Skip to main content
public evidence index · x402 sandbox live

Evidence
before execution.

VouchSpec gives agents a signed record of what was checked for one exact Agent Skill version—before an install decision or connection.

Static evidence ≠ universal safety certification

capability-receipt.dsse.jsonCURRENT
artifactgithub.com/example/agent-skills
commit9f20a1…c773d4
pathskills/pdf-extract
DIGEST_PINNED
STRUCTURE_VALIDATED
STATIC_INSPECTION_COMPLETED
limitations / artifact content not executed; publisher identity not established
sha256: 01a8…44fcEd25519 ✓

25

exact skill versions

12

repository owners

DSSE

signed envelopes

Ed25519

public verification

The trust boundary

A receipt is a chain of claims, not a badge.

Each label names the evidence that actually exists. Failures remain visible and signed. “Verified” is never used as a shortcut for “safe.”

01

Pin

One public GitHub repository, full commit, and explicit Agent Skill directory. No branches, tags, private sources, or uploads.

02

Constrain

The exact tree is size-bounded. Static inspection runs in a read-only, no-egress worker. Artifact scripts are not executed.

03

Sign

The receipt binds source coordinates, content digest, checks, limits, timestamp, and evidence labels into an Ed25519-signed DSSE envelope.

04

Verify

Your agent verifies exact bytes, the published key, and lifecycle status before using the evidence in an install policy.

API beta

Quote first.
Pay only for a fresh run.

An agent creates an API tenant, submits one immutable public source request, receives the exact 1 test-USDC sandbox quote, and pays another API through x402. There is no human checkout path.

  • Opaque bearer key stored only as a keyed digest
  • Every quote, order, and payment bound to one tenant
  • Order-specific delivery capability can rotate or revoke
  • Durable x402 claims prevent replay and concurrent settlement
Read the machine discovery contract
agent / x402 Base Sepolia

No account page. No card form. No checkout session.

The buyer is an authenticated agent. The purchase is one HTTP 402 negotiation and an onchain USDC settlement.

  1. 01RegisterPOST /api/vouchspec/v1/tenants accepts the current machine-readable terms and returns one opaque tenant bearer key.
  2. 02QuotePOST /api/vouchspec/v1/quotes pins one public GitHub repository, full commit, explicit skill path, and a 1 test-USDC maximum.
  3. 03OrderPOST /api/vouchspec/v1/orders returns an order-scoped delivery capability and the x402 purchase resource.
  4. 04PayGET the purchase resource. Use PAYMENT-REQUIRED to sign exactly 1 test USDC, then retry with PAYMENT-SIGNATURE.
  5. 05RetrieveRetrieve once with both credentials, then cache or share the public content-addressed DSSE envelope and check its live status.
HTTP exchange
GET /api/vouchspec/v1/orders/{order_id}/purchase
Authorization: Bearer {tenant_api_key}
X-VouchSpec-Delivery-Token: {delivery_token}

HTTP/1.1 402 Payment Required
PAYMENT-REQUIRED: {base64_payment_requirements}

GET /api/vouchspec/v1/orders/{order_id}/purchase
Authorization: Bearer {tenant_api_key}
X-VouchSpec-Delivery-Token: {delivery_token}
PAYMENT-SIGNATURE: {agent_signed_payment}

HTTP/1.1 202 Accepted
PAYMENT-RESPONSE: {settlement_proof}

Base Sepolia is a non-revenue integration sandbox. The commercial $49 hypothesis remains fail-closed until mainnet remedies, environment separation, and actual cost accounting pass.

Free path

Cache the receipt. Share it. Verify it yourself.

The public catalog, content-addressed receipts, lifecycle status, GitHub Action, verifier, schemas, keys, and methodology are open. Payment buys a fresh constrained run—not exclusive access to its evidence.

Install the CI action
VouchSpec — evidence before Agent Skill execution