CLI Usage
The idprova CLI is the fastest way to work with the IDProva protocol. Generate keys, create agent identities, issue delegation tokens, inspect and verify tokens, and check audit receipt integrity — all from your terminal.
Installation
Section titled “Installation”cargo install idprova-cligit clone https://github.com/techblaze-au/idprova.gitcd idprovacargo install --path crates/idprova-clidocker pull techblaze/idprova:latestdocker run --rm techblaze/idprova idprova --helpCommon Workflows
Section titled “Common Workflows”Create an Agent Identity (End-to-End)
Section titled “Create an Agent Identity (End-to-End)”-
Generate a keypair
Terminal window idprova keygen --output ~/.idprova/keys/alice.keyOutputs the hex-encoded secret key and multibase public key.
-
Create an AID
Terminal window idprova aid create \--id "did:idprova:example.com:my-agent" \--name "My Agent" \--controller "did:idprova:example.com:alice" \--model "anthropic/claude-opus-4" \--runtime "custom/v1.0" \--key ~/.idprova/keys/alice.keyOutputs the signed AID (W3C DID Document) as JSON.
-
Verify the AID
Terminal window idprova aid verify my-agent-aid.jsonValidates the document structure, key formats, and metadata fields.
Issue and Verify Delegation Tokens
Section titled “Issue and Verify Delegation Tokens”# Issue a scoped delegation token (24 hour expiry)idprova dat issue \ --issuer "did:idprova:example.com:alice" \ --subject "did:idprova:example.com:my-agent" \ --scope "mcp:tool:*:read,mcp:resource:docs:write" \ --expires-in "24h" \ --key ~/.idprova/keys/alice.key
# Verify a DAT (checks timing and claims)idprova dat verify "eyJhbGciOiJFZERTQSIs..."
# Inspect a DAT without verifying (decode and pretty-print)idprova dat inspect "eyJhbGciOiJFZERTQSIs..."Verify Audit Receipts
Section titled “Verify Audit Receipts”# Verify the hash chain integrity of a receipt logidprova receipt verify receipts.jsonl
# Show receipt statistics (action types, entry counts)idprova receipt stats receipts.jsonlCommand Reference
Section titled “Command Reference”| Command | Description |
|---|---|
idprova keygen | Generate an Ed25519 keypair |
idprova aid create | Build and sign an AID document |
idprova aid verify | Validate an AID from a JSON file |
idprova aid resolve | Resolve an AID from a registry |
idprova dat issue | Issue a signed delegation token |
idprova dat verify | Verify DAT timing and claims |
idprova dat inspect | Decode and pretty-print a DAT |
idprova receipt verify | Verify receipt hash chain integrity |
idprova receipt stats | Show receipt log statistics |
See CLI Commands Reference for full option documentation.
Environment Variables
Section titled “Environment Variables”| Variable | Default | Description |
|---|---|---|
IDPROVA_REGISTRY | registry.idprova.dev | Registry server URL |
IDPROVA_KEY_DIR | ~/.idprova/keys/ | Default key storage directory |
CI/CD Integration
Section titled “CI/CD Integration”The CLI works well in CI pipelines for automated identity and token management:
# GitHub Actions example- name: Verify agent identity run: idprova aid verify agent-identity.json
- name: Verify delegation chain run: idprova dat verify "$DAT_TOKEN"
- name: Check receipt integrity run: idprova receipt verify receipts.jsonlNext Steps
Section titled “Next Steps”- CLI Commands Reference — Full command and flag documentation
- Running a Registry — Set up your own IDProva registry
- Quick Start — Guided walkthrough with the CLI