Make receipt verification ENS-first and gate local fallback behind explicit mode

[GsCommand]

Motivation

• Ensure production verification prefers ENS TXT records for signer public keys and does not silently fall back to a local demo key.
• Differentiate resolver failures (resolver throws) from missing TXT data so callers can respond with clearer failure reasons.
• Preserve an explicit, opt-in local/demo fallback for developer and test scenarios only.

Description

• Update resolveSignerFromEns in lib/verifyReceipt.js to attempt resolution of the required TXT keys (cl.sig.pub, cl.sig.kid, cl.sig.canonical, cl.receipt.signer) first, and record resolver exceptions as key_resolution_failed vs missing data as ens_key_unavailable.
• Keep local runtime fallback limited to the demo signer (runtime.commandlayer.eth) and enabled only when allowLocalFallback is passed, COMMANDLAYER_ALLOW_LOCAL_KEY_FALLBACK=true, or NODE_ENV === 'test', and report sources as ens_txt or local_test_fallback via public_key_source.
• Add tests in tests/verifyReceipt-runtime.test.js to cover resolver-throw (key_resolution_failed) and env-flag gated fallback behavior, and update tests/api-verify.test.js to assert public_key_source === 'ens_txt' for ENS-path responses.
• Files changed: lib/verifyReceipt.js, tests/verifyReceipt-runtime.test.js, and tests/api-verify.test.js.

Testing

• Ran npm test, all tests passed (105 passed, 0 failed).
• Ran npm run check:links, all local links/assets resolved successfully.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
commandlayer-commandlayer-org	Ready	Preview, Comment	May 24, 2026 12:32am
commandlayer-org	Ready	Preview, Comment	May 24, 2026 12:32am
commandlayer-org111	Ready	Preview, Comment	May 24, 2026 12:32am