CLI Reference
The Glacis CLI provides command-line tools for verifying attestation receipts. It is included automatically when you install the SDK.
Installation
Section titled “Installation”pip install glacisCommands
Section titled “Commands”Verify a Receipt
Section titled “Verify a Receipt”Verify a receipt file and check its cryptographic validity:
python -m glacis verify receipt.jsonFlags:
| Flag | Default | Description |
|---|---|---|
--base-url | https://api.glacis.io | API base URL for online verification |
Example: specify a custom API endpoint:
python -m glacis verify receipt.json --base-url https://api.staging.glacis.ioExample output (valid online receipt):
Receipt: att_abc123def456...Type: Online
Status: VALID Signature: PASS Merkle proof: PASSExample output (valid offline receipt):
Receipt: oatt_xyz789...Type: Offline
Status: VALID Signature: PASSExample output (invalid receipt):
Receipt: att_abc123...Type: Online
Status: INVALID Error: Signature verification failedReceipt File Format
Section titled “Receipt File Format”The CLI expects a JSON file containing the attestation object. You can produce this file by calling receipt.model_dump() in your code.
{ "id": "att_abc123...", "operation_id": "550e8400-e29b-41d4-a716-446655440000", "operation_sequence": 0, "service_id": "my-service", "operation_type": "inference", "evidence_hash": "a1b2c3d4e5f6...", "public_key": "ed25519pubkeyhex...", "signature": "ed25519signaturehex...", "timestamp": 1706886000000, "is_offline": false}{ "id": "oatt_xyz789...", "operation_id": "550e8400-e29b-41d4-a716-446655440000", "operation_sequence": 0, "service_id": "local-dev", "operation_type": "inference", "evidence_hash": "a1b2c3d4e5f6...", "public_key": "ed25519pubkeyhex...", "signature": "ed25519signaturehex...", "timestamp": 1706886000000, "is_offline": true}Saving Receipts for CLI Verification
Section titled “Saving Receipts for CLI Verification”from glacis import Glacisimport jsonimport os
# Online modeglacis = Glacis(api_key=os.environ["GLACIS_API_KEY"])
receipt = glacis.attest( service_id="my-service", operation_type="inference", input={"prompt": "test"}, output={"response": "result"},)
# Save to filewith open("receipt.json", "w") as f: json.dump(receipt.model_dump(), f, indent=2, default=str)
# Verify from command line:# python -m glacis verify receipt.jsonFor offline mode, make sure to include signing_seed:
from glacis import Glacisimport jsonimport os
glacis = Glacis(mode="offline", signing_seed=os.urandom(32))
receipt = glacis.attest( service_id="dev-testing", operation_type="inference", input={"prompt": "test"}, output={"response": "result"},)
with open("receipt.json", "w") as f: json.dump(receipt.model_dump(), f, indent=2, default=str)Exit Codes
Section titled “Exit Codes”| Code | Meaning |
|---|---|
0 | Receipt is valid |
1 | Receipt is invalid, verification failed, file not found, or invalid JSON |
Use Cases
Section titled “Use Cases”CI/CD Verification
Section titled “CI/CD Verification”- name: Verify attestation run: | python -m glacis verify receipt.json if [ $? -ne 0 ]; then echo "Attestation verification failed!" exit 1 fiBatch Verification
Section titled “Batch Verification”#!/bin/bashfor receipt in receipts/*.json; do echo "Verifying $receipt..." python -m glacis verify "$receipt" if [ $? -ne 0 ]; then echo "FAILED: $receipt" exit 1 fidoneecho "All receipts verified!"