Tools / Verify

Anyone can check. No account required.

Hand someone a sealed bundle and they can confirm — independently, offline if they want — that it was signed by the right identity, includes the right data, and was registered at the time it claims. No login, no API key, no trust in VLI required.

curl https://verifylinkinfra.com/install.sh | bash
clearkey verify ./bundle.json

What it means.

Verification reads three things: the bundle's signature, the canonical hash of its payload, and the Merkle inclusion proof from the registry. If all three pass, the bundle is real, unaltered, and registered on the date it claims. ClearKey does this offline once it has the relevant public keys and a recent registry root — no network calls required.

What gets verified.

Signed bundles

Registry inclusion

Identity attestations

Chain-of-custody

How to do it on VLI.

CLI Primary

clearkey verify bundle.json

Open source · Apache 2.0 · works offline

MCP

ai_verify({
  "session_bundle": "..."
})

From mcp-ai-trust

API

GET /registry-api/log/{logId}
  /proof/{leafHash}

Under the hood.

</> Verification procedure

1. hash = SHA-256(JCS(bundle.payload))
2. assert hash == bundle.contentHash
3. assert Ed25519.verify(bundle.keyId, hash, bundle.signature)
4. walk auditPath from leafHash → rootHash
5. assert rootHash matches signed tree head
→ all pass: bundle is valid

What it means.

What gets verified.

How to do it on VLI.

CLI Primary

MCP

API

Under the hood.

See it work.