verify.headlessoracle.com

Static, client-side Ed25519 verifier for Headless Oracle signed market-state receipts. Deployed to verify.headlessoracle.com.

The page lets anyone — agent, auditor, regulator, or a human with a browser — confirm that a receipt was signed by the operator's published key, without trusting any intermediary. All cryptography happens in the browser via the Web Crypto API.

Why this exists

Headless Oracle answers one question: is this exchange open right now? Every answer is an Ed25519-signed attestation. For the trust model to mean anything, anyone must be able to verify a receipt without trusting Headless Oracle's servers. This page is the open-source artifact that does that.

How verification works

The signing spec is short:

1. Drop the signature field.
2. Sort remaining keys alphabetically.
3. JSON.stringify with no whitespace.
4. UTF-8 encode.
5. Verify with Ed25519 (RFC 8032) against the public key whose key_id matches the receipt's public_key_id.

The public key is published at /.well-known/oracle-keys.json under RFC 8615 well-known URI conventions.

Running locally

npm install
npm test            # runs the 6-test suite + a live /v5/demo round-trip
npm run dev         # serves index.html on http://localhost:8788 via wrangler

To run the test suite without the live network round-trip:

HEADLESS_ORACLE_OFFLINE=1 npm test

Repo layout

File	Role
index.html	Single-page UI
style.css	Theming (light/dark)
ui.js	Tab routing, paint, fetch orchestration
verify.js	Verification pipeline
canonical.js	Canonical-JSON construction
_headers	Cloudflare Pages security headers (CSP, HSTS, etc.)
tests/verify.test.js	6-test suite
tests/fixtures/build-fixtures.mjs	Generates known-good.json fixture
tests/fixtures/known-good.json	Deterministic fixture for offline tests
wrangler.toml	Cloudflare Pages project configuration
package.json	npm metadata + scripts; @noble/ed25519 is a devDependency only

Auditing this verifier

Trust the math, not the deploy. Three checks anyone should run:

1. Read the verification pipeline. It's ~150 lines across verify.js and canonical.js. Every step has a single responsibility. There is no server-side fallback path.
2. Run the test suite. npm test proves the verifier accepts a known-good receipt, rejects a single-byte signature mutation, rejects a single-field payload mutation, rejects an unknown-key reference, and rejects malformed input.
3. Round-trip a live receipt. Test #6 fetches a fresh receipt from /v5/demo?mic=XNYS and verifies it against the live registry.

The cryptography is delegated to the browser's Web Crypto API (crypto.subtle.verify({ name: 'Ed25519' }, ...)) — the same primitive TLS uses for Ed25519 today. There is no custom Ed25519 implementation in this codebase. @noble/ed25519 appears in devDependencies only, used by tests/fixtures/build-fixtures.mjs to sign the deterministic test vector.

Deploying

npx wrangler pages project create verify-headlessoracle
npm run deploy

The site is static. There is no build step. There is no server-side code.

Security posture

• All cryptographic verification happens in the browser.
• Two outbound network calls: GET /.well-known/oracle-keys.json and (in fetch-from-Oracle mode) GET /v5/demo.
• No telemetry, no analytics, no third-party scripts.
• _headers ships a Content Security Policy that disallows inline scripts and restricts connect-src to headlessoracle.com.

License

MIT — see LICENSE. Copyright © 2026 Michael Msebenzi / LembaGang.

Standards referenced

• Ed25519 — RFC 8032
• Well-known URIs — RFC 8615
• Headless Oracle canonical payload — /v5/keys
• Multi-Oracle Consensus v1 — spec