Concept

Verification.

Every Decision Receipt is independently verifiable — by you, by your customer, by an auditor, by anyone, with no Agent Cert account required. This page explains what verification actually proves and how to do it.

What verification proves

A successfully-verified receipt proves three independent facts:

Integrity — the receipt's content (execution + evaluation) has not been modified since it was issued. We re-hash the stored data and compare.
Authenticity — Agent Cert (specifically: the issuer key bound to the receipt's policy_version at the time of issue) signed it. Ed25519 signature is checked against the published public key.
Anchoring — the receipt's hashes were committed to Solana at a specific block. The on-chain memo matches the off-chain receipt. Inspectable on the public ledger.

What verification does NOT prove

We're explicit about the limits so the certification is honest:

That the agent's output was correct — only that the network ran the configured rules and signed the result.
That the user actually authorized the action — that's your application's authentication concern.
That the execution metadata fully describes what really happened — garbage in still hashes to garbage. The receipt proves the metadata you submitted was evaluated and anchored faithfully.

How to verify a receipt

Web (no code)

Go to agentcert.net/r, paste the receipt ID, click Verify. You'll see one of three results: fully verified, mismatched, or anchoring-in-progress.

API

Re-verification endpoint — anonymous, no auth required:

curl https://YOUR-BACKEND/v1/receipts/rcpt_01HX.../verify

Returns:

{
  "verified":              true,
  "signature_valid":       true,
  "execution_hash_match":  true,
  "evaluation_hash_match": true,
  "checked_at":            "2026-05-23T00:42:13Z"
}

On-chain (cryptographic, no Agent Cert dependency)

If you don't trust Agent Cert's own backend, you can verify directly from the Solana ledger:

Look up the receipt's anchor tx signature (returned by GET /v1/receipts/{id}/anchor or shown on /r).
Open the tx on a Solana explorer (Solscan, Solana Explorer).
Read the on-chain memo — it contains the receipt's execution_hash + evaluation_hash.
Hash your copy of the receipt's execution data with SHA-256 and compare.
Verify the Ed25519 signature on the receipt against the published issuer public key.

The full hash chain

execution_metadata    ─sha256─►  execution_hash
evaluation_output     ─sha256─►  evaluation_hash

execution_hash + evaluation_hash + receipt_id + timestamp + policy_version
                       │
                       ├──► Ed25519 signature (off-chain)
                       │
                       └──► Solana memo (on-chain)

Signature algorithm

Ed25519. The issuer keypair is held in Azure Key Vault on the backend. The public key is published at /.well-known/agent-cert-pubkey so any third party can validate signatures without contacting our servers.

If verification fails

What you see	Likely cause
`signature_valid: false`	Receipt content was modified after signing, OR the issuer key was rotated and the receipt's key reference points to an unpublished key. Contact us.
`execution_hash_match: false`	The stored execution metadata differs from what was originally hashed. Indicates database corruption or tampering — flag immediately.
`anchor_status: failed`	Solana anchor worker has retried past its budget. The receipt is signed and valid off-chain; on-chain proof unavailable.
`anchor_status: pending`	Anchor in progress. Normal for the first few seconds after issue. Poll `GET /v1/receipts/{id}/anchor`.