headlessoracle.com / verify

Verify a signed market-state receipt

Headless Oracle issues Ed25519-signed attestations of exchange status. This page verifies them entirely in your browser, against the live key registry at /.well-known/oracle-keys.json. No server-side verification, no proxying, no telemetry.

Source: github.com/headlessoracle/verify · Algorithm: Ed25519 (RFC 8032) · Canonicalization: alphabetical key sort + JSON.stringify with no whitespace.

Paste a receipt

Paste any signed receipt JSON from Headless Oracle. Both the wrapped envelope (with receipt, discovery_url, extensions) and the flat inner receipt are accepted.

Fetch from Oracle

Pulls a fresh signed receipt from https://headlessoracle.com/v5/demo for the chosen MIC and verifies it. Demo receipts are unauthenticated and free; this is the fastest way to confirm the verifier round-trips against live infra.

Raw response 

    

    
  


  
  

    
Tampering test

    

      Paste a known-good receipt. The page verifies the original (should pass),
      then mutates one byte and verifies the mutated copy (should fail). This
      proves the verification is real, not theatre.
    

    

      
    

    
    

      Mutate
      
      
      
      
    

    

      
    

    
Original receipt

    
    
After mutation

    

      Mutated payload
      

    

    
  


  
  

    
Public key registry

    

      Live response from
      /.well-known/oracle-keys.json
      (RFC 8615 well-known URI). The verifier above uses this registry to look
      up the public key referenced by each receipt's public_key_id.
    

    

      
    

    
Loading…

    

  


  
  

    
How does this work?

    
    
      
  1. 
        Headless Oracle serves cryptographic attestations of
        market state — for each exchange, a signed receipt stating whether it
        is OPEN, CLOSED, HALTED, or UNKNOWN. The signing key is held by the
        operator; the public key is published at
        /.well-known/oracle-keys.json.
      
    2. 
      
  2. 
        Each receipt is signed with Ed25519 (RFC 8032). The
        signature covers a canonical JSON serialisation of the
        receipt's signed fields: keys sorted alphabetically,
        JSON.stringify with no whitespace, UTF-8 encoded. The
        exact signed-field set is published at
        /v5/keys → canonical_payload_spec.
      
    3. 
      
  3. 
        Client-side verification is the point. Anyone — agent,
        auditor, regulator, or a human with a browser — can confirm that a
        receipt was signed by the operator's published key, without trusting
        any intermediary. This page does it in plain JavaScript using the
        browser's Web Crypto API. Read the source at
        github.com/headlessoracle/verify.
      
    4. 
      
  4. 
        Why it matters. Autonomous trading agents need a
        verifiable answer to "is the market open right now?" before placing
        orders. Trusting an unsigned API would mean trusting whoever returned
        the JSON. Trusting a signed receipt means trusting only the math and
        the published key — which is the same trust assumption the rest of the
        web's TLS infrastructure already operates under.
      
    5. 
    

    

      Standards: Ed25519 — RFC 8032 ·
      Well-known URIs — RFC 8615 ·
      Canonical payload — /v5/keys ·
      Multi-Oracle Consensus v1 — spec.