BoundBound Docs
Guides

Verify a Certificate

How counterparties evaluate a containment certificate before transacting with an agent.

CCP contracts are live on Hedera Testnet. See Deployed Contracts for addresses.

Overview

As a counterparty — whether you're a protocol, merchant, human, or another agent — you verify a certificate to answer: what is my maximum exposure from this interaction, and is it backed?

Verification Flow

1. Resolve ENS Name

If the agent presents an ENS name (e.g., alpha.operator.eth):

  • Resolve to the agent's on-chain address
  • Read the ccp.certificate text record to get the certificate hash
  • Read ccp.chain (296 = Hedera testnet) and ccp.registry to know where to query

2. Query the Registry

Call CCPRegistry.verify() on Hedera for a one-call check:

(bool acceptable, bytes32 certHash) = registry.verify(
    agentAddress,
    CertificateClass.C1,  // your minimum class requirement
    100_000e6              // your max acceptable loss (USDC)
);

This checks: certificate exists, is active, not expired, class meets minimum, containment bound is within your tolerance.

3. Check the Auditor

Query AuditorStaking.getStake(auditor, certHash) to confirm the auditor has skin-in-the-game. Query getAuditorRecord(auditor) for their track record:

  • totalAttestations — how many certificates they've attested
  • successfulChallenges — how many times they've been caught (0 is good)
  • activeStake — total capital at risk

4. Check the Reserve

Call ReserveVault.getReserveBalance() and isAdequate(bound, ratioBps) to verify the reserve is funded and meets your ratio requirement.

5. Evaluate Your Risk Policy

Parse the full certificate against your policy:

  • Are the loss bounds within your tolerance for this transaction?
  • Are the critical constraints agent-independent? (Ledger co-signing = yes)
  • Is the reserve exogenous and adequately sized?
  • Is the auditor reputable (low challenge count, high attestation count)?
  • Does this agent share auditors/contracts with too many other agents you interact with? (concentration risk)

6. Decide

Accept, reject, or request additional constraints.

Automated Verification

The entire flow — ENS resolution, registry query, auditor check, reserve verification, policy evaluation — can be fully automated. An agent evaluating whether to transact with another agent parses the counterparty's certificate programmatically, creating a machine-readable trust layer that does not depend on behavioral reputation.

On Hedera, the verification adds ~50ms of latency (one view call) to any transaction decision.

Using HCS for Monitoring

Subscribe to the CCP HCS topic (0.0.8510266) to receive real-time events:

  • CERTIFICATE_PUBLISHED — new certificate is live
  • ATTESTATION_SIGNED — auditor attested
  • AGENT_TRANSACTION — agent executed a payment
  • TRANSACTION_BLOCKED — containment held
  • CHALLENGE_SUBMITTED / CHALLENGE_UPHELD — dispute activity

Query the Mirror Node REST API for historical events:

GET https://testnet.mirrornode.hedera.com/api/v1/topics/0.0.8510266/messages

Publish Your First Certificate

Step-by-step guide for operators to create and publish a containment certificate.

Set Up a Reserve

How to fund and manage the exogenous reserve backing a containment certificate.

On this page

OverviewVerification Flow1. Resolve ENS Name2. Query the Registry3. Check the Auditor4. Check the Reserve5. Evaluate Your Risk Policy6. DecideAutomated VerificationUsing HCS for Monitoring