Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

7. End-to-End Verification Flow

EIP-7951 / ecrecover / EIP-1271VerifierAuthResolverImpl(per-name UUPS proxy)Universal Resolver V2Relying PartyEIP-7951 / ecrecover / EIP-1271VerifierAuthResolverImpl(per-name UUPS proxy)Universal Resolver V2Relying PartyReceives signed action from agent:{node, credentialId, message, signature}Enforce allow/deny on reasonfindResolver(dnsEncode(name))1AuthResolver proxy address2verifyAction(node, credentialId, message, signature)3data(node, "auth.credential[id]") → CBOR bytes4CBOR-decode → CredentialRecord5check notBefore ≤ block.timestamp ≤ notAfter6data(node, "auth.revocation[id]") → check empty7isSchemeSupported(schemeId)8true9verify(schemeId, message, signature, pubKey)10dispatch by schemeId(P-256 precompile | ecrecover | staticcall)11valid bool12valid bool13VerificationResult{allowed, reason, resolvedAt, stateHash}14

The flow generalizes across all three v1 schemes. The dispatch step (P) varies by schemeId on the resolved credential; the rest of the orchestration is identical. The Verifier is a single shared contract; the AuthResolver is per-name.