5 minutes · live runtime · verifiable receipts

Quickstart: call an agent, get a receipt, verify it.

CommandLayer standardizes what agents do by pinning request/receipt schemas to canonical ENS names. You keep the same contract as runtimes, facilitators, and payment rails evolve.

TL;DR: call POST /clean/v1.0.0 → get a signed receipt → verify hash + signature independently.

  • Pick a verb (start with deterministic clean), call the runtime endpoint.
  • Receive a structured receipt with cryptographic proof.
  • Verify: hash → signature (full verification adds schema + key resolution).
Run the curl Verify cryptographically ⬇️Download
Protocol v1.0.0 ENS-bound verbs Schemas pinned to IPFS + checksums Runtime live: runtime.commandlayer.org Receipts: Ed25519 + SHA-256

Step 1 — Call a live agent runtime

This is a real runtime endpoint. You send an x402 envelope (identity) plus input. The runtime returns a receipt you can validate and verify.

Copy/paste curl

Start with: clean (Commons v1.0.0, deterministic)

// request
curl -sS --max-time 20 \
  -X POST 'https://runtime.commandlayer.org/clean/v1.0.0' \
  -H 'Content-Type: application/json' \
  --data-binary '{
    "x402": {
      "entry": "x402://cleanagent.eth/clean/v1.0.0",
      "verb": "clean",
      "version": "1.0.0"
    },
    "actor": "quickstart.commandlayer.org",
    "trace": { "trace_id": "quickstart-001" },
    "input": { "content": "   hello   world  ", "operations": ["collapse_whitespace","trim"] }
  }'
Tip: you can change trace_id freely. Keep it stable if you chain steps.

After you’ve verified one deterministic receipt, try something more interpretive (e.g. summarize or analyze). See the Commons list: Commons →

If you see a 503, retry. The runtime may be warming or rate-limiting.
Tip: run the health check first: curl -sS https://runtime.commandlayer.org/health
If you get “schema mismatch”, your body doesn’t match the pinned request schema for that verb/version. Use a verb you know is enabled (start with clean or parse).

Step 2 — Understand the receipt

A CommandLayer receipt is evidence, not a log. It includes the verb identity, trace, result payload, and a cryptographic proof block.

Identity

Receipts carry x402.entry, verb, and version so callers can route, cache, and replay safely across runtimes.

Trace

Traces link multi-step flows and allow attribution. Use one shared trace_id across steps to group receipts.

Proof

metadata.proof includes the hash and signature. Third parties can verify receipts offline using the signer public key.

Receipt excerpt (shape)

// receipt (shape)
{
  "status": "success",
  "x402": { "entry": "x402://cleanagent.eth/clean/v1.0.0", "verb": "clean", "version": "1.0.0" },
  "trace": { "trace_id": "quickstart-001" },
  "result": { "content": "hello world" },
  "metadata": {
    "proof": {
      "alg": "ed25519-sha256",
      "canonical": "runtime-json-stringify-v1",
      "signer_id": "runtime.commandlayer.eth",
      "hash_sha256": "…",
      "signature_b64": "…"
    }
  }
}
Stability guarantee: runtime-json-stringify-v1 is frozen for Protocol v1.x. A future Protocol v2 will move to RFC 8785 (JCS) with a new canonical label.

Receipt schemas are public and pinned: Schemas index →

Step 3 — Resolve schemas, entry, and keys via ENS

Each agent publishes machine-readable TXT records. That’s how discovery tools and clients find the canonical entrypoint, schema URLs, and (optionally) receipt verification keys.

Example ENS TXT records (typical)

// TXT records
cl.verb                    clean
cl.version                 1.0.0
cl.class                   commons
cl.entry                   x402://cleanagent.eth/clean/v1.0.0
cl.schema.request          https://commandlayer.org/schemas/v1.0.0/...
cl.schema.receipt          https://commandlayer.org/schemas/v1.0.0/...
cl.cid.schemas             bafy...
cl.schemas.mirror.ipfs     ipfs://bafy...
cl.schemas.checksums.ipfs  ipfs://.../schemas.v1.0.0.checksums.txt
cl.agentcard               https://commandlayer.org/agent-cards/...
cl.cid.agentcards          bafy...
cl.owner                   commandlayer.eth
cl.receipt.alg             ed25519
cl.receipt.signer_id       runtime.commandlayer.eth
cl.receipt.pubkey_b64      ...

Agent Cards provide a higher-level descriptor (capabilities + schema set + routing hints): Agent Cards →

Key discovery: your verifier needs a public key. Publish it in ENS TXT (e.g. cl.receipt.pubkey_b64) or in the Agent Card, as long as it’s stable and owned by the ENS name.
Reality check: if you don’t publish keys yet, don’t claim “independent verification” without saying where the key comes from. Publish the key, then make the claim.

Step 4 — Verify a receipt (Node.js)

Minimal verification should be boring and deterministic: hash → signature. Full verification adds: schema validation + key resolution.

Install dependencies

Lightweight crypto primitives for Ed25519 verification (no blockchain dependency).

// npm
npm install tweetnacl tweetnacl-util

Verify code (minimal: hash → signature)

// verifyReceiptMinimal.js
import nacl from "tweetnacl";
import { decodeBase64 } from "tweetnacl-util";
import crypto from "crypto";

/**
 * Minimal receipt verification:
 * 1) remove signature from payload
 * 2) canonicalize bytes (matches runtime: "runtime-json-stringify-v1")
 * 3) hash sha256 over canonical bytes (utf8)
 * 4) verify Ed25519 signature over the hash bytes
 *
 * Threat model:
 * This proves the runtime produced this receipt for this request.
 * It does NOT prove the result is "true" — only attributable.
 *
 * NOTE: This does NOT validate schemas or resolve keys. That's the "full verifier".
 */
export function verifyReceiptMinimal(receipt, publicKeyBytes) {
  const proof = receipt?.metadata?.proof;
  if (!proof?.signature_b64 || !proof?.hash_sha256) return { ok: false, reason: "missing proof" };

  // clone + remove signature before hashing
  const unsigned = JSON.parse(JSON.stringify(receipt));
  if (unsigned?.metadata?.proof) delete unsigned.metadata.proof.signature_b64;

  // canonical bytes (v1: runtime-defined stable stringify)
  const canonical = JSON.stringify(unsigned);

  // hash sha256
  const hashHex = crypto.createHash("sha256").update(canonical, "utf8").digest("hex");
  if (hashHex !== proof.hash_sha256) return { ok: false, reason: "hash mismatch" };

  // verify Ed25519 signature over the hash bytes
  const hashBytes = Buffer.from(proof.hash_sha256, "hex");
  const sigBytes = decodeBase64(proof.signature_b64);

  const ok = nacl.sign.detached.verify(hashBytes, sigBytes, publicKeyBytes);
  return ok ? { ok: true } : { ok: false, reason: "signature invalid" };
}

Full verifier (schema validation + ENS/Agent Card key resolution): Runtime →

Canonicalization note: runtime-json-stringify-v1 is runtime-defined and frozen for Protocol v1.x. If you want cross-language verification without foot-guns, move to RFC 8785 (JCS) and label it explicitly.
Schema validation: if you want “schema → hash → signature” as a single script, link a reference verifier file (Node) that uses AJV + your published schema URLs.

Next steps

Once you can call one verb and verify one receipt, you can scale to flows and registries. The contract stays stable; execution changes.

Try a flow

Compose multiple verbs and inspect receipts per-step. Live Demo →

Browse schemas

All schemas are pinned, checksummed, and public. Schemas →

Publish an Agent Card

Describe capabilities so discovery tools can route to you. Agent Cards →

Download

If you want builders to download this quickstart (and you to share a stable file), publish it as a static asset with a direct link.

Recommended downloads

1) HTML (this page) — easy to mirror and share
2) PDF — good for “send me the doc” and offline reference
3) Sample receipt JSON — gives skeptics something real to diff & verify

// direct download links (you will host these)
HTML:          https://commandlayer.org/quickstart.html
PDF:           https://commandlayer.org/assets/commandlayer-quickstart.pdf
Sample receipt: https://commandlayer.org/assets/receipts/clean.quickstart.v1.0.0.json

If you want the browser to force a download, you can also provide an anchor with the download attribute (works best for same-origin files).

// download anchors
<a class="cl-blue-link" href="/quickstart.html" download>Download Quickstart (HTML)</a>
<a class="cl-blue-link" href="/assets/commandlayer-quickstart.pdf" download>Download Quickstart (PDF)</a>
<a class="cl-blue-link" href="/assets/receipts/clean.quickstart.v1.0.0.json" download>Download Sample Receipt (JSON)</a>

For PDFs: generate once, commit it, and serve it as a static file. Don’t generate PDFs dynamically.