License tier travels with the query. Redistribution class travels with the row.
A dataset merchant on the Visa CLI mints one hive-vcr-1 receipt per query. License tier, seat-binding, redistribution class, and the licensee agreement hash are co-signed before any row leaves the operator.
The fields the operator co-signs before this call returns.
Every field below is co-signed by the operator with ML-DSA-65 and countersigned by Hive. Absence is not a default. Absence is a verification failure. The merchant cannot return the call's result without the receipt; the receipt cannot exist without these fields.
Proprietary Datasets · attestation fields
Three places this category needs a receipt yesterday.
Compliance for data-buying desks
Every query is a receipt. Every receipt names the seat. The desk's quarterly redistribution audit becomes a verifier loop, not a survey.
Agent-driven data calls
An autonomous agent querying a dataset endpoint cannot escape the license posture; the operator refuses to sign if the agent's policy and the license tier disagree.
Vendor renewal evidence
When the dataset vendor asks who used what, the receipts answer in a form the vendor's auditor can verify independently of Hive.
One endpoint. One envelope. No Hive dependency in your inference path.
A proprietary datasets operator adopts hive-vcr-1 by appending the receipt envelope to the response and exposing a public verification key. Hive's countersignature is a sidecar; it does not sit on the critical path. If Hive disappears, the operator's receipts remain verifiable against the operator's own key.