VerdifaX

Quickstart, curl

When you're evaluating Verdifax for procurement, sometimes the language-specific SDKs aren't enough, you want to know that the raw HTTP surface behaves predictably. This page is for that.

Prerequisites

A running Verdifax orchestrator at http://localhost:9090. Easiest way is the Docker quickstart.

Health probe

curl -s http://localhost:9090/health

{
  "ok": true,
  "service": "verdifax-orchestrator-api",
  "version": "1.0.0",
  "time": "2026-04-30T03:35:04Z"
}

Attestation

curl -s -X POST http://localhost:9090/execute \
  -H "Content-Type: application/json" \
  -d '{
    "payload_text": "hello verdifax",
    "program_id":   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "route_id":     "route-test",
    "registry_record_hash": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
  }'

You'll get a JSON response with ok, run_id, duration_ms, and a manifest object containing all 18 sealed hash fields plus the final ManifestHash, assuming the run resolved to OK.

Note on non-OK outcomes: If the run resolves to pepg_deny, ccv_halt, or macc_halt, the response includes a sealed receipt instead (e.g., deny_receipt, ccv_halt_receipt, macc_halt_receipt). The response status is still 200, but ok is false. See Errors and Sealed artifacts for the response shapes.

Authentication

Once API keys are provisioned (open mode is disabled), include the key on every authenticated endpoint:

curl -s http://localhost:9090/runs \
  -H "X-Verdifax-Key: vfx_your_secret_here"

Public endpoints (/health) require no header.

Inspect a previous run

RUN_ID=42

curl -s http://localhost:9090/runs/$RUN_ID \
  -H "X-Verdifax-Key: vfx_..." | python3 -m json.tool

Verify a run independently

The verify endpoint re-derives the manifest hash from the sealed fields and confirms it matches what was originally recorded:

curl -s http://localhost:9090/runs/$RUN_ID/verify \
  -H "X-Verdifax-Key: vfx_..."

{
  "ok": true,
  "verified": true,
  "manifest_hash": "6c1428f81519c5bb...",
  "recomputed_hash": "6c1428f81519c5bb...",
  "verification_at": "2026-04-30T03:35:04Z",
  "verification_kind": "manifest-self-seal"
}

Download the audit PDF

curl -s http://localhost:9090/runs/$RUN_ID/report.pdf \
  -H "X-Verdifax-Key: vfx_..." \
  -o /tmp/verdifax-audit.pdf

The PDF includes the manifest hash, run metadata, sealed manifest fields, regulatory mapping (EU AI Act / HIPAA / SOX), a verification statement, and a QR code linking back to the run detail in the dashboard.

Aggregate stats

curl -s http://localhost:9090/stats \
  -H "X-Verdifax-Key: vfx_..." | python3 -m json.tool

Returns total runs, runs today, last-24h, pass rate, average duration, and a top-10 breakdown by program_id.

Continue