Manual Verifier
Manual inspection is useful for debugging and spot checks.
Open /verify.html →Ambient Machine-Action Verification
-Systems can verify machine-action receipts automatically through URLs, badges, webhooks, SDKs, and agent-to-agent flows.
+ Automatic Verification +Verification without manual paste.
+CommandLayer receipts can be verified automatically by apps, webhooks, SDKs, MCP flows, badges, and agent-to-agent systems.
+ +The working model
+
+
+ Runtime signs receipt
+ → receipt delivered to a system
+ → system calls verifier
+ → valid receipt accepted
+ → tampered receipt rejected
+ The webhook auto-verify example demonstrates this server-side. The public demo demonstrates the same flow in the browser using runtime signing and runtime verification.
+Runtime: https://runtime.commandlayer.org
Verifier: https://runtime.commandlayer.org/verify
Live today
-
Open tampered receipt URL →
Open GitHub example
API reference
Verification URLs
Receipt-specific URLs let systems and humans open the same verification result directly.
Open valid receipt URL →Open tampered receipt URL →
Embedded Badges
Display verification status where decisions are made.
Open /verify-badge-demo.html →SDK/runtime verification
Use SDK and runtime verifier flows in applications that verify receipts on delivery.
Manual verifier
Paste receipt JSON and inspect each verification check.
Open verifierRuntime verifier
Programmatically verify receipts with POST https://runtime.commandlayer.org/verify.
Webhook auto-verify
Backend receives receipt, verifies it server-side, and accepts/rejects the event.
Open demo pageOpen GitHub example
Embedded badge
Display verification state in a UI.
Open badge demoSDK/runtime verification
Use @commandlayer/agent-sdk or direct runtime calls in application code.
API reference
Ambient flow
-Receipt reference → fetch receipt → verify checks → accept/reject action
-The verifier can run inside a website, backend job, webhook consumer, SDK call, or agent-to-agent workflow.
+Webhook auto-verification
+This is the no-paste model: POST /webhook receives { event, receipt }, the server posts { receipt } to the verifier, valid proof returns accepted, and tampered proof returns rejected.
cd examples/webhook-auto-verify +npm install +npm run generate:samples +npm start + +curl -X POST http://localhost:3000/webhook \\ + -H "Content-Type: application/json" \\ + --data @sample-valid-webhook.json + +curl -X POST http://localhost:3000/webhook \\ + -H "Content-Type: application/json" \\ + --data @sample-tampered-webhook.json + +Expected: +valid -> 200 accepted +tampered -> 400 rejected
Trust checks
--
-
- schema_valid -
- hash_matched +
- receipt structure +
- metadata.proof present +
- canonicalization = json.sorted_keys.v1 +
- hash_alg = SHA-256 +
- hash_matches +
- signature_alg = Ed25519
- signature_valid -
- signer_resolved -
- signer_matched -
- trust_verb +
- signature.kid = vC4WbcNoq2znSCiQ +
- signer_id = runtime.commandlayer.eth +
- supported capability verb +
- tamper invalidation
-
+
A schema-valid receipt only means the receipt has the expected shape. Cryptographic validity still depends on hash, signature, and signer checks.
- Schema-valid does not always mean cryptographically valid.
+ Schema-valid alone is not verified. Verification requires hash and signature checks.
Developer use cases
-
-
+ webhook filtering
Route or block incoming events based on verification checks.
website badges
Show verification state directly in user-facing pages.
automated receipt checks
Run verification as part of backend decision logic.
agent-to-agent validation
Let one agent verify another agent's receipt before acting.
audit trails
Store verification outputs for compliance and review.
dashboard/history pipelines
Feed verification states into reporting and historical analytics.
Trust boundaries
+-
+
- Runtime signs. +
- Verifier validates. +
- MCP bridges. +
- SDK wraps. +
- Schemas describe. +
Webhook sender authentication is separate from receipt verification. Production webhooks still need sender authentication, replay protection, timestamps, rate limits, and idempotency.
Planned
- Webhook delivery and verification callbacks.
- Continuous monitoring and replay checks.
- Automatic third-party callback integrations.
Verification URLs
+Demo verification routes are available for illustrative receipt IDs:
+-
+
- /verify/r/demo-valid-receipt (demo route) +
- /verify/r/demo-tampered-receipt (demo route) +
Careful wording
--
-
- Ambient verification should happen automatically, not manually. -
- Ambient verification does not require manual copy/paste. -
- Schema-valid does not always mean cryptographically valid. -
- CLAS is network-agnostic; ENS/ERC-8004 can assist discovery and identity but are not required for every verification flow. -
Live vs planned
+Live today: manual verifier, runtime /verify, webhook auto-verify example, SDK/runtime verification, and embedded badge demo.
Planned: managed webhook delivery network, third-party callbacks, continuous monitoring, replay-check service, and dashboard/history pipelines.
+