Rule type */
+	type: PolicyRuleType;
+	/** Pattern/value to match (interpretation depends on type) */
+	pattern: string;
+	/**
+	 * Fields to check (for keyword/regex)
+	 * Default: ['name', 'description', 'personality', 'scenario']
+	 */
+	targetFields?: string[];
+	/** Action to take on match */
+	action: PolicyAction;
+	/** Priority (lower = checked first, allows for whitelist rules) */
+	priority: number;
+	/** Whether rule is enabled */
+	enabled: boolean;
+	/** Optional explanation for transparency */
+	publicReason?: string;
+	/** When rule was created */
+	createdAt: string;
+	/** Who created the rule */
+	createdBy: string;
+}
+/**
+ * Content policy (collection of rules)
+ */
+export interface ContentPolicy {
+	/** Policy ID */
+	id: string;
+	/** Policy name */
+	name: string;
+	/** Description */
+	description: string;
+	/** Rules in this policy */
+	rules: ContentPolicyRule[];
+	/** Whether policy is active */
+	enabled: boolean;
+	/** Default action if no rules match */
+	defaultAction: PolicyAction;
+	/** When policy was last updated */
+	updatedAt: string;
+}
+/**
+ * Result of policy evaluation
+ */
+export interface PolicyEvaluationResult {
+	/** Final action to take */
+	action: PolicyAction;
+	/** Rules that matched (for audit) */
+	matchedRules: Array<{
+		ruleId: string;
+		ruleName: string;
+		matchedField?: string;
+		matchedValue?: string;
+	}>;
+	/** Whether any rules matched */
+	hasMatch: boolean;
+}
+/**
+ * Rate limit bucket for an actor
+ */
+export interface RateLimitBucket {
+	/** Actor ID */
+	actorId: string;
+	/** Current token count */
+	tokens: number;
+	/** Max tokens (bucket capacity) */
+	maxTokens: number;
+	/** Last time bucket was refilled (ISO timestamp) */
+	lastRefill: string;
+	/** Refill rate (tokens per hour) */
+	refillRate: number;
+}
+/**
+ * Rate limit check result
+ */
+export interface RateLimitResult {
+	/** Whether action is allowed */
+	allowed: boolean;
+	/** Remaining tokens */
+	remaining: number;
+	/** When bucket resets (ISO timestamp) */
+	resetAt: string;
+	/** Retry-After header value in seconds (if not allowed) */
+	retryAfter?: number;
+}
+/**
+ * Moderation store interface
+ * Follows same pattern as SyncStateStore for consistency
+ */
+export interface ModerationStore {
+	/** Create a new report */
+	createReport(report: Omit<ModerationReport, "id">): Promise<ModerationReport>;
+	/** Get report by ID */
+	getReport(id: string): Promise<ModerationReport | null>;
+	/** Update report */
+	updateReport(id: string, updates: Partial<ModerationReport>): Promise<void>;
+	/** List reports with optional filters */
+	listReports(filters?: {
+		status?: ReportStatus;
+		category?: ReportCategory;
+		targetId?: string;
+		reporterActorId?: string;
+		since?: string;
+		limit?: number;
+		offset?: number;
+	}): Promise<ModerationReport[]>;
+	/** Count reports */
+	countReports(filters?: {
+		status?: ReportStatus;
+	}): Promise<number>;
+	/** Create a moderation action */
+	createAction(action: Omit<ModerationAction, "id">): Promise<ModerationAction>;
+	/** Get action by ID */
+	getAction(id: string): Promise<ModerationAction | null>;
+	/** List actions with optional filters */
+	listActions(filters?: {
+		targetId?: string;
+		moderatorActorId?: string;
+		actionType?: ActionType;
+		active?: boolean;
+		since?: string;
+		limit?: number;
+	}): Promise<ModerationAction[]>;
+	/** Deactivate an action (for reversal) */
+	deactivateAction(id: string): Promise<void>;
+	/** Create an instance block */
+	createBlock(block: Omit<InstanceBlock, "id">): Promise<InstanceBlock>;
+	/** Get block by ID */
+	getBlock(id: string): Promise<InstanceBlock | null>;
+	/** Get block by domain */
+	getBlockByDomain(domain: string): Promise<InstanceBlock | null>;
+	/** List blocks */
+	listBlocks(filters?: {
+		active?: boolean;
+	}): Promise<InstanceBlock[]>;
+	/** Update block */
+	updateBlock(id: string, updates: Partial<InstanceBlock>): Promise<void>;
+	/** Check if instance is blocked */
+	isInstanceBlocked(domain: string): Promise<boolean>;
+	/** Create a content policy */
+	createPolicy(policy: Omit<ContentPolicy, "id">): Promise<ContentPolicy>;
+	/** Get policy by ID */
+	getPolicy(id: string): Promise<ContentPolicy | null>;
+	/** List policies */
+	listPolicies(filters?: {
+		enabled?: boolean;
+	}): Promise<ContentPolicy[]>;
+	/** Update policy */
+	updatePolicy(id: string, updates: Partial<ContentPolicy>): Promise<void>;
+	/** Delete policy */
+	deletePolicy(id: string): Promise<void>;
+	/** Get rate limit bucket for actor */
+	getRateLimitBucket(actorId: string): Promise<RateLimitBucket | null>;
+	/** Update rate limit bucket */
+	updateRateLimitBucket(bucket: RateLimitBucket): Promise<void>;
+	/** Get audit log (alias for listActions with specific filters) */
+	getAuditLog(filters?: {
+		targetId?: string;
+		actorId?: string;
+		since?: string;
+		until?: string;
+		limit?: number;
+	}): Promise<ModerationAction[]>;
+}
+/**
+ * Moderation event types
+ */
+export type ModerationEventType = "report:created" | "report:updated" | "report:resolved" | "action:created" | "action:reverted" | "block:created" | "block:removed" | "policy:matched" | "policy:rejected";
+/**
+ * Moderation event
+ */
+export interface ModerationEvent {
+	type: ModerationEventType;
+	timestamp: string;
+	data: unknown;
+}
+/**
+ * Moderation event listener
+ */
+export type ModerationEventListener = (event: ModerationEvent) => void | Promise<void>;
+/**
+ * Moderation ActivityPub Activities
+ *
+ * Create and parse Flag/Block activities per ActivityPub spec.
+ */
+/**
+ * ActivityPub context for moderation activities
+ */
+export declare const MODERATION_ACTIVITY_CONTEXT: readonly [
+	"https://www.w3.org/ns/activitystreams",
+	{
+		readonly moderation: "https://character-foundry.dev/ns/moderation#";
+		readonly category: {
+			readonly "@id": "moderation:category";
+		};
+	}
+];
+/**
+ * Create a Flag activity for reporting content/actors
+ *
+ * Per ActivityPub spec, Flag is delivered directly to the target's instance inbox,
+ * NOT wrapped in a Create activity.
+ *
+ * @example
+ * ```typescript
+ * const flag = createFlagActivity(
+ *   'https://myinstance.com/users/reporter',
+ *   'https://other.com/cards/problematic-card',
+ *   'https://myinstance.com',
+ *   {
+ *     content: 'This card contains spam',
+ *     category: 'spam',
+ *     to: ['https://other.com/inbox'],
+ *   }
+ * );
+ * ```
+ */
+export declare function createFlagActivity(reporterActorId: string, targetIds: string | string[], baseUrl: string, options?: {
+	/** Report description/reason */
+	content?: string;
+	/** Report category (flexible string) */
+	category?: ReportCategory;
+	/** Target inbox(es) */
+	to?: string[];
+}): FlagActivity;
+/**
+ * Parse incoming Flag activity
+ *
+ * @returns Parsed flag data or null if invalid
+ */
+export declare function parseFlagActivity(activity: unknown): {
+	actorId: string;
+	targetIds: string[];
+	content?: string;
+	category?: string;
+	activityId: string;
+} | null;
+/**
+ * Validate a Flag activity has all required fields
+ */
+declare function validateFlagActivity(activity: unknown): {
+	valid: boolean;
+	error?: string;
+};
+/**
+ * Create a Block activity for instance-level blocking
+ *
+ * Block activities are typically:
+ * 1. Stored locally for enforcement
+ * 2. Optionally announced to trusted federation peers
+ *
+ * @example
+ * ```typescript
+ * const block = createBlockActivity(
+ *   'https://myinstance.com/actor',
+ *   'evil.example.com',
+ *   'https://myinstance.com',
+ *   { summary: 'Spam and harassment' }
+ * );
+ * ```
+ */
+export declare function createBlockActivity(adminActorId: string, blockedTarget: string, baseUrl: string, options?: {
+	/** Block reason */
+	summary?: string;
+	/** Recipients for federation announcement */
+	to?: string[];
+}): BlockActivity;
+/**
+ * Parse incoming Block activity
+ *
+ * @returns Parsed block data or null if invalid
+ */
+export declare function parseBlockActivity(activity: unknown): {
+	actorId: string;
+	targetId: string;
+	summary?: string;
+	activityId: string;
+} | null;
+/**
+ * Validate a Block activity has all required fields
+ */
+declare function validateBlockActivity(activity: unknown): {
+	valid: boolean;
+	error?: string;
+};
+/**
+ * Inbox Handler
+ *
+ * Process incoming ActivityPub activities.
+ */
+/**
+ * Handle incoming ActivityPub activities
+ *
+ * Parses and routes incoming activities to the appropriate handlers.
+ * Currently supports Fork activities for fork notification handling.
+ *
+ * @example
+ * ```typescript
+ * // In your web framework (e.g., Hono, Express)
+ * app.post('/inbox', async (req) => {
+ *   // IMPORTANT: Capture raw body BEFORE parsing for Digest verification
+ *   const rawBody = await req.text();
+ *   const body = JSON.parse(rawBody);
+ *
+ *   const result = await handleInbox(body, req.headers, {
+ *     rawBody, // Required for body integrity verification
+ *     method: 'POST',
+ *     path: '/inbox', // Must match your actual route path
+ *     strictMode: true,
+ *     fetchActor: async (id) => fetchActorFromNetwork(id),
+ *     onFork: async (activity) => {
+ *       await syncEngine.handleForkNotification(activity);
+ *     },
+ *   });
+ *
+ *   if (result.accepted) {
+ *     return new Response(null, { status: 202 });
+ *   } else {
+ *     return new Response(result.error, { status: 400 });
+ *   }
+ * });
+ * ```
+ */
+export declare function handleInbox(body: unknown, headers: Headers | Record<string, string>, options: InboxHandlerOptions & {
+	/** HTTP method (required for signature verification in strictMode) */
+	method?: string;
+	/** Request path (required for signature verification in strictMode) */
+	path?: string;
+	/**
+	 * Raw request body for Digest header verification.
+	 *
+	 * @security REQUIRED in strictMode when Digest header is present.
+	 * Without this, an attacker could modify the JSON body while keeping a valid signature
+	 * (since signatures only cover headers, not the body).
+	 *
+	 * Pass the raw bytes before JSON parsing:
+	 * ```typescript
+	 * const rawBody = await req.text();
+	 * const body = JSON.parse(rawBody);
+	 * handleInbox(body, headers, { rawBody, ... });
+	 * ```
+	 */
+	rawBody?: string | ArrayBuffer;
+	onFork?: (activity: ForkActivity) => Promise<void>;
+	onInstall?: (activity: InstallActivity) => Promise<void>;
+	onCreate?: (activity: FederatedActivity) => Promise<void>;
+	onUpdate?: (activity: FederatedActivity) => Promise<void>;
+	onDelete?: (activity: FederatedActivity) => Promise<void>;
+	onLike?: (activity: FederatedActivity) => Promise<void>;
+	onAnnounce?: (activity: FederatedActivity) => Promise<void>;
+	onUndo?: (activity: FederatedActivity) => Promise<void>;
+	onFlag?: (activity: FlagActivity, parsedReport: ReturnType<typeof parseFlagActivity>) => Promise<void>;
+	onBlock?: (activity: BlockActivity, parsedBlock: ReturnType<typeof parseBlockActivity>) => Promise<void>;
+	/**
+	 * Moderation store for instance blocking.
+	 * If provided, blocked instances are rejected BEFORE signature verification (saves CPU).
+	 */
+	moderationStore?: ModerationStore;
+}): Promise<InboxResult>;
+/**
+ * Validate that a Fork activity has all required fields
+ */
+export declare function validateForkActivity(activity: unknown): {
+	valid: boolean;
+	error?: string;
+};
+/**
+ * Validate that an Install activity has all required fields
+ */
+export declare function validateInstallActivity(activity: unknown): {
+	valid: boolean;
+	error?: string;
+};
+/**
+ * HTTP Signatures
+ *
+ * Implements HTTP message signing per draft-cavage-http-signatures
+ * for ActivityPub federation.
+ *
+ * Works in both Node.js and browser/Workers environments using
+ * the Web Crypto API.
+ */
+/**
+ * Parsed HTTP signature header
+ */
+export interface ParsedSignature {
+	keyId: string;
+	algorithm: string;
+	headers: string[];
+	signature: string;
+}
+/**
+ * Required headers for strict signature validation.
+ * These headers MUST be included in the signed header list when strictMode is enabled.
+ */
+export declare const REQUIRED_SIGNED_HEADERS: readonly [
+	"(request-target)",
+	"host",
+	"date"
+];
+/**
+ * Signature validation options
+ */
+export interface SignatureValidationOptions {
+	/** HTTP method (GET, POST, etc.) */
+	method: string;
+	/** Request path (e.g., /inbox) */
+	path: string;
+	/** Function to fetch actor by ID */
+	fetchActor: (actorId: string) => Promise<FederatedActor | null>;
+	/** Maximum age in seconds for Date header. Default: 300 (5 minutes) */
+	maxAge?: number;
+	/**
+	 * Enable strict signature validation mode.
+	 *
+	 * When enabled, signatures MUST include these headers: (request-target), host, date.
+	 * This prevents replay attacks and cross-host request reuse.
+	 *
+	 * Default: false (for backwards compatibility with existing federation peers)
+	 * Recommended: true for new deployments
+	 *
+	 * @security Without strict mode, attackers can:
+	 * - Replay captured requests if Date is not signed
+	 * - Reuse signatures across different hosts if host is not signed
+	 */
+	strictMode?: boolean;
+}
+/**
+ * Signature validation result
+ */
+export interface SignatureValidationResult {
+	valid: boolean;
+	error?: string;
+	actor?: FederatedActor;
+	keyId?: string;
+}
+/**
+ * Request signing options
+ */
+export interface SigningOptions {
+	/** Private key in PEM format */
+	privateKeyPem: string;
+	/** Key ID (usually actor#main-key) */
+	keyId: string;
+	/** HTTP method */
+	method: string;
+	/** Request path */
+	path: string;
+	/** Optional: target host header */
+	host?: string;
+	/** Optional: digest header */
+	digest?: string;
+	/** Optional: content-type header */
+	contentType?: string;
+}
+/**
+ * Parse an HTTP Signature header
+ *
+ * Format: keyId="...",algorithm="...",headers="...",signature="..."
+ */
+export declare function parseSignatureHeader(header: string): ParsedSignature | null;
+/**
+ * Successful signing string result
+ */
+export interface SigningStringSuccess {
+	success: true;
+	signingString: string;
+}
+/**
+ * Failed signing string result (missing headers)
+ */
+export interface SigningStringFailure {
+	success: false;
+	error: string;
+	missingHeaders: string[];
+}
+/**
+ * Result of building a signing string
+ */
+export type SigningStringResult = SigningStringSuccess | SigningStringFailure;
+/**
+ * Build the signing string from headers
+ *
+ * @security If a header is listed in headerNames but missing from the request,
+ * this function returns an error. This prevents downgrade attacks where an
+ * attacker claims to sign headers that aren't actually present.
+ *
+ * Synthetic headers ((request-target), (created), (expires)) are always allowed.
+ */
+export declare function buildSigningString(method: string, path: string, headers: Headers, headerNames: string[]): string;
+/**
+ * Build signing string with strict header validation
+ *
+ * Returns an error if any non-synthetic header in headerNames is missing.
+ * Use this for new code that wants strict validation.
+ */
+export declare function buildSigningStringStrict(method: string, path: string, headers: Headers, headerNames: string[]): SigningStringResult;
+/**
+ * Options for HTTP signature verification
+ */
+export interface VerifyHttpSignatureOptions {
+	/**
+	 * If true, verification fails when any claimed signed header is missing.
+	 * This prevents downgrade attacks where signatures claim to cover headers
+	 * that aren't actually present in the request.
+	 *
+	 * @security Enable this for production deployments to ensure signatures
+	 * actually cover all claimed headers.
+	 */
+	strictHeaders?: boolean;
+}
+/**
+ * Verify an HTTP signature using Web Crypto API
+ *
+ * @param options.strictHeaders - If true, fails when claimed headers are missing
+ */
+export declare function verifyHttpSignature(parsed: ParsedSignature, publicKeyPem: string, method: string, path: string, headers: Headers, options?: VerifyHttpSignatureOptions): Promise<boolean>;
+/**
+ * Validate an incoming activity's HTTP signature
+ *
+ * @security Enable `strictMode` for production deployments to prevent:
+ * - Replay attacks (requires Date header in signature)
+ * - Cross-host request reuse (requires host header in signature)
+ */
+declare function validateActivitySignature(activity: FederatedActivity, headers: Headers, options: SignatureValidationOptions): Promise<SignatureValidationResult>;
+/**
+ * Sign an outgoing HTTP request
+ *
+ * @param options.host - Required. The target host for the request.
+ * @throws If host is not provided (required for valid signatures)
+ */
+export declare function signRequest(options: SigningOptions): Promise<{
+	signature: string;
+	date: string;
+	host: string;
+}>;
+/**
+ * Calculate SHA-256 digest for request body
+ */
+export declare function calculateDigest(body: string | ArrayBuffer): Promise<string>;
+/**
+ * In-Memory Moderation Store
+ *
+ * Memory implementation for testing and single-session use.
+ * Follows the same pattern as MemorySyncStateStore.
+ */
+/**
+ * In-memory implementation of ModerationStore
+ *
+ * Suitable for testing, development, and single-session use cases.
+ * Data is lost when the process ends.
+ */
+export declare class MemoryModerationStore implements ModerationStore {
+	private reports;
+	private actions;
+	private blocks;
+	private policies;
+	private rateLimits;
+	createReport(report: Omit<ModerationReport, "id">): Promise<ModerationReport>;
+	getReport(id: string): Promise<ModerationReport | null>;
+	updateReport(id: string, updates: Partial<ModerationReport>): Promise<void>;
+	listReports(filters?: {
+		status?: ReportStatus;
+		category?: ReportCategory;
+		targetId?: string;
+		reporterActorId?: string;
+		since?: string;
+		limit?: number;
+		offset?: number;
+	}): Promise<ModerationReport[]>;
+	countReports(filters?: {
+		status?: ReportStatus;
+	}): Promise<number>;
+	createAction(action: Omit<ModerationAction, "id">): Promise<ModerationAction>;
+	getAction(id: string): Promise<ModerationAction | null>;
+	listActions(filters?: {
+		targetId?: string;
+		moderatorActorId?: string;
+		actionType?: ActionType;
+		active?: boolean;
+		since?: string;
+		limit?: number;
+	}): Promise<ModerationAction[]>;
+	deactivateAction(id: string): Promise<void>;
+	createBlock(block: Omit<InstanceBlock, "id">): Promise<InstanceBlock>;
+	getBlock(id: string): Promise<InstanceBlock | null>;
+	getBlockByDomain(domain: string): Promise<InstanceBlock | null>;
+	listBlocks(filters?: {
+		active?: boolean;
+	}): Promise<InstanceBlock[]>;
+	updateBlock(id: string, updates: Partial<InstanceBlock>): Promise<void>;
+	isInstanceBlocked(domain: string): Promise<boolean>;
+	createPolicy(policy: Omit<ContentPolicy, "id">): Promise<ContentPolicy>;
+	getPolicy(id: string): Promise<ContentPolicy | null>;
+	listPolicies(filters?: {
+		enabled?: boolean;
+	}): Promise<ContentPolicy[]>;
+	updatePolicy(id: string, updates: Partial<ContentPolicy>): Promise<void>;
+	deletePolicy(id: string): Promise<void>;
+	getRateLimitBucket(actorId: string): Promise<RateLimitBucket | null>;
+	updateRateLimitBucket(bucket: RateLimitBucket): Promise<void>;
+	getAuditLog(filters?: {
+		targetId?: string;
+		actorId?: string;
+		since?: string;
+		until?: string;
+		limit?: number;
+	}): Promise<ModerationAction[]>;
+	/**
+	 * Clear all data (useful for testing)
+	 */
+	clear(): void;
+	/**
+	 * Get counts for dashboard/stats
+	 */
+	getStats(): Promise<{
+		reports: {
+			total: number;
+			pending: number;
+		};
+		actions: {
+			total: number;
+			active: number;
+		};
+		blocks: {
+			total: number;
+			active: number;
+		};
+		policies: {
+			total: number;
+			enabled: number;
+		};
+	}>;
+}
+/**
+ * D1 Moderation Store
+ *
+ * Cloudflare D1-compatible implementation of ModerationStore for production
+ * moderation support on Cloudflare Workers.
+ */
+/**
+ * D1-compatible implementation of ModerationStore
+ *
+ * @example
+ * ```typescript
+ * const store = new D1ModerationStore(env.DB);
+ * await store.init();
+ *
+ * // Create a report
+ * const report = await store.createReport({
+ *   reporterActorId: 'https://example.com/users/alice',
+ *   reporterInstance: 'example.com',
+ *   targetIds: ['https://bad.com/cards/spam'],
+ *   category: 'spam',
+ *   description: 'This card is spam',
+ *   status: 'pending',
+ *   activityId: 'https://example.com/activities/123',
+ *   createdAt: new Date().toISOString(),
+ *   updatedAt: new Date().toISOString(),
+ *   receivingInstance: 'bad.com',
+ *   federatedToTarget: true,
+ * });
+ * ```
+ */
+export declare class D1ModerationStore implements ModerationStore {
+	private db;
+	private prefix;
+	constructor(db: D1Database, tablePrefix?: string);
+	/**
+	 * Initialize all moderation tables
+	 */
+	init(): Promise<void>;
+	createReport(report: Omit<ModerationReport, "id">): Promise<ModerationReport>;
+	getReport(id: string): Promise<ModerationReport | null>;
+	updateReport(id: string, updates: Partial<ModerationReport>): Promise<void>;
+	listReports(filters?: {
+		status?: ReportStatus;
+		category?: ReportCategory;
+		targetId?: string;
+		reporterActorId?: string;
+		since?: string;
+		limit?: number;
+		offset?: number;
+	}): Promise<ModerationReport[]>;
+	countReports(filters?: {
+		status?: ReportStatus;
+	}): Promise<number>;
+	createAction(action: Omit<ModerationAction, "id">): Promise<ModerationAction>;
+	getAction(id: string): Promise<ModerationAction | null>;
+	listActions(filters?: {
+		targetId?: string;
+		moderatorActorId?: string;
+		actionType?: ActionType;
+		active?: boolean;
+		since?: string;
+		limit?: number;
+	}): Promise<ModerationAction[]>;
+	deactivateAction(id: string): Promise<void>;
+	createBlock(block: Omit<InstanceBlock, "id">): Promise<InstanceBlock>;
+	getBlock(id: string): Promise<InstanceBlock | null>;
+	getBlockByDomain(domain: string): Promise<InstanceBlock | null>;
+	listBlocks(filters?: {
+		active?: boolean;
+	}): Promise<InstanceBlock[]>;
+	updateBlock(id: string, updates: Partial<InstanceBlock>): Promise<void>;
+	isInstanceBlocked(domain: string): Promise<boolean>;
+	createPolicy(policy: Omit<ContentPolicy, "id">): Promise<ContentPolicy>;
+	getPolicy(id: string): Promise<ContentPolicy | null>;
+	listPolicies(filters?: {
+		enabled?: boolean;
+	}): Promise<ContentPolicy[]>;
+	updatePolicy(id: string, updates: Partial<ContentPolicy>): Promise<void>;
+	deletePolicy(id: string): Promise<void>;
+	getRateLimitBucket(actorId: string): Promise<RateLimitBucket | null>;
+	updateRateLimitBucket(bucket: RateLimitBucket): Promise<void>;
+	getAuditLog(filters?: {
+		targetId?: string;
+		actorId?: string;
+		since?: string;
+		until?: string;
+		limit?: number;
+	}): Promise<ModerationAction[]>;
+	/**
+	 * Clear all moderation data (for testing)
+	 */
+	clear(): Promise<void>;
+	/**
+	 * Get stats for dashboard
+	 */
+	getStats(): Promise<{
+		reports: {
+			total: number;
+			pending: number;
+		};
+		actions: {
+			total: number;
+			active: number;
+		};
+		blocks: {
+			total: number;
+			active: number;
+		};
+		policies: {
+			total: number;
+			enabled: number;
+		};
+	}>;
+	private rowToReport;
+	private rowToAction;
+	private rowToBlock;
+	private rowToPolicy;
+	private rowToRateLimit;
+}
+/**
+ * Content Policy Engine
+ *
+ * Evaluates incoming cards against content policies.
+ * Provides tools for community-defined moderation rules.
+ */
+/**
+ * Check if a regex pattern might be vulnerable to ReDoS
+ * Returns a warning message if the pattern looks dangerous, null if safe
+ *
+ * @security This is a heuristic check, not a guarantee.
+ * Admin-only patterns should still be audited manually.
+ */
+export declare function checkRegexSafety(pattern: string): string | null;
+/**
+ * Content Policy Engine
+ *
+ * Evaluates cards against configured policies and returns the appropriate action.
+ *
+ * @example
+ * ```typescript
+ * const engine = new PolicyEngine(moderationStore);
+ *
+ * const result = await engine.evaluateCard(card, 'source.example.com');
+ * if (result.action === 'reject') {
+ *   return new Response('Content policy violation', { status: 403 });
+ * }
+ * if (result.action === 'review') {
+ *   await queueForReview(card, result.matchedRules);
+ * }
+ * ```
+ */
+export declare class PolicyEngine {
+	private store;
+	private compiledRegexCache;
+	constructor(store: ModerationStore);
+	/**
+	 * Evaluate a card against all active policies
+	 *
+	 * @param card - The CCv3 card to evaluate
+	 * @param sourceInstance - Optional source instance domain for instance rules
+	 * @returns Evaluation result with action and matched rules
+	 */
+	evaluateCard(card: CCv3Data, sourceInstance?: string): Promise<PolicyEvaluationResult>;
+	/**
+	 * Evaluate card against a single policy
+	 */
+	private evaluateAgainstPolicy;
+	/**
+	 * Evaluate a single rule against a card
+	 */
+	private evaluateRule;
+	/**
+	 * Keyword rule - case-insensitive text search
+	 */
+	private evaluateKeywordRule;
+	/**
+	 * Regex rule - pattern matching with compiled cache
+	 *
+	 * @security Input is truncated to MAX_REGEX_INPUT_LENGTH to prevent ReDoS.
+	 * Patterns should be admin-audited. Use checkRegexSafety() when creating rules.
+	 */
+	private evaluateRegexRule;
+	/**
+	 * Tag rule - check card tags array
+	 */
+	private evaluateTagRule;
+	/**
+	 * Creator rule - match card creator
+	 */
+	private evaluateCreatorRule;
+	/**
+	 * Instance rule - match source domain
+	 * Supports wildcard patterns like "*.evil.com"
+	 */
+	private evaluateInstanceRule;
+	/**
+	 * Get a field value from card data
+	 */
+	private getCardField;
+	/**
+	 * Clear regex cache (call when rules change)
+	 */
+	clearCache(): void;
+	/**
+	 * Pre-compile regexes for a policy (optimization)
+	 *
+	 * @returns errors for invalid patterns, warnings for potentially unsafe patterns
+	 */
+	precompilePolicy(policy: ContentPolicy): {
+		errors: string[];
+		warnings: string[];
+	};
+}
+/**
+ * Rate Limiter
+ *
+ * Token bucket rate limiting for moderation actions.
+ * Prevents abuse of report/flag functionality.
+ */
+/**
+ * Rate limiter configuration
+ */
+export interface RateLimiterConfig {
+	/** Max tokens per bucket (default: 5) */
+	maxTokens: number;
+	/** Tokens per hour refill rate (default: 1) */
+	refillRate: number;
+}
+/**
+ * Token bucket rate limiter
+ *
+ * @example
+ * ```typescript
+ * const limiter = new RateLimiter(moderationStore, {
+ *   maxTokens: 10,
+ *   refillRate: 2, // 2 tokens per hour
+ * });
+ *
+ * const result = await limiter.checkAndConsume('https://example.com/users/alice');
+ * if (!result.allowed) {
+ *   return new Response('Too many reports', {
+ *     status: 429,
+ *     headers: { 'Retry-After': String(result.retryAfter) },
+ *   });
+ * }
+ * ```
+ */
+export declare class RateLimiter {
+	private store;
+	private config;
+	constructor(store: ModerationStore, config?: Partial<RateLimiterConfig>);
+	/**
+	 * Check if action is allowed and consume a token if so
+	 *
+	 * @param actorId - Actor URI to check
+	 * @returns Rate limit result with remaining tokens and reset time
+	 */
+	checkAndConsume(actorId: string): Promise<RateLimitResult>;
+	/**
+	 * Check remaining tokens without consuming
+	 *
+	 * @param actorId - Actor URI to check
+	 * @returns Current rate limit status
+	 */
+	check(actorId: string): Promise<RateLimitResult>;
+	/**
+	 * Reset rate limit for an actor (admin function)
+	 *
+	 * @param actorId - Actor URI to reset
+	 */
+	reset(actorId: string): Promise<void>;
+	/**
+	 * Refill tokens based on time elapsed since last refill
+	 */
+	private refillBucket;
+	/**
+	 * Calculate when bucket will have at least 1 token
+	 */
+	private calculateResetTime;
+	/**
+	 * Get current configuration
+	 */
+	getConfig(): RateLimiterConfig;
+}
+/**
+ * @character-foundry/federation
+ *
+ * Federation layer for syncing character cards across platforms via ActivityPub.
+ *
+ * ⚠️  WARNING: This package is experimental and incomplete.
+ *
+ * Security-critical features (signature validation, inbox handling) are stubbed.
+ * Do NOT use in production without explicit opt-in.
+ *
+ * To enable federation features, you MUST:
+ * 1. Set FEDERATION_ENABLED=true in your environment (Node.js) or call enableFederation({ skipEnvCheck: true }) in browser/Workers
+ * 2. Call enableFederation() before using SyncEngine or route handlers
+ *
+ * Both steps are required as a dual opt-in safety mechanism (except in environments without process.env).
+ */
+/**
+ * Enable federation features. Must be called before using SyncEngine or route handlers.
+ * This is a safety gate - federation is experimental and has incomplete security.
+ *
+ * @param options.skipEnvCheck - Skip FEDERATION_ENABLED env var check (required for browser/Workers)
+ *
+ * Note: In Node.js, both this call AND FEDERATION_ENABLED=true are required (dual opt-in).
+ * In browser/Workers, use skipEnvCheck: true since env vars aren't available.
+ */
+export declare function enableFederation(options?: {
+	skipEnvCheck?: boolean;
+}): void;
+/**
+ * Check if federation is enabled
+ *
+ * In Node.js: requires BOTH env var AND enableFederation() call
+ * In browser/Workers with skipEnvCheck: requires only enableFederation() call
+ */
+export declare function isFederationEnabled(): boolean;
+/**
+ * Assert federation is enabled, throw if not
+ * @internal
+ */
+export declare function assertFederationEnabled(feature: string): void;
+
+export {
+	validateActivitySignature as validateHttpSignature,
+	validateBlockActivity as validateBlockActivityFields,
+	validateFlagActivity as validateFlagActivityFields,
+};
+
+export {};