Production proof live

CommandLayer turns agent actions, external events, and paid machine workflows into
signed, independently verifiable receipts.

CommandLayer is the receipt layer for external events, paid machine actions, and agent execution.

View Live Proof Explore Capabilities Explore Protocol

VerifyAgent.eth — receipt.json

Signed receipt

{
  "verb": "sign",
  "class": "trust-verification",
  "result": {
    "payload": {
      "message": "hello from MCP"
    }
  },
  "metadata": {
    "proof": {
      "canonicalization": "json.sorted_keys.v1",
      "hash": {
        "alg": "SHA-256",
        "value": "..."
      },
      "signature": {
        "alg": "Ed25519",
        "kid": "vC4WbcNoq2znSCiQ",
        "value": "..."
      },
      "signer_id": "runtime.commandlayer.eth"
    }
  }
}

Verification result

Waiting…

Ready to verify

Canonicalized

json.sorted_keys.v1 byte sequence

Hash matched

SHA-256 byte-for-byte

Signer identity matched

runtime.commandlayer.eth · kid vC4WbcNoq2znSCiQ

Signature valid

Ed25519 verified against pubkey

Verifying…

From preview to production

The animation above explains the model.
The live proof below runs it.

What is live today

Trust Verification receipts
runtime.commandlayer.eth receipt signing
ENS TXT verification with public_key_source: ens_txt
Coinbase webhook-to-receipt example: server-side HMAC verification, normalized observe receipt, runtime signature, ENS-backed verification.
x402 paid-action example: demo_accepted_envelope mode by default, provider_verified mode when configured, signed action receipt verified through /api/verify.
VerifyAgent/API verifier
SDK receipt wrapping

These flows are live and currently verifiable across runtime and verifier surfaces.

LIVE PROTOCOL PROOF

Resolve. Sign. Verify. Tamper. Reject.

This is not a mock animation. The homepage calls the production runtime, verifies the returned receipt, tampers with the payload, and verifies again.

1. Resolvepending

Identify runtime signer identity

waiting for runtime.commandlayer.eth

2. Signpending

Call runtime and receive signed metadata.proof

waiting for signed payload

3. Verifypending

Verifier recomputes json.sorted_keys.v1 + SHA-256 + Ed25519

waiting for verifier response

4. Tamperpending

Mutate canonical payload bytes

waiting for mutation step

5. Rejectpending

Verifier should reject tampered receipt

waiting for invalid result

Original receipt

waiting...

Tampered receipt

waiting...

Show raw JSON

No data yet.

Runtime signs. Verifier validates. MCP bridges. SDK wraps. Schemas describe. Schema-valid alone is not verified. Tampering changes the canonical payload and breaks verification.

Run Auto-Verify Demo Verify Genesis Receipt Open Verifier View Production Proof

GENESIS RECEIPTS LIVE

A claimed agent now begins with proof.

After its public agent cards are pinned, CommandLayer issues a signed genesis receipt: a verifiable chain root for the agent’s origin.

Verify Genesis Receipt

How it works

Action executes

An agent, app, or MCP client requests a CommandLayer action.

Runtime signs receipt

The runtime emits a canonical metadata.proof receipt.

Verifier checks proof

Hash and Ed25519 signature are independently validated.

Tampering fails

Changing the output breaks the hash and signature.

SDK + runtime signing

Agents don't make claims —
they produce proof.

The SDK wraps developer actions and emits canonical receipts. Production runtime signing is handled by the runtime layer.

✓ Ed25519 cryptographic signatures

✓ Canonical proof: json.sorted_keys.v1 + SHA-256 + Ed25519

✓ Open, keyless verification API

View SDK on GitHub →

agent.ts

import { CommandLayer } from "@commandlayer/agent-sdk@1.2.0";

const cl = new CommandLayer({
  agent: "runtime.commandlayer.eth",
  privateKeyPem: process.env.CL_PRIVATE_KEY_PEM, // env only
  keyId:  "vC4WbcNoq2znSCiQ"
});

// Wrap any agent action
const result = await cl.wrap("summarize", async () => {
  return { summary: "hello world" };
});

// Verify the signed receipt
const verified = await cl.verify(result.receipt);
console.log(verified.status); // "VERIFIED"

Verification pipeline

Four steps to cryptographic certainty

Every receipt runs through a deterministic pipeline — canonical hashing, signature validation, and on-chain identity resolution.

⊕

1. Canonicalize

Rebuild deterministic JSON with sorted keys using json.sorted_keys.v1 so identical outputs always produce identical byte sequences.

2. Hash

Recompute SHA-256 over the canonical payload and compare with metadata.proof.hash.value.

⬡

3. Match signer identity

Match metadata.proof.signer_id and metadata.proof.signature.kid to the expected runtime signer identity.

✓

4. Verify Signature

Validate the Ed25519 signature against signer key material. Returns VERIFIED or INVALID.

⚡

Tamper-evident

Any byte change breaks the hash. A broken hash breaks the signature. No silent mutations, no blind trust.

🌐

Open & public

VerifyAgent.eth is a public verification layer. Anyone with a receipt can verify it — no API key, no account required.

Automatic verification

Valid receipts are accepted. Tampered receipts are rejected.

CommandLayer verification is not limited to manual paste. A webhook can receive a receipt, verify it server-side, accept the valid event, and reject the same receipt after payload tampering.

Valid receiptACCEPTED

verifier_status: VALID
hash_matches: true
signature_valid: true

Tampered receiptREJECTED

verifier_status: INVALID
hash_matches: false
signature_valid: false

Runtime signs → Webhook receives → Verifier checks → Accept / reject

Run the automatic verification demo View example code

Capabilities preview

Trust verification now, broader capability families next

Trust Verification v1

verify, sign, attest, authorize, approve, reject, permit, grant, authenticate, endorse

AI / Utility Actions

summarize, classify, clean, parse, explain, analyze, format, convert, describe, fetch

Future capability families

commerce, identity, governance, data, messaging, payments, policy, compliance

Explore CommandLayer

Where to start by audience

Protocol researchers

Read protocol framing, trust boundaries, and verification flow.

Builders

Wrap actions into receipts and ship verification in developer workflows.

Capability/schema explorers

Explore the CLAS capability map and schema discovery surface.

Proof reviewers

Inspect live receipts and verify canonical proof outputs.

External integrations

Review Coinbase and x402 integration paths and boundaries.

Receipt model

Read receipt structure, canonicalization, and verification semantics.

Verification surfaces

Runtime-validated verification.
Public verifier surface.

Runtime /verify has been validated against production runtime receipts. Website /api/verify is a public verifier surface and should align with the same canonical proof model. Coinbase HMAC authenticates webhook delivery to the receiving server. x402/payment rails prove payment acceptance or settlement. CommandLayer proves the normalized event/action receipt. ENS anchors signer identity. VerifyAgent verifies hash, signature, signer, key id, and canonicalization.

Read Receipts Build with SDK

POST /api/verify

Raw receipt verification. Pass any CommandLayer receipt and get a deterministic VERIFIED or INVALID response.

curl -X POST /api/verify \ -H "content-type: application/json" \ -d '{"receipt":{...}}'

POST /api/agents/verifyagent

Callable VerifyAgent.eth interface — the standard verification entrypoint for the CommandLayer agent network.

curl -X POST /api/agents/verifyagent \ -H "content-type: application/json" \ -d '{"receipt":{...}}'

CommandLayer turns agent actions, external events, and paid machine workflows intosigned, independently verifiable receipts.

The animation above explains the model.The live proof below runs it.