Verify
CLI
Use the CLI for verification first. The rest of the commands are for packaging, discovery, and local evidence workflows.
Install
pip install primust-verify
pip install "primust[auto]"The standalone verifier is the main trust-minimized CLI path. The broader SDK package exposes the rest of the Primust CLI surface.
Two Command Surfaces
If you install only primust-verify, use the standalone primust-verify binary. If you install the broader SDK, you also get the primust command with pack, discovery, and analysis helpers.
Most Common Workflows
| If you want to... | Run this |
|---|---|
| Verify one VPEC locally | primust-verify vpec.json |
| Verify with an explicit trust root and no network | primust-verify vpec.json --trust-root key.pem |
| Create an Evidence Pack | primust pack create ... |
| Verify an Evidence Pack | primust pack verify pack.json |
| Inspect upstream chain or local coverage | primust upstream-chain ... or primust analyze-coverage ... |
Core Verification Commands
| Command | Use It For |
|---|---|
primust verify <file> |
Verify a VPEC artifact. |
primust verify-report <file.pdf> |
Verify a signed audit report. |
primust pack verify <pack.json> |
Verify an Evidence Pack. |
primust verify-package <incident.zip> |
Verify an incident package ZIP. |
primust verify vpec.json
primust verify vpec.json --trust-root key.pem
primust verify vpec.json --production
primust pack verify pack.json --trust-root key.pemprimust-verify vpec.json
primust-verify vpec.json --trust-root key.pemPack And Export Commands
| Command | Use It For |
|---|---|
primust pack create |
Assemble an Evidence Pack ZIP and optionally embed verify.html. |
primust pack incident |
Download an incident package for a run. |
primust export-activity |
Export activity records for a run. |
primust verify-activity |
Verify activity-chain material against the VPEC commitment. |
Discovery And Local Analysis
| Command | Use It For |
|---|---|
primust discover <path> |
Scan a codebase for governance decision points and manifest stubs. |
primust analyze-coverage |
Analyze governed versus ungoverned trace IDs against a local activity store. |
primust upstream-chain <file> |
Inspect upstream Primust lineage for a VPEC artifact. |
primust upgrade-manifest <file> |
Re-infer stage type and update a manifest file. |
The Average Developer Rule
Most developers do not need every CLI command. Start here:
- emit a VPEC from the runtime path
- run
primust verify - build an Evidence Pack if you need to share relying-party evidence
- use discovery or activity export only when you are debugging or expanding coverage
Next
If you are trying to decide how to emit the artifact in the first place, go back to SDKs & Adapters or Quickstart.