// proof you can check yourself
Paste a signed Agent Attestation Record below. This page strips the signature, re-canonicalizes the record (JCS / RFC 8785), checks the Ed25519 signature against the signer's public key, and reports the conformance tier — entirely in your browser. Nothing is uploaded; verifying never requires the ability to issue.
Leave blank to resolve did:web online from sig.by. The examples auto-fill the matching test key so verification works offline.
If the record carries a log receipt, paste the log's /v1/log JSON (or an https URL to it) to verify the L3 inclusion proof — the record's hash is committed at a signed leaf that chains to the log's head root. Leave blank to skip L3.
This checks L0 (signature + required fields), L1 (ground-truth + committed checks evidence), and L2 (independent verifier, id ≠ subject) — the same logic as the reference tools/aar.mjs. When the record carries a log receipt and you supply the transparency log above, it also verifies L3 inclusion: the record's hash is committed at a log-signed leaf that chains to the published head root. L3 is a transparency property, shown as its own badge — it is additive to the L0–L2 tier, not a claim of independence (a self-attested deck record can be L1 and log-included at once). Not checked here: re-hashing the checks[].response_sha256 preimage (that travels point-to-point with the issuer). Learn the spec on GitHub and at the Agent Control Plane.
