Clarify product boundary and reference separate VerifyAgent repo

CHANGELOG.md

@@ -1,5 +1,12 @@
 # CHANGELOG — Protocol-Commercial
 
+## Unreleased
+
+### Changed
+
+- Separated VerifyAgent into its own public Commons/MIT repository. This repo now focuses exclusively on CommandLayer Commercial infrastructure including hosted runtime, paid verification APIs, x402 billing, indexing, dashboards, and enterprise support.
+- clarified repository scope to exclude a standalone public verifier product/demo surface and to refer public receipt verification users to https://github.com/commandlayer/verifyagent
+
 ## v1.1.0
 
 Repository-validated current release line for final Commons-style publication.

COMPLIANCE.md

@@ -2,6 +2,8 @@
 
 This document describes current-line release compliance expectations for the active v1.1.0 commercial line.
 
+Scope boundary: this repository governs CommandLayer Commercial infrastructure contracts and does not ship the public VerifyAgent product/UI. For public receipt verification, see https://github.com/commandlayer/verifyagent.
+
 Protocol-Commercial compliance is about typed economic semantics and release integrity.
 
 A compliant release candidate must satisfy all of the following:

CONTRIBUTING.md

@@ -2,6 +2,8 @@
 
 This document defines the contributor workflow for the current release line. Keep changes minimal, validation-preserving, and explicit about whether they affect the current line (`v1.1.0`) or retained legacy artifacts.
 
+Product boundary reminder: do not add VerifyAgent product/demo/UI code to this repository. For public receipt verification UX, refer users to https://github.com/commandlayer/verifyagent.
+
 ## Pull request expectations
 
 - Describe the exact problem being fixed and the exact files changed.

GOVERNANCE.md

@@ -2,6 +2,8 @@
 
 This document applies repo-wide and is version-independent unless a section says otherwise.
 
+Governance boundary: Protocol-Commercial governance in this repository does not govern the public VerifyAgent product/UI; that public verifier lives at https://github.com/commandlayer/verifyagent.
+
 **Founding steward:** commandlayer.eth
 
 ## Steward responsibility

INTEGRATOR.md

@@ -2,6 +2,13 @@
 
 This document is the external-consumer quickstart for the current commercial release line.
 
+For public receipt verification, see https://github.com/commandlayer/verifyagent.
+
+Usage boundary:
+
+- Human usage → VerifyAgent (free UI): https://github.com/commandlayer/verifyagent
+- Programmatic usage → CommandLayer Commercial API (paid / x402)
+
 ## What to import
 
 Use the explicit current-line JSON path export by default:
@@ -20,6 +27,8 @@ Normative machine artifacts:
 - `schemas/v1.1.0/index.json`
 - `manifest.json`
 
+This repository does not ship or document a standalone public verifier product/demo surface as part of Protocol-Commercial.
+
 Illustrative conformance fixtures:
 
 - `examples/v1.1.0/commercial/<verb>/valid/`

ONBOARDING.md

@@ -2,6 +2,15 @@
 
 This document is an orientation guide for the active v1.1.0 release line. Contributor policy and pre-merge workflow live in `CONTRIBUTING.md`.
 
+For public receipt verification, see https://github.com/commandlayer/verifyagent.
+
+Architecture boundary:
+
+- VerifyAgent.eth = public verifier (Commons / MIT)
+- CommandLayer Commercial = paid infrastructure layer for hosted APIs, x402 billing, indexing/storage, dashboards, monitoring, and enterprise support
+- Agent Cards = identity + capability metadata
+- CommandLayer receipts = signed execution proof
+
 ## Document scope
 
 Use this document to understand the repository shape, release line, and shipped package boundary before editing.

POLICY.md

@@ -2,6 +2,8 @@
 
 This policy governs the active release line and the canonical shipped package boundary. Repo-wide governance and security reporting are defined separately.
 
+Product boundary: this repository is CommandLayer Commercial only. Public receipt verification UX/product usage is handled by VerifyAgent at https://github.com/commandlayer/verifyagent.
+
 ## Current line
 
 `v1.1.0` is the current Protocol-Commercial line and the only canonical shipped line.

README.md

@@ -25,6 +25,30 @@ Protocol-Commercial is intentionally limited to protocol truth:
 - no routing logic
 - no transport implementation beyond the normative x402-first execution assumption
 
+For public receipt verification, see https://github.com/commandlayer/verifyagent.
+
+## Product boundary and architecture
+
+CommandLayer Commercial in this repository provides:
+
+- hosted verification APIs
+- high-volume verification infrastructure
+- x402-based billing
+- receipt indexing and analytics
+- dashboards, monitoring, and enterprise/commercial support
+
+Architecture alignment:
+
+- VerifyAgent.eth = public verifier (Commons / MIT)
+- CommandLayer Commercial = paid infrastructure layer
+- Agent Cards = identity + capability metadata
+- CommandLayer receipts = signed execution proof
+
+Usage boundary:
+
+- Human usage → use VerifyAgent (free UI): https://github.com/commandlayer/verifyagent
+- Programmatic usage → use CommandLayer Commercial API (paid / x402)
+
 ## Document scope
 
 This README is a repo-wide orientation document for the active release line and its canonical shipped boundary.
@@ -211,6 +235,9 @@ This repository does not define:
 - legal finality
 - provider SLAs
 - runtime traces or debugging exhaust as normative truth
+- a standalone public verifier product, demo UI, or hosted public verification app surface
+
+For public receipt verification, see https://github.com/commandlayer/verifyagent.
 
 ## Example current-line schema pair
 

RESOLUTION.md

@@ -4,6 +4,8 @@
 
 This document records repository-level release and migration resolutions.
 
+Product scope note: VerifyAgent.eth is maintained separately as the public Commons/MIT verifier at https://github.com/commandlayer/verifyagent. This repository resolves CommandLayer Commercial infrastructure release policy only.
+
 ## Resolution record
 
 ### 2026-03-19 — v1.1.0 migration resolution

SECURITY.md

@@ -2,6 +2,8 @@
 
 This document applies repo-wide to the security posture of published Protocol-Commercial release lines unless a section states a narrower scope.
 
+Scope boundary: this repository secures CommandLayer Commercial artifacts and infrastructure contracts, not the public VerifyAgent UI/product. Public verifier usage belongs to https://github.com/commandlayer/verifyagent.
+
 Protocol-Commercial provides schema-level security properties, not transaction or fraud guarantees.
 
 ## What this repository is responsible for

SECURITY_PROVENANCE.md

@@ -4,6 +4,8 @@
 
 Current release line: `v1.1.0` (current repository-validated line; external publication is not asserted by this repository)
 
+Product boundary: this repository covers CommandLayer Commercial infrastructure artifacts. Public verifier UX/product usage is handled by VerifyAgent at https://github.com/commandlayer/verifyagent.
+
 Canonical shipped npm package surface:
 
 - `schemas/v1.1.0/`

SPEC.md

@@ -18,6 +18,15 @@ This specification governs:
 
 This specification does not govern runtime transport implementation, provider policy, or legal adjudication.
 
+For public receipt verification, see https://github.com/commandlayer/verifyagent.
+
+Repository product boundary:
+
+- VerifyAgent.eth = public verifier (Commons / MIT)
+- CommandLayer Commercial = paid infrastructure layer (hosted APIs, x402 billing, indexing/storage, dashboards, monitoring, enterprise support)
+- Agent Cards = identity + capability metadata
+- CommandLayer receipts = signed execution proof
+
 ## 2. Canonical release boundary
 
 The canonical shipped line is `v1.1.0` only.
@@ -50,6 +59,8 @@ Historical repository-only material that is outside the canonical shipped packag
 
 Additional prose docs may remain authoritative for interpretation or process inside the repository, but they are outside the shipped package surface unless package metadata is changed deliberately in a later release.
 
+Protocol-Commercial focuses on commercial infrastructure contracts and does not include a standalone public verifier product/demo surface in this repository.
+
 ## 3. Version and identity rules
 
 1. Every v1.1.0 schema MUST use a stable `$id` under `https://commandlayer.org/schemas/v1.1.0/...`.