API Reference

API surfaces for verifiable agent actions.

Use CommandLayer runtime, verifier, MCP, and website verifier surfaces to issue signed receipts, verify proof, and integrate verifiable agent workflows.

Try Verifier View Production Proof
Production proof status: Runtime production is live and signs canonical Trust Verification receipts. MCP E2E against production runtime passes: STEP 1 SIGNED, STEP 2 VERIFIED, STEP 3 TAMPERED INVALID. Runtime signer is runtime.commandlayer.eth with kid=vC4WbcNoq2znSCiQ. Canonical proof uses metadata.proof with json.sorted_keys.v1 as the standard receipt path; erc8211.composable.v1 — ERC-8211 composable execution canonicalization recognized. Merkle authorization verification is deferred pending the companion Merkle authorization ERC.

API surface overview

CommandLayer APIs expose runtime signing, receipt verification, MCP transport, and website verifier surfaces for verifiable agent actions.

Runtime API

Production execution/signing and verification surface.

MCP Transport

Bridge for MCP clients. Transport changes; proof model does not.

Trust Verification

Canonical Trust Verification v1 endpoints and verbs.

Website Verifier

Human-facing verification UI and public verifier surfaces.

SDK

Developer wrapper for receipts and verifier calls.

Schemas

Request/receipt/proof structure.

Runtime endpoints

GET https://runtime.commandlayer.org/health
POST https://runtime.commandlayer.org/verify
POST https://runtime.commandlayer.org/trust-verification/{verb}/v1.0.0

Supported Trust Verification verbs

sign, attest, authorize, approve, reject, permit, grant, authenticate, endorse

Important: verify is the verifier action/surface, not a signer endpoint.

Runtime sign example

curl -X POST https://runtime.commandlayer.org/trust-verification/sign/v1.0.0 \
  -H "content-type: application/json" \
  -d '{"payload":{"message":"hello from CommandLayer"}}'

Expected response shape

{
  "receipt": {
    "verb": "sign",
    "class": "trust-verification",
    "result": {
      "payload": {
        "message": "hello from CommandLayer"
      }
    },
    "metadata": {
      "proof": {
        "canonicalization": "json.sorted_keys.v1",
        "hash": {
          "alg": "SHA-256",
          "value": "..."
        },
        "signature": {
          "alg": "Ed25519",
          "kid": "vC4WbcNoq2znSCiQ",
          "value": "..."
        },
        "signer_id": "runtime.commandlayer.eth"
      }
    }
  }
}

Runtime verify example

curl -X POST https://runtime.commandlayer.org/verify \
  -H "content-type: application/json" \
  -d '{"receipt":{...}}'

VALID / VERIFIED

Hash and signature checks passed.

INVALID

Proof failed, payload changed, unsupported proof, wrong signer/key, or missing proof.

TRANSPORT_ERROR

Verifier/runtime unavailable or request failed.

MCP endpoint section

GET https://mcp.commandlayer.org/health
POST https://mcp.commandlayer.org/mcp
Important: GET /mcp is not expected to work. /mcp is POST-only MCP transport.

MCP tools

clas.trust-verification.verify, clas.trust-verification.sign, clas.trust-verification.attest, clas.trust-verification.authorize, clas.trust-verification.approve, clas.trust-verification.reject, clas.trust-verification.permit, clas.trust-verification.grant, clas.trust-verification.authenticate, clas.trust-verification.endorse

Trust boundary: The proof model is identical whether an action is called through MCP or direct HTTP. MCP changes transport, not trust. Runtime still signs. Verifier still validates. MCP does not hold keys.

Website verifier surfaces

Warning: Do not treat /api/verify as the canonical production verifier unless tests prove parity with runtime /verify.

Request/response conventions

Content-Type: application/json

Input for signer endpoints

{
  "payload": {}
}

Input for verifier endpoints

{
  "receipt": {}
}

Canonical proof fields

metadata.proof is required. metadata.trace is optional for multi-step workflow correlation (agents, spans, solver fills, and batch execution).

metadata.proof.signature can be a single Ed25519 object or an array of role-based Ed25519 signature entries.

Allowed signature roles: user, solver, relayer, agent, runtime, verifier. Do not assume every signature in a multi-signature array is verified unless your verifier explicitly validates all of them.

metadata.proof.canonicalization
metadata.proof.hash.alg
metadata.proof.hash.value
metadata.proof.signature (single object or role-based array)
metadata.proof.signer_id
metadata.trace (optional)

Error and status model

VALID / VERIFIED

Proof checks passed.

INVALID

Proof checks failed.

TRANSPORT_ERROR

Network/runtime/verifier unavailable.

BAD_REQUEST

Invalid request shape.

UNSUPPORTED_VERB

Unsupported capability verb.

MISSING_PROOF

Receipt missing metadata.proof.

HASH_MISMATCH

Canonical hash mismatch.

SIGNATURE_INVALID

Ed25519 signature invalid.

Security / trust boundaries

Developer integration paths

Direct HTTP

Call runtime endpoints directly.

MCP client

Use MCP tools and let the bridge forward to runtime.

SDK

Use @commandlayer/agent-sdk@1.2.0.

Manual verifier

Paste receipts into /verify.html.

Webhook Auto-Verify

Webhook Auto-Verify

Server-side accept/reject flow using runtime verification.

Open demo

Next steps

View Production Proof Explore Capabilities Wrap Your Agent Open Verifier