Skip to main content

A Python API and CLI for parsing outputs from the Certora Prover

Project description

ProverCLI

CI Python 3.12+ License: GPL v3

A Python API and CLI for parsing outputs from the Certora Prover. This utility provides an easy-to-use interface for fetching and parsing prover verification results using either job URLs or job IDs.

Distributed on PyPI as certora-prover-cli; the Python import package is prover_output_utility (e.g. from prover_output_utility import ProverOutputAPI).

Documentation

📖 Full Sphinx documentation lives in docs/ — build it locally with make -C docs html (see docs/README.md).

The documentation includes:

  • Complete API reference with all methods and classes
  • Quick start guide and tutorials
  • Usage examples and best practices
  • CLI reference
  • Authentication setup
  • Caching documentation

Features

  • Flexible Input: Accepts job URLs (format: /output/user_id/job_id), job IDs, and local emv-* folders
  • Authentication: Interactive cookie-based login via certora_login; AWS SigV4 in CI; no auth for local folders
  • Comprehensive Parsing: Extracts job info, verification results, rule details, calltraces, breadcrumbs, and statistics
  • Error Handling: Robust error handling with custom exceptions
  • Type Safety: Full type hints and typed dataclass results

Installation

As a CLI tool (recommended for end users)

Install via uv — each tool gets its own isolated venv, with one-command upgrade and uninstall:

# One-time uv install (skip if already installed)
curl -LsSf https://astral.sh/uv/install.sh | sh

# Install from PyPI
uv tool install certora-prover-cli

# Upgrade / uninstall
uv tool upgrade certora-prover-cli
uv tool uninstall certora-prover-cli

Or with pip: pip install certora-prover-cli.

Local development install

git clone https://github.com/Certora/ProverCLI.git
cd ProverCLI
pip install -e .

As a dependency in another Python project

# pyproject.toml
dependencies = [
    "certora-prover-cli",
]
# requirements.txt
certora-prover-cli

Quick Start

Command Line Interface

After installation, you can use the prover-cli command:

# Get violated rules from a job (using job_id, not user_id)
prover-cli --job-id 67890
prover-cli --job-url "https://prover.certora.com/output/12345/67890/..."

# Save output to a file
prover-cli --job-id 67890 --output violations.json

# Get only job status
prover-cli --job-id 67890 --status-only

# Output as JSON
prover-cli --job-id 67890 --format json

Using as a Python Package

Data-fetching methods return typed dataclasses (see models.py), so results are accessed by attribute, not dict keys:

from prover_output_utility import ProverOutputAPI

# Initialize the API (interactive cookie-based auth via certora_login)
api = ProverOutputAPI()

# Accepts a job URL (format: /output/user_id/job_id), a job ID, or a local emv-* path
violations = api.get_violated_rules("67890")
for v in violations:                       # each v is a CheckResult
    print(f"{v.rule_name} ({v.method_name}): {v.assert_message}")
    if v.source_location:
        print(f"  at {v.source_location}")  # file:line

# Job status without fetching full output
status = api.get_job_status("67890")        # JobStatus enum
print(f"Job status: {status}")

Integration Example

from prover_output_utility import ProverOutputAPI
from prover_output_utility.exceptions import ProverAPIError


class VerificationAnalyzer:
    def __init__(self):
        self.api = ProverOutputAPI()

    def analyze_job(self, job_input):
        try:
            all_checks = self.api.get_all_checks(job_input)
            violations = [c for c in all_checks if c.is_violated]
            if violations:
                return {
                    "status": "failed",
                    "summary": f"{len(violations)}/{len(all_checks)} checks failed",
                    "violations": violations,
                }
            return {"status": "passed", "summary": f"All {len(all_checks)} checks passed"}
        except ProverAPIError as e:
            return {"status": "error", "error": str(e)}


result = VerificationAnalyzer().analyze_job("67890")  # job_id, not user_id
print(result)

Advanced Usage

# List recent jobs (returns JobInfo objects)
for job in api.list_recent_jobs(limit=5):
    print(f"Job {job.job_id}: {job.status} ({job.start_time})")

# Deep trace analysis for a violation
for v in api.get_violated_rules("67890"):
    if v.has_calltrace:
        trace = api.get_calltrace_for_violation("67890", v)
        print(f"{v.rule_name}: {trace.frame_count} calltrace frames")
    if v.has_breadcrumbs:
        bc = api.get_breadcrumbs_for_violation("67890", v)
        print(f"{v.rule_name}: {bc.total_steps} breadcrumb steps")

Authentication

Authentication is selected automatically by environment — see docs/authentication.rst for details:

Environment Mechanism
Interactive (default) Cookie-based login via certora_login (prompts/uses stored credentials)
CI (CI env var + AWS creds) AWS SigV4 via an OIDC role
Local (use_local=True) None — reads local emv-* folders
api = ProverOutputAPI()                 # interactive / CI (auto-detected)
api = ProverOutputAPI(use_local=True)   # parse local emv-* folders, no auth

The legacy CERTORAKEY / certora_key= path is deprecated and no longer the recommended way to authenticate.

Output Structure

Prefer the typed accessors — get_violated_rules(), get_all_checks(), get_job_info(), get_calltrace(), get_breadcrumbs() — which return the dataclasses defined in models.py (CheckResult, JobInfo, CalltraceInfo, BreadcrumbInfo, …). The full API reference is in docs/. The lower-level fetch_output() returns the raw parsed dictionary for backward compatibility.

Error Handling

The API provides several custom exceptions:

  • ProverAPIError: Base exception for API errors
  • AuthenticationError: Authentication failed
  • JobNotFoundError: Job not found or inaccessible
  • ParseError: Failed to parse output
  • InvalidJobError: Invalid job input format
  • APITimeoutError: API request timed out
from prover_output_utility import ProverOutputAPI
from prover_output_utility.exceptions import JobNotFoundError, AuthenticationError

api = ProverOutputAPI()

try:
    result = api.fetch_output("invalid-job-id")
except JobNotFoundError:
    print("Job not found")
except AuthenticationError:
    print("Authentication failed - check your certora_login session")

Development

This repository holds the library/CLI code.

Code Quality

# Install development dependencies
pip install -e .[dev]

# Format code
black src/
isort src/

# Type-check
mypy src/prover_output_utility/ --ignore-missing-imports

License headers (REUSE)

uvx --from "reuse[charset-normalizer]" reuse lint

Building Documentation

ProverCLI uses Sphinx for generating official documentation:

# Install documentation dependencies
pip install sphinx sphinx-rtd-theme

# Build HTML documentation
make -C docs html

# View documentation
open docs/_build/html/index.html

The documentation includes:

  • Complete API reference (auto-generated from docstrings)
  • User guide and tutorials
  • Usage examples
  • Authentication setup
  • CLI reference
  • Caching documentation

See docs/README.md for detailed documentation build instructions.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certora_prover_cli-0.1.0.tar.gz (65.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

certora_prover_cli-0.1.0-py3-none-any.whl (78.4 kB view details)

Uploaded Python 3

File details

Details for the file certora_prover_cli-0.1.0.tar.gz.

File metadata

  • Download URL: certora_prover_cli-0.1.0.tar.gz
  • Upload date:
  • Size: 65.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for certora_prover_cli-0.1.0.tar.gz
Algorithm Hash digest
SHA256 954aba1d9ec5db8e3f15e0e38768de7609c0f0e11a6a7efed7441c756c72d981
MD5 3329e269a8499d626eb2ea8fb01a092a
BLAKE2b-256 e72b74f10094265c2bb3ed9c246266534b7f01363d7ec5ff19038932086823f4

See more details on using hashes here.

Provenance

The following attestation bundles were made for certora_prover_cli-0.1.0.tar.gz:

Publisher: main.yml on Certora/ProverCLI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file certora_prover_cli-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for certora_prover_cli-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ec7c6349cc3ede32f46c6d1cf63e73864dbfcd2d5b643aa526b685b861ccc205
MD5 b18d25f944d97ea5992c0b6b2eb6840b
BLAKE2b-256 37e71b6c307f7ddebb2d3b237966925dc60d5161c3ce6b2848939b82884e62d5

See more details on using hashes here.

Provenance

The following attestation bundles were made for certora_prover_cli-0.1.0-py3-none-any.whl:

Publisher: main.yml on Certora/ProverCLI

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page