Extension · moselwal/content-provenance

content-provenance — every piece of content with its own signature.

Ed25519-based digital signatures for TYPO3 content, cryptographically verifiable via /.well-known/provenance-keys. Plus end-to-end audit-trail logging — the foundation for EU AI Act compliance and demonstrable content integrity.

Composer-Repo einbinden
Das Problem

EU AI Act, deepfakes, AI-generated content: who wrote this?

With content-provenance

  • Ed25519 signature per content element, stored alongside the content
  • Public verification endpoint via /.well-known/provenance-keys
  • Audit log with who/when/what, append-only
  • DDD architecture, deptrac-checked
  • EU AI Act-prepared fields (model, prompt hash, reviewer)

Until now

  • "Reviewed by editorial" as a claim in the footer
  • No cryptographic verifiability
  • Audit trail missing or living in the SQL log
  • EU AI Act requirements with no clean way to prove anything

Four building blocks

EU AI Act fields

Prepared metadata fields for AI-generated/-assisted content: model, prompt hash, human reviewer, approval timestamp.

Audit trail

Append-only audit log of every change: who, when, what, signed and timestamped. Verifiable end-to-end via the same Ed25519 keys as the content itself.

Public key endpoint

/.well-known/provenance-keys serves the active public keys for external verifiers — following the RFC convention.

Ed25519 signatures

Cryptographic signature per content element via libsodium (ext-sodium required). Key rotation and multi-key support included.

Installation: composer require moselwal/content-provenance

TYPO3: 14.0+ · PHP: 8.3+ · Required: ext-sodium (libsodium)

Add the Composer repository at gitlab.moselwal.io, then run composer require moselwal/content-provenance.

Architecture

Classes/
├── Domain/          # Signature models, key value objects, contracts
├── Application/     # Signing services, verification orchestration
├── Infrastructure/  # Key providers, repositories, API middleware
└── Presentation/    # Controllers, event listeners

 

API endpoints

EndpointPurpose
/_provenance/api/verifyVerify content signatures
/.well-known/provenance-keysPublic key discovery

Database tables

TablePurpose
tx_provenance_signatureContent signatures
tx_provenance_audit_logAudit trail entries

Configuration and requirements

Configure key providers and signing policies through TYPO3 site settings. Multiple key providers for different environments (development, staging, production) are supported — the backend is pluggable (file, environment, vault).

Requirements

Optional dependencies

PackageTypePurpose
ext-sodiumRequiredEd25519 cryptography
moselwal/devDevShared QA tooling

Source code & docs

TYPO3 Extension Repository

Not in the official TER — install via Composer only.

Composer package

moselwal/content-provenance via the Moselwal Composer repo.

Open the Composer repo

GitLab (source of truth)

Primary repository including CI/CD and Composer package registry.

gitlab.moselwal.io

GitHub

GitHub mirror (placeholder — verify before publish).

github.com/moselwal/content-provenance
Nächster Schritt

EU AI Act readiness as a project?

content-provenance is the technical foundation. If you need an end-to-end EU AI Act compliance setup — including processes, training and audit preparation — get in touch.

AI-Act-Beratung anfragen

Oder direkt schreiben: kontakt@moselwal.de