Protect CLI

The @truthlock/protect CLI lets creators and developers protect code, research, designs, and digital content from the terminal. Every protection creates a cryptographic proof of authorship anchored to the Truthlocks transparency log.

Installation

Install globally via npm, or run directly with npx:

# Install globally
npm install -g @truthlock/protect

# Or use npx (no install required)
npx @truthlock/protect --help

Requires Node.js 18 or later.

Authentication

You need a personal access token from your Truthlocks Verify account. Get one at verify.truthlocks.com/settings.

# Save token to ~/.truthlock/config.json
truthlock-protect login --token <your-token>

# Or use an environment variable
export TRUTHLOCK_TOKEN=<your-token>

Verify your authentication:

truthlock-protect whoami
#   Name:     Jane Doe
#   Email:    jane@example.com
#   Username: janedoe

Protecting Files

The protect command computes the SHA-256 hash of your file, mints a cryptographic attestation, and records it in the transparency log:

# Protect a single file
truthlock-protect protect ./src/main.ts

# With custom metadata
truthlock-protect protect ./paper.pdf \
  --title "My Research Paper v2" \
  --description "Final draft" \
  --category research

# Keep it private
truthlock-protect protect ./secret-design.fig --private

Available categories:

code — source code, scripts, configs
research — papers, datasets, experiments
design — Figma, Sketch, XD files
media — video, audio
digital-art — images, illustrations
writing — documents, articles
dataset — CSV, Parquet, Arrow
ai-output — AI-generated content
other — anything else

If you don't specify a category, the CLI will auto-detect based on file extension and MIME type.

Listing Protections

# List your recent protections
truthlock-protect list

# Output as JSON
truthlock-protect list --json

# Limit results
truthlock-protect list --limit 5

Verifying a Protection

# Verify by attestation ID
truthlock-protect verify att_k7x2m9...

CI/CD Integration

Protect artifacts automatically in your CI pipeline. Set TRUTHLOCK_TOKEN as a secret in your CI environment.

GitHub Actions

# .github/workflows/protect.yml
name: Protect on Release
on:
  release:
    types: [published]

jobs:
  protect:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - run: npx @truthlock/protect protect ./dist/bundle.js
        env:
          TRUTHLOCK_TOKEN: ${{ secrets.TRUTHLOCK_TOKEN }}

GitLab CI

protect:
  image: node:20
  script:
    - npx @truthlock/protect protect ./dist/bundle.js
  variables:
    TRUTHLOCK_TOKEN: $TRUTHLOCK_TOKEN

All Commands

Command	Description
`login --token <t>`	Save authentication token
`logout`	Remove stored token
`whoami`	Show current user
`protect <file>`	Protect a file
`list`	List protections
`verify <id>`	Verify an attestation

Configuration

The CLI stores configuration in ~/.truthlock/config.json. You can also override settings via environment variables:

Variable	Default	Description
`TRUTHLOCK_TOKEN`	`—`	Authentication token
`TRUTHLOCK_API_URL`	`https://api.truthlocks.com`	API base URL