ERC-8281: Observation Commitment Protocol (OCP)

ERCs
1

Summary

Ethereum provides strong guarantees around execution correctness and data availability.

However, it does not define a standard, system-independent way to verify a specific execution outcome as a portable claim.

As a result, verifying “what happened” remains largely a reconstruction problem, requiring the verifier to depend on the same system—or its tooling or interpretation layer—that produced the result.

Problem Statement

Given a claim:

“This specific outcome occurred”

there is no canonical way for a third party to verify that claim independently, without relying on:

  • an RPC endpoint

  • an indexer

  • a specific client implementation

  • application-layer logic applied to logs, calldata, or state

Even with direct access to chain data, the verifier must still derive the claimed outcome from execution context.

Even when the underlying data is:

  • correct

  • available

  • cryptographically sound

…the verification procedure itself is not standardized or portable.

In practice, the verifier relies on the originating system—or its interpretation layer—to establish meaning.

This implies:

verification implicitly reintroduces trust in the system that produced the result.

Existing Mechanisms

Ethereum exposes:

  • calldata

  • logs / receipts

  • state

  • Merkle / SSZ proofs

  • ZK validity proofs (in some systems)

These mechanisms provide:

  • correctness guarantees

  • data availability

  • proof that computation was valid

However, they do not define a canonical, portable procedure for verifying a claimed outcome without external interpretation of those artifacts.

Gap Definition

The gap is not:

  • access to data

  • correctness of execution

  • availability of proofs

The gap is the absence of a verification boundary.

Specifically, there is no minimal, standard way to:

  • represent an outcome deterministically

  • bind that representation to a public commitment

  • enable third-party verification without reliance on system-specific interpretation

This is not a proposal to standardize application semantics, but to standardize the verification procedure once an outcome is deterministically represented.

Motivation

Without a portable verification boundary:

  • outcome claims remain system-dependent

  • verification is not portable across environments

  • third-party validation requires shared infrastructure or interpretation layers

This limitation is often abstracted away in crypto-native contexts, but becomes significant when:

  • verification must occur outside the originating system

  • systems interoperate across domains

  • independent auditability is required

Framing

Ethereum provides strong answers to:

  • “Was computation correct?”

  • “Is the data available?”

But does not directly answer:

“Can a third party verify a specific execution outcome without relying on the system—or its interpretation layer—that produced it?”

Open Questions

  • Is there an existing canonical approach to portable outcome verification that avoids reconstruction?

  • Are logs, receipts, and proofs sufficient in practice, and if so, what is the canonical verification procedure?

  • Should a standard for portable verification artifacts be defined?

  • Where would such a standard most appropriately live (execution layer, ERC, or off-chain convention)?

  • Is this a protocol-level gap, or an inherent property of application-layer interpretation?

Intent

This is not a proposal for a specific standard.

The intent is to evaluate whether there is a recognized gap between:

execution/data guarantees and independently verifiable execution outcomes.

1 Like
2

Interesting framing. My proposal sits in a very small part of the problem space you describe. Curious to see what concrete examples surface here.

2 Likes
3

Tomoglava — appreciate this. Your preset_root work is a clean example of tightening inputs to execution.

A concrete case of the gap I’m pointing to:

Take a simple claim:
“User X received reward Y from contract Z at time T.”

All underlying data exists (logs, state, calldata), but a third party still has to:

• select the relevant artifacts
• interpret contract semantics
• reconstruct the outcome from execution context

Two different verifiers can follow different procedures and still be “correct.”

There’s no canonical artifact that represents that outcome itself—only the raw materials to derive it.

So verification becomes:

“re-run the system’s logic (or trust a tool that did)”

—not—

“verify a portable claim directly”

Your work reduces ambiguity at the input layer.
What’s still missing is a minimal, standard way to bind a deterministic outcome representation → public commitment, so verification becomes:

recompute → compare → confirm inclusion

independent of the system that produced it.

Curious if you’ve seen any approach that defines that boundary explicitly, or if this is inherently left to application layers.

1 Like
4

Update — May 28, 2026

When I posted this I was asking whether the gap was real. The answer came from builders, not from debate.

OCP — the Observation Commitment Protocol — was built, deployed, and adopted as the answer to the verification boundary question this thread describes. ERC-8263 v0.2 cites OCP’s boundary statement verbatim. A Composition Note co-authored by three builders across three countries was published today. A live AI agent bounty settled on Base Sepolia this week.

The ERC submission is in progress. This thread will serve as the discussions-to reference.

@VincentWu @TMerlini @JimmyShi22

GitHub - damonzwicker/observation-commitment-protocol: A minimal protocol for independently verifying that a specific byte sequence was committed to a public ledger. · GitHub ethresear.ch/t/composition-note-erc-8004-erc-8263-ocp-a-reference-guide-for-implementers-building-on-the-ai-agent-verification-stack/24995

2 Likes
5

Update — June 6, 2026

ERC-8281 has been assigned its number. PR #1788 is live on ethereum/ERCs, CI green, all editor-requested changes applied.

Three independent production implementations left endorsements directly on the PR:

  • Vincent Wu (ERC-8263 / TruthAnchor) — composition boundary confirmed

  • Jimmy Shi (ERC-8274) — OCP named as unifying verification primitive

  • Tiago Merlini (ERC-8004 / ccip-router) — live four-operator mesh running on mainnet with ERC-8281 as L3

Since the May 28 update: a fourth operator node came online, the mesh ran through a live Railway outage with zero record loss, and ERC-8275 v3 — the economic settlement layer for the mesh — reached consensus with all open design questions resolved.

Waiting on editor review to merge. Happy to answer any questions.

2 Likes
6

Confirming from the ccip-router side, ERC-8281 is running as the L3 anchor in the live mesh. Four nodes, three independent operators, mainnet. The TruthAnchor event-only design held through all the architectural decisions we worked through on ERC-8275 (Q6 specifically, where the composition boundary was the critical test).

Congratulations on the PR.

Tiago

1 Like