POST /execute
Runs a payload through all nine pipeline stages and returns the sealed ExecutionManifest plus a server-side run_id.
Request
POST /execute
Content-Type: application/json
X-Verdifax-Key: vfx_... (required once any keys exist)
Body
{
"payload_text": "string — UTF-8 plaintext (recommended)",
"payload": "string — base64 bytes (alternative)",
"program_id": "string — 64-char lowercase hex",
"route_id": "string — non-empty",
"registry_record_hash": "string — 64-char lowercase hex"
}
Exactly one of payload_text or payload is required. The others are required.
Response
200 OK on success:
{
"ok": true,
"run_id": 42,
"duration_ms": 3,
"manifest": {
"EnvelopeID": "env-...",
"EnvelopeHash": "...",
"SequenceID": "seq-...",
"TransportHash": "...",
"EpaHash": "...",
"EfaHash": "...",
"ExecutionIDs": ["...", "...", "...", "...", "...", "..."],
"AerHash": "...",
"TranscriptHash": "...",
"HardwareAttestationHash": "...",
"LeakageBundleHash": "...",
"FormalVerifierStatus": "VERIFIED_SOUND_COMPLETE_ZK",
"ZkspBindingHash": "...",
"MigrationTokenHash": "...",
"ReplayFingerprint": "...",
"PoteProofHash": "...",
"LogEntryID": "rekor-...",
"RegistryArtifactCount": 18,
"FinalVfaHash": "...",
"IndependentVerified": true,
"ManifestHash": "6c1428f81519c5bb..."
}
}
422 Unprocessable Entity on stage rejection:
{
"ok": false,
"duration_ms": 12,
"error": "DOG rejected envelope: ...",
"error_stage": "DOG"
}
400 Bad Request for invalid input (bad hex, missing field).
401 Unauthorized if API keys are provisioned and the header is absent or invalid.
429 Too Many Requests past the rate limit.
Example
curl -s -X POST http://localhost:9090/execute \
-H "Content-Type: application/json" \
-H "X-Verdifax-Key: vfx_..." \
-d '{
"payload_text": "hello verdifax",
"program_id": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"route_id": "route-test",
"registry_record_hash": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
}' | python3 -m json.tool
Determinism
Identical inputs always produce identical responses. Same payload, same program_id, same route_id, same registry_record_hash → byte-for-byte identical ManifestHash.