Independent Verification
Free conformance verification for x402 agent commerce. JCS (RFC 8785) canonicalization + SHA-256.
When an AI agent pays for a service, nothing currently proves what the agent did after payment. The action_ref binds a payment to a specific action through a deterministic, re-derivable hash using RFC 8785 canonicalization and SHA-256 digesting. For this to work across implementations, every party must produce identical hashes from identical inputs -- a property validated through the IETF interoperability precedent and W3C conformance methodology. This harness tests that property.
Reference implementation. JCS + SHA-256 conformance harness.
Payment and work-layer action_ref derivation. 4 trail-state fixtures verified.
Two-receipt Ed25519 binding model.
| Vector | Implementation | Expected | Actual | Notes |
|---|---|---|---|---|
| 0001-baseline | argentum-core@77a10ff | PASS | PASS | Canonical 4-field derivation against reference implementation |
| 0002-ms-precision-trap | crest-adversarial@v0.2.0 | FAIL | FAIL | Timestamp .000Z vs Z -- JCS treats strings as opaque bytes |
| 0003-trailing-whitespace | crest-adversarial@v0.2.0 | FAIL | FAIL | Trailing space in action_type breaks hash silently |
| 0004-extra-field-ignored | crest-adversarial@v0.2.0 | PASS | PASS | Extra fields stripped to canonical 4-field set before hashing |
| 0005-key-order-resilience | crest-adversarial@v0.2.0 | PASS | PASS | JCS sorts keys lexicographically regardless of insertion order |
| 0006-rfc8785-negative-zero | rfc8785-appendix-b@RFC 8785 | PASS | PASS | RFC 8785 reference: -0 serializes as 0 |
| 0007-rfc8785-key-sorting-stress | rfc8785-appendix-b@RFC 8785 | PASS | PASS | Reverse-ordered keys produce identical output per RFC 8785 Section 3.2.3 |
Canonicalization: RFC 8785 (JCS)
Hash: SHA-256
Key ordering: Lexicographic
Timestamps: RFC 3339 UTC, 3-digit ms
Submit an action receipt. Get back a conformance verdict with a public permalink.
curl -X POST https://verify.crestsystems.ai/v1/verify \
-H "Content-Type: application/json" \
-d '{
"action_ref": "<sha256-hex>",
"preimage": {
"action_type": "...",
"agent_id": "...",
"scope": "...",
"timestamp": "2025-01-01T00:00:00.000Z"
}
}'Returns: verdict (PASS/FAIL), canonical bytes, chain hash, and a public permalink at verify.crestsystems.ai/v1/verdict/:id
Full accountability path. Start from a Base mainnet payment hash, walk to the action_ref, verify the binding.
curl -X POST https://verify.crestsystems.ai/v1/trace \
-H "Content-Type: application/json" \
-d '{"payment_hash": "0x..."}'Returns: payment details, derived action_ref, accountability receipt, and step-by-step trace from on-chain payment to verified action.
Open an issue or PR on the harness repo following the conformance intake schema. Negative vectors are encouraged. All implementations are graded by the same rubric.
github.com/andysalvo/action-ref-verifyAll endpoints free. No auth required. Rate limited to 30 req/min.OpenAPI spec | Discovery
Reports describe conformance of submitted artifacts to a published spec at a point in time. They are not endorsements, audits, or warranties. This harness verifies against the spec as written at the pinned version. It does not warrant spec correctness.
Maintained by Crest Deployment Systems -- deploying scalable intelligence.