Embedded Verification

Show receipt verification inside your product.

CommandLayer badges let apps display verifier results where users make decisions — verified, invalid, or unavailable.

Open Verifier Run Auto-Verify Demo

Badge states

VERIFIED

Hash and Ed25519 signature checks passed.

status: VALID
hash_matches: true
signature_valid: true

INVALID

Receipt payload changed or proof failed.

status: INVALID
hash_matches: false
signature_valid: false

TRANSPORT_ERROR

Verifier/runtime unavailable or request failed.

status: TRANSPORT_ERROR

What the badge does

  • receives or fetches a receipt
  • submits the receipt to a verifier
  • displays VALID / INVALID / TRANSPORT_ERROR
  • links to the full verifier view
  • can be embedded in dashboards, product UIs, marketplaces, agent logs, or audit trails

What the badge does not do

  • does not sign receipts
  • does not hold private keys
  • does not replace the verifier
  • does not make schema-valid equal verified
  • does not replace webhook sender authentication

What gets checked through the verifier

  • receipt structure
  • metadata.proof present
  • json.sorted_keys.v1 canonicalization (standard JSON receipt path)
  • erc8211.composable.v1 — ERC-8211 composable execution canonicalization recognized. Merkle authorization verification is deferred pending the companion Merkle authorization ERC.
  • SHA-256 hash match
  • Ed25519 signature validity
  • signature.kid (vC4WbcNoq2znSCiQ)
  • signer_id (runtime.commandlayer.eth)
  • supported capability verb
  • tamper invalidation

Canonical proof model (single-signature example):

metadata.proof.canonicalization = json.sorted_keys.v1
metadata.proof.hash.alg = SHA-256
metadata.proof.hash.value
metadata.proof.signature = { alg, kid, value }
metadata.proof.signer_id = runtime.commandlayer.eth
metadata.trace = { trace_id, span_id? } (optional)

Multi-signature shape is also supported for solver/relayer/batch workflows via metadata.proof.signature[] entries with role values of user, solver, relayer, agent, runtime, or verifier.

Runtime endpoint: https://runtime.commandlayer.org.

Live proof tie-in

Manual verification: Paste and inspect a receipt at /verify.html.

Production proof: See runtime sign, verify, and tamper invalidation at /stack-proof-demo.html.

Automatic verification: Run the webhook auto-verify demo at /proof.html.

Embedded verification: Use this badge pattern to display the result wherever the receipt is used.

Embed example

<div
  class="commandlayer-verify-badge"
  data-receipt-url="/receipts/demo-valid-receipt.json">
</div>
<script src="/js/verify-badge.js"></script>

The script fetches the receipt, calls the verifier, and renders the badge state.