CLI Tool
The certivu CLI lets you sign and verify AI-generated content directly from the terminal — suited for shell scripts, CI pipelines, and quick manual testing.
Install
Section titled “Install”Via npm (recommended):
npm install -g @certivu/cliVia Bun:
bun install -g @certivu/cliVia install script (installs npm package automatically):
curl -fsSL https://certivu.ai/install.sh | shVerify the install:
certivu --version # 1.2.0Configuration
Section titled “Configuration”The CLI reads config from three sources in priority order:
- CLI flags (highest priority) —
--api-key,--generator-id - Environment variables —
CERTIVU_API_KEY,CERTIVU_GENERATOR_ID - Config file —
~/.config/certivu/config.json
Set persistent config with certivu config set:
certivu config set api-key ctv_key_abc123certivu config set generator-id your-generator-uuid
certivu config get # show current configCommands
Section titled “Commands”certivu sign
Section titled “certivu sign”Upload an image for server-side watermarking and signing. The API returns the watermarked image which is written to disk.
certivu sign ./output.jpg --model stable-diffusion-xl✓ Signed Token ctv_7f3kx9mq2... Record ID rec-00000000-... Output ./output.signed.jpgFlags:
| Flag | Description |
|---|---|
--model <name> | AI model name — required |
--generator-id <id> | Override generator ID from config |
--output <path> | Output path for watermarked image (default: <file>.signed.<ext>) |
--api-key <key> | Override API key from config |
--base-url <url> | Override API base URL |
certivu verify
Section titled “certivu verify”Verify content authenticity. Free — no API key required.
certivu verify ./image.jpgToken is extracted automatically from XMP metadata or frequency-domain watermark. Pass --token to skip extraction:
certivu verify ./image.jpg --token ctv_7f3kx9mq2...Authentic:
✓ Authentic — HIGH confidence Org Acme AI Model stable-diffusion-xl Signed 2026-06-07T12:00:00Z Source watermark
Signals: watermark ✓ record ✓ signature ✓Not verified:
✗ Not verified — no_provenance_found Absence of provenance does not imply human origin.
Signals: watermark ✗ record ✗ signature ✗Tampered:
✗ Tampered — content has been modified since signing
Signals: watermark ✓ record ✓ signature ✗certivu status
Section titled “certivu status”Lightweight token metadata lookup — no image upload needed. CDN-cacheable.
certivu status ctv_7f3kx9mq2...✓ Active Record rec-00000000-... Model stable-diffusion-xl Signed 2026-06-07T12:00:00Z Generator active Org org-00000000-...Use this to check if a token is still valid before embedding it, or to display provenance metadata without re-verifying the image.
certivu config
Section titled “certivu config”certivu config get # show all config valuescertivu config set api-key ... # save a valueValid keys: api-key, generator-id, base-url.
Environment variables
Section titled “Environment variables”| Variable | Description |
|---|---|
CERTIVU_API_KEY | Your ctv_key_... API key |
CERTIVU_GENERATOR_ID | Default generator UUID |
CERTIVU_BASE_URL | Override API URL (default: https://api.certivu.ai) |
CI usage
Section titled “CI usage”# GitHub Actions example- name: Sign AI output env: CERTIVU_API_KEY: ${{ secrets.CERTIVU_API_KEY }} CERTIVU_GENERATOR_ID: ${{ secrets.CERTIVU_GENERATOR_ID }} run: | curl -fsSL https://certivu.ai/install.sh | sh certivu sign ./output.jpg --model my-model # watermarked image written to ./output.signed.jpgGitHub Releases
Section titled “GitHub Releases”All release binaries are available at github.com/certivu/certivu/releases:
| Binary | Platform |
|---|---|
certivu-linux-x64 | Linux x86-64 |
certivu-macos-x64 | macOS Intel |
certivu-macos-arm64 | macOS Apple Silicon |