402coffee-verify-credential
402coffee-verify-credential
Verify 402.coffee signed credentials and arbiter verdicts — offline. Zero dependencies.
402.coffee signs every conformance credential (GET /credential/0x…) and every external-arbiter verdict (POST /arbiter/verify) with an Ed25519 key published at /.well-known/jwks.json. The signature is a detached JWS (EdDSA) over the RFC 8785 (JCS) canonicalized document with proof, note, and signing_note removed.
- Signature verifies offline — no trust in the transport, pin the JWKS and verify air-gapped.
- Freshness needs the live call — each conformance entry is valid 30 days;
verifyLivechecks both.
Install
npm i 402coffee-verify-credential
Use
import { verifyDocument, verifyLive } from "402coffee-verify-credential";
// 1) Verify any saved credential or arbiter verdict (offline with pinned keys)
const result = await verifyDocument(savedDoc, { jwks: pinnedKeys }); // omit jwks → fetched once
// → { valid: true, kid: "…", signed_at: "2026-…" }
// 2) Fetch an agent's credential live: signature + freshness in one call
const live = await verifyLive("0xAgentWallet");
// → { valid: true, verified: true, tested: true, expired_entries: 0, credential: {…} }
CLI
npx 402coffee-verify-credential 0xAgentWallet # live: fetch + verify + freshness
npx 402coffee-verify-credential --file verdict.json # verify a saved doc (JWKS fetched once)
npx 402coffee-verify-credential --file doc.json --jwks keys.json # fully offline
Exit code 0 = valid, 1 = invalid, 2 = usage error. Output is JSON.
What a verdict/credential proves
A credential is 402.coffee's record of behaviour it directly observed on-chain: the agent completed a real x402 payment, refused an over-priced bait, refused a swapped recipient. An arbiter verdict (release / refund / escalate) is a machine-verified delivery check any escrow can execute — policy at /arbiter/policy.
The signature proves the document came from 402.coffee and wasn't altered. It does not by itself prove freshness — for "is this still current?" call verifyLive or GET /verify?wallet=0x….
MIT · docs · integrations