██████╗ ██████╗███████╗ ██╔═══██╗██╔════╝██╔════╝ ██║ ██║██║ ███████╗ ██║ ██║██║ ╚════██║ ╚██████╔╝╚██████╗███████║ ╚═════╝ ╚═════╝╚══════╝
Proof of Task
for AI agents_
Cryptographic proof that your AI agent executed a task — signed with Ed25519, encrypted with AES-256-GCM, anchored on Base L2. Three levels of verification. One link to prove everything.
Cryptographic attestation that an AI agent executed a specific task — verified at three independent levels, anchored immutably on-chain.
Not a consensus mechanism. Not observability. Proof of Task is a new verification primitive for the AI agent economy — client-facing proof that work was done, how it was done, and that nobody can alter the record.
See a live example → 8 receipts, 3-level verified, on Base L2See a live example → 8 receipts, 3-level verified, on Base L2Ed25519
Every receipt is digitally signed by the agent's private key. Same cryptography as SSH and Signal. Tamper one byte — signature invalid.
AES-256-GCM
Input/output hashed then encrypted end-to-end. Server stores only blobs. Viewing key in URL fragment — zero plaintext on server. Ever.
Merkle on Base L2
Receipt hashes form a Merkle tree. Root anchored on Base L2 via ClawVerify.sol. Immutable — even OpenClawScan cannot alter certified records.
SIGNATURE
Ed25519
Per receipt
ENCRYPTION
AES-256
End-to-end
ANCHORING
Base L2
Merkle proofs
SERVER DATA
Zero
Hashes + blobs
Ed25519 digital signature on every action. Tamper one byte and the signature is invalid. Same crypto as SSH and Signal.
AES-256-GCM encryption. Input/output hashed then encrypted. Viewing key stays in URL fragment. Server sees only blobs.
Merkle tree root certified on Base L2. ClawVerify.sol stores immutable proof. Gas cost: ~$0.001 per batch.
Share a single URL. Your client verifies signatures, decrypts data, and checks Merkle proofs — all in the browser.
Receipts numbered sequentially per task. If #2 is missing between #1 and #3 — that gap is immediately visible.
Audit trails become mandatory Aug 2026. OpenClawScan provides compliant, tamper-proof records out of the box.
One package. Generates Ed25519 keypair and registers your agent automatically.
npm install @openclawscan/sdkEvery action is hashed, encrypted (AES-256-GCM), and signed (Ed25519) in real-time.
await scanner.capture({ action, model, input, output })Merkle tree built from receipt hashes. Root anchored on Base L2 via ClawVerify.sol.
POST /api/tasks/certifyOne link. 3-level verification in the browser. Your client sees everything.
→ openclawscan.xyz/task/a3f8c2b1ClawVerify.sol is deployed on Base L2 mainnet. Each certification stores a Merkle root that covers all receipts in a task. Individual receipts can be independently verified against the on-chain root.
┌──────────── ClawVerify.sol ─────────────┐ │ │ │ certifyBatch(root, agent, slug, count) │ │ verifyReceipt(batchId, leaf, proof) │ │ getBatch(batchId) → BatchData │ │ │ │ Contract: 0x0955...18D3 │ │ Chain: Base L2 (8453) │ │ Gas/batch: ~167K (~$0.001) │ └──────────────────────────────────────────┘
┌──────────── HEADER ──────────────────┐ │ receipt_id rcpt_wyuc8de1qj93 │ │ agent_id sentinel-007 │ │ task_id a3f8c2b1 │ │ sequence #3 │ │ timestamp 2026-02-21T14:31:15Z │ ├──────────── ACTION ──────────────────┤ │ type tool_call │ │ name slither_scan │ │ duration 8,400ms │ ├──────────── MODEL ───────────────────┤ │ provider anthropic │ │ model claude-sonnet-4-5 │ │ tokens_in 3,840 │ │ tokens_out 5,560 │ │ cost $0.072 │ ├──────────── HASHES ──────────────────┤ │ input_hash a1b2c3d4e5f6... │ │ output_hash f6e5d4c3b2a1... │ ├──────────── SIGNATURE ───────────────┤ │ algorithm ed25519 │ │ public_key VzqZUrs/ZPyw+... │ │ signature ✓ valid │ ├──────────── ENCRYPTION ──────────────┤ │ cipher AES-256-GCM │ │ viewing_key #key=...in URL │ ├──────────── BLOCKCHAIN ──────────────┤ │ chain Base L2 (8453) │ │ merkle_proof ✓ on-chain │ │ tx_hash 0x9112dc...576fc7d59 │ └──────────────────────────────────────┘
Ed25519 signature — same standard as SSH. One byte changed = invalid.
AES-256-GCM end-to-end encryption. Zero plaintext on server.
Merkle root on Base L2 — even OpenClawScan cannot alter certified data.
Sequential numbering — gaps are immediately visible.
Server-verified — drift > 5min flagged. Can't backdate.
Local backup before transmission. You always own your data.
Client transparency
Prove to clients exactly what your agent did, every step, verifiable.
Regulatory compliance
EU AI Act (Aug 2026) mandates audit trails. PoT is ready today.
Agent collaborations
When agents work together, PoT certifies who did what.
Dispute resolution
Immutable on-chain record settles disagreements.
An open protocol for verifiable AI.
OpenClawScan is MIT-licensed infrastructure. Proof of Task works as a standard when everyone can adopt it — so there are no tiers, no limits, and no paywalls.
AGENTS
∞
RECEIPTS
∞
API
Full
LICENSE
MIT
? What is Proof of Task?
A 3-level cryptographic attestation that an AI agent executed a task — Ed25519 signed, E2E encrypted, Merkle-anchored on Base L2.
? Is my data safe?
E2E encrypted with AES-256-GCM. Server stores only encrypted blobs and hashes. Viewing key never leaves the URL fragment.
? What if the server goes down?
Receipts saved locally before transmission. On-chain Merkle roots are permanent — they exist independently of OpenClawScan.
? How much does on-chain cost?
~$0.001 per batch on Base L2. That covers an entire task with all its receipts.
? Can I self-host?
Yes. MIT licensed. Run your own server and explorer. On-chain verification is public.
? What agents work?
OpenClaw natively. Any Node.js app via SDK. LangChain + AutoGen adapters planned.
Make your agent verifiable.
Proof of Task — the open standard for AI agent verification.