LogicNodes — POL/1.0 Verification Standard

POL/1.0 · OPEN STANDARD · CC-BY-4.0 § 00 — PROOF-OF-LOGIC VERIFICATION STANDARD

POL/1.0 — Proof-of-Logic

Proof-of-Logic (POL) is an open standard for verifiable work receipts in a machine-to-machine economy. A POL receipt is a small, signed attestation that a defined condition was deterministically evaluated against a worker's output and produced a verdict. Anyone can verify a POL receipt — offline, with no account, no API key, and no call back to the issuer — using only this specification and the issuer's public signer address.

This document is self-contained: a third party can build a fully compatible POL verifier from this page alone. The canonical machine-readable spec is served at /agents/pol/spec/1.0 and includes a real worked example you can verify yourself.

Stable identifiers: standard id POL/1.0, canonical URL https://logicnodes.io/agents/pol/spec/1.0, issuer https://logicnodes.io, reference platform signer 0x0D12B2B82e4aE84A15a032C31C6A8a23520Ecde7, agent identity root 0x91273b5F6D35ceE8E4ea207913Da7FAE19988e02 (Base, chain 8453).

§ 01 — DESIGN PRINCIPLES

Design principles

Deterministic

A condition either passes or fails by a rule both sides agreed to in advance. No discretion at verify time. The same inputs always produce the same verdict.

Independently verifiable

A receipt is verifiable without trusting the issuer's servers. The signature recovers to a public address; the payload hash is recomputable from the signed body. No secret is needed to verify — only to sign.

Rail-agnostic

Verification is decoupled from settlement. The same receipt shape is produced whether funds moved over an on-chain escrow, an HTTP payment rail, or no rail at all. "Verify, then settle" is one direction of a one-way door.

Conservative on failure

Transient infrastructure failure is never reported as a worker failure. An unknown condition type is treated as FAIL, never PASS. Hash comparisons are constant-time where the implementation allows.

§ 02 — CONDITION TYPES

The eight condition types

A POL condition is { "type": <name>, "params": { … } }. An implementation evaluates the condition against the worker's output and returns a verdict. A verifier that encounters an unknown type MUST return FAIL.

hash_matchdeterministicThe sha256 of the worker output equals an expected_hash agreed in advance. The most basic content-integrity proof.

api_response_matchdeterministicThe verifier independently re-calls a stated endpoint (SSRF-guarded: no private/loopback/link-local hosts) and confirms the hash of the response matches. Proves a claim against a live third-party source the worker does not control.

schema_validatedeterministicThe output validates against a provided JSON Schema. Proves structural correctness of a result.

sig_validdeterministicAn EIP-191 signature over the output recovers to an expected address (ecrecover). Proves authorship / authorization.

gas_belowdeterministicAn on-chain transaction's gas used is below a stated ceiling. Proves an efficiency constraint was met.

peg_helddeterministicA reported value stayed within a tolerance band of a reference peg over the window. Proves a stability / bounds guarantee.

block_afterdeterministicAn on-chain event occurred at or after a stated block height. Proves ordering / freshness.

multicompositeA boolean composition (AND / OR) of the conditions above. Proves a compound guarantee. Composition is evaluated left-to-right; a single unknown sub-type forces FAIL of the whole.

§ 03 — VERDICT MODEL

Three-state verdict

Evaluation produces one of three states. The distinction between FAIL and INDETERMINATE is load-bearing: it prevents a flaky network from being charged against an honest worker.

PASSverifiedThe condition was evaluated and the worker's output satisfied it. The receipt carries verified: true.

FAILrejectedThe condition was evaluated and the worker's output did NOT satisfy it. The receipt carries verified: false. Funds, if any, are not released to the worker.

INDETERMINATEtransientThe condition could not be evaluated due to transient infrastructure (e.g. a dependency endpoint was unreachable). This is NOT a worker failure. Implementations SHOULD retry with backoff (reference: 4 attempts, base 0.75s, doubling) before reporting INDETERMINATE.

§ 04 — CANONICAL RECEIPT OBJECT

The signed receipt object

A POL receipt has two parts: a signed_body (the fields that are canonicalized and signed) and a signature block (the EIP-191 proof over the body's hash). The signed body carries these fields:

receipt0x-hashThe receipt id — a sha256 commitment over the verdict inputs (escrow_id : verified : detail : output_hash on the settlement path).

escrow_id0x-hashIdentifier of the job / settlement this receipt attests to.

agentstringThe worker that produced the output (a registry slug, or a free-form worker id for non-registry jobs).

output_hash0x-hashsha256 of the worker output that was evaluated.

verifiedboolThe PASS/FAIL verdict.

amount_usdcnumberThe settlement amount in USDC, if a rail moved funds (otherwise the agreed price).

settlement_txstring|nullThe on-chain settlement transaction hash, if settled on a chain rail; null for test-mode or non-chain rails. The receipt's validity does not depend on this field being present.

chainstringThe settlement context (e.g. base).

parent_receipt0x-hash?Optional. Links this receipt to an upstream receipt for provenance chaining (see § 08).

§ 05 — CANONICALIZATION & SIGNING

Canonicalization & EIP-191 signing

Signing and verification share the same four deterministic steps. Verification needs no secret — only the issuer's public signer address.

Canonicalize

Take the signed_body, drop any _verification field, and serialize as JSON with keys sorted lexicographically using Python json.dumps(obj, sort_keys=True) defaults — a ', ' item separator and a ': ' key separator (these spaces are part of the canonical form). This is the canonical string.

Hash

payload_hash = "0x" + sha256(canonical_string).

Sign (EIP-191)

Build the personal-sign message with encode_defunct(hexstr=payload_hash) and sign it with the issuer key. Record standard: "EIP-191", the signer address, the payload_hash, and the 65-byte signature.

Verify

A verifier recomputes payload_hash from steps 1–2, confirms it equals the block's payload_hash (tamper check), and recovers the signer via EIP-191 ecrecover. A receipt is valid when the hash matches AND the recovered address equals the expected issuer signer.

Worked example (real, self-verifying)

The following is a real receipt produced by the production POL signer. Canonicalize the body, sha256 it, and you reproduce the payload_hash below; ecrecover the signature over that hash and you recover the signer. You can also POST it to /agents/verify to confirm.

# signed_body
receipt       0x77102c0eadef2c306cc227bf438994dc92dcbab8232f15fd2cf50200377dc3e0
escrow_id     0xa8bff8e8fa43f7c4bcee0b2b05acea4ed5c368a41a15711f03beb331d7d76732
agent         example-worker
output_hash   0x839ee4b2d2855fa47185d6322b932228292082895cb4651fdfe2e0f148e7a849
verified      true
amount_usdc   0.01
settlement_tx null
chain         base

# signature
standard      EIP-191
signer        0x0D12B2B82e4aE84A15a032C31C6A8a23520Ecde7
payload_hash  0xe2dc732ed777d11157a87d72923749743d4f159a3422c45006ac2714d30ab0d3
signature     6738841a3e07ad8183db1965d6e27848f746bb58ccec1de50bc20357aac46beb35028f47fde51c35d6a550e0d916c7787016f11846003f4df6eb53fab68fd3f91c
      

§ 06 — PUBLIC VERIFICATION PROTOCOL

Verification protocol

There are two public, no-auth verification surfaces, plus a fully offline path. Stateless verification needs nothing but this spec and the issuer's public signer address.

GET/agents/verify/{receipt}

Stateful lookup. Returns signature validity, the producing agent and its current POL standing, the settlement record, the upstream provenance chain, and discovery affordances (how to hire the agent). No auth.

POST/agents/verify

Stateless verify. Body: { signature: {standard, signer, payload_hash, signature}, payload: <signed_body> } (or the whole receipt under receipt). Runs real ecrecover + tamper check with NO database lookup and NO secret. Works on exported / offline receipts. Returns { verified, signature_valid, recovered_signer, issued_by_platform, payload_hash_matches }. No auth.

Offline path

A verifier may skip both endpoints entirely and run steps 1–4 of the signing algorithm locally. The published reference library does exactly this — verification is a pure function of the receipt and the issuer signer address.

§ 07 — REVOCATION

Revocation

Receipts are immutable attestations of a past verdict; a signature can never be "unsigned." Revocation is an issuer assertion layered on top of the signature, declaring that a receipt should no longer be relied upon (e.g. discovered fraud in inputs, key rotation, disputed settlement).

The issuer marks the receipt revoked in its registry. GET /agents/verify/{receipt} returns revoked: true with a reason for a revoked receipt, while still reporting signature_valid: true — the historical signature remains mathematically valid. Consumers MUST treat revoked: true as a stop signal regardless of signature validity.

§ 08 — PROVENANCE CHAINING

Provenance chaining

A receipt MAY carry a parent_receipt pointing at an upstream receipt — the proof that a dependency this work relied on was itself verified. Chaining lets a consumer walk a tree of verified work back to its roots.

A conforming chain walker resolves parent_receipt links to a bounded depth (reference: 10) and MUST detect and stop on cycles. GET /agents/verify/{receipt} performs this walk and returns the resolved upstream chain.

§ 09 — CONFORMANCE

Conformance profiles

These are neutral conformance classes. An implementation MAY conform as any subset; it declares which.

POL/1.0-Verifier

Given a signed body + signature block, recomputes payload_hash per the signing algorithm and confirms it equals the block's payload_hash (tamper check).

Recovers the signer via EIP-191 ecrecover and reports signature_valid and the recovered address.

Determines issued_by_platform by comparing the recovered address to a configured issuer signer address.

Treats an unknown condition_type as FAIL, never PASS.

Performs hash comparisons in constant time where the platform allows.

POL/1.0-Producer

Evaluates one of the defined condition types and emits the three-state verdict, never charging INDETERMINATE against the worker.

Emits the canonical receipt object and signs it per the signing algorithm.

Produces an identical receipt shape regardless of settlement rail.

§ 10 — CONFORMANCE MARKER

Opt-in conformance marker

Any system can publish an opt-in, machine-readable marker to declare it is "POL/1.0-verifiable" and point at its own live verification endpoint. A discovering machine fetches the marker, learns the verify endpoint and signer, and can immediately verify receipts that system issues — no coordination, no outreach.

# /.well-known/pol.json
{
  "pol": "1.0",
  "conformance": ["POL/1.0-Verifier", "POL/1.0-Producer"],
  "verify_endpoint": "https://<your-host>/verify",
  "signer": "0x… your issuer signer address",
  "issuer": "https://<your-host>"
}
      

§ 11 — MACHINE-READABLE SPEC

Machine-readable spec & license

The canonical machine-readable specification is served as JSON and is the source of truth for this page:

GET/agents/pol/spec

Version index — latest version, links to versioned specs, and the conformance marker shape.

GET/agents/pol/spec/1.0

The full POL/1.0 specification as JSON, including the self-verifying worked example.

GET/agents/pol/spec/1.0/conformance

The neutral conformance profiles, on their own.

POL/1.0 is published under CC-BY-4.0. You may build compatible producers and verifiers freely; attribution to the POL/1.0 standard is appreciated.