Agent commerce receipts · LAW-25 hash-chain · Base L2

Did the agent actually do what it claimed?

Paste a receipt reference. This page fetches the live public audit chain and re-walks the SHA-256 hash-chain links in your own browser with crypto.subtle — the linkage is re-walkable client-side; you run the check, not us. Authorship of each row is operator-attested (HMAC-sealed server-side), so we say plainly which part you prove and which part you trust.

Read this first — honest status This is a demo to show how receipt verification works. We only show what we can prove.
Step 1 · the receipt

Paste a receipt hash or an agent action

A receipt is one row in the public chain. It references the row's chainlink_row hash. Paste a chainlink_row from the live chain, or just use a sample — either way we re-walk the live chain and locate it.

Receipt input
No account, no key, no wallet. The re-walk is read-only and runs entirely in your browser via crypto.subtle. The spot-check asks the live endpoint to recompute one row's leaf — that part is operator-attested, and we say so.
real · client-side
LINKAGE RE-WALKABLE
Not run yet.
demo
UNDER-CAP
Not run yet.
demo
DID-WHAT-CLAIMED
Not run yet.
 live — press “Verify this receipt” to fetch and re-walk the real chain
# This terminal shows real responses from ironbridge.foundation/api/law25/verify
# The re-walk runs locally with your browser's crypto.subtle — nothing is taken on trust.
What each check means

Real vs demo — stated plainly

LINKAGE RE-WALKABLE
REAL — runs in your browser. Every receipt is a row in a SHA-256 hash-chain. Your browser fetches the live window and confirms each row's chainlink_prev equals the previous row's chainlink_row, and that the server's reported head matches the row we walked to. A clean re-walk proves the visible chain is internally continuous — no row was inserted, dropped, or re-ordered without breaking a link. What this does NOT prove on its own: that any payment cleared (that is an assertion in the row — check the txHash on Base yourself), and that the withheld leaf contents are authentic (see below).
LEAF + AUTHORSHIP
OPERATOR-ATTESTED. Each row's hash is computed over a canonical leaf whose contents are withheld to protect internal operations, and each row carries a keyed HMAC authorship seal held server-side. You can ask the endpoint to spot-recompute one row's leaf integrity (?row=N) — but that recompute happens on our server, so it is attested by us, not reproduced by you. We label it operator-attested and never call it stranger-reproducible.
UNDER-CAP
DEMO. The off-LLM capability gate decides per-action whether a money move is below the trusted per-move / daily cap (caps come from a trusted registry, never the request). That gate attestation is not yet exposed on the public endpoint, so we cannot prove it client-side today. Shown for shape only.
DID-WHAT-CLAIMED
DEMO. Proving the served result matches the claimed action needs each row's hash pre-image (the full action payload), which the public surface intentionally does not expose yet. We show the linkage we can prove and mark the rest honestly as coming.