How integrations fit
Integrations are the practical entry points for external systems into CommandLayer’s receipt layer.
Public verifiability begins after CommandLayer signs the receipt.
metadata.trace links related spans across event/payment/action/verification. metadata.proof stores canonical hash and Ed25519 signature proof material used by verification surfaces.
Coinbase Payments Webhook
Signed receipt pipeline
- Endpoint:
POST /api/examples/coinbase-webhook. - Server-side HMAC verification with
X-Hook0-Signature. - Raw request body is verified before JSON parsing.
- Webhook is normalized into a CLAS
observereceipt. - Receipt is signed by
runtime.commandlayer.eth. - Verification path includes
/api/verify.
Trust boundary: Coinbase HMAC authenticates the webhook to the receiving server. It is not public proof by itself because it depends on the shared secret. CommandLayer Ed25519 signing makes the normalized event portable and publicly verifiable.
Important receipt fields include subject.type: payment_transfer, transfer_status, metadata.trace, and metadata.proof.
x402 Paid Action
Payment-to-action receipts
- Endpoint:
POST /api/examples/x402-paid-action. - Accepts a paid-action request with an x402-style payment envelope.
- Executes a deterministic action.
- Emits a signed CLAS action receipt.
- Verifies through
/api/verify.
demo_accepted_envelope is the default developer onboarding mode and is not real settlement.
provider_verified is enabled when X402_PROVIDER_VERIFICATION_URL is configured with a real provider.
Trust boundary: The payment rail proves payment acceptance or settlement. CommandLayer proves what executed after payment acceptance and signs the result.
MCP Bridge
- MCP bridges clients to CommandLayer runtime.
- MCP does not sign receipts.
- MCP does not hold runtime private keys.
- Trust path: MCP client → MCP bridge → runtime → signed receipt → verifier.
SDK
@commandlayer/agent-sdkwraps agent actions and emits receipts.- The SDK helps builders produce receipts but is not the trust root.
- The receipt model is documented in /receipts.html.
- Capability families are mapped in /capabilities.html.