Skip to content

Add first-action scoped execution receipt checkpoint to claim activation pipeline#386

Merged
GsCommand merged 1 commit into
mainfrom
codex/add-scoped-execution-receipt-checkpoint
Jun 13, 2026
Merged

Add first-action scoped execution receipt checkpoint to claim activation pipeline#386
GsCommand merged 1 commit into
mainfrom
codex/add-scoped-execution-receipt-checkpoint

Conversation

@GsCommand

@GsCommand GsCommand commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

Motivation

  • Ensure a claimed tenant agent can prove it can produce a scoped execution-only receipt (clas.execution.receipt.v1) before being considered live.
  • Add a non-custodial challenge/verification checkpoint after genesis receipt and tenant proof verification without introducing settlement, stealth-address, or custody logic.

Description

  • Add DB migration db/migrations/010_first_action_receipt_fields.sql to create first_action_receipt_json, first_action_receipt_id, first_action_receipt_hash, first_action_receipt_status (default not_generated), first_action_receipt_verified_at, and first_action_receipt_error with an index on first_action_receipt_status.
  • Add admin endpoint POST /api/admin/generate-first-action-receipt that enforces paid/approved gating, tenant signer ENS/KID, signer-records verified, genesis receipt present, and tenant proof gates, and then stores an unsigned execution-only challenge.
  • Add public/claim endpoint POST /api/claims/submit-first-action-receipt to accept a tenant-submitted signed scoped execution receipt, verify schema, proof type, exact covers (receipt_id, verb, agent, action), signer ENS/KID matching, Ed25519 signature validity against the stored tenant public key, reject settlement-only or settlement-covered proofs, and persist verified receipt JSON/ID/hash/status.
  • Implement receipt construction and verification in lib/receipts/first-action-receipt.js with deterministic receipt_id, action input/output hashes, and explicit verification error codes for invalid shapes, signer mismatch, kid mismatch, signature invalid, and public key missing.
  • Surface first_action_receipt status in the public claim pipeline (api/claims/status.js) and add UI pieces in public/claim.html and public/admin/claims.html to show status, receipt id/hash, error message, and a button to generate the challenge.
  • Add tests in tests/first-action-receipt.test.js covering preflight gating, challenge shape, invalid signer/tamper/proof cases, and successful verified persistence.

Testing

  • Ran npm test, which executed the full suite including the new tests/first-action-receipt.test.js, and all tests passed.
  • Ran npm run check:links, and all local links/assets resolved successfully.

Codex Task

@vercel

vercel Bot commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
commandlayer-commandlayer-org Ready Ready Preview, Comment Jun 13, 2026 11:14pm
commandlayer-org Ready Ready Preview, Comment Jun 13, 2026 11:14pm
commandlayer-org111 Ready Ready Preview, Comment Jun 13, 2026 11:14pm

Request Review

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 13, 2026

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@GsCommand GsCommand merged commit 99af225 into main Jun 13, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GsCommand