Skip to content

Fix verifier sample and add Docs links for Playground/Webhook Demo#353

Merged
GsCommand merged 1 commit into
mainfrom
codex/fix-verification-sample-and-update-docs-nav
May 26, 2026
Merged

Fix verifier sample and add Docs links for Playground/Webhook Demo#353
GsCommand merged 1 commit into
mainfrom
codex/fix-verification-sample-and-update-docs-nav

Conversation

@GsCommand
Copy link
Copy Markdown
Contributor

@GsCommand GsCommand commented May 26, 2026

Motivation

  • The manual verifier sample used a legacy top-level proof shape that the verifier intentionally rejects (hasLegacyTopLevelProof), so loading the sample produced INVALID even when not tampered.
  • Improve discoverability of the interactive demos by surfacing Playground and Webhook Demo in the Docs dropdown without adding top-level nav clutter.
  • Keep all cryptographic verification strict and use the real verifier logic/API rather than faking verdicts in the frontend.

Description

  • Replace legacy proof shape in public/receipts/demo-valid-receipt.json and public/receipts/demo-tampered-receipt.json with canonical metadata.proof fields (hash.alg/value, signature.alg/kid/value, signer_id) so the real verifier can return VERIFIED for the valid fixture and INVALID for the tampered fixture.
  • Adjust the verifier UI in public/verify.html to emphasize Load Sample as primary and Load Tampered as danger, update explanatory copy to clarify that VERIFIED = hash and signature passed and INVALID = tampered/stale/malformed/metadata mismatch, and leave the real /api/verify flow intact (no hardcoded verdicts).
  • Add Playground (/playground.html) and Webhook Demo (/webhook-auto-verify.html) links into the Docs dropdown across public pages and add reciprocal small cross-link cards between /playground.html, /webhook-auto-verify.html, and /proof.html for discovery.
  • Add tests/public-pages.test.js to assert that the valid sample verifies as VERIFIED, the tampered sample verifies as INVALID, public/js/verify.js references the sample fixture path, and pages include the new demo links while avoiding raw-markdown nav links.

Testing

  • Ran npm test and all test suites passed (69 tests, 0 failures), including the new tests/public-pages.test.js which asserts the valid sample is VERIFIED and the tampered one is INVALID.
  • Ran npm run check:links and node scripts/check-local-links.mjs, which reported all local links/assets resolved across HTML files.
  • Ran the example checks in examples/webhook-auto-verify with npm run check, which succeeded.
  • Verified outcomes: the old sample was invalid due to legacy top-level proof fields; the updated valid fixture now yields VERIFIED with hash_matches: true and signature_valid: true, and the tampered fixture yields INVALID with hash/signature mismatch; the UI still calls /api/verify (no frontend hardcoding); Docs dropdown now includes /playground.html and /webhook-auto-verify.html consistently.

Codex Task

@vercel
Copy link
Copy Markdown

vercel Bot commented May 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
commandlayer-commandlayer-org Ready Ready Preview, Comment May 26, 2026 1:02am
commandlayer-org Ready Ready Preview, Comment May 26, 2026 1:02am
commandlayer-org111 Ready Ready Preview, Comment May 26, 2026 1:02am

Request Review

@GsCommand GsCommand merged commit fb207d5 into main May 26, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GsCommand