Shared SPA trust architecture

Metadata tells. Provenance explains. Signatures prove.

A practical system for making generated HTML artifacts discoverable, shareable, attributable, reviewable, and—when needed—cryptographically verifiable.

Trust One normalized provenance object drives every representation.
DiscoverabilityHTML metadata
ShareabilityOpen Graph
SemanticsSchema.org
VerificationC2PA

Use a layered provenance model.

Tag accumulation is not a trust strategy. Each layer serves a different audience and survives a different sharing context.

Initial metadata

Browser, crawler, and search discovery.

<meta> · <link>

Share preview

Rich cards in messaging and social platforms.

Open Graph

Semantic graph

Machine-readable identity and relationships.

Schema.org JSON-LD

Visible provenance

Human-readable source, date, review, and status evidence.

UI + source ledger

Verifiable evidence

Signed assertions and tamper detection.

C2PA + PROV-O

The initial HTML response is the sharing contract.

Route-specific metadata should exist before JavaScript executes. Search engines may render JavaScript. Many preview crawlers, scanners, and enterprise clients will not.

Preferred Stable routes with server-visible metadata.

Use static generation, server rendering, or edge rendering for independently shareable states.

Avoid

Generic shells and hash routes

  • One title and image for the entire application.
  • Metadata inserted only after hydration.
  • Share URLs such as /report#/architecture.
  • Canonical links that collapse all routes to the root.
1

Static generation

Best for standalone reports, handbooks, and immutable research artifacts.

2

Server-side rendering

Best for dynamic content with independently addressable routes.

3

Edge rendering

Best when metadata depends on geography, tenant, publication state, or request-time assembly.

4

Client mutation

Supplemental only. Useful for the live UI, not the primary sharing contract.

Use a small semantic graph.

Model the publisher, webpage, article, and primary media as distinct nodes. Keep detailed event lineage in a sidecar instead of overloading search-oriented JSON-LD.

Schema.org JSON-LD
{
  "@context": "https://schema.org",
  "@graph": [
    {
      "@type": "Organization",
      "@id": "https://example.com/#publisher",
      "name": "Example Organization"
    },
    {
      "@type": "WebPage",
      "@id": "https://example.com/report",
      "mainEntity": {
        "@id": "https://example.com/report#article"
      }
    },
    {
      "@type": "TechArticle",
      "@id": "https://example.com/report#article",
      "headline": "Modern HTML Provenance",
      "datePublished": "2026-07-18T17:00:00-04:00",
      "dateModified": "2026-07-18T18:30:00-04:00",
      "version": "2026.07.18.1",
      "creativeWorkStatus": "Published",
      "author": { "@id": "https://example.com/#publisher" },
      "publisher": { "@id": "https://example.com/#publisher" },
      "isBasedOn": [{ "@type": "CreativeWork", "url": "https://spec.c2pa.org/" }],
      "citation": [{ "@type": "CreativeWork", "url": "https://ogp.me/" }],
      "sdPublisher": { "@id": "https://example.com/#publisher" },
      "sdDatePublished": "2026-07-18"
    }
  ]
}
Use isBasedOn for derivation
Use it when the artifact was adapted from, synthesized from, or materially derived from another resource.
Use citation for references
A citation says the work references another resource. It does not prove which claim came from which source.
Use sdPublisher for the structured representation
This separates the entity publishing the content from the entity publishing the machine-readable structured data.
Keep the source ledger separate
Store exact retrieval times, digests, access classifications, archived URLs, and claim mappings in a dedicated artifact.

Lineage needs entities, activities, and agents.

W3C PROV-O is the better fit when the artifact must explain retrieval, transformation, review, revision, and responsibility across a generation workflow.

Entity

What existed

A report, source, prompt package, dataset, intermediate result, or immutable revision.

Activity

What happened

Retrieval, synthesis, transformation, human review, approval, signing, or publication.

Agent

Who was responsible

A person, organization, model service, build pipeline, or software agent.

Relationship Use it for Example
wasGeneratedBy Connect an artifact to the generation activity. Report revision → synthesis run.
used Record an input consumed by an activity. Research run → standards documents.
wasAttributedTo Assign responsibility. Published artifact → accountable organization.
wasRevisionOf Connect immutable versions. v1.1 → v1.0.
hadPrimarySource Identify authoritative evidence. Implementation guidance → governing specification.
wasQuotedFrom Track exact quotations. Claim block → quoted section.

C2PA turns claims into signed assertions.

HTML metadata is editable. C2PA binds a signed manifest to the final artifact bytes so consumers can detect post-signing changes.

Association Prefer one external manifest.

Use rel="c2pa-manifest" to reference a signed manifest. External association avoids embedding a large Base64 payload in the document.

Critical constraint

Sign the deployed bytes

  • Minification changes the binding.
  • CDN markup injection changes the binding.
  • Whitespace normalization can change the binding.
  • Edge rewrites can change the binding.
1

Generate content and metadata

Produce the page, source ledger, JSON-LD, and visible provenance UI.

2

Apply every transformation

Run minification, bundling, edge injection, and production hardening first.

3

Calculate the digest and sign

Create the C2PA manifest against the exact final document bytes.

4

Deploy and verify

Fetch the public response and verify the signed assertion after delivery.

AI disclosure

Record the model role

Capture model type, model identifier, generation method, and degree of human oversight.

Privacy

Publish accountability, not secrets

Do not expose system prompts, private source contents, internal endpoints, or authentication material.

Asset-level

Sign media separately

Generated diagrams and share cards should carry their own provenance, not only inherit the page record.

Separate the latest pointer from immutable revisions.

A mutable canonical entry point is useful for sharing. An immutable revision is essential for auditability and exact citation.

Latest /research/html-provenance

Human-friendly sharing, search indexing, and the current publication state.

Immutable /version/2026.07.18.1

Historical verification, exact citations, reproducibility, and stable signed bytes.

Never rewrite an immutable revision

Publish a new version and connect it with wasRevisionOf.

Mark superseded artifacts

Make status visible to people and machine-readable in structured metadata.

Keep historical source ledgers

The evidence for a prior revision must remain inspectable after the latest pointer moves.

Choose the right maturity level.

Most generated research SPAs should start at Level 2. High-impact architecture, compliance, policy, and executive artifacts should move toward Levels 3 or 4.

Shareable

Unique title, description, canonical URL, Open Graph, share image, language, dates, and basic JSON-LD.

Trustworthy

Visible provenance, version, status, AI disclosure, source ledger, human review, claim anchors, and license.

Enterprise

Normalized provenance object, build identity, source digests, reviewer roles, PROV-O, and automated validation.

Verifiable

C2PA signing, trusted signer identity, deployed-byte verification, timestamping, and immutable storage.

Generate every representation from one normalized object.

Dates, source counts, version identifiers, review status, and attribution should not be independently hard-coded across the page.

ArtifactProvenance TypeScript model
interface ArtifactProvenance {
  schemaVersion: "1.0";

  artifact: {
    id: string;
    canonicalUrl: string;
    revisionUrl?: string;
    title: string;
    description: string;
    language: string;
    contentType: "text/html";
    version: string;
    status: "draft" | "reviewed" | "published" | "superseded";
  };

  responsibility: {
    creator: ProvenanceParty;
    publisher: ProvenanceParty;
    reviewers: ProvenanceParty[];
  };

  generation: {
    generatedAt: string;
    generatorName: string;
    generatorVersion?: string;
    method: "human" | "human-assisted" | "ai-assisted" | "ai-generated";
    modelProvider?: string;
    modelName?: string;
    modelVersion?: string;
    humanOversight: "none" | "sampled" | "reviewed" | "approved";
    policyVersion?: string;
  };

  lifecycle: {
    createdAt: string;
    publishedAt?: string;
    modifiedAt: string;
    supersedes?: string;
    supersededBy?: string;
  };

  sources: ProvenanceSource[];

  claims?: Array<{
    id: string;
    selector: string;
    sourceIds: string[];
    confidence?: "high" | "medium" | "low";
    notes?: string;
  }>;

  rights: {
    licenseUrl?: string;
    copyrightHolder?: string;
    copyrightYear?: number;
    usageInfoUrl?: string;
  };

  integrity: {
    contentDigest?: string;
    digestAlgorithm?: "sha-256" | "sha-384" | "sha-512";
    c2paManifestUrl?: string;
    signer?: string;
    signedAt?: string;
    verificationUrl?: string;
  };

  build: {
    buildId: string;
    sourceCommit?: string;
    environment?: "development" | "preview" | "production";
  };
}
Drive

HTML metadata

Title, description, canonical, dates, and rights.

Drive

Open Graph

Share title, preview image, URL, locale, and article lifecycle.

Drive

Structured data

Entities, relationships, sources, publisher, and publication status.

Drive

Visible UI

Generated time, review status, version, sources, license, and verification.

Build and validate as an artifact bundle.

A trustworthy report is more than index.html. Preserve the metadata, evidence, source ledger, and verification material that explain the document.

Recommended bundle
artifact/
├── index.html
├── assets/
│   └── share-card.2026.07.18.1.png
├── metadata/
│   ├── artifact.json
│   ├── schema.jsonld
│   └── provenance.jsonld
├── sources/
│   └── source-ledger.json
├── provenance/
│   └── artifact.2026.07.18.1.c2pa
└── verification/
    └── checksums.txt
Release gate

Validation checklist

  • Unique title and factual description.
  • Canonical URL matches the deployed route.
  • Open Graph URL matches canonical identity.
  • Share image is public, stable, and correctly sized.
  • JSON-LD parses and entity IDs are stable.
  • Dates and versions agree across every representation.
  • No private prompts, sources, or internal URLs are exposed.
  • Source ledger references resolve.
  • Visible provenance matches machine-readable provenance.
  • C2PA verifies against the public response when required.

Common failure modes.

Most breakdowns happen when identity, freshness, responsibility, and evidence are treated as decorative metadata rather than release criteria.

Anti-pattern Failure Remediation
One title and share image for the SPA Every route looks identical when shared. Generate route-specific initial metadata.
AI model listed as author Accountability becomes ambiguous. Use the responsible person or organization as author; record the model separately.
Generated date without modified date Consumers cannot judge freshness. Track created, published, modified, and review dates independently.
Modified date changes on every deploy Creates false freshness. Update only for meaningful content changes.
Raw private prompts in public metadata Leaks internal instructions or sensitive context. Store digests or redacted summaries.
Source list without claim mapping Evidence is hard to audit. Attach major claims to source IDs and selectors.
Signing before transformation The deployed HTML fails verification. Sign the final production bytes and verify after delivery.
Unsigned “verified” badge Trust signal is self-asserted. Link the badge to a real verification record.

Make provenance visible.

Metadata disappears in screenshots and is invisible to most readers. Significant artifacts should include a human-readable trust panel.

Artifact record

About this document

Generated as a single-file research handbook. Machine-readable metadata and human-readable provenance are embedded in the same artifact.

Published by
OpenAI
Generated
Version
1.0.0
Status
Published research artifact
Method
AI-assisted synthesis with structured review
Verification
Self-contained metadata; no external signature attached