npm - @xnetjs/abuse - Versions diffs - 0.0.1 - Mend

@xnetjs/abuse 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/LICENSE +21 -0
package/README.md +67 -0
package/dist/adapters-B-9W_mn3.d.ts +190 -0
package/dist/adapters-B63EWOI3.d.ts +196 -0
package/dist/adapters-B92QvJK9.d.ts +190 -0
package/dist/adapters-BE8Dk1m1.d.ts +193 -0
package/dist/adapters-BPXuKMIo.d.ts +196 -0
package/dist/adapters-BtDzNNjU.d.ts +190 -0
package/dist/adapters-CBfkKocx.d.ts +196 -0
package/dist/adapters-CD50ercr.d.ts +191 -0
package/dist/adapters-CIj_ODTY.d.ts +190 -0
package/dist/adapters-D2lWWuTk.d.ts +196 -0
package/dist/adapters-Qu3BkEMk.d.ts +153 -0
package/dist/adapters-hOtVE8hd.d.ts +153 -0
package/dist/adapters-k10HxbtE.d.ts +190 -0
package/dist/adapters.d.ts +1 -0
package/dist/adapters.js +12 -0
package/dist/chunk-4FW6LHWU.js +495 -0
package/dist/chunk-O2ZULYP6.js +487 -0
package/dist/chunk-O3JDSAJP.js +507 -0
package/dist/chunk-O4S27KHE.js +390 -0
package/dist/chunk-Y2RKXAMV.js +499 -0
package/dist/index.d.ts +1408 -0
package/dist/index.js +3201 -0
package/package.json +42 -0

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,1408 @@
+import { N as NormalizedAbuseFacts, A as AbuseLabel, a as AbuseFacts, b as AbuseDecision, D as DecisionExplanation, c as AbuseReasonCode, d as DecisionExplanationReason, e as AbuseSurface, f as AbuseQualitySignals, g as AbuseVisibility, h as AbuseReach, i as AbuseReviewQueue, j as AbuseResource, P as PolicyScope, k as AbuseDecisionOverride } from './adapters-CBfkKocx.js';
+export { E as AbuseActorFacts, t as AbuseAdapterResult, F as AbuseAdmission, G as AbuseCryptoFacts, u as AbuseDecisionFunction, H as AbuseDecisionOverrideScope, v as AbuseFactAdapter, y as AbusePeerScoreBucket, I as AbuseResourceFacts, J as AbuseReviewDecision, K as AbuseSeverity, z as AbuseTelemetryReporter, L as PendingLabel, M as PendingSecurityEvent, R as RemoteAdmissionPipeline, w as RemoteAdmissionPipelineOptions, x as RemoteAdmissionResult, B as RemoteMutationRejectionTelemetry, C as RemoteMutationRejectionTelemetryInput, p as bucketAbusePeerScore, l as createAbuseDecisionAdapter, m as createAbuseFactAdapter, n as createRemoteAdmissionPipeline, q as createRemoteMutationRejectionTelemetry, o as decideWithAdapter, r as hashAbusePeerIdentifier, s as reportRemoteMutationRejection } from './adapters-CBfkKocx.js';
+/**
+ * Pure abuse decision helpers.
+ */
+declare function normalizeAbuseFacts(facts: AbuseFacts): NormalizedAbuseFacts;
+declare function decideTransport(facts?: Omit<AbuseFacts, 'surface'>): AbuseDecision;
+declare function decideRemoteMutation(facts?: Omit<AbuseFacts, 'surface'>): AbuseDecision;
+declare function decidePublicInteraction(facts?: Omit<AbuseFacts, 'surface'> & {
+    surface?: 'commentThread' | 'messageInbox';
+}): AbuseDecision;
+declare function decideReach(facts?: Omit<AbuseFacts, 'surface'> & {
+    surface?: 'searchIndex' | 'feed';
+}): AbuseDecision;
+declare function decideAbuse(input: AbuseFacts): AbuseDecision;
+declare function activeLabels(facts: NormalizedAbuseFacts): readonly AbuseLabel[];
+declare function weightedLabelScore(facts: NormalizedAbuseFacts, values: readonly string[]): number;
+declare function qualityRiskScore(facts: NormalizedAbuseFacts): number;
+declare function shouldThrottle(decision: AbuseDecision): boolean;
+declare function isVisible(decision: AbuseDecision): boolean;
+declare function isRejected(decision: AbuseDecision): boolean;
+/**
+ * Human-readable explanations for deterministic abuse decisions.
+ */
+declare function explainDecision(decision: AbuseDecision): DecisionExplanation;
+declare function getReasonDetail(code: AbuseReasonCode): DecisionExplanationReason;
+/**
+ * Reusable abuse decision fixtures for tests and adapters.
+ */
+declare const TRUSTED_SPAM_LABEL: AbuseLabel;
+declare const WARNING_SLOP_LABEL: AbuseLabel;
+declare function createBaseFacts(overrides?: Partial<AbuseFacts>): AbuseFacts;
+declare const abuseFixtures: {
+    readonly validRemoteMutation: AbuseFacts;
+    readonly invalidSignatureRemoteMutation: AbuseFacts;
+    readonly oversizedRemoteMutation: AbuseFacts;
+    readonly firstContactComment: AbuseFacts;
+    readonly trustedSpamComment: AbuseFacts;
+    readonly lowQualitySearchCandidate: AbuseFacts;
+    readonly expiredSpamLabel: AbuseFacts;
+    readonly throttledPeer: AbuseFacts;
+};
+/**
+ * Model/provider provenance helpers for AI-generated moderation signals.
+ */
+type AISignalSourceType = 'local-ai' | 'cloud-ai';
+type AISignalProvenanceInput = {
+    sourceType?: string;
+    modelProvider?: string;
+    modelName?: string;
+    modelVersion?: string;
+    adapterId?: string;
+    adapterVersion?: string;
+    policyId?: string;
+};
+type AISignalProvenance = {
+    sourceType: AISignalSourceType;
+    modelProvider: string;
+    modelName: string;
+    modelVersion?: string;
+    adapterId?: string;
+    adapterVersion?: string;
+    policyId?: string;
+};
+type AISignalProvenanceValidation = {
+    required: boolean;
+    valid: boolean;
+    errors: string[];
+    provenance: AISignalProvenance | null;
+};
+declare function isAISignalSourceType(sourceType: string | undefined): sourceType is AISignalSourceType;
+declare function validateAISignalProvenance(input: AISignalProvenanceInput): AISignalProvenanceValidation;
+declare function createAISignalProvenanceEvidenceRef(input: AISignalProvenanceInput): string | null;
+/**
+ * Deterministic content fingerprints for duplicate and near-duplicate checks.
+ */
+type ContentFingerprintInput = string | {
+    title?: string;
+    body?: string;
+};
+type ContentFingerprintOptions = {
+    minTokenLength?: number;
+    shingleSize?: number;
+    maxShingles?: number;
+};
+type DuplicateContentOptions = ContentFingerprintOptions & {
+    nearDuplicateThreshold?: number;
+    weakDuplicateThreshold?: number;
+};
+type ContentFingerprint = {
+    kind: 'xnet.content-fingerprint.v1';
+    textHash: string;
+    simHash64: string;
+    tokenCount: number;
+    uniqueTokenCount: number;
+    shingleSize: number;
+    shingles: string[];
+};
+type DuplicateContentAssessment = {
+    duplicateScore: number;
+    matchType: 'none' | 'exact' | 'near' | 'weak';
+    exact: boolean;
+    matchedIndex: number | null;
+    matchedTextHash: string | null;
+    shingleJaccard: number;
+    simHashSimilarity: number;
+    reasons: string[];
+};
+declare function createContentFingerprint(input: ContentFingerprintInput, options?: ContentFingerprintOptions): ContentFingerprint;
+declare function assessDuplicateContent(candidate: ContentFingerprintInput | ContentFingerprint, references: readonly (ContentFingerprintInput | ContentFingerprint)[], options?: DuplicateContentOptions): DuplicateContentAssessment;
+declare function compareContentFingerprints(candidate: ContentFingerprint, reference: ContentFingerprint, options?: DuplicateContentOptions & {
+    matchedIndex?: number;
+}): DuplicateContentAssessment;
+declare function canonicalizeContentText(input: ContentFingerprintInput): string;
+declare function tokenizeContent(canonicalText: string, options?: ContentFingerprintOptions): string[];
+declare function compareSimHash64(left: string, right: string): number;
+/**
+ * Budgeted cloud classifier adapters for optional moderation review.
+ */
+type CloudPrivacyMode = 'disabled' | 'metadata-only' | 'redacted-content' | 'raw-content';
+type CloudClassificationSkipReason = 'cloud-disabled' | 'unsupported-surface' | 'provider-not-allowed' | 'privacy-policy-blocked' | 'over-budget';
+type CloudClassifierInput = {
+    surface: AbuseSurface;
+    subjectId?: string;
+    title?: string;
+    body: string;
+    language?: string;
+    metadata?: Record<string, unknown>;
+    contentFingerprint?: ContentFingerprint;
+};
+type CloudClassifierPrivacyPolicy = {
+    mode: CloudPrivacyMode;
+    allowedProviders?: readonly string[];
+    allowedSurfaces?: readonly AbuseSurface[];
+    sendSubjectId?: boolean;
+    sendMetadata?: boolean;
+    sendContentFingerprint?: boolean;
+    maxInputChars?: number;
+    redactPatterns?: readonly RegExp[];
+    redactionReplacement?: string;
+    requireExplicitRawContentApproval?: boolean;
+    rawContentApproved?: boolean;
+};
+type CloudClassifierBudgetPolicy = {
+    remainingMicroUsd: number;
+    maxPerRequestMicroUsd: number;
+    minRemainingMicroUsd?: number;
+};
+type CloudClassifierRequest = {
+    provider: string;
+    model: string;
+    adapterId: string;
+    adapterVersion: string;
+    surface: AbuseSurface;
+    subjectId?: string;
+    title?: string;
+    body?: string;
+    language?: string;
+    metadata?: Record<string, unknown>;
+    contentFingerprint?: ContentFingerprint;
+    privacyMode: Exclude<CloudPrivacyMode, 'disabled'>;
+    estimatedCostMicroUsd: number;
+};
+type CloudClassifierProvenance = {
+    provider: 'cloud';
+    cloudProvider: string;
+    adapterId: string;
+    adapterVersion: string;
+    model: string;
+    policyId?: string;
+    privacyMode: Exclude<CloudPrivacyMode, 'disabled'>;
+};
+type CloudClassifierSignal = {
+    kind: 'label' | 'quality';
+    value: string;
+    confidence: number;
+    reason?: string;
+    evidenceRefs: string[];
+    provenance: CloudClassifierProvenance;
+};
+type CloudClassifierProviderSignal = Omit<CloudClassifierSignal, 'provenance'> & {
+    evidenceRefs?: readonly string[];
+};
+type CloudClassifierProviderResult = {
+    labels?: readonly AbuseLabel[];
+    quality?: Partial<AbuseQualitySignals>;
+    signals?: readonly CloudClassifierProviderSignal[];
+    chargedCostMicroUsd?: number;
+    errors?: readonly string[];
+};
+type CloudClassificationUsage = {
+    estimatedCostMicroUsd: number;
+    chargedCostMicroUsd: number;
+    remainingBudgetMicroUsd: number;
+    privacyMode: CloudPrivacyMode;
+    sentBodyChars: number;
+};
+type CloudClassificationResult = {
+    labels: AbuseLabel[];
+    quality: Partial<AbuseQualitySignals>;
+    signals: CloudClassifierSignal[];
+    provenance: CloudClassifierProvenance;
+    usage: CloudClassificationUsage;
+    skipped: CloudClassificationSkipReason | null;
+    elapsedMs?: number;
+    errors: string[];
+};
+type CloudClassifierAdapter = {
+    id: string;
+    version: string;
+    provider: string;
+    model: string;
+    policyId?: string;
+    defaultEstimatedCostMicroUsd: number;
+    supports?: (input: CloudClassifierInput) => boolean;
+    estimateCostMicroUsd?: (request: Omit<CloudClassifierRequest, 'estimatedCostMicroUsd'>) => number;
+    classify: (request: CloudClassifierRequest) => CloudClassifierProviderResult | Promise<CloudClassifierProviderResult>;
+};
+type CloudClassificationOptions = {
+    now?: number;
+};
+declare function classifyWithCloudAdapter(input: CloudClassifierInput, adapter: CloudClassifierAdapter, privacy: CloudClassifierPrivacyPolicy, budget: CloudClassifierBudgetPolicy, _options?: CloudClassificationOptions): Promise<CloudClassificationResult>;
+declare function createCloudClassifierAdapter(adapter: CloudClassifierAdapter): CloudClassifierAdapter;
+declare function createCloudClassifierRequestBase(input: CloudClassifierInput, adapter: CloudClassifierAdapter, privacy: CloudClassifierPrivacyPolicy): Omit<CloudClassifierRequest, 'estimatedCostMicroUsd'>;
+declare function estimateCloudClassifierCost(adapter: CloudClassifierAdapter, request: Omit<CloudClassifierRequest, 'estimatedCostMicroUsd'>): number;
+declare function getCloudClassificationSkipReason(input: CloudClassifierInput, adapter: CloudClassifierAdapter, privacy: CloudClassifierPrivacyPolicy, budget: CloudClassifierBudgetPolicy): CloudClassificationSkipReason | null;
+declare function redactCloudClassifierText(text: string, patterns?: readonly RegExp[], replacement?: string): string;
+/**
+ * Local classifier adapter interfaces for moderation and quality signals.
+ */
+type LocalClassifierInput = {
+    surface: AbuseSurface;
+    subjectId?: string;
+    title?: string;
+    body: string;
+    language?: string;
+    metadata?: Record<string, unknown>;
+    contentFingerprint?: ContentFingerprint;
+};
+type LocalClassifierOptions = {
+    now?: number;
+    maxInputChars?: number;
+    minConfidence?: number;
+};
+type LocalClassifierProvenance = {
+    provider: 'local';
+    adapterId: string;
+    adapterVersion: string;
+    model?: string;
+    policyId?: string;
+};
+type LocalClassifierSignal = {
+    kind: 'label' | 'quality';
+    value: string;
+    confidence: number;
+    reason?: string;
+    evidenceRefs: string[];
+    provenance: LocalClassifierProvenance;
+};
+type LocalClassificationResult = {
+    labels: AbuseLabel[];
+    quality: Partial<AbuseQualitySignals>;
+    signals: LocalClassifierSignal[];
+    provenance: LocalClassifierProvenance;
+    elapsedMs?: number;
+    errors: string[];
+};
+type LocalClassifierAdapter = {
+    id: string;
+    version: string;
+    model?: string;
+    supports?: (input: LocalClassifierInput) => boolean;
+    classify: (input: LocalClassifierInput, options?: LocalClassifierOptions) => LocalClassificationResult | Promise<LocalClassificationResult>;
+};
+type KeywordClassifierRule = {
+    label: string;
+    keywords: string[];
+    confidence: number;
+    sourceWeight?: number;
+    expiresInMs?: number;
+};
+type KeywordLocalClassifierOptions = {
+    id?: string;
+    version?: string;
+    model?: string;
+    sourceDid?: string;
+    rules: KeywordClassifierRule[];
+};
+declare function classifyWithLocalAdapters(input: LocalClassifierInput, adapters: readonly LocalClassifierAdapter[], options?: LocalClassifierOptions): Promise<LocalClassificationResult>;
+declare function createKeywordLocalClassifier(options: KeywordLocalClassifierOptions): LocalClassifierAdapter;
+declare function mergeLocalClassificationResults(results: readonly LocalClassificationResult[], options?: LocalClassifierOptions): LocalClassificationResult;
+declare function createLocalClassificationResult(input: {
+    labels?: AbuseLabel[];
+    quality?: Partial<AbuseQualitySignals>;
+    signals?: LocalClassifierSignal[];
+    provenance: LocalClassifierProvenance;
+    elapsedMs?: number;
+    errors?: string[];
+}): LocalClassificationResult;
+/**
+ * Local-first moderation classifier cascade.
+ */
+type CloudReviewSkipReason = CloudClassificationSkipReason | 'cloud-not-configured' | 'low-risk-local-signals';
+type CloudReviewCallReason = 'local-label-risk' | 'local-quality-risk' | 'no-local-signals';
+type CloudReviewCallPolicy = {
+    enabled?: boolean;
+    allowedSurfaces?: readonly AbuseSurface[];
+    minLocalLabelConfidence?: number;
+    minLocalQualityRisk?: number;
+    forceWhenNoLocalSignals?: boolean;
+};
+type ModerationCascadeCloudConfig = {
+    adapter: CloudClassifierAdapter;
+    privacy: CloudClassifierPrivacyPolicy;
+    budget: CloudClassifierBudgetPolicy;
+    callPolicy?: CloudReviewCallPolicy;
+    options?: CloudClassificationOptions;
+};
+type ModerationCascadeOptions = {
+    localAdapters?: readonly LocalClassifierAdapter[];
+    localOptions?: LocalClassifierOptions;
+    cloud?: ModerationCascadeCloudConfig;
+};
+type CloudReviewRouteDecision = {
+    callCloud: true;
+    reasons: readonly CloudReviewCallReason[];
+    skipped: null;
+} | {
+    callCloud: false;
+    reasons: readonly CloudReviewCallReason[];
+    skipped: CloudReviewSkipReason;
+};
+type ModerationCascadeResult = {
+    labels: AbuseLabel[];
+    quality: Partial<AbuseQualitySignals>;
+    local: LocalClassificationResult;
+    cloud?: CloudClassificationResult;
+    cloudCalled: boolean;
+    cloudReasons: readonly CloudReviewCallReason[];
+    cloudSkippedReason: CloudReviewSkipReason | null;
+    errors: readonly string[];
+};
+declare function classifyWithModerationCascade(input: LocalClassifierInput, options?: ModerationCascadeOptions): Promise<ModerationCascadeResult>;
+declare function decideCloudReviewRoute(input: LocalClassifierInput, local: LocalClassificationResult, policy?: CloudReviewCallPolicy): CloudReviewRouteDecision;
+/**
+ * Signed hub policy and service offer documents.
+ */
+type HubPolicyServiceKind = 'sync-relay' | 'node-relay' | 'public-write' | 'crawl' | 'search-index' | 'federation-query' | 'labeler' | 'ai-review' | 'appeal';
+type HubPolicySettlementMode = 'free' | 'paid' | 'sponsored' | 'reciprocal' | 'mixed';
+type HubModerationMode = 'off' | 'local-deterministic' | 'labeler-assisted' | 'ai-assisted' | 'human-reviewed' | 'hybrid';
+type HubPolicyAIReviewSettings = {
+    localModelsEnabled: boolean;
+    cloudModelsEnabled: boolean;
+    rawContentToCloudAllowed: boolean;
+    maxCloudReviewMicroUsdPerDay?: number;
+    defaultReviewQueue?: AbuseReviewQueue;
+};
+type HubPolicyLabelSettings = {
+    trustedLabelerDIDs: readonly string[];
+    subscribedPolicyListIds: readonly string[];
+    maxLabelsPerSubject?: number;
+    allowLabelNegation: boolean;
+};
+type HubPolicyModerationSettings = {
+    mode: HubModerationMode;
+    requireSignedWrites: boolean;
+    rejectUnsignedFederation: boolean;
+    quarantineFirstContact: boolean;
+    allowLocalOverride: boolean;
+    publishLabelExplanations: boolean;
+    defaultVisibility: AbuseVisibility;
+    defaultReach: AbuseReach;
+    aiReview: HubPolicyAIReviewSettings;
+    labels: HubPolicyLabelSettings;
+};
+type HubPolicyBudgetHint = {
+    name: string;
+    workType: 'public-write' | 'crawl' | 'search-index' | 'federation-query' | 'cloud-review' | 'moderation-review' | 'labeling';
+    scope: string;
+    unitsPerWindow: number;
+    windowMs: number;
+};
+type HubPolicyServiceOfferEntry = {
+    service: HubPolicyServiceKind;
+    enabled: boolean;
+    endpoint?: string;
+    authenticated: boolean;
+    settlement: HubPolicySettlementMode;
+    costMicroUsdPerUnit?: number;
+    reciprocalCreditRatio?: number;
+    sponsoredBy?: string;
+};
+type HubPolicyOperatorContact = {
+    displayName?: string;
+    homepageUrl?: string;
+    email?: string;
+    abuseReportUrl?: string;
+    securityContactUrl?: string;
+    jurisdiction?: string;
+    responseTimeHours?: number;
+};
+type HubPolicyAppealChannelKind = 'web-form' | 'email' | 'xnet-message' | 'external-ticket';
+type HubPolicyAppealChannel = {
+    kind: HubPolicyAppealChannelKind;
+    authenticated: boolean;
+    url?: string;
+    email?: string;
+    recipientDID?: string;
+    languages?: readonly string[];
+    minResponseTimeHours?: number;
+    maxResponseTimeHours?: number;
+};
+type UnsignedHubPolicyServiceOffer = {
+    v: 1;
+    kind: 'xnet.hub.policy-service-offer';
+    id: string;
+    hubDID: string;
+    issuerDID: string;
+    title?: string;
+    createdAt: number;
+    updatedAt: number;
+    expiresAt?: number;
+    moderation: HubPolicyModerationSettings;
+    services: readonly HubPolicyServiceOfferEntry[];
+    budgetHints: readonly HubPolicyBudgetHint[];
+    policyRefs: readonly string[];
+    operatorContact?: HubPolicyOperatorContact;
+    appealChannels: readonly HubPolicyAppealChannel[];
+};
+type HubPolicyServiceOfferSignature = {
+    alg: 'Ed25519';
+    value: string;
+};
+type SignedHubPolicyServiceOffer = UnsignedHubPolicyServiceOffer & {
+    signature: HubPolicyServiceOfferSignature;
+};
+type HubPolicyServiceOfferVerificationResult = {
+    valid: boolean;
+    errors: readonly string[];
+};
+declare const createHubPolicyServiceOffer: (input: Omit<UnsignedHubPolicyServiceOffer, "v" | "kind" | "createdAt" | "updatedAt" | "moderation" | "budgetHints" | "policyRefs" | "operatorContact" | "appealChannels"> & {
+    createdAt?: number;
+    updatedAt?: number;
+    moderation?: Partial<HubPolicyModerationSettings> & {
+        aiReview?: Partial<HubPolicyAIReviewSettings>;
+        labels?: Partial<HubPolicyLabelSettings>;
+    };
+    budgetHints?: readonly HubPolicyBudgetHint[];
+    policyRefs?: readonly string[];
+    operatorContact?: HubPolicyOperatorContact;
+    appealChannels?: readonly HubPolicyAppealChannel[];
+}) => UnsignedHubPolicyServiceOffer;
+declare const canonicalizeHubPolicyServiceOffer: (offer: UnsignedHubPolicyServiceOffer) => string;
+declare const hubPolicyServiceOfferSigningBytes: (offer: UnsignedHubPolicyServiceOffer) => Uint8Array;
+declare const signHubPolicyServiceOffer: (offer: UnsignedHubPolicyServiceOffer, signingKey: Uint8Array) => SignedHubPolicyServiceOffer;
+declare const unsignedHubPolicyServiceOffer: (offer: SignedHubPolicyServiceOffer | UnsignedHubPolicyServiceOffer) => UnsignedHubPolicyServiceOffer;
+declare const isSignedHubPolicyServiceOffer: (offer: unknown) => offer is SignedHubPolicyServiceOffer;
+declare const validateHubPolicyServiceOffer: (offer: UnsignedHubPolicyServiceOffer, now?: number) => HubPolicyServiceOfferVerificationResult;
+declare const verifySignedHubPolicyServiceOffer: (offer: SignedHubPolicyServiceOffer, now?: number) => HubPolicyServiceOfferVerificationResult;
+declare const activeHubPolicyServices: (offer: SignedHubPolicyServiceOffer | UnsignedHubPolicyServiceOffer) => readonly HubPolicyServiceOfferEntry[];
+declare const publicAppealChannels: (offer: SignedHubPolicyServiceOffer | UnsignedHubPolicyServiceOffer) => readonly HubPolicyAppealChannel[];
+/**
+ * Public write budget accounting for local-first and federated surfaces.
+ */
+type PublicWriteBudgetScope = 'did' | 'hub' | 'workspace' | 'surface' | 'did-surface' | 'hub-surface' | 'workspace-surface';
+type PublicWriteBudgetLimit = {
+    scope: PublicWriteBudgetScope;
+    unitsPerWindow: number;
+    windowMs: number;
+};
+type PublicWriteBudgetPolicy = {
+    limits: readonly PublicWriteBudgetLimit[];
+    defaultCostUnits?: number;
+};
+type PublicWriteBudgetInput = {
+    did?: string;
+    hubId?: string;
+    workspaceId?: string;
+    surface: AbuseSurface;
+    costUnits?: number;
+    now?: number;
+};
+type PublicWriteBudgetUsage = {
+    key: string;
+    scope: PublicWriteBudgetScope;
+    usedUnits: number;
+    resetAt: number;
+};
+type PublicWriteBudgetCharge = {
+    key: string;
+    scope: PublicWriteBudgetScope;
+    costUnits: number;
+    usedUnits: number;
+    limitUnits: number;
+    resetAt: number;
+};
+type PublicWriteBudgetDecision = {
+    allowed: boolean;
+    resource: AbuseResource;
+    reasons: string[];
+    charges: PublicWriteBudgetCharge[];
+    nextUsage: PublicWriteBudgetUsage[];
+};
+declare function evaluatePublicWriteBudget(input: PublicWriteBudgetInput, policy: PublicWriteBudgetPolicy, usage?: readonly PublicWriteBudgetUsage[]): PublicWriteBudgetDecision;
+declare function createPublicWriteBudgetKey(input: Pick<PublicWriteBudgetInput, 'did' | 'hubId' | 'workspaceId' | 'surface'>, scope: PublicWriteBudgetScope): string | null;
+/**
+ * Crawl and federation query cost budget accounting.
+ */
+type QueryCostBudgetWorkType = 'crawl' | 'federation-query';
+type QueryCostBudgetScope = 'actor' | 'hub' | 'workspace' | 'remote-peer' | 'domain' | 'route' | 'work-type' | 'hub-work-type' | 'domain-work-type' | 'remote-peer-route';
+type QueryCostBudgetLimit = {
+    scope: QueryCostBudgetScope;
+    unitsPerWindow: number;
+    windowMs: number;
+};
+type QueryCostBudgetPolicy = {
+    limits: readonly QueryCostBudgetLimit[];
+    defaultCostUnits?: number;
+};
+type QueryCostBudgetInput = {
+    workType: QueryCostBudgetWorkType;
+    actorDID?: string;
+    hubId?: string;
+    workspaceId?: string;
+    remotePeerId?: string;
+    domain?: string;
+    route?: string;
+    costUnits?: number;
+    now?: number;
+};
+type QueryCostBudgetUsage = {
+    key: string;
+    scope: QueryCostBudgetScope;
+    usedUnits: number;
+    resetAt: number;
+};
+type QueryCostBudgetCharge = {
+    key: string;
+    scope: QueryCostBudgetScope;
+    costUnits: number;
+    usedUnits: number;
+    limitUnits: number;
+    resetAt: number;
+};
+type QueryCostBudgetDecision = {
+    allowed: boolean;
+    resource: AbuseResource;
+    reasons: string[];
+    charges: QueryCostBudgetCharge[];
+    nextUsage: QueryCostBudgetUsage[];
+};
+declare function evaluateQueryCostBudget(input: QueryCostBudgetInput, policy: QueryCostBudgetPolicy, usage?: readonly QueryCostBudgetUsage[]): QueryCostBudgetDecision;
+declare function createQueryCostBudgetKey(input: Pick<QueryCostBudgetInput, 'actorDID' | 'hubId' | 'workspaceId' | 'remotePeerId' | 'domain' | 'route' | 'workType'>, scope: QueryCostBudgetScope): string | null;
+/**
+ * Deployment profiles for deterministic abuse mitigation defaults.
+ */
+type AbuseDeploymentProfileKind = 'small-self-hosted-hub' | 'public-search-hub';
+type AbuseDeploymentProfileInput = {
+    hubId?: string;
+    windowMs?: number;
+    cloudReviewDailyMicroUsd?: number;
+    moderationReviewUnitsPerWindow?: number;
+    searchIndexUnitsPerWindow?: number;
+};
+type AbuseDeploymentProfile = {
+    id: string;
+    kind: AbuseDeploymentProfileKind;
+    title: string;
+    moderation: Pick<HubPolicyModerationSettings, 'mode' | 'requireSignedWrites' | 'rejectUnsignedFederation' | 'quarantineFirstContact' | 'allowLocalOverride' | 'publishLabelExplanations' | 'aiReview'>;
+    cloudReview: CloudReviewCallPolicy;
+    publicWriteBudget: PublicWriteBudgetPolicy;
+    queryCostBudget: QueryCostBudgetPolicy;
+    budgetHints: readonly HubPolicyBudgetHint[];
+};
+declare function createSmallSelfHostedAbuseProfile(input?: AbuseDeploymentProfileInput): AbuseDeploymentProfile;
+declare function createPublicSearchHubAbuseProfile(input?: AbuseDeploymentProfileInput): AbuseDeploymentProfile;
+/**
+ * Deterministic claim extraction and citation coverage scoring.
+ */
+type CitationKind = 'markdown-link' | 'reference-link' | 'footnote-link' | 'bare-url' | 'doi';
+type CitationReference = {
+    id: string;
+    kind: CitationKind;
+    label: string;
+    target: string;
+    domain?: string;
+    startIndex: number;
+    endIndex: number;
+};
+type ExtractedClaim = {
+    id: string;
+    text: string;
+    startIndex: number;
+    endIndex: number;
+    confidence: number;
+    citationRefs: readonly string[];
+    evidenceRefs: readonly string[];
+};
+type ClaimCitationCoverageInput = {
+    title?: string;
+    body: string;
+    published?: boolean;
+    sourceDID?: string;
+};
+type ClaimCitationCoverageOptions = {
+    minClaimChars?: number;
+    maxClaims?: number;
+    citationWindowChars?: number;
+};
+type ClaimCitationCoverageAssessment = {
+    claims: ExtractedClaim[];
+    citations: CitationReference[];
+    citationCoverage: number;
+    citedClaimCount: number;
+    unsupportedClaimCount: number;
+    claimCount: number;
+    quality: Partial<AbuseQualitySignals>;
+    evidenceRefs: string[];
+    reviewEvidenceRefs: string[];
+    treatment: 'review-evidence';
+};
+declare function extractCitationReferences(input: ClaimCitationCoverageInput): CitationReference[];
+declare function extractKnowledgeClaims(input: ClaimCitationCoverageInput, options?: ClaimCitationCoverageOptions): ExtractedClaim[];
+declare function scoreClaimCitationCoverage(input: ClaimCitationCoverageInput, options?: ClaimCitationCoverageOptions): ClaimCitationCoverageAssessment;
+/**
+ * Labeler trust and subscription limit helpers.
+ */
+type LabelerTrustScope = 'workspace' | 'hub';
+type LabelerTrustLevel = 'blocked' | 'observe' | 'review' | 'trusted';
+type LabelerTrustAction = 'accept' | 'observe' | 'review' | 'reject' | 'ignore';
+type LabelerTrustSetting = {
+    scope: LabelerTrustScope;
+    scopeId: string;
+    labelerDID: string;
+    level: LabelerTrustLevel;
+    weight: number;
+    minConfidence: number;
+    allowedLabels?: readonly string[];
+    deniedLabels?: readonly string[];
+    maxLabelsPerSubject?: number;
+    expiresAt?: number;
+};
+type LabelerTrustEvaluationInput = {
+    scope: LabelerTrustScope;
+    scopeId: string;
+    labelerDID: string;
+    labelValue: string;
+    confidence: number;
+    evidenceRefs?: readonly string[];
+    labelExpiresAt?: number;
+    now?: number;
+};
+type ReportEscalationInput = Omit<LabelerTrustEvaluationInput, 'labelerDID' | 'evidenceRefs'> & {
+    reporterDID: string;
+    reportId: string;
+    evidenceRefs?: readonly string[];
+};
+type LabelerTrustDecision = {
+    accepted: boolean;
+    action: LabelerTrustAction;
+    reasons: readonly string[];
+    level: LabelerTrustLevel | 'unconfigured';
+    effectiveWeight: number;
+    minConfidence: number;
+    setting?: LabelerTrustSetting;
+};
+type LabelerSubscriptionStatus = 'active' | 'paused' | 'disabled';
+type LabelerSubscription = {
+    id: string;
+    labelerDID: string;
+    workspaceId?: string;
+    hubId?: string;
+    status: LabelerSubscriptionStatus;
+    createdAt: number;
+    expiresAt?: number;
+};
+type LabelerSubscriptionLimitPolicy = {
+    maxWorkspaceSubscriptions?: number;
+    maxHubSubscriptions?: number;
+    maxWorkspaceSubscriptionsPerLabeler?: number;
+    maxHubSubscriptionsPerLabeler?: number;
+};
+type LabelerSubscriptionLimitInput = {
+    id: string;
+    labelerDID: string;
+    workspaceId?: string;
+    hubId?: string;
+    now?: number;
+};
+type LabelerSubscriptionLimitDecision = {
+    allowed: boolean;
+    reasons: readonly string[];
+    activeCounts: {
+        workspace: number;
+        hub: number;
+        workspaceLabeler: number;
+        hubLabeler: number;
+    };
+    nextSubscription?: LabelerSubscription;
+};
+type ReportEscalationDecision = {
+    canAffectVisibility: boolean;
+    trustDecision: LabelerTrustDecision;
+    trustedLabel: AbuseLabel | null;
+    evidenceRefs: readonly string[];
+};
+declare function evaluateLabelerTrust(input: LabelerTrustEvaluationInput, settings: readonly LabelerTrustSetting[]): LabelerTrustDecision;
+declare function createTrustedLabelFromSetting(input: LabelerTrustEvaluationInput, settings: readonly LabelerTrustSetting[]): AbuseLabel | null;
+declare function evaluateReportEscalation(input: ReportEscalationInput, settings: readonly LabelerTrustSetting[]): ReportEscalationDecision;
+declare function createLabelerSubscription(input: Omit<LabelerSubscription, 'status' | 'createdAt'> & {
+    status?: LabelerSubscriptionStatus;
+    createdAt?: number;
+}): LabelerSubscription;
+declare function evaluateLabelerSubscriptionLimit(input: LabelerSubscriptionLimitInput, policy: LabelerSubscriptionLimitPolicy, subscriptions?: readonly LabelerSubscription[]): LabelerSubscriptionLimitDecision;
+/**
+ * A persisted policy subscription, normalized to the fields the runtime trust
+ * setting needs. The app maps a `PolicySubscription` node onto this shape so
+ * this adapter stays decoupled from the data schema.
+ */
+type PolicySubscriptionTrustInput = {
+    labelerDID: string;
+    /** Persisted policy scope (user/workspace/community/hub/…). */
+    scope?: string;
+    /** Trust weight in [0, 1] (the schema's `trust`). */
+    trust: number;
+    enabled?: boolean;
+    minConfidence?: number;
+    allowedLabels?: readonly string[];
+    deniedLabels?: readonly string[];
+    maxLabelsPerSubject?: number;
+    expiresAt?: number;
+};
+/**
+ * Project a persisted policy subscription onto a runtime `LabelerTrustSetting`
+ * — the seam between stored subscriptions and `evaluateLabelerTrust`. Disabled
+ * or zero-trust subscriptions become `blocked` so they reject rather than
+ * silently accept.
+ */
+declare function subscriptionToTrustSetting(sub: PolicySubscriptionTrustInput, scopeId: string): LabelerTrustSetting;
+/**
+ * Project many subscriptions, dropping ones that are expired at `now`. Disabled
+ * subscriptions are kept (mapped to `blocked`) so they explicitly suppress a
+ * labeler rather than falling through to `unconfigured`.
+ */
+declare function subscriptionsToTrustSettings(subs: readonly PolicySubscriptionTrustInput[], scopeId: string, now?: number): LabelerTrustSetting[];
+/**
+ * Community note rating experiments with diversity-aware agreement.
+ */
+type CommunityNoteHelpfulness = 'helpful' | 'not-helpful' | 'needs-source' | 'irrelevant';
+type CommunityNoteRatingInput = {
+    noteId?: string;
+    raterDID?: string;
+    helpfulness: CommunityNoteHelpfulness;
+    confidence: number;
+    sourceWeight?: number;
+    perspective?: string;
+    createdAt?: number;
+};
+type CommunityNoteAgreementStatus = 'insufficient' | 'helpful' | 'not-helpful' | 'needs-more-diversity' | 'contested';
+type CommunityNoteAgreementOptions = {
+    minRatings?: number;
+    minHelpfulRatings?: number;
+    minPerspectiveGroups?: number;
+    minDiversityScore?: number;
+    helpfulThreshold?: number;
+    notHelpfulThreshold?: number;
+    contestedThreshold?: number;
+};
+type CommunityNotePerspectiveSummary = {
+    perspective: string;
+    ratingCount: number;
+    helpfulWeight: number;
+    notHelpfulWeight: number;
+    needsSourceWeight: number;
+    irrelevantWeight: number;
+};
+type CommunityNoteAgreementSummary = {
+    status: CommunityNoteAgreementStatus;
+    ratingCount: number;
+    effectiveWeight: number;
+    helpfulScore: number;
+    notHelpfulScore: number;
+    needsSourceScore: number;
+    irrelevantScore: number;
+    diversityScore: number;
+    agreementScore: number;
+    supportingPerspectiveCount: number;
+    perspectiveCount: number;
+    perspectives: CommunityNotePerspectiveSummary[];
+    reasons: string[];
+};
+declare function summarizeCommunityNoteAgreement(ratings: readonly CommunityNoteRatingInput[], options?: CommunityNoteAgreementOptions): CommunityNoteAgreementSummary;
+declare function groupCommunityNoteRatingsByPerspective(ratings: readonly CommunityNoteRatingInput[]): Map<string, CommunityNoteRatingInput[]>;
+declare function scoreCommunityNotePerspectiveDiversity(ratings: readonly CommunityNoteRatingInput[]): number;
+declare function isCommunityNoteAgreementVisible(summary: Pick<CommunityNoteAgreementSummary, 'status'>): boolean;
+/**
+ * Staged write flow for moderation and quality labels.
+ */
+type StagedModerationSourceType = 'deterministic' | 'local-ai' | 'cloud-ai' | 'human' | 'community-note' | 'policy-list' | 'hub' | 'report' | 'crawler';
+type StagedModerationWriteKind = 'moderation-label' | 'quality-signal';
+type StagedModerationWriteStatus = 'staged' | 'committed' | 'rejected';
+type StagedModerationWriteCandidate = {
+    id?: string;
+    targetId: string;
+    targetSchema?: string;
+    kind: StagedModerationWriteKind;
+    value: string;
+    score?: number;
+    confidence: number;
+    sourceType: StagedModerationSourceType;
+    sourceDID?: string;
+    sourceWeight?: number;
+    evidenceRefs?: readonly string[];
+    modelProvider?: string;
+    modelName?: string;
+    modelVersion?: string;
+    expiresAt?: number;
+};
+type StagedModerationWritePolicy = {
+    minStageConfidence?: number;
+    autoCommitConfidence?: number;
+    autoCommitSources?: readonly StagedModerationSourceType[];
+    requireReviewSources?: readonly StagedModerationSourceType[];
+    allowCrawlerAutoCommit?: boolean;
+    maxReviewTasks?: number;
+    maxReviewTasksBySource?: Partial<Record<StagedModerationSourceType, number>>;
+    reviewQueueByKind?: Partial<Record<StagedModerationWriteKind, AbuseReviewQueue>>;
+    defaultSourceWeight?: number;
+    stagedExpiresInMs?: number;
+};
+type StagedModerationWrite = StagedModerationWriteCandidate & {
+    id: string;
+    status: StagedModerationWriteStatus;
+    createdAt: number;
+    stagedAt?: number;
+    committedAt?: number;
+    committedBy?: string;
+    rejectedAt?: number;
+    rejectedBy?: string;
+    rejectionReason?: string;
+    reviewRequired: boolean;
+    reviewQueue?: AbuseReviewQueue;
+};
+type MaterializedModerationWrite = {
+    targetId: string;
+    targetSchema?: string;
+    kind: StagedModerationWriteKind;
+    value: string;
+    score?: number;
+    confidence: number;
+    sourceType: StagedModerationSourceType;
+    sourceDID?: string;
+    sourceWeight: number;
+    evidenceRefs: readonly string[];
+    modelProvider?: string;
+    modelName?: string;
+    modelVersion?: string;
+    expiresAt?: number;
+};
+type StagedModerationReviewTask = {
+    id: string;
+    stagedWriteId: string;
+    targetId: string;
+    queue: AbuseReviewQueue;
+    priority: number;
+    reasons: readonly string[];
+};
+type StagedModerationWritePlan = {
+    staged: StagedModerationWrite[];
+    committed: StagedModerationWrite[];
+    rejected: StagedModerationWrite[];
+    materialized: MaterializedModerationWrite[];
+    reviewTasks: StagedModerationReviewTask[];
+};
+type StagedModerationWriteOptions = {
+    now?: number;
+};
+declare function planStagedModerationWrites(candidates: readonly StagedModerationWriteCandidate[], policy?: StagedModerationWritePolicy, options?: StagedModerationWriteOptions): StagedModerationWritePlan;
+declare function approveStagedModerationWrite(write: StagedModerationWrite, reviewerDID: string, options?: StagedModerationWriteOptions): StagedModerationWrite;
+declare function rejectStagedModerationWrite(write: StagedModerationWrite, reviewerDID: string, reason: string, options?: StagedModerationWriteOptions): StagedModerationWrite;
+declare function materializeStagedModerationWrite(write: StagedModerationWrite): MaterializedModerationWrite | null;
+/**
+ * Appeal effects for automated moderation decisions.
+ */
+type AppealStatus = 'open' | 'accepted' | 'rejected' | 'needs-info';
+type AppealResolutionAction = 'reverse' | 'annotate';
+type AppealEffectAction = 'none' | 'reverse' | 'annotate';
+type AppealEffectInput = {
+    appealId: string;
+    targetId: string;
+    appellantDID: string;
+    status: AppealStatus;
+    action?: AppealResolutionAction;
+    reviewerDID?: string;
+    decisionId?: string;
+    appealedLabelId?: string;
+    resolution?: string;
+    evidenceRefs?: readonly string[];
+    confidence?: number;
+    sourceWeight?: number;
+    expiresAt?: number;
+};
+type AppealAnnotation = {
+    appealId: string;
+    targetId: string;
+    status: AppealStatus;
+    action: AppealEffectAction;
+    appellantDID: string;
+    reviewerDID?: string;
+    decisionId?: string;
+    appealedLabelId?: string;
+    resolution?: string;
+    evidenceRefs: readonly string[];
+};
+type AppealEffect = {
+    action: AppealEffectAction;
+    annotation: AppealAnnotation;
+    labelsToApply: readonly AbuseLabel[];
+    reasons: readonly string[];
+};
+declare function createAppealEffect(input: AppealEffectInput): AppealEffect;
+/**
+ * Signed block policy lists for local, workspace, and hub moderation state.
+ */
+type PolicyBlockScope = Extract<PolicyScope, 'user' | 'workspace' | 'community' | 'hub'>;
+type PolicyBlockSubjectType = 'did' | 'peerId' | 'domain' | 'url' | 'contentHash' | 'nodeId';
+type PolicyBlockAction = 'reject' | 'hide' | 'quarantine' | 'block-peer';
+type PolicyBlockEntry = {
+    id?: string;
+    subject: string;
+    subjectType: PolicyBlockSubjectType;
+    action: PolicyBlockAction;
+    reason: string;
+    evidenceRefs?: readonly string[];
+    createdAt: number;
+    expiresAt?: number;
+    autoBlock?: boolean;
+};
+type UnsignedPolicyBlockList = {
+    v: 1;
+    kind: 'xnet.policy.block-list';
+    id: string;
+    title?: string;
+    scope: PolicyBlockScope;
+    issuerDID: string;
+    createdAt: number;
+    updatedAt: number;
+    entries: readonly PolicyBlockEntry[];
+};
+type PolicyBlockListSignature = {
+    alg: 'Ed25519';
+    value: string;
+};
+type SignedPolicyBlockList = UnsignedPolicyBlockList & {
+    signature: PolicyBlockListSignature;
+};
+type PolicyBlockListVerificationResult = {
+    valid: boolean;
+    errors: readonly string[];
+};
+type PolicyBlockAuditEntry = PolicyBlockEntry & {
+    active: boolean;
+    expired: boolean;
+};
+type PolicyBlockOverrideScope = Extract<PolicyBlockScope, 'user' | 'workspace'>;
+type PolicyBlockOverrideEntry = {
+    id?: string;
+    subject: string;
+    subjectType: PolicyBlockSubjectType;
+    scope: PolicyBlockOverrideScope;
+    reason: string;
+    evidenceRefs?: readonly string[];
+    createdAt: number;
+    expiresAt?: number;
+};
+type ResolvedPolicyBlockEntry = PolicyBlockEntry & {
+    listId: string;
+    listScope: PolicyBlockScope;
+    issuerDID: string;
+    overridden: boolean;
+    overrideRefs: readonly string[];
+};
+type PolicyBlockSubscriptionResolutionInput = {
+    lists: readonly (SignedPolicyBlockList | UnsignedPolicyBlockList)[];
+    localOverrides?: readonly PolicyBlockOverrideEntry[];
+    now?: number;
+};
+type PolicyBlockSubscriptionResolution = {
+    enforcedEntries: readonly ResolvedPolicyBlockEntry[];
+    overriddenEntries: readonly ResolvedPolicyBlockEntry[];
+    activeOverrides: readonly PolicyBlockOverrideEntry[];
+};
+declare const canonicalizePolicyBlockList: (list: UnsignedPolicyBlockList) => string;
+declare const policyBlockListSigningBytes: (list: UnsignedPolicyBlockList) => Uint8Array;
+declare const isSignedPolicyBlockList: (list: unknown) => list is SignedPolicyBlockList;
+declare const createPolicyBlockList: (input: Omit<UnsignedPolicyBlockList, "v" | "kind" | "createdAt" | "updatedAt"> & {
+    createdAt?: number;
+    updatedAt?: number;
+}) => UnsignedPolicyBlockList;
+declare const signPolicyBlockList: (list: UnsignedPolicyBlockList, signingKey: Uint8Array) => SignedPolicyBlockList;
+declare const unsignedPolicyBlockList: (list: SignedPolicyBlockList | UnsignedPolicyBlockList) => UnsignedPolicyBlockList;
+declare const verifySignedPolicyBlockList: (list: SignedPolicyBlockList) => PolicyBlockListVerificationResult;
+declare const policyBlockEntryIsActive: (entry: PolicyBlockEntry, now?: number) => boolean;
+declare const auditPolicyBlockEntries: (list: SignedPolicyBlockList | UnsignedPolicyBlockList, now?: number) => readonly PolicyBlockAuditEntry[];
+declare const findPolicyBlockAuditEntry: (list: SignedPolicyBlockList | UnsignedPolicyBlockList, subject: string, subjectType: PolicyBlockSubjectType, now?: number) => PolicyBlockAuditEntry | null;
+declare const activePolicyBlockEntries: (list: SignedPolicyBlockList | UnsignedPolicyBlockList, now?: number) => readonly PolicyBlockEntry[];
+declare const findPolicyBlockEntry: (list: SignedPolicyBlockList | UnsignedPolicyBlockList, subject: string, subjectType: PolicyBlockSubjectType, now?: number) => PolicyBlockEntry | null;
+declare const policyBlockOverrideEntryIsActive: (entry: PolicyBlockOverrideEntry, now?: number) => boolean;
+declare const resolveSubscribedPolicyBlockLists: (input: PolicyBlockSubscriptionResolutionInput) => PolicyBlockSubscriptionResolution;
+/**
+ * @xnetjs/abuse — NSFW / sensitive-content labeling and per-viewer filtering
+ * (exploration 0175).
+ *
+ * Sensitivity is a PER-VIEWER concern, not a platform-hide concern: explicit
+ * content is not hidden from everyone by default, it is each viewer's dial.
+ * This module is therefore deliberately separate from `decideAbuse` (which
+ * gates platform-level abuse like spam/malware). The render gate combines the
+ * two by taking the STRICTER of the platform decision and the viewer's
+ * sensitivity preference — see `resolveContentVisibility`.
+ *
+ * Label vocabulary is aligned to the ATProto/Bluesky moderation lexicon so a
+ * label emitted by any interoperating labeler maps onto the same dial.
+ */
+declare const sensitivityLabels: readonly [{
+    readonly id: "sexual";
+    readonly name: "Sexually suggestive";
+    readonly defaultVisibility: "warn";
+}, {
+    readonly id: "nudity";
+    readonly name: "Non-sexual nudity";
+    readonly defaultVisibility: "show";
+}, {
+    readonly id: "porn";
+    readonly name: "Explicit / pornographic";
+    readonly defaultVisibility: "hide";
+}, {
+    readonly id: "graphic-media";
+    readonly name: "Graphic / violent";
+    readonly defaultVisibility: "warn";
+}];
+type SensitivityLabelValue = (typeof sensitivityLabels)[number]['id'];
+declare const SENSITIVITY_LABEL_VALUES: readonly SensitivityLabelValue[];
+declare function isSensitivityLabelValue(value: string): value is SensitivityLabelValue;
+/**
+ * Provenance of a sensitivity signal → weight. Research (0175): the author's
+ * own declaration is the cheapest, highest-precision signal; community reports
+ * are gameable; an untrusted labeler counts for little until trusted.
+ */
+type SensitivitySource = 'self' | 'ml' | 'report' | 'labeler';
+declare const SENSITIVITY_SOURCE_WEIGHT: Readonly<Record<SensitivitySource, number>>;
+/** Minimum combined weighted confidence for a sensitivity value to count as present. */
+declare const SENSITIVITY_PRESENCE_FLOOR = 0.15;
+/** A per-label choice. `show` is "no filtering" for that label. */
+type SensitivityPreference = AbuseVisibility;
+type UserSensitivityPreferences = {
+    /**
+     * Master adult-content switch. When off (the default), any present
+     * `sexual`/`nudity`/`porn` label is hidden regardless of per-label settings —
+     * matching Bluesky's age-gated model.
+     */
+    adultContentEnabled: boolean;
+    /** Whether the viewer has confirmed they are an adult. Required to enable adult content. */
+    ageConfirmed: boolean;
+    /** Per-label visibility dial. Missing entries fall back to the vocabulary default. */
+    labels: Partial<Record<SensitivityLabelValue, SensitivityPreference>>;
+    /**
+     * Dating default (exploration 0174): blur unlabeled media from a non-mutual
+     * sender even when no sensitivity label is present.
+     */
+    blurUnsolicitedMedia?: boolean;
+};
+declare const DEFAULT_SENSITIVITY_PREFERENCES: UserSensitivityPreferences;
+type BuildSensitivityLabelInput = {
+    value: SensitivityLabelValue;
+    source: SensitivitySource;
+    confidence: number;
+    sourceDID?: string;
+    id?: string;
+    expiresAt?: number;
+    evidenceRefs?: readonly string[];
+};
+/** Build an `AbuseLabel` for a sensitivity signal with the source-appropriate weight. */
+declare function buildSensitivityLabel(input: BuildSensitivityLabelInput): AbuseLabel;
+type SensitivityAssessment = {
+    /** Sensitivity values judged present, with their combined weighted confidence. */
+    present: ReadonlyMap<SensitivityLabelValue, number>;
+    /** Convenience: present values as an array. */
+    values: readonly SensitivityLabelValue[];
+};
+/**
+ * Combine the sensitivity labels on a piece of content into the set of values
+ * that count as present. A value is present when the sum of
+ * `confidence × sourceWeight` across its active labels clears the presence floor.
+ */
+declare function assessSensitivity(labels: readonly AbuseLabel[], options?: {
+    now?: number;
+    presenceFloor?: number;
+}): SensitivityAssessment;
+/** Return whichever visibility is stricter (hide > blur > warn > show). */
+declare function strictestVisibility(a: AbuseVisibility, b: AbuseVisibility): AbuseVisibility;
+type SensitivityVisibilityOptions = {
+    now?: number;
+    presenceFloor?: number;
+    /** Dating signal: the content carries media from a non-mutual sender. */
+    unsolicitedMedia?: boolean;
+};
+/**
+ * Resolve how a single piece of content should appear FOR THIS VIEWER given its
+ * sensitivity labels and the viewer's preferences. Pure; no platform-abuse
+ * logic (combine with `decideAbuse` via `resolveContentVisibility`).
+ */
+declare function decideSensitivityVisibility(labels: readonly AbuseLabel[], preferences?: UserSensitivityPreferences, options?: SensitivityVisibilityOptions): AbuseVisibility;
+/** Why a sensitivity label or rule contributed to the resolved visibility. */
+type SensitivityReasonCause = 'adult-disabled' | 'dial' | 'unsolicited-media';
+type SensitivityReason = {
+    /** The sensitivity value involved, or undefined for the unsolicited-media rule. */
+    label?: SensitivityLabelValue;
+    /** The visibility this reason contributed (`show` for a present-but-allowed label). */
+    effect: AbuseVisibility;
+    cause: SensitivityReasonCause;
+};
+type SensitivityExplanation = {
+    /** The resolved visibility — identical to `decideSensitivityVisibility`. */
+    visibility: AbuseVisibility;
+    /** Per-label / per-rule breakdown of what drove the decision. */
+    reasons: readonly SensitivityReason[];
+};
+/**
+ * Explain *why* content resolved to its sensitivity visibility for this viewer —
+ * the transparency primitive behind a "why was this filtered?" affordance. Walks
+ * the same logic as `decideSensitivityVisibility`, recording each present label's
+ * effect (and the unsolicited-media rule) so the UI can render it.
+ */
+declare function explainSensitivityVisibility(labels: readonly AbuseLabel[], preferences?: UserSensitivityPreferences, options?: SensitivityVisibilityOptions): SensitivityExplanation;
+/**
+ * Express the viewer's sensitivity dial as an `AbuseDecisionOverride` so callers
+ * can feed it through the existing `decideAbuse` pipeline. Only ever tightens
+ * visibility (scope `'user'`), never loosens a platform decision.
+ */
+declare function sensitivityOverride(labels: readonly AbuseLabel[], preferences?: UserSensitivityPreferences, options?: SensitivityVisibilityOptions): AbuseDecisionOverride | undefined;
+/**
+ * The render-gate primitive: combine a platform `decideAbuse` decision with the
+ * viewer's sensitivity dial, returning the stricter visibility. A platform
+ * `hide` always wins; otherwise the viewer's NSFW preference can only tighten.
+ */
+declare function resolveContentVisibility(decision: Pick<AbuseDecision, 'visibility'>, labels: readonly AbuseLabel[], preferences?: UserSensitivityPreferences, options?: SensitivityVisibilityOptions): AbuseVisibility;
+/**
+ * Perceptual image hashing + known-bad-hash matching (exploration 0175, phase 3).
+ *
+ * Operates on a decoded grayscale image (`luma` 0–255, row-major). Decoding is
+ * the caller's job — a browser uses a `<canvas>`, a hub uses sharp/jimp — so this
+ * module stays pure, portable, and unit-testable.
+ *
+ * Two distinct jobs, both needed (the research is explicit that ML classification
+ * and hash matching are complementary):
+ *  - `perceptualHash` / `averageHash` / `differenceHash` — robust similarity
+ *    hashes for "is this the same image as one we've seen", used for dedupe and
+ *    as the comparison primitive behind known-bad matching.
+ *  - `matchKnownImageHash` — the CSAM-style matcher: compare a candidate hash to
+ *    a list of known-bad hashes (e.g. a PDQ/PhotoDNA-derived list). The matching
+ *    LOGIC lives here; sourcing the actual list is an operator/legal step.
+ */
+type GrayscaleImage = {
+    width: number;
+    height: number;
+    /** Row-major luma values in [0, 255], length === width * height. */
+    luma: readonly number[];
+};
+/** Average hash (aHash): 8×8 luma compared to the mean → 64-bit hex. */
+declare function averageHash(image: GrayscaleImage): string;
+/** Difference hash (dHash): 9×8, each pixel brighter than its right neighbour → 64-bit hex. */
+declare function differenceHash(image: GrayscaleImage): string;
+/**
+ * DCT-based perceptual hash (pHash family): downscale to 32×32, take the 2D
+ * DCT-II, keep the low-frequency top-left 8×8 block (excluding the DC term), and
+ * threshold each coefficient against the block median → 64-bit hex. More robust
+ * to scaling/compression than aHash/dHash.
+ */
+declare function perceptualHash(image: GrayscaleImage): string;
+/** Hamming distance (number of differing bits) between two equal-length hex hashes. */
+declare function hammingDistanceHex(a: string, b: string): number;
+/** Similarity in [0, 1] from Hamming distance over the hash bit length. */
+declare function imageHashSimilarity(a: string, b: string): number;
+type KnownImageHash = {
+    hash: string;
+    label: string;
+    source?: string;
+};
+type KnownHashMatch = {
+    label: string;
+    source?: string;
+    distance: number;
+};
+/**
+ * Match a candidate hash against a list of known-bad hashes. A match within
+ * `maxHammingBits` is the CSAM-style "known content" signal — zero ML, near-zero
+ * false positives for the exact known item. Returns the closest match or null.
+ */
+declare function matchKnownImageHash(hash: string, known: readonly KnownImageHash[], maxHammingBits?: number): KnownHashMatch | null;
+/**
+ * On-device NSFW image classifier adapter (exploration 0175, phase 1).
+ *
+ * The heavy model (NSFWJS / a Transformers.js ONNX classifier) is INJECTED as a
+ * `detect` function so this package carries no model binary and stays testable.
+ * The adapter's job is to map a detector's category scores onto the xNet
+ * sensitivity vocabulary as `AbuseLabel`s, conforming to `LocalClassifierAdapter`.
+ *
+ * Privacy (0175): this runs on the author's device (pre-screen + self-label
+ * suggestion) and on the viewer's device (private filter). It never reports the
+ * author — its output drives labels and the viewer's own dial only.
+ */
+/** A single category score from an NSFW image model (e.g. NSFWJS / Falconsai). */
+type NsfwImageDetection = {
+    label: string;
+    score: number;
+};
+type NsfwImageDetector = (input: {
+    metadata?: Record<string, unknown>;
+}) => Promise<readonly NsfwImageDetection[]> | readonly NsfwImageDetection[];
+type NsfwImageClassifierOptions = {
+    /** The injected model. */
+    detect: NsfwImageDetector;
+    id?: string;
+    version?: string;
+    model?: string;
+    sourceDid?: string;
+    /** Minimum category score to emit a label. */
+    threshold?: number;
+};
+/**
+ * Map an NSFW model category to the xNet sensitivity vocabulary. Covers the
+ * common NSFWJS (`drawing/hentai/neutral/porn/sexy`) and Falconsai
+ * (`normal/sexy/porn/hentai`) label sets plus a few generic synonyms.
+ */
+declare function mapNsfwLabelToSensitivity(label: string): SensitivityLabelValue | null;
+declare function createNsfwImageClassifier(options: NsfwImageClassifierOptions): LocalClassifierAdapter;
+/**
+ * Before-upload image pre-screen (exploration 0177, W4).
+ *
+ * Turns an on-device classifier's sensitivity labels into a single upload-time
+ * recommendation: allow silently, suggest a self-label, or warn that the image
+ * looks explicit. Pure and model-agnostic — the heavy NSFW model is injected via
+ * the existing `createNsfwImageClassifier` adapter, so this runs on the author's
+ * device and never leaves it (privacy invariant from 0175).
+ */
+type PrescreenRecommendation = 'allow' | 'suggest-label' | 'warn-explicit';
+interface ImagePrescreenResult {
+    recommendation: PrescreenRecommendation;
+    /** The strongest sensitivity value to self-label with, or null when clean. */
+    suggestedLabel: SensitivityLabelValue | null;
+    /** Confidence of the strongest sensitivity label (0 when none). */
+    confidence: number;
+    /** The sensitivity labels that drove the decision. */
+    labels: readonly AbuseLabel[];
+}
+interface ImagePrescreenOptions {
+    /** Score at/above which an explicit (`porn`) label triggers a hard warn. */
+    explicitWarnThreshold?: number;
+    /** Minimum score to suggest a self-label at all. */
+    suggestThreshold?: number;
+}
+/**
+ * Map classifier labels to an upload recommendation (pure). Explicit content
+ * above the warn threshold returns `warn-explicit`; any other sensitivity above
+ * the suggest threshold returns `suggest-label`; everything else is `allow`.
+ */
+declare function prescreenImageLabels(labels: readonly AbuseLabel[], options?: ImagePrescreenOptions): ImagePrescreenResult;
+/**
+ * Run an injected on-device classifier over an image input and reduce its output
+ * to a pre-screen recommendation. The classifier is the seam where a real ONNX
+ * NSFW model (NSFWJS/Falconsai via Transformers.js) is plugged in.
+ */
+declare function prescreenImage(classifier: LocalClassifierAdapter, input: LocalClassifierInput, options?: ImagePrescreenOptions): Promise<ImagePrescreenResult>;
+/**
+ * Privacy-preserving usage events for abuse economics and operator accounting.
+ */
+declare const ABUSE_USAGE_EVENT_KINDS: readonly ["blocked", "throttled", "reviewed", "billable", "sponsored", "reciprocal"];
+declare const ABUSE_USAGE_SETTLEMENTS: readonly ["free", "paid", "sponsored", "reciprocal", "abuse-blocked"];
+type AbuseUsageEventKind = (typeof ABUSE_USAGE_EVENT_KINDS)[number];
+type AbuseUsageSettlement = (typeof ABUSE_USAGE_SETTLEMENTS)[number];
+type AbuseUsageWorkType = 'public-write' | 'remote-mutation' | 'crawl' | 'federation-query' | 'classification' | 'moderation-label' | 'appeal' | 'storage';
+type AbuseUsageEventInput = {
+    kind: AbuseUsageEventKind;
+    surface: AbuseSurface;
+    workType: AbuseUsageWorkType;
+    actorDID?: string;
+    peerId?: string;
+    remotePeerId?: string;
+    labelerDID?: string;
+    hubId?: string;
+    workspaceId?: string;
+    domain?: string;
+    route?: string;
+    units?: number;
+    costMicroUsd?: number;
+    sponsoredMicroUsd?: number;
+    reciprocalCreditUnits?: number;
+    settlement?: AbuseUsageSettlement;
+    resource?: AbuseResource;
+    reviewQueue?: AbuseReviewQueue;
+    reasonCodes?: readonly AbuseReasonCode[];
+    policyId?: string;
+    tags?: readonly string[];
+    occurredAt?: number;
+    eventId?: string;
+    identityHashSalt?: string;
+    eventHashSalt?: string;
+};
+type AbuseUsageEvent = {
+    id: string;
+    kind: AbuseUsageEventKind;
+    settlement: AbuseUsageSettlement;
+    surface: AbuseSurface;
+    workType: AbuseUsageWorkType;
+    actorHash: string;
+    remotePeerHash?: string;
+    labelerHash?: string;
+    hubId?: string;
+    workspaceId?: string;
+    domain?: string;
+    route?: string;
+    units: number;
+    costMicroUsd: number;
+    billableMicroUsd: number;
+    sponsoredMicroUsd: number;
+    reciprocalCreditUnits: number;
+    resource?: AbuseResource;
+    reviewQueue?: AbuseReviewQueue;
+    reasonCodes: readonly AbuseReasonCode[];
+    policyId?: string;
+    tags: readonly string[];
+    occurredAt: number;
+};
+type AbuseDecisionUsageInput = Omit<AbuseUsageEventInput, 'kind' | 'reasonCodes' | 'resource' | 'reviewQueue' | 'settlement'> & {
+    decision: AbuseDecision;
+};
+type AbuseUsageEventSummary = {
+    totalEvents: number;
+    totalUnits: number;
+    kindCounts: Record<AbuseUsageEventKind, number>;
+    settlementCounts: Record<AbuseUsageSettlement, number>;
+    unitsByKind: Record<AbuseUsageEventKind, number>;
+    unitsBySettlement: Record<AbuseUsageSettlement, number>;
+    eventsBySurface: Partial<Record<AbuseSurface, number>>;
+    eventsByWorkType: Partial<Record<AbuseUsageWorkType, number>>;
+    costMicroUsd: number;
+    billableMicroUsd: number;
+    sponsoredMicroUsd: number;
+    reciprocalCreditUnits: number;
+    blockedUnits: number;
+    throttledUnits: number;
+    reviewedUnits: number;
+    automationSavedUnits: number;
+    automationSavedCostMicroUsd: number;
+    appealUnits: number;
+    appealCostMicroUsd: number;
+    automationSavingsRatio: number;
+    reviewLoadRatio: number;
+    appealLoadRatio: number;
+};
+declare function createAbuseUsageEvent(input: AbuseUsageEventInput): AbuseUsageEvent;
+declare function createAbuseUsageEventsFromDecision(input: AbuseDecisionUsageInput): AbuseUsageEvent[];
+declare function createAbuseUsageEventId(event: Omit<AbuseUsageEvent, 'id'>, salt?: string): string;
+declare function summarizeAbuseUsageEvents(events: readonly AbuseUsageEvent[]): AbuseUsageEventSummary;
+export { ABUSE_USAGE_EVENT_KINDS, ABUSE_USAGE_SETTLEMENTS, type AISignalProvenance, type AISignalProvenanceInput, type AISignalProvenanceValidation, type AISignalSourceType, AbuseDecision, AbuseDecisionOverride, type AbuseDecisionUsageInput, type AbuseDeploymentProfile, type AbuseDeploymentProfileInput, type AbuseDeploymentProfileKind, AbuseFacts, AbuseLabel, AbuseQualitySignals, AbuseReasonCode, AbuseResource, AbuseReviewQueue, AbuseSurface, type AbuseUsageEvent, type AbuseUsageEventInput, type AbuseUsageEventKind, type AbuseUsageEventSummary, type AbuseUsageSettlement, type AbuseUsageWorkType, AbuseVisibility, type AppealAnnotation, type AppealEffect, type AppealEffectAction, type AppealEffectInput, type AppealResolutionAction, type AppealStatus, type BuildSensitivityLabelInput, type CitationKind, type CitationReference, type ClaimCitationCoverageAssessment, type ClaimCitationCoverageInput, type ClaimCitationCoverageOptions, type CloudClassificationOptions, type CloudClassificationResult, type CloudClassificationSkipReason, type CloudClassificationUsage, type CloudClassifierAdapter, type CloudClassifierBudgetPolicy, type CloudClassifierInput, type CloudClassifierPrivacyPolicy, type CloudClassifierProvenance, type CloudClassifierProviderResult, type CloudClassifierProviderSignal, type CloudClassifierRequest, type CloudClassifierSignal, type CloudPrivacyMode, type CloudReviewCallPolicy, type CloudReviewCallReason, type CloudReviewRouteDecision, type CloudReviewSkipReason, type CommunityNoteAgreementOptions, type CommunityNoteAgreementStatus, type CommunityNoteAgreementSummary, type CommunityNoteHelpfulness, type CommunityNotePerspectiveSummary, type CommunityNoteRatingInput, type ContentFingerprint, type ContentFingerprintInput, type ContentFingerprintOptions, DEFAULT_SENSITIVITY_PREFERENCES, DecisionExplanation, DecisionExplanationReason, type DuplicateContentAssessment, type DuplicateContentOptions, type ExtractedClaim, type GrayscaleImage, type HubModerationMode, type HubPolicyAIReviewSettings, type HubPolicyAppealChannel, type HubPolicyAppealChannelKind, type HubPolicyBudgetHint, type HubPolicyLabelSettings, type HubPolicyModerationSettings, type HubPolicyOperatorContact, type HubPolicyServiceKind, type HubPolicyServiceOfferEntry, type HubPolicyServiceOfferSignature, type HubPolicyServiceOfferVerificationResult, type HubPolicySettlementMode, type ImagePrescreenOptions, type ImagePrescreenResult, type KeywordClassifierRule, type KeywordLocalClassifierOptions, type KnownHashMatch, type KnownImageHash, type LabelerSubscription, type LabelerSubscriptionLimitDecision, type LabelerSubscriptionLimitInput, type LabelerSubscriptionLimitPolicy, type LabelerSubscriptionStatus, type LabelerTrustAction, type LabelerTrustDecision, type LabelerTrustEvaluationInput, type LabelerTrustLevel, type LabelerTrustScope, type LabelerTrustSetting, type LocalClassificationResult, type LocalClassifierAdapter, type LocalClassifierInput, type LocalClassifierOptions, type LocalClassifierProvenance, type LocalClassifierSignal, type MaterializedModerationWrite, type ModerationCascadeCloudConfig, type ModerationCascadeOptions, type ModerationCascadeResult, NormalizedAbuseFacts, type NsfwImageClassifierOptions, type NsfwImageDetection, type NsfwImageDetector, type PolicyBlockAction, type PolicyBlockAuditEntry, type PolicyBlockEntry, type PolicyBlockListSignature, type PolicyBlockListVerificationResult, type PolicyBlockOverrideEntry, type PolicyBlockOverrideScope, type PolicyBlockScope, type PolicyBlockSubjectType, type PolicyBlockSubscriptionResolution, type PolicyBlockSubscriptionResolutionInput, PolicyScope, type PolicySubscriptionTrustInput, type PrescreenRecommendation, type PublicWriteBudgetCharge, type PublicWriteBudgetDecision, type PublicWriteBudgetInput, type PublicWriteBudgetLimit, type PublicWriteBudgetPolicy, type PublicWriteBudgetScope, type PublicWriteBudgetUsage, type QueryCostBudgetCharge, type QueryCostBudgetDecision, type QueryCostBudgetInput, type QueryCostBudgetLimit, type QueryCostBudgetPolicy, type QueryCostBudgetScope, type QueryCostBudgetUsage, type QueryCostBudgetWorkType, type ReportEscalationDecision, type ReportEscalationInput, type ResolvedPolicyBlockEntry, SENSITIVITY_LABEL_VALUES, SENSITIVITY_PRESENCE_FLOOR, SENSITIVITY_SOURCE_WEIGHT, type SensitivityAssessment, type SensitivityExplanation, type SensitivityLabelValue, type SensitivityPreference, type SensitivityReason, type SensitivityReasonCause, type SensitivitySource, type SensitivityVisibilityOptions, type SignedHubPolicyServiceOffer, type SignedPolicyBlockList, type StagedModerationReviewTask, type StagedModerationSourceType, type StagedModerationWrite, type StagedModerationWriteCandidate, type StagedModerationWriteKind, type StagedModerationWriteOptions, type StagedModerationWritePlan, type StagedModerationWritePolicy, type StagedModerationWriteStatus, TRUSTED_SPAM_LABEL, type UnsignedHubPolicyServiceOffer, type UnsignedPolicyBlockList, type UserSensitivityPreferences, WARNING_SLOP_LABEL, abuseFixtures, activeHubPolicyServices, activeLabels, activePolicyBlockEntries, approveStagedModerationWrite, assessDuplicateContent, assessSensitivity, auditPolicyBlockEntries, averageHash, buildSensitivityLabel, canonicalizeContentText, canonicalizeHubPolicyServiceOffer, canonicalizePolicyBlockList, classifyWithCloudAdapter, classifyWithLocalAdapters, classifyWithModerationCascade, compareContentFingerprints, compareSimHash64, createAISignalProvenanceEvidenceRef, createAbuseUsageEvent, createAbuseUsageEventId, createAbuseUsageEventsFromDecision, createAppealEffect, createBaseFacts, createCloudClassifierAdapter, createCloudClassifierRequestBase, createContentFingerprint, createHubPolicyServiceOffer, createKeywordLocalClassifier, createLabelerSubscription, createLocalClassificationResult, createNsfwImageClassifier, createPolicyBlockList, createPublicSearchHubAbuseProfile, createPublicWriteBudgetKey, createQueryCostBudgetKey, createSmallSelfHostedAbuseProfile, createTrustedLabelFromSetting, decideAbuse, decideCloudReviewRoute, decidePublicInteraction, decideReach, decideRemoteMutation, decideSensitivityVisibility, decideTransport, differenceHash, estimateCloudClassifierCost, evaluateLabelerSubscriptionLimit, evaluateLabelerTrust, evaluatePublicWriteBudget, evaluateQueryCostBudget, evaluateReportEscalation, explainDecision, explainSensitivityVisibility, extractCitationReferences, extractKnowledgeClaims, findPolicyBlockAuditEntry, findPolicyBlockEntry, getCloudClassificationSkipReason, getReasonDetail, groupCommunityNoteRatingsByPerspective, hammingDistanceHex, hubPolicyServiceOfferSigningBytes, imageHashSimilarity, isAISignalSourceType, isCommunityNoteAgreementVisible, isRejected, isSensitivityLabelValue, isSignedHubPolicyServiceOffer, isSignedPolicyBlockList, isVisible, mapNsfwLabelToSensitivity, matchKnownImageHash, materializeStagedModerationWrite, mergeLocalClassificationResults, normalizeAbuseFacts, perceptualHash, planStagedModerationWrites, policyBlockEntryIsActive, policyBlockListSigningBytes, policyBlockOverrideEntryIsActive, prescreenImage, prescreenImageLabels, publicAppealChannels, qualityRiskScore, redactCloudClassifierText, rejectStagedModerationWrite, resolveContentVisibility, resolveSubscribedPolicyBlockLists, scoreClaimCitationCoverage, scoreCommunityNotePerspectiveDiversity, sensitivityLabels, sensitivityOverride, shouldThrottle, signHubPolicyServiceOffer, signPolicyBlockList, strictestVisibility, subscriptionToTrustSetting, subscriptionsToTrustSettings, summarizeAbuseUsageEvents, summarizeCommunityNoteAgreement, tokenizeContent, unsignedHubPolicyServiceOffer, unsignedPolicyBlockList, validateAISignalProvenance, validateHubPolicyServiceOffer, verifySignedHubPolicyServiceOffer, verifySignedPolicyBlockList, weightedLabelScore };