SDK Records

Add verifiable receipts to agent actions.

@commandlayer/agent-sdk wraps agent actions and emits canonical metadata.proof receipts that can be checked by CommandLayer verifiers.

The SDK emits the same CommandLayer receipt model explained in /receipts.html and demonstrated in /proof.html. Capability families are mapped in /capabilities.html; the SDK wraps actions so builders can emit signed receipts without making the SDK the trust root.

Wrap an agent action, emit a canonical receipt, and verify the proof.
Runtime production is live. Runtime signs canonical Trust Verification receipts. MCP E2E against production runtime passes: STEP 1 SIGNED, STEP 2 VERIFIED, STEP 3 TAMPERED INVALID. Runtime signer: signer_id = runtime.commandlayer.eth, kid = vC4WbcNoq2znSCiQ. Canonical proof keeps json.sorted_keys.v1 as the standard receipt path, while erc8211.composable.v1 recognizes ERC-8211 composable execution canonicalization. Merkle authorization verification is deferred pending the companion Merkle authorization ERC. Signature shape supports single-signature and multi-signature proof entries for solver/relayer/batch workflows.
Install

Install the SDK package.

npm install @commandlayer/agent-sdk

@commandlayer/agent-sdk@1.2.0
Quickstart

Canonical SDK configuration and wrap flow.

import { CommandLayer } from "@commandlayer/agent-sdk";

const cl = new CommandLayer({
  agent: "runtime.commandlayer.eth",
  privateKeyPem: process.env.CL_PRIVATE_KEY_PEM,
  keyId: "vC4WbcNoq2znSCiQ",
  verifierUrl: "https://runtime.commandlayer.org/verify"
});

const { output, receipt } = await cl.wrap("sign", async () => {
  return {
    message: "hello from SDK"
  };
});

const verified = await cl.verify(receipt);
Receipt shape

Canonical metadata.proof and metadata.trace fields.

metadata.proof.canonicalization = "json.sorted_keys.v1"
metadata.proof.hash.alg = "SHA-256"
metadata.proof.hash.value = "..."
metadata.proof.signature = { alg: "Ed25519", kid: "vC4WbcNoq2znSCiQ", value: "..." }   // single-signature proof
metadata.proof.signer_id = "runtime.commandlayer.eth"
metadata.trace = { trace_id: "trace_..." } // optional correlation metadata
What the SDK does
Wraps agent actions into consistent execution envelopes.
Emits canonical receipts for each wrapped action.
Normalizes canonical proof shape under metadata.proof.
Calls verifier endpoints to confirm receipt validity.
The same receipt model used by the SDK is now shown in live integration examples for Coinbase webhooks and x402 paid actions. Explore integrations.
Helps developers integrate without rebuilding proof plumbing.
Trust boundaries

What the SDK does not do.

  • SDK is not the protocol itself.
  • SDK is not the verifier.
  • SDK is not MCP.
  • SDK does not make schema-valid equal verified.
  • Verification requires hash and signature checks.
Runtime vs SDK

How the layers fit together.

The SDK is for developers wrapping actions and generating canonical receipt metadata in client or server code.

The runtime is the production signer/executor. MCP is a bridge. VerifyAgent/verifier validates receipts and returns verification states.

Trust Verification verbs supported

Canonical Trust Verification v1 verbs.

verify
sign
attest
authorize
approve
reject
permit
grant
authenticate
endorse

These verbs are canonical Trust Verification v1 verbs, and runtime-backed production receipt endpoints exist for production verification flows.

Verification states

VALID / VERIFIED = hash and signature checks passed. INVALID = proof failed. TRANSPORT_ERROR = verifier/runtime unavailable or request failed.