- Receipt model → /receipts.html
- Capability map → /capabilities.html
- Live Proof → /proof.html
- Protocol architecture → /protocol.html
- Verify a receipt → /verify.html
Add verifiable receipts to agent actions.
@commandlayer/agent-sdk wraps agent actions and emits canonical metadata.proof receipts that can be checked by CommandLayer verifiers.
The SDK emits the same CommandLayer receipt model explained in /receipts.html and demonstrated in /proof.html. Capability families are mapped in /capabilities.html; the SDK wraps actions so builders can emit signed receipts without making the SDK the trust root.
Runtime production is live. Runtime signs canonical Trust Verification receipts. MCP E2E against production runtime passes: STEP 1 SIGNED, STEP 2 VERIFIED, STEP 3 TAMPERED INVALID. Runtime signer:
signer_id = runtime.commandlayer.eth, kid = vC4WbcNoq2znSCiQ. Canonical proof keeps json.sorted_keys.v1 as the standard receipt path, while erc8211.composable.v1 recognizes ERC-8211 composable execution canonicalization. Merkle authorization verification is deferred pending the companion Merkle authorization ERC. Signature shape supports single-signature and multi-signature proof entries for solver/relayer/batch workflows.Install the SDK package.
npm install @commandlayer/agent-sdk @commandlayer/agent-sdk@1.2.0
Canonical SDK configuration and wrap flow.
import { CommandLayer } from "@commandlayer/agent-sdk";
const cl = new CommandLayer({
agent: "runtime.commandlayer.eth",
privateKeyPem: process.env.CL_PRIVATE_KEY_PEM,
keyId: "vC4WbcNoq2znSCiQ",
verifierUrl: "https://runtime.commandlayer.org/verify"
});
const { output, receipt } = await cl.wrap("sign", async () => {
return {
message: "hello from SDK"
};
});
const verified = await cl.verify(receipt);Canonical metadata.proof and metadata.trace fields.
metadata.proof.canonicalization = "json.sorted_keys.v1"
metadata.proof.hash.alg = "SHA-256"
metadata.proof.hash.value = "..."
metadata.proof.signature = { alg: "Ed25519", kid: "vC4WbcNoq2znSCiQ", value: "..." } // single-signature proof
metadata.proof.signer_id = "runtime.commandlayer.eth"
metadata.trace = { trace_id: "trace_..." } // optional correlation metadataWhat the SDK does not do.
- SDK is not the protocol itself.
- SDK is not the verifier.
- SDK is not MCP.
- SDK does not make schema-valid equal verified.
- Verification requires hash and signature checks.
How the layers fit together.
The SDK is for developers wrapping actions and generating canonical receipt metadata in client or server code.
The runtime is the production signer/executor. MCP is a bridge. VerifyAgent/verifier validates receipts and returns verification states.
Canonical Trust Verification v1 verbs.
These verbs are canonical Trust Verification v1 verbs, and runtime-backed production receipt endpoints exist for production verification flows.
VALID / VERIFIED = hash and signature checks passed. INVALID = proof failed. TRANSPORT_ERROR = verifier/runtime unavailable or request failed.