The license tier travels with the query. The redistribution rule travels with the row.
A dataset merchant on the Visa CLI mints one hive-vcr-1 receipt per query. The license tier, seat binding, redistribution rule, and the license agreement hash all get co-signed before any row leaves the operator.
These are the fields the operator co-signs before the call returns.
Every field below gets co-signed by the operator with ML-DSA-65 and countersigned by Hive. If a field is missing, that's not a default value. It's a verification failure. The merchant can't return the call's result without the receipt, and the receipt can't exist without these fields.
Proprietary Datasets · attestation fields
Three places this business needs a receipt right now.
Compliance for data-buying desks
Every query becomes a receipt, and every receipt names the seat that made it. That turns the desk's quarterly redistribution audit into a quick check instead of a survey.
Agent-driven data calls
An autonomous agent querying a dataset endpoint can't get around the license terms. The operator simply won't sign if the agent's policy and the license tier don't match.
Vendor renewal evidence
When the dataset vendor asks who used what, the receipts answer the question in a form the vendor's own auditor can check without needing Hive at all.
One endpoint, one envelope, and no dependency on Hive in your inference path.
A proprietary-datasets operator can adopt hive-vcr-1 by adding the receipt envelope to the response and publishing a verification key. Hive's countersignature rides alongside, it's not on the critical path. So if Hive ever disappears, the operator's receipts still check out against the operator's own key.