Skip to main content

Customer-facing CLI for Satsignal — anchor and verify files against the BSV-anchored notary.

Project description

satsignal-cli

Customer-facing CLI for Satsignal — anchor and verify files against the BSV-anchored notary.

Status: maintained — current release 0.3.2 (pip install satsignal-cli). Standard-mode anchor + verify work end-to-end, including SPV chain-confirmation against a validated header store with TSC Merkle proofs (no single-explorer trust). Sealed bundles verify from the CLI. Sealed-mode anchoring and multi-proof (content_canonical, chunk_merkle) verification remain web-only — see scope limits.

Install

pip install satsignal-cli                # Python 3.11+
pip install 'satsignal-cli[toml-py39]'   # Python 3.9 / 3.10

Quickstart

satsignal login                       # paste your API key (sk_…)
satsignal anchor report.pdf           # dry-run preview
satsignal anchor report.pdf --broadcast
# → writes report.pdf.mbnt next to the file
satsignal verify report.pdf
# → chain-confirms by default; exit 0 on success

Commands

verb purpose
satsignal anchor <file> anchor a file; dry-run by default, writes <file>.mbnt on --broadcast
satsignal verify <file> verify a file against its .mbnt sidecar; chain-confirms by default
satsignal show <bundle> print receipt details (txid, mode, proofs, etc.)
satsignal log list recent anchors from ~/.local/state/satsignal/anchors.jsonl
satsignal login store API key in ~/.config/satsignal/credentials.toml
satsignal folders list workspace folders
satsignal matters legacy alias of satsignal folders (still supported)

Vocabulary: folder is the preferred public name; matter is a frozen legacy alias and keeps working forever. --folder / SATSIGNAL_FOLDER / config folder are accepted alongside --matter / SATSIGNAL_MATTER / config matter. If both are set to different values the command fails loudly; equal or single is fine. JSON / jsonl output now carries both folder and matter (and proof/receipt, proof_id/bundle_id). The HTTP request to the Satsignal API still sends the frozen matter_slug key, so older / self-hosted servers keep working unchanged.

Sidecar convention

satsignal anchor writes <file>.mbnt next to the source by default. Override with -o. satsignal verify looks for the sidecar in this order:

  1. <file>.mbnt directly next to the source
  2. .satsignal/<single-bundle>.mbnt in the source's parent directory (only if there's exactly one — otherwise pass --bundle explicitly)

This convention mirrors GPG's .asc / RFC 3161's .tsr — one file in, one receipt out, same directory.

Configuration

Reads (in order, first wins):

  1. Environment: SATSIGNAL_API_KEY, SATSIGNAL_BASE_URL, SATSIGNAL_FOLDER (or legacy SATSIGNAL_MATTER), SATSIGNAL_PROOF_URL
  2. ~/.config/satsignal/credentials.toml (mode 600)
  3. Defaults: base_url = https://app.satsignal.cloud, proof_url = https://proof.satsignal.cloud, folder = inbox

The credentials file is plain TOML. folder is the preferred key; matter still works as a legacy alias (satsignal login continues to write matter for back-compat with older CLI versions):

api_key  = "sk_..."
base_url = "https://app.satsignal.cloud"
folder   = "inbox"   # or legacy:  matter = "inbox"

Verify semantics

satsignal verify implements the conformant procedure from bundle-v1.md §7 in order:

  1. Open ZIP, parse manifest.json / canonical.json / proofs.json (if present)
  2. Cryptographic check (standard: SHA-256; sealed: HMAC-SHA256 with master salt)
  3. doc_hash consistency via JCS-canonical SHA-256
  4. Chain confirmation — fetch raw tx, parse OP_RETURN MBNT payload, compare doc_hash

Exit codes match bundle-v1.md §8:

exit class meaning
0 VERIFIED / PENDING / OFFLINE crypto + chain OK (PENDING = 0 confirmations; OFFLINE = chain skipped)
1 CRYPTO bundle malformed or hashes don't match
2 CHAIN bundle is valid but the on-chain anchor doesn't commit to this canonical doc
3 NETWORK couldn't reach WhatsOnChain / Bitails
4 (auth) API key missing or rejected (anchor flow only)
5 (bundle not found)
6 VERSION mbnt_version unsupported by this CLI

PENDING returning exit 0 is intentional — satsignal verify && cp report.pdf out/ should succeed the moment the anchor is broadcast. Opt into stricter gating with --min-confirmations N.

Offline mode

satsignal verify --offline skips the chain check. The warning ("locally-fabricated bundles pass crypto-only checks") is non-suppressible — --quiet does not silence it. This matches the chain-confirm-by-default rule from the spec; making the chain check opt-in by default would invert the safety property the protocol exists to provide.

Current scope limits

  • Sealed-mode anchoring. The CLI can verify sealed bundles, but can't produce them (requires client-side HKDF + HMAC + bundle assembly). Use sealed.satsignal.cloud to produce sealed bundles.
  • content_canonical / chunk_merkle verification. These require porting the verifier.html canonicalizers (text-norm-v1, json-jcs-v1, csv-norm-v1, etc.) to Python. The CLI flags their presence and points to the web verifier for now.
  • Manifest mode. Out of scope for the CLI; use the API or web UI.
  • --watch / --bulk. Single-file anchors only.

See also

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

satsignal_cli-0.4.0.tar.gz (44.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

satsignal_cli-0.4.0-py3-none-any.whl (35.6 kB view details)

Uploaded Python 3

File details

Details for the file satsignal_cli-0.4.0.tar.gz.

File metadata

  • Download URL: satsignal_cli-0.4.0.tar.gz
  • Upload date:
  • Size: 44.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for satsignal_cli-0.4.0.tar.gz
Algorithm Hash digest
SHA256 f79a36316d5ff847f341fe2e3e2c23d4612d684b6cdf77171bf1e13bbc719e27
MD5 770a2a64d5c71ef3183eb4266d6b97cc
BLAKE2b-256 41e91c6af4c16df80f79418f6fae0abdba5d36d1a2d888c7ca45c8979e1a2d06

See more details on using hashes here.

File details

Details for the file satsignal_cli-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: satsignal_cli-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 35.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for satsignal_cli-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2fcaf15ecb237413014a5d582264c2c62534a4b56192795a3b9a817bdb0f20ed
MD5 a6e9bff9fdc39ff9284aa91911a423a8
BLAKE2b-256 69357b2088087e166978fc4039e0486168652aaa6ae5b1e1d76a567fc3e0ae38

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page