For developers

Integrate C2PA verification into your pipeline.

CLI · JSON output · deterministic exit codes · zero runtime deps

Template in progress. The following is a scaffold for the developer reference. Canonical CLI flags, exit codes, and JSON schema will be populated from the upstream README once the CLI surface is locked (Milestone 3).

Install

Download the latest CLI binary from GitHub Releases, or build from source with Cargo.

# grab the latest CLI for your platform (macOS shown)
$ gh release download --repo CreativeMayhemLtd/provcheck --pattern 'provcheck-cli-macos-*.tar.gz'
$ tar -xzf provcheck-cli-macos-*.tar.gz
$ ./provcheck --version

Basic verification

Pass a file path. The CLI prints a human-readable summary by default, returning a platform-neutral exit code.

$ provcheck ./photo.jpg
Verified signer="Leica Camera AG" signed_at=2026-02-14T09:31:22Z
  tool: Leica M11 firmware 2.0.5
  claims: camera_capture, location_present, no_ai_edits

$ echo $?
0

JSON output (for pipelines)

Pass --json to emit a single JSON object to stdout. Stable schema, suitable for parsing in CI.

$ provcheck --json ./clip.mp4
{
  "verdict": "verified",
  "file": "./clip.mp4",
  "signer": {
    "name": "Creative Mayhem UG",
    "certificate_fingerprint": "sha256:...",
    "issued_by": "..."
  },
  "signed_at": "2026-04-11T17:02:55Z",
  "tool": "rAIdio.bot 0.9.3",
  "ai_model": "suno-bark-v2",
  "claims": ["ai_generated", "training_data_attested", "eu_ai_act_transparency"],
  "ingredients": [
    { "relationship": "parentOf", "title": "draft-v1.wav", "verified": true }
  ]
}

Full JSON schema published at docs/schema/verdict-v1.json in the repository.

Exit codes

Exit codes are the primary signal for CI — predictable and scripting-friendly.

Code	Meaning	When
`0`	Verified	Valid C2PA manifest, signature cryptographically intact.
`1`	Not verified	Manifest present but signature invalid, tampered, or malformed.
`2`	Unsigned	No C2PA manifest found. Not an error — just no claim to check.
`64`	Usage error	Bad flags or missing file argument.
`74`	I/O error	File unreadable, truncated, or not a recognised media container.

Common flags

--jsonEmit a JSON verdict object to stdout. Quiet on human-readable channels.
--quietSuppress non-essential output. Exit code is still authoritative.
--sidecarExplicitly point at a sidecar manifest (for formats that don't support embedded).
--trust-storeOverride the default trust list with a path to your own CA bundle.
--versionPrint version, commit, and build toolchain.

GitHub Actions example

# .github/workflows/provenance.yml
- name: Verify C2PA provenance
  run: |
    gh release download --repo CreativeMayhemLtd/provcheck --pattern 'provcheck-cli-linux-*.tar.gz'
    tar -xzf provcheck-cli-linux-*.tar.gz
    ./provcheck --json ./dist/release.mp4 | tee verdict.json
    test "$(jq -r .verdict verdict.json)" = "verified"

Library use

provcheck is built on the upstream c2pa-rs Rust crate maintained by Adobe under the Content Authenticity Initiative. If you're already in Rust and want verification logic inside your own code, use the crate directly. provcheck is a polished verifier surface, not a reinvention of the validation core.

Reporting bugs / contributing

Issues and pull requests on GitHub: github.com/CreativeMayhemLtd/provcheck. Contributions under Apache-2.0.