A Python API and CLI for parsing outputs from the Certora Prover
Project description
ProverCLI
A Python API and CLI for parsing outputs from the Certora Prover. This utility provides an easy-to-use interface for fetching and parsing prover verification results using either job URLs or job IDs.
Distributed on PyPI as
certora-prover-cli; the Python import package isprover_output_utility(e.g.from prover_output_utility import ProverOutputAPI).
Documentation
📖 Full Sphinx documentation lives in docs/ — build it locally with make -C docs html
(see docs/README.md).
The documentation includes:
- Complete API reference with all methods and classes
- Quick start guide and tutorials
- Usage examples and best practices
- CLI reference
- Authentication setup
- Caching documentation
Features
- Flexible Input: Accepts job URLs (format:
/output/user_id/job_id), job IDs, and localemv-*folders - Authentication: Interactive cookie-based login via
certora_login; AWS SigV4 in CI; no auth for local folders - Comprehensive Parsing: Extracts job info, verification results, rule details, calltraces, breadcrumbs, and statistics
- Error Handling: Robust error handling with custom exceptions
- Type Safety: Full type hints and typed dataclass results
Installation
As a CLI tool (recommended for end users)
Install via uv — each tool gets its own isolated venv, with one-command upgrade and uninstall:
# One-time uv install (skip if already installed)
curl -LsSf https://astral.sh/uv/install.sh | sh
# Install from PyPI
uv tool install certora-prover-cli
# Upgrade / uninstall
uv tool upgrade certora-prover-cli
uv tool uninstall certora-prover-cli
Or with pip: pip install certora-prover-cli.
Local development install
git clone https://github.com/Certora/ProverCLI.git
cd ProverCLI
pip install -e .
As a dependency in another Python project
# pyproject.toml
dependencies = [
"certora-prover-cli",
]
# requirements.txt
certora-prover-cli
Quick Start
Command Line Interface
After installation, you can use the prover-cli command:
# Get violated rules from a job (using job_id, not user_id)
prover-cli --job-id 67890
prover-cli --job-url "https://prover.certora.com/output/12345/67890/..."
# Save output to a file
prover-cli --job-id 67890 --output violations.json
# Get only job status
prover-cli --job-id 67890 --status-only
# Output as JSON
prover-cli --job-id 67890 --format json
Using as a Python Package
Data-fetching methods return typed dataclasses (see models.py),
so results are accessed by attribute, not dict keys:
from prover_output_utility import ProverOutputAPI
# Initialize the API (interactive cookie-based auth via certora_login)
api = ProverOutputAPI()
# Accepts a job URL (format: /output/user_id/job_id), a job ID, or a local emv-* path
violations = api.get_violated_rules("67890")
for v in violations: # each v is a CheckResult
print(f"{v.rule_name} ({v.method_name}): {v.assert_message}")
if v.source_location:
print(f" at {v.source_location}") # file:line
# Job status without fetching full output
status = api.get_job_status("67890") # JobStatus enum
print(f"Job status: {status}")
Integration Example
from prover_output_utility import ProverOutputAPI
from prover_output_utility.exceptions import ProverAPIError
class VerificationAnalyzer:
def __init__(self):
self.api = ProverOutputAPI()
def analyze_job(self, job_input):
try:
all_checks = self.api.get_all_checks(job_input)
violations = [c for c in all_checks if c.is_violated]
if violations:
return {
"status": "failed",
"summary": f"{len(violations)}/{len(all_checks)} checks failed",
"violations": violations,
}
return {"status": "passed", "summary": f"All {len(all_checks)} checks passed"}
except ProverAPIError as e:
return {"status": "error", "error": str(e)}
result = VerificationAnalyzer().analyze_job("67890") # job_id, not user_id
print(result)
Advanced Usage
# List recent jobs (returns JobInfo objects)
for job in api.list_recent_jobs(limit=5):
print(f"Job {job.job_id}: {job.status} ({job.start_time})")
# Deep trace analysis for a violation
for v in api.get_violated_rules("67890"):
if v.has_calltrace:
trace = api.get_calltrace_for_violation("67890", v)
print(f"{v.rule_name}: {trace.frame_count} calltrace frames")
if v.has_breadcrumbs:
bc = api.get_breadcrumbs_for_violation("67890", v)
print(f"{v.rule_name}: {bc.total_steps} breadcrumb steps")
Authentication
Authentication is selected automatically by environment — see
docs/authentication.rst for details:
| Environment | Mechanism |
|---|---|
| Interactive (default) | Cookie-based login via certora_login (prompts/uses stored credentials) |
CI (CI env var + AWS creds) |
AWS SigV4 via an OIDC role |
Local (use_local=True) |
None — reads local emv-* folders |
api = ProverOutputAPI() # interactive / CI (auto-detected)
api = ProverOutputAPI(use_local=True) # parse local emv-* folders, no auth
The legacy
CERTORAKEY/certora_key=path is deprecated and no longer the recommended way to authenticate.
Output Structure
Prefer the typed accessors — get_violated_rules(), get_all_checks(),
get_job_info(), get_calltrace(), get_breadcrumbs() — which return the
dataclasses defined in models.py
(CheckResult, JobInfo, CalltraceInfo, BreadcrumbInfo, …). The full API
reference is in docs/. The lower-level fetch_output() returns the
raw parsed dictionary for backward compatibility.
Error Handling
The API provides several custom exceptions:
ProverAPIError: Base exception for API errorsAuthenticationError: Authentication failedJobNotFoundError: Job not found or inaccessibleParseError: Failed to parse outputInvalidJobError: Invalid job input formatAPITimeoutError: API request timed out
from prover_output_utility import ProverOutputAPI
from prover_output_utility.exceptions import JobNotFoundError, AuthenticationError
api = ProverOutputAPI()
try:
result = api.fetch_output("invalid-job-id")
except JobNotFoundError:
print("Job not found")
except AuthenticationError:
print("Authentication failed - check your certora_login session")
Development
This repository holds the library/CLI code.
Code Quality
# Install development dependencies
pip install -e .[dev]
# Format code
black src/
isort src/
# Type-check
mypy src/prover_output_utility/ --ignore-missing-imports
License headers (REUSE)
uvx --from "reuse[charset-normalizer]" reuse lint
Building Documentation
ProverCLI uses Sphinx for generating official documentation:
# Install documentation dependencies
pip install sphinx sphinx-rtd-theme
# Build HTML documentation
make -C docs html
# View documentation
open docs/_build/html/index.html
The documentation includes:
- Complete API reference (auto-generated from docstrings)
- User guide and tutorials
- Usage examples
- Authentication setup
- CLI reference
- Caching documentation
See docs/README.md for detailed documentation build instructions.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file certora_prover_cli-0.1.0.tar.gz.
File metadata
- Download URL: certora_prover_cli-0.1.0.tar.gz
- Upload date:
- Size: 65.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
954aba1d9ec5db8e3f15e0e38768de7609c0f0e11a6a7efed7441c756c72d981
|
|
| MD5 |
3329e269a8499d626eb2ea8fb01a092a
|
|
| BLAKE2b-256 |
e72b74f10094265c2bb3ed9c246266534b7f01363d7ec5ff19038932086823f4
|
Provenance
The following attestation bundles were made for certora_prover_cli-0.1.0.tar.gz:
Publisher:
main.yml on Certora/ProverCLI
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
certora_prover_cli-0.1.0.tar.gz -
Subject digest:
954aba1d9ec5db8e3f15e0e38768de7609c0f0e11a6a7efed7441c756c72d981 - Sigstore transparency entry: 1862869904
- Sigstore integration time:
-
Permalink:
Certora/ProverCLI@49e55c3278b1d6a623044af207a195f83410a64b -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/Certora
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
main.yml@49e55c3278b1d6a623044af207a195f83410a64b -
Trigger Event:
push
-
Statement type:
File details
Details for the file certora_prover_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: certora_prover_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 78.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec7c6349cc3ede32f46c6d1cf63e73864dbfcd2d5b643aa526b685b861ccc205
|
|
| MD5 |
b18d25f944d97ea5992c0b6b2eb6840b
|
|
| BLAKE2b-256 |
37e71b6c307f7ddebb2d3b237966925dc60d5161c3ce6b2848939b82884e62d5
|
Provenance
The following attestation bundles were made for certora_prover_cli-0.1.0-py3-none-any.whl:
Publisher:
main.yml on Certora/ProverCLI
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
certora_prover_cli-0.1.0-py3-none-any.whl -
Subject digest:
ec7c6349cc3ede32f46c6d1cf63e73864dbfcd2d5b643aa526b685b861ccc205 - Sigstore transparency entry: 1862870064
- Sigstore integration time:
-
Permalink:
Certora/ProverCLI@49e55c3278b1d6a623044af207a195f83410a64b -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/Certora
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
main.yml@49e55c3278b1d6a623044af207a195f83410a64b -
Trigger Event:
push
-
Statement type: