aisthetic·servicesWorkbench
SandboxDocsFeedbackOpen sandbox →S

Proof Center

Verify what AgentTrust did. Live commands, the four proof surfaces, and the bounded list of what we deliberately do not claim. For the live operational timeline of events from your sandbox session, see the Usage Proof Ledger.

Endpoint

Latest sandbox endpoint

Endpoints created in the sandbox console live on this page once you finish the onboarding flow. Until you create one, the Proof Center shows the canonical sandbox shape.

No endpoint yet. Create an endpoint to see its gateway URL, price, and policy here.
Request flow

Expected sandbox flow

Canonical 3-row preview. Not real-time traffic.
StatusMethodPathReason
401POST/g/demo/dataidentity evidence missing
402POST/g/demo/datapayment required (challenge issued)
200POST/g/demo/datareceipt issued (X-AgentTrust-Receipt-Id)
Receipt

What lands after a successful 200

The 200 response carries an X-AgentTrust-Receipt-Id: rcp_… header. The receipt is Ed25519-signed; the signature verifies offline against the published gateway public key. The receipt id is a non-secret canonical handle — share it with whoever needs to verify the call.

# response header on a real 200
X-AgentTrust-Receipt-Id: rcp_<placeholder>
Receipts

/receipts

Ed25519-signed; offline verifiable.

Audit

/audit

Append-only, hash-chained per provider.

Proof bundles

/proofs

Downloadable; verify offline.

How to verify

Three independent paths

  1. Run the gateway flow. The 401 → 402 → 200 curl sequence above. Hit https://sandbox.aisthetic.services/live first to confirm the gateway is reachable.
  2. Verify a receipt offline. Clone the repo and run pnpm proof:verify ./bundle-<id>.zip; the verifier reads the signature against the published public key with no network call.
  3. Verify the dataroom bundle. Request the signed dataroom; run pnpm dataroom:verify artifacts/signed-dataroom/latest against the recipient’s copy. Checksums must all match.
Proves

What this surface proves

  • The public sandbox is live and reachable.
  • The 401 / 402 / 200 + signed-receipt flow round-trips against the live gateway.
  • Receipt ids surface on every successful 200 in your own terminal.
  • External verification is complete across four real third-party lanes (signed webhook, x402 testnet, GCS, Grafana Alertmanager).
Does not prove

What this surface does not prove

  • Enterprise GA. Not claimed.
  • Production billing. Not launched.
  • Real customer pilot. None completed.
  • SOC 2 / ISO 27001 / HIPAA / PCI / Okta / Entra / Google SAML / SCIM 2.0 official certification. None claimed.
  • Customer logos, testimonials, traction. None claimed.