commandlayer · GsCommand · May 26, 2026 · May 26, 2026 · May 26, 2026
diff --git a/public/capabilities.html b/public/capabilities.html
diff --git a/public/schemas/trust-verification/README.md b/public/schemas/trust-verification/README.md
@@ -0,0 +1,107 @@
+# CLAS Trust Verification v1
+
+## 1. Overview
+
+Trust Verification v1 defines a standards-oriented, machine-readable schema family for trust-related machine actions and decisions. It provides canonical verbs and structured receipts for verification, identity confirmation, permissioning, attestations, approvals, rejections, signatures, and endorsements.
+
+The intent is protocol interoperability: consistent request/receipt structures that can be validated, exchanged, and independently verified across systems.
+
+## 2. Canonical verbs
+
+Trust Verification v1 defines these canonical verbs:
+
+- `verify`
+- `authenticate`
+- `authorize`
+- `attest`
+- `sign`
+- `permit`
+- `grant`
+- `approve`
+- `reject`
+- `endorse`
+
+## 3. Verb definitions
+
+- **verify**: checks whether a subject, proof, receipt, signature, artifact, claim, or workflow result is valid.
+- **authenticate**: confirms the identity of an actor, signer, agent, service, key, user, or caller.
+- **authorize**: determines whether an actor is allowed to perform an action under a policy or scope.
+- **attest**: creates a signed claim about a subject.
+- **sign**: applies cryptographic authorship, approval, or intent to a payload.
+- **permit**: represents a portable permission artifact.
+- **grant**: issues access, authority, rights, or permission to an actor.
+- **approve**: records a positive decision on a proposal, transaction, request, deployment, or workflow step.
+- **reject**: records a negative decision on a proposal, transaction, request, deployment, or workflow step.
+- **endorse**: adds reputation, support, or trust weight to an actor, signer, claim, schema, service, or capability.
+
+## 4. Semantic boundaries
+
+- **verify vs attest**
+  - `verify` evaluates existing evidence and returns a validity outcome.
+  - `attest` produces new signed evidence (a claim) about a subject.
+
+- **authenticate vs authorize**
+  - `authenticate` answers "who is this actor?"
+  - `authorize` answers "what is this actor allowed to do?"
+
+- **authorize vs approve**
+  - `authorize` is policy/scope enforcement for allowed actions.
+  - `approve` is a decision event on a specific request, transaction, or workflow step.
+
+- **grant vs permit**
+  - `grant` is the issuance action that assigns rights.
+  - `permit` is the transferable/portable artifact expressing those rights.
+
+- **approve vs reject**
+  - `approve` records a positive decision.
+  - `reject` records a negative decision.
+
+- **sign vs attest**
+  - `sign` binds cryptographic intent/authorship to payload bytes.
+  - `attest` expresses a semantic claim about a subject and is typically signed.
+
+- **endorse vs certify**
+  - `endorse` adds support or trust weight without claiming formal institutional certification.
+  - `certify` is intentionally excluded from v1 because it overlaps with `verify` and `attest` and may imply regulatory or institutional certification semantics.
+
+## 5. Shared proof model
+
+Every receipt references the shared proof schema:
+
+- `../_shared/proof.schema.json`
+
+Shared proof fields (as defined in `_shared/proof.schema.json`):
+
+- `metadata.proof.canonicalization` — canonicalization identifier (const: `json.sorted_keys.v1`)
+- `metadata.proof.hash.alg` — hash algorithm (const: `SHA-256`)
+- `metadata.proof.hash.value` — lowercase SHA-256 hex digest (`64` hex chars)
+- `metadata.proof.signature.alg` — signature algorithm (const: `Ed25519`)
+- `metadata.proof.signature.value` — signature value
+- `metadata.proof.signature.kid` — key identifier
+
+These fields provide a common cryptographic envelope model across all verb receipts.
+
+## 6. Schema-valid vs cryptographically valid
+
+A receipt can be valid JSON and pass schema validation while still failing cryptographic verification.
+
+Tampered receipts are expected to remain schema-valid but fail signature/hash verification.
+
+Schema conformance and cryptographic integrity are separate checks and must both be evaluated.
+
+## 7. Examples
+
+Each verb's `examples/` folder includes:
+
+- `valid.request.json`: a schema-valid request example for the verb.
+- `valid.receipt.json`: a schema-valid receipt example with intact proof fields.
+- `tampered.receipt.json`: a schema-valid receipt whose payload/proof relationship has been altered and should fail cryptographic verification.
+- `invalid.receipt.json`: a receipt that fails schema validation.
+
+## 8. File convention
+
+Each verb folder contains:
+
+- `<verb>.request.schema.json`
+- `<verb>.receipt.schema.json`
+- `examples/`
diff --git a/public/schemas/trust-verification/_shared/proof.schema.json b/public/schemas/trust-verification/_shared/proof.schema.json
@@ -0,0 +1,103 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://schemas.commandlayer.org/schemas/v1.0.0/trust/_shared/proof.schema.json",
+  "title": "CLAS Trust Proof",
+  "description": "Shared proof envelope for trust verification receipts.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "canonicalization",
+    "hash",
+    "signature"
+  ],
+  "properties": {
+    "canonicalization": {
+      "$comment": "erc8211.composable.v1: ERC-8211 composable execution canonicalization recognized. Merkle authorization verification is deferred pending the companion Merkle authorization ERC.",
+      "enum": [
+        "json.sorted_keys.v1",
+        "erc8211.composable.v1"
+      ]
+    },
+    "hash": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "alg",
+        "value"
+      ],
+      "properties": {
+        "alg": {
+          "const": "SHA-256"
+        },
+        "value": {
+          "type": "string",
+          "pattern": "^[a-fA-F0-9]{64}$"
+        }
+      }
+    },
+    "signature": {
+      "oneOf": [
+        {
+          "type": "object",
+          "additionalProperties": false,
+          "required": [
+            "alg",
+            "value",
+            "kid"
+          ],
+          "properties": {
+            "alg": {
+              "const": "Ed25519"
+            },
+            "value": {
+              "type": "string",
+              "minLength": 16
+            },
+            "kid": {
+              "type": "string",
+              "minLength": 1
+            }
+          }
+        },
+        {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": [
+              "alg",
+              "value",
+              "kid",
+              "role"
+            ],
+            "properties": {
+              "alg": {
+                "const": "Ed25519"
+              },
+              "value": {
+                "type": "string",
+                "minLength": 16
+              },
+              "kid": {
+                "type": "string",
+                "minLength": 1
+              },
+              "role": {
+                "type": "string",
+                "enum": [
+                  "user",
+                  "solver",
+                  "relayer",
+                  "agent",
+                  "runtime",
+                  "verifier"
+                ]
+              }
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/public/schemas/trust-verification/_shared/trace.schema.json b/public/schemas/trust-verification/_shared/trace.schema.json
@@ -0,0 +1,36 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://schemas.commandlayer.org/schemas/v1.0.0/trust/_shared/trace.schema.json",
+  "title": "CLAS Trace",
+  "description": "Shared trace envelope for correlating requests and receipts across agents, hops, workflows, solver fills, and spans.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "trace_id"
+  ],
+  "properties": {
+    "trace_id": {
+      "type": "string",
+      "maxLength": 128
+    },
+    "span_id": {
+      "type": "string",
+      "maxLength": 128
+    },
+    "parent_span_id": {
+      "type": "string",
+      "maxLength": 128
+    },
+    "timestamp": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "tags": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "string",
+        "maxLength": 512
+      }
+    }
+  }
+}
diff --git a/public/schemas/trust-verification/approve/approve.mcp.tool.schema.json b/public/schemas/trust-verification/approve/approve.mcp.tool.schema.json
@@ -0,0 +1,18 @@
+{
+  "name": "clas_trust_approve",
+  "title": "CLAS Trust Approve",
+  "description": "Record a positive decision on a proposal, transaction, request, deployment, or workflow step. Successful execution returns a CLAS approve receipt.",
+  "inputSchema": {
+    "$ref": "./approve.request.schema.json"
+  },
+  "outputSchema": {
+    "$ref": "./approve.receipt.schema.json",
+    "description": "CLAS approve receipt returned when approve execution succeeds."
+  },
+  "annotations": {
+    "readOnlyHint": false,
+    "destructiveHint": false,
+    "idempotentHint": false,
+    "openWorldHint": false
+  }
+}
diff --git a/public/schemas/trust-verification/approve/approve.openapi.yaml b/public/schemas/trust-verification/approve/approve.openapi.yaml
@@ -0,0 +1,28 @@
+openapi: 3.1.0
+info:
+  title: CLAS Trust Verification Approve API
+  version: 1.0.0
+paths:
+  /v1/trust-verification/approve:
+    post:
+      operationId: approveTrustVerificationAction
+      description: Record a positive decision on a proposal, transaction, request, deployment, or workflow step.
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: ./approve.request.schema.json
+      responses:
+        '200':
+          description: Approve receipt.
+          content:
+            application/json:
+              schema:
+                $ref: ./approve.receipt.schema.json
+        '400':
+          description: Invalid CLAS request.
+        '401':
+          description: Unauthorized signer or caller.
+        '422':
+          description: Semantic validation failure.
diff --git a/public/schemas/trust-verification/approve/approve.receipt.schema.json b/public/schemas/trust-verification/approve/approve.receipt.schema.json
@@ -0,0 +1,83 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://schemas.commandlayer.org/schemas/v1.0.0/trust/approve/approve.receipt.schema.json",
+  "title": "CLAS Trust Approve Receipt",
+  "description": "A signed receipt proving that an approval decision was made.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "version",
+    "family",
+    "verb",
+    "receipt_id",
+    "request",
+    "approval",
+    "ts",
+    "metadata"
+  ],
+  "properties": {
+    "version": {
+      "const": "1.0.0"
+    },
+    "family": {
+      "const": "trust"
+    },
+    "verb": {
+      "const": "approve"
+    },
+    "receipt_id": {
+      "type": "string",
+      "minLength": 1
+    },
+    "request": {
+      "$ref": "./approve.request.schema.json"
+    },
+    "approval": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "status"
+      ],
+      "properties": {
+        "status": {
+          "type": "string",
+          "enum": [
+            "approved",
+            "denied",
+            "conditional",
+            "expired"
+          ]
+        },
+        "approval_id": {
+          "type": "string"
+        },
+        "reason": {
+          "type": "string"
+        },
+        "expires_at": {
+          "type": "string",
+          "format": "date-time"
+        }
+      }
+    },
+    "ts": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "metadata": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "proof"
+      ],
+      "properties": {
+        "proof": {
+          "$ref": "../_shared/proof.schema.json"
+        },
+        "trace": {
+          "$ref": "../_shared/trace.schema.json"
+        }
+      }
+    }
+  }
+}