Customer-facing CLI for Satsignal — anchor and verify files against the BSV-anchored notary.
Project description
satsignal-cli
Customer-facing CLI for Satsignal — anchor and verify files against the BSV-anchored notary.
Status: maintained — current release
0.5.0(pip install satsignal-cli). Standard-mode anchor + verify work end-to-end, including SPV chain-confirmation against a validated header store with TSC Merkle proofs (no single-explorer trust). Sealed bundles verify from the CLI. Sealed-mode anchoring and multi-proof (content_canonical,chunk_merkle) verification remain web-only — see scope limits.
Install
pip install satsignal-cli # Python 3.11+
pip install 'satsignal-cli[toml-py39]' # Python 3.9 / 3.10
Quickstart
satsignal login # paste your API key (sk_…)
satsignal anchor report.pdf # dry-run preview
satsignal anchor report.pdf --broadcast
# → writes report.pdf.mbnt next to the file
satsignal verify report.pdf
# → chain-confirms by default; exit 0 on success
Commands
| verb | purpose |
|---|---|
satsignal anchor <file> |
anchor a file; dry-run by default, writes <file>.mbnt on --broadcast |
satsignal verify <file> |
verify a file against its .mbnt sidecar; chain-confirms by default |
satsignal show <bundle> |
print receipt details (txid, mode, proofs, etc.) |
satsignal log |
list recent anchors from ~/.local/state/satsignal/anchors.jsonl |
satsignal login |
store API key in ~/.config/satsignal/credentials.toml |
satsignal folders |
list workspace folders |
Compatibility note (legacy
mattervocabulary):folderis the canonical name everywhere —--folder,SATSIGNAL_FOLDER, configfolder, wire keyfolder_slug. The legacy spellings still work but are no longer documented:--matteris a hidden alias of--folder(same destination; last flag wins),SATSIGNAL_MATTERand the configmatterkey are fallbacks read only when the canonical name is unset, andsatsignal mattersis a hidden alias ofsatsignal folders. JSON / jsonl output carries both canonical and legacy keys (folder/matter,proof_id/bundle_id,proof/receipt) so existing output parsers keep working. Since 0.5.0 the HTTP request sends the canonicalfolder_slugkey and the canonical/api/v1/foldersroute; response parsing still falls back to legacy keys, so self-hosted servers from the 2026-05 vocabulary-alias release onward work unchanged — older self-hosted servers need CLI ≤ 0.4.x.
Sidecar convention
satsignal anchor writes <file>.mbnt next to the source by default. Override with -o. satsignal verify looks for the sidecar in this order:
<file>.mbntdirectly next to the source.satsignal/<single-bundle>.mbntin the source's parent directory (only if there's exactly one — otherwise pass--bundleexplicitly)
This convention mirrors GPG's .asc / RFC 3161's .tsr — one file in, one receipt out, same directory.
Configuration
Reads (in order, first wins):
- Environment:
SATSIGNAL_API_KEY,SATSIGNAL_BASE_URL,SATSIGNAL_FOLDER,SATSIGNAL_PROOF_URL ~/.config/satsignal/credentials.toml(mode 600)- Defaults:
base_url = https://app.satsignal.cloud,proof_url = https://proof.satsignal.cloud,folder = inbox
The credentials file is plain TOML. folder is the canonical key
(satsignal login writes it since 0.5.0; a legacy matter key in an
existing file is still read as a fallback):
api_key = "sk_..."
base_url = "https://app.satsignal.cloud"
folder = "inbox"
Verify semantics
satsignal verify implements the conformant procedure from bundle-v1.md §7 in order:
- Open ZIP, parse
manifest.json/canonical.json/proofs.json(if present) - Cryptographic check (standard: SHA-256; sealed: HMAC-SHA256 with master salt)
doc_hashconsistency via JCS-canonical SHA-256- Chain confirmation — fetch raw tx, parse OP_RETURN MBNT payload, compare
doc_hash
Exit codes match bundle-v1.md §8:
| exit | class | meaning |
|---|---|---|
| 0 | VERIFIED / PENDING / OFFLINE | crypto + chain OK (PENDING = 0 confirmations; OFFLINE = chain skipped) |
| 1 | CRYPTO | bundle malformed or hashes don't match |
| 2 | CHAIN | bundle is valid but the on-chain anchor doesn't commit to this canonical doc |
| 3 | NETWORK | couldn't reach WhatsOnChain / Bitails |
| 4 | (auth) | API key missing or rejected (anchor flow only) |
| 5 | (bundle not found) | |
| 6 | VERSION | mbnt_version unsupported by this CLI |
PENDING returning exit 0 is intentional — satsignal verify && cp report.pdf out/ should succeed the moment the anchor is broadcast. Opt into stricter gating with --min-confirmations N.
Offline mode
satsignal verify --offline skips the chain check. The warning ("locally-fabricated bundles pass crypto-only checks") is non-suppressible — --quiet does not silence it. This matches the chain-confirm-by-default rule from the spec; making the chain check opt-in by default would invert the safety property the protocol exists to provide.
Current scope limits
- Sealed-mode anchoring. The CLI can verify sealed bundles, but can't produce them (requires client-side HKDF + HMAC + bundle assembly). Use sealed.satsignal.cloud to produce sealed bundles.
content_canonical/chunk_merkleverification. These require porting the verifier.html canonicalizers (text-norm-v1, json-jcs-v1, csv-norm-v1, etc.) to Python. The CLI flags their presence and points to the web verifier for now.- Manifest mode. Out of scope for the CLI; use the API or web UI.
--watch/--bulk. Single-file anchors only.
See also
- Bundle format spec: https://proof.satsignal.cloud/spec-bundle
- LangChain integration: https://github.com/Steleet/langchain-satsignal
- API docs: https://app.satsignal.cloud/docs
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file satsignal_cli-0.5.0.tar.gz.
File metadata
- Download URL: satsignal_cli-0.5.0.tar.gz
- Upload date:
- Size: 48.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c364df57c3b7fa10797536c8d84d2caf3a067c2a6fcf124a117aaa8a0262a2a1
|
|
| MD5 |
084cb4e8ecf15dc77bf6eeaa27c86703
|
|
| BLAKE2b-256 |
15da2ab0e1b4101b53299cf9d2c6b2034a6865be773fc0a80a2d79ce7caf87af
|
Provenance
The following attestation bundles were made for satsignal_cli-0.5.0.tar.gz:
Publisher:
publish.yml on Steleet/satsignal-cli
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
satsignal_cli-0.5.0.tar.gz -
Subject digest:
c364df57c3b7fa10797536c8d84d2caf3a067c2a6fcf124a117aaa8a0262a2a1 - Sigstore transparency entry: 1774788449
- Sigstore integration time:
-
Permalink:
Steleet/satsignal-cli@59321c977cd36f599f1c495c090d1aa1764cc167 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/Steleet
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@59321c977cd36f599f1c495c090d1aa1764cc167 -
Trigger Event:
release
-
Statement type:
File details
Details for the file satsignal_cli-0.5.0-py3-none-any.whl.
File metadata
- Download URL: satsignal_cli-0.5.0-py3-none-any.whl
- Upload date:
- Size: 36.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
71a414eb5f73623b3321db96e72423a2858c604173cd7ba172b5e344836ea744
|
|
| MD5 |
670cb4905a2aafec90feb58bee6b0e58
|
|
| BLAKE2b-256 |
a220ab9b34aa01d426566c7c238bd5b9c4db356c5e4cd23d7fe14bd6796aae1f
|
Provenance
The following attestation bundles were made for satsignal_cli-0.5.0-py3-none-any.whl:
Publisher:
publish.yml on Steleet/satsignal-cli
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
satsignal_cli-0.5.0-py3-none-any.whl -
Subject digest:
71a414eb5f73623b3321db96e72423a2858c604173cd7ba172b5e344836ea744 - Sigstore transparency entry: 1774788675
- Sigstore integration time:
-
Permalink:
Steleet/satsignal-cli@59321c977cd36f599f1c495c090d1aa1764cc167 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/Steleet
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@59321c977cd36f599f1c495c090d1aa1764cc167 -
Trigger Event:
release
-
Statement type: