| 开发者 |
theailaborg
theailab |
|---|---|
| 更新时间 | 2026年6月4日 04:38 |
| PHP版本: | 8.1 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPL-2.0-or-later |
| 版权网址: | 版权信息 |
<tip-badge> web component. Your audience does not need to install anything..tip.json connection flow with optional DOB-based key unlock..well-known/tip-protocol.json or DNS TXT records so the network can confirm a publisher legitimately claims a domain./wp-content/plugins/.TIP Protocol in the WordPress admin menu..tip.json package for a publisher TIP-ID or creator TIP-ID.TIP Protocol (Trust Identity Protocol) is an open content-provenance specification. The WordPress plugin lets publishers and creators sign their published content with a cryptographic identity, label whether AI was used to write it, and surface a verifiable trust badge to readers. It works as an editorial layer on top of WordPress without requiring a browser extension.
Every post can carry one of four origin labels: Original Human (OH), AI-Assisted (AA), AI-Generated (AG), or Mixed (MX). The label is part of the cryptographically signed payload, so it cannot be modified after publication without invalidating the signature. Readers and verifiers see a verified AI-disclosure label, not a self-claim.
No. They solve adjacent problems. C2PA and Content Credentials focus on signing images and video at capture time, typically inside a camera or generative tool. TIP Protocol focuses on signing the final published article (text, media manifest, author roster, AI label) at the moment a publisher hits Publish in WordPress. They can coexist on the same site.
A TIP-ID is a unique cryptographic identifier in the format tip://id/REGION-xxxxxxxxxxxxxxxx. Publishers receive a reviewed publisher TIP-ID from The AI Lab. Individual writers can generate a personal creator TIP-ID on vp.theailab.org. Both types are imported into WordPress as a signed .tip.json package.
In the block editor, open the post sidebar and use the TIP Protocol panel. In the classic editor, use the TIP Origin Declaration metabox. Each writer can also opt in to a biometric step-up (WebAuthn) before signing with their personal Author TIP-ID.
Yes. A site can carry a single verified publisher TIP-ID for the organization, plus per-writer creator TIP-IDs for individual bylines. The plugin supports byline ordering, multiple co-authors per post, role tagging (reporter, editor, photographer, columnist, guest, contributor), and optional per-author co-signatures.
Yes. TIP Protocol registers any public editor-supported content type, which includes WooCommerce products, custom post types, news/event types, and pages built with Elementor, Beaver Builder, Bricks, and similar tools. Multisite installations are supported.
No. TIP Protocol detects active major SEO plugins. When Yoast SEO or Rank Math is present, TIP Protocol merges TIP provenance into their existing JSON-LD graph instead of emitting a competing article-schema block. When neither is active, TIP Protocol emits its own complete provenance-enriched article schema.
No. The badge ships as a bundled local web component by default. A CDN option is available in plugin settings if you explicitly choose it, but the default works fully offline and respects strict CSP environments.
Private keys are encrypted at rest with AES-256-GCM. The key-derivation input includes WordPress salts plus a PBKDF2 stretch (200,000 iterations of SHA-256). The admin UI never exposes the stored encrypted private key back to the browser. Decryption only happens server-side at the moment of signing.
A reviewed .tip.json package that contains tip_id, public_key, private_key, algorithm, region, created_at, and (for organizational identities) vp_id. Publisher packages come from The AI Lab after organization review. Personal creator packages are exported from vp.theailab.org and can be DOB-locked for additional protection.
Yes. The plugin is licensed under GPL-2.0-or-later. The TIP Protocol specification is open. The plugin can be used commercially on any number of sites.
By default the plugin talks to the TIP node at https://node.theailab.org for registration and verification calls. You can configure a different node URL in plugin settings if you operate a self-hosted TIP node. Content registration sends the canonical hash, signature, origin label, and author metadata, not the full article body.
No. Reader-facing badges use a small bundled web component (about 8 KB), all provenance meta is emitted server-side as HTTP headers and HTML meta tags during the normal page render, and verification lookups for trust scores are cached. There is no extra browser fetch on every page load.
theailab) that WordPress.org's importer flagged as an unknown user. Only theailaborg was the real WordPress.org account; the second handle was a leftover from an earlier intent to register a sister account. No code changes.tip_protocol() renamed to theailab_tip_bootstrap(). A guarded backward-compat alias preserves the old name for any third-party code or theme snippet that referenced it.tip/verification-badge renamed to theailab/verification-badge. The legacy block name is also re-registered as an alias so existing post content that embeds the old block continues to render unchanged.tip-protocol (previously routed to admin.php?page=tip-protocol) was already moved to theailab in an earlier release; this version adds a 301 redirect from the legacy URL to the new one so bookmarked admin URLs keep working.[tip-badge] and [download_button] continue to render via backward-compat aliases registered alongside the canonical [theailab-tip-badge] and [theailab_download_button] names.height: auto, increased line-height to 1.5, switched to a custom-drawn navy chevron with explicit right-padding so the option text isn't crowded, and bumped vertical padding to 12px. The dropdown now renders the full option text cleanly at any zoom level.public_key field. Without it, the node had to look up the TIP-ID's public key on the DAG to verify, which fails for newly-imported personal Author IDs that haven't been published to the network yet. Including the key gives the node a deterministic verification path; the node should still cross-check this against its DAG record when one exists.{"error":{"message":"…"}}), the plugin's API client cast the nested object to a string and surfaced the literal word "Array" in the editor — users saw "Couldn't sign this post / Array" with no actual reason. The client now walks the common shapes (error as string or {message,detail,description,code,reason,details[]}, top-level message, plural errors[]) and falls back to a short raw body snippet or a status-code message, so the real reason from the node always reaches the user.tip-key-export-v2 files) failed to import with TIP-PKG-2 packages must declare vp_id.. Personal identities are self-claimed and never carry a publisher review, so the importer no longer requires vp_id for tip_id_type === "personal". Publisher and platform identities continue to require a well-formed vp_id, and personal exports that do include one are still validated against THEAILAB_VP_ID_REGEX.InlineStatus React component centralizes the banner so all panels share one look and one set of accessibility semantics (role="alert" for errors with aria-live="assertive", role="status" for successes with aria-live="polite").package_version: "tip-key-export-v2-unlocked", which the importer rejected with Unsupported .tip.json package_version. Synthetic packages now use the canonical TIP-PKG-2 version string. (2) The import error notice rendered as a small banner at the top of the import card, far from the Connect button the user just clicked, so it was easy to miss. The error / success message now renders as a prominent red (or green) banner immediately above the Connect button with an icon, title, and dismiss button..tip.json files where publicKey is empty in the clear (a known property of vp.theailab.org's tip-key-export-v2 exports when the user's record had no stored public key at export time). The server-side /identity/import endpoint now derives the public key from the private key via the bundled bin/tip-ml-dsa.mjs helper (action: derive-public) before passing the package to the key manager. The derived key is injected at top-level public_key and into identity.public_key (mirroring the original path) so downstream parsing succeeds whether the importer reads from one or the other.tip-key-export-v2 files. After reading the actual producer code at vp.theailab.org (settings.html + src/crypto.js), the format is now pinned exactly: byte layout [salt:16][iv:12][ct+gcm-tag], PBKDF2-SHA-256 with 200,000 iterations, AES-256-GCM, password is the user's date of birth normalized to 8 digits in MMDDYYYY order, and the plaintext is the raw private-key hex string (not a JSON wrapper). Previous fallback-by-trying-many-layouts code is replaced with this single deterministic decryption. Wrong DOB now produces a clear "That date of birth doesn't unlock this file" message.<input type="date"> (which forced YYYY-MM-DD) with a <input type="text" placeholder="MM/DD/YYYY"> that auto-inserts slashes as the user types — same behavior as the producer's input field. The Unlock button stays disabled until exactly 8 digits are entered.tip_id and publicKey fields from the outer file; the existing parser then takes over and unlocks the Connect button as it would for any .tip.json file.OH - Original Human / AA - AI-Assisted / AG - AI-Generated / MX - Mixed) and the Register button label remain unchanged. The "Next update type" field is moved into a collapsible "Advanced options" disclosure (collapsed by default) so writers see only the question that matters.tip-key-export-v2 personal Author ID file format from vp.theailab.org. These files are encrypted with the user's date of birth using PBKDF2 (SHA-256, 200,000 iterations) + AES-256-GCM. The plugin now detects the locked format, shows a dedicated "This file is locked" card with a date-of-birth input, decrypts the file client-side via Web Crypto API, and hands the unwrapped public_key + private_key to the existing import flow. The DOB never leaves the browser. Site identity files (publishers) continue to use the existing flat / identity.* format with no DOB step.identity.*, keys.*, data.*, key_package.* wrappers). Now handles TIP-PKG-1, TIP-PKG-2, vp.theailab.org exports, AI-Lab-issued packages, and reasonable variants of all of the above.wp.components.Modal, which can render as undefined in certain wp-components versions and prevent the entire panel from re-rendering. Replaced with a self-contained <div> overlay using pure CSS (no wp-components dependency), so the modal always renders regardless of host WordPress version.theailab_nonce in v1.5.0 but the JavaScript continued to send tip_nonce. Renamed the parameter on the JS side in admin/js/tip-admin.js, admin/js/tip-gutenberg.js, and admin/js/tip-origin-classic.js.tests/test-rest-nonce-consistency.php (10 assertions) so this regression cannot recur silently. Test suite is now 344 assertions across 11 standalone files.[tip-badge] and [download_button]. The canonical shortcodes [theailab-tip-badge] and [theailab_download_button] continue to work.tip-protocol to theailab (admin URL is now wp-admin/admin.php?page=theailab).tip-protocol-* to theailab-* (theailab-admin, theailab-editor, theailab-origin-classic, theailab-gutenberg, theailab-public, theailab-badge).tip-protocol-identity to theailab-identity.tip-protocol-admin-root to theailab-admin-root.name attributes from tip-origin-* and tip_origin_* to theailab-origin-* and theailab_origin_*.current_user_can() with prefixed custom capabilities (theailab_manage_settings, theailab_register_content, theailab_set_origin, theailab_view_dashboard)._theailab_author_tip_ids.authors[] array (primary at index 0) with per-author key_mode and signed flags. Solo-author posts and authorless hosted content remain supported.build_cna_2_2_payload(), sign_publisher_v3(), verify_publisher_v3(), sign_co_signer(), verify_co_signer(). CNA-2.1 verification preserved for backward compatibility (THEAILAB_CNA_VERSION_PREVIOUS).co_signatures[] collection: when a contributor is in self-signing mode, the registrar records a pending co-signature placeholder so the node can ingest the contributor's own ML-DSA-65 signature out-of-band.GET/POST /theailab/v1/contributors — list or add a contributorPATCH/DELETE /theailab/v1/contributors/{tip_id} — update or removeGET/POST /theailab/v1/post-authors/{post_id} — read or set the bylineauthor becomes an array of Person objects when multiple authors are bound; new meta tags tip:co-authors and tip:authors-count.test-contributor-registry.php (55 assertions), test-cna-2-2-payload.php (10 assertions covering canonical determinism + alphabetical key ordering with authors[])._theailab_author_tip_ids post meta with REST schema so the Gutenberg sidebar can read/write it through core/editor.theailab_contributors (autoload no), new user meta theailab_contributor_tip_id (back-pointer for fast WP-user → contributor lookup).tip_ / TIP_ to theailab_ / THEAILAB_ to comply with WordPress.org plugin guideline on prefix uniqueness (4+ char distinct prefix). Affects classes, constants, functions, options, capabilities, post meta keys, user meta keys, cron events, transients, REST namespace, and database tables.tip_* options, capabilities, post meta, user meta to the new theailab_* keys; renames wp_tip_content → wp_theailab_content and wp_tip_transactions → wp_theailab_transactions; unschedules legacy cron events.[tip-badge] continues to render alongside the new canonical [theailab-tip-badge].$_SERVER reads with sanitize_text_field immediately after wp_unslash to satisfy the WordPress coding standard's "sanitize early" rule for superglobals.WP_Error codes from the legacy prefix to the canonical prefix.tip_id, tip_id_type, tip_ids, tip_key) which are protocol-spec values defined in the patent and not plugin-internal identifiers.personal, publisher, platform) with reserved values for future Phase 2 releaseattribution_mode field (self, employed, hosted) carried in CNA-2.1 canonical content payloaddisabled / optional / required); Phase 1 default is optional so manual publisher onboarding works without a rosteredit_post / read_post permission checks to /tip/v1/register, /update, /status, /origin/save, /origin/registerget_temp_dir() to wp-content/uploads/tip-protocol-private/ with .htaccess, web.config, and index.php deny files plus chmod 0600/0700JSON_UNESCAPED_SLASHES from application/tip+json and application/ld+json script-tag output to prevent </script> break-out@noble/post-quantum ML-DSA-65 imports so the post-quantum signing helper resolves dependencies without node_modules/tip/v1/identity/remove plus admin UI controls for both Publisher and Creator identities, with typed-confirmation guard for the destructive Publisher case560px mobile breakpoint; :focus-visible, prefers-reduced-motion, and prefers-contrast support; WCAG 2.5.5 minimum touch-target sizingload_plugin_textdomain() (auto-loaded by WordPress 4.6+ for directory-hosted plugins)Contributors to include theailaborgtipmediaimage, tipmediavideo, and tipmediaaudio indicatorsCNA-MIX-1 top-level content hashing when attached media participates in the registration hashtext_canonical_hash plus attached-media hash fields in the local record and public TIP manifest.tip.json package import support and clearer rejection for browser-connected WebAuthn blobsregistered_url directly in X-TIP-Content-Bind