truestamp-cli

module

v0.1.5 Latest Latest Go to latest Published: Apr 14, 2026 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/truestamp/truestamp-cli

Links

Open Source Insights

README ¶

Truestamp CLI

Standalone Go CLI for cryptographic timestamping with Truestamp. Verifies Truestamp proof bundles end to end — user claims, hash chains, Merkle inclusion, Ed25519 signatures, and public-blockchain commitments — with no dependency on the Truestamp service.

Ships as a single static binary. No runtime required.

Install

Homebrew (macOS and Linux)

brew install truestamp/tap/truestamp-cli

Upgrades:

brew upgrade truestamp/tap/truestamp-cli

Go install

go install github.com/truestamp/truestamp-cli/cmd/truestamp@latest

Produces a binary at $GOBIN/truestamp (default ~/go/bin/truestamp). Requires Go 1.22 or newer.

The /cmd/truestamp suffix is required so the go toolchain names the binary truestamp rather than truestamp-cli (Go derives the binary name from the package path's last element).

Direct download

Grab the archive for your platform from the Releases page:

truestamp-cli_<version>_darwin_arm64.tar.gz — Apple Silicon
truestamp-cli_<version>_darwin_amd64.tar.gz — Intel Mac
truestamp-cli_<version>_linux_amd64.tar.gz
truestamp-cli_<version>_linux_arm64.tar.gz
truestamp-cli_<version>_windows_amd64.zip
truestamp-cli_<version>_windows_arm64.zip

Extract and place truestamp somewhere on your PATH. Verify checksums.txt with sha256sum -c before running.

Quick start

truestamp verify proof.json

Exit code 0 on success, 1 on failure or structural error.

Offline verification (no network calls to Truestamp, Stellar, or Bitcoin APIs):

truestamp verify proof.json --skip-external

Silent mode for scripting:

truestamp verify proof.json --output silent && echo valid || echo invalid

Other input sources:

truestamp verify https://example.com/proof.json   # URL
truestamp verify --file                            # Interactive file picker
truestamp verify --url                             # Interactive URL prompt
cat proof.json | truestamp verify                  # stdin pipe

Commands

truestamp verify [proof]     Verify a Truestamp proof bundle
truestamp config path        Print the config file path
truestamp config show        Print the resolved configuration (API key masked)
truestamp config init        Create a default config file
truestamp version            Print detailed build and runtime info
truestamp --version          Terse one-line version
truestamp completion <shell> Generate shell completions (bash, zsh, fish)

Run truestamp <command> --help for per-command flags.

Configuration

Settings are resolved in this order (later overrides earlier):

Compiled defaults
Config file (~/.config/truestamp/config.toml by default)
Environment variables (TRUESTAMP_*)
CLI flags

Global flags

Flag	Env var	Default
`--config`		`~/.config/truestamp/config.toml`
`--api-url`	`TRUESTAMP_API_URL`	`https://www.truestamp.com/api/json`
`--api-key`	`TRUESTAMP_API_KEY`
`--keyring-url`	`TRUESTAMP_KEYRING_URL`	`https://www.truestamp.com/.well-known/keyring.json`
`--http-timeout`	`TRUESTAMP_HTTP_TIMEOUT`	`10s`
`--no-color`	`NO_COLOR`	`false`

Verify-specific flags

Flag	Env var	Default
`--file [path]`
`--url [url]`
`--hash`
`--silent` / `-s`	`TRUESTAMP_VERIFY_SILENT`	`false`
`--json`	`TRUESTAMP_VERIFY_JSON`	`false`
`--skip-external`	`TRUESTAMP_VERIFY_SKIP_EXTERNAL`	`false`
`--skip-signatures`	`TRUESTAMP_VERIFY_SKIP_SIGNATURES`	`false`

What gets verified

Signing key against the published keyring
Proof structure (required fields, block reference)
Subject hash — claims hash (0x11), timestamp validation, item hash (0x13)
RFC 6962 Merkle inclusion proof against the block root
Block hash (0x32) derivation
Epoch proofs: block hash → each public-blockchain commitment root
Ed25519 proof signature over the binary payload
Temporal ordering (item submission before block)
Stellar commitment via Horizon API (memo + ledger)
Bitcoin commitment via local crypto (OP_RETURN, txid, partial Merkle tree) plus optional Blockstream API

Skipped selectively with --skip-external and --skip-signatures.

Development

This repo uses mise for tool versions and Task for the developer workflow.

mise install                 # Installs Go and GoReleaser from .tool-versions
task build                   # Build for current platform → build/truestamp
task test                    # Run all tests
task precommit               # fmt + vet + test + build-all
task release-snapshot        # Local GoReleaser dry-run → dist/

The Go module path is github.com/truestamp/truestamp-cli; releases are tagged vX.Y.Z and drive both the GitHub Release and the Homebrew Cask publication to truestamp/homebrew-tap via GoReleaser.

truestamp/truestamp-v2 — the Truestamp service that generates the proofs this CLI verifies.
truestamp/homebrew-tap — the Homebrew tap this CLI publishes to.

License

MIT. See LICENSE.

Directories ¶

Path	Synopsis
cmd
truestamp command
internal
bitcoin Package bitcoin provides BIP 37 partial merkle tree verification and thin wrappers around btcsuite/btcd for transaction and txoutproof parsing.	Package bitcoin provides BIP 37 partial merkle tree verification and thin wrappers around btcsuite/btcd for transaction and txoutproof parsing.
config
external
httpclient Package httpclient provides a shared HTTP client for all external API calls.	Package httpclient provides a shared HTTP client for all external API calls.
items Package items provides API operations for Truestamp items.	Package items provides API operations for Truestamp items.
proof
tscrypto
ui Package ui provides shared styling for the Truestamp CLI using lipgloss v2.	Package ui provides shared styling for the Truestamp CLI using lipgloss v2.
verify
version Package version provides build-time version information.	Package version provides build-time version information.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL