{
  "schemaVersion": "1.0",
  "item": {
    "slug": "vouch-cli",
    "name": "Vouch",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/jackpmorgan/vouch-cli",
    "canonicalUrl": "https://clawhub.ai/jackpmorgan/vouch-cli",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/vouch-cli",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=vouch-cli",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "config.json",
      "README.md",
      "SKILL.md",
      "examples/sign-output.json",
      "examples/send-output.json",
      "examples/account-usage.json"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-07T17:22:31.273Z",
      "expiresAt": "2026-05-14T17:22:31.273Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report",
        "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/vouch-cli"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/vouch-cli",
    "agentPageUrl": "https://openagent3.xyz/skills/vouch-cli/agent",
    "manifestUrl": "https://openagent3.xyz/skills/vouch-cli/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/vouch-cli/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Vouch CLI",
        "body": "Vouch provides verifiable identity for AI agents on Base. Agents create an identity wallet, connect a social account (X or GitHub) to create their API account, optionally link additional identities (including DNS), and delegate short-lived runtime keys. Messages are signed as EIP-712 envelopes and verified against the VouchHub smart contract via direct RPC reads.\n\nAccount (OAuth + API key) ──manages──> Wallet (identity)\n                                            │\n       ┌────────────────────────────────────┤\n       ▼                                    ▼\n  Linked Identities                  Runtime Key (delegated, scoped)\n  (X, GitHub, DNS)                         │\n                                           └──sign──> Envelope (EIP-712)\n                                                           │\n                              Recipient ──verify──> VouchHub (RPC)\n                                                           │\n                                                    ✓ signer → wallet → linked identities"
      },
      {
        "title": "Install",
        "body": "curl -fsSL https://vouch.directory/install.sh | bash\n\nVerify: vouch --version"
      },
      {
        "title": "Global flags",
        "body": "--json — JSON output (auto-enabled when piped)\n--config <path> — Config file (default ~/.vouch/config.toml)\n--network <base-sepolia|base> — Network override"
      },
      {
        "title": "Full setup wizard",
        "body": "vouch init walks through complete onboarding: generate a wallet, connect a social account (X or GitHub) which creates your API account and links your identity, then delegate a runtime key.\n\nvouch init\n\nThe init flow:\n\nGenerate wallet — creates a new identity keypair stored locally at ~/.vouch/keys/\nSave config — writes ~/.vouch/config.toml with network defaults\nConnect account — opens browser for X or GitHub OAuth, which creates your API account (provides API key) and links your identity on-chain\nDelegate runtime key — creates a 24-hour signing key for your agent\n\nRe-initialize an existing setup:\n\nvouch init --force\n\nThis is the recommended first command. It handles everything needed to start signing and verifying messages."
      },
      {
        "title": "Log in on a new machine",
        "body": "Set an existing API key:\n\nvouch login --api-key vk_...\n\nFlags: --api-key <vk_...> (required). Validates against the API before saving."
      },
      {
        "title": "Link identities",
        "body": "Vouch supports three identity providers. Each links a social account or domain to your onchain wallet."
      },
      {
        "title": "Link X (Twitter)",
        "body": "Interactive mode opens the browser for OAuth:\n\nvouch link-x\n\nPipe mode for scripting:\n\nvouch --json link-x --wallet-key 0xKEY --attestation '{\"provider\":1,...}'\n\nFlags: --wallet-key <hex>, --attestation <json>"
      },
      {
        "title": "Link GitHub",
        "body": "vouch link-github\n\nPipe mode:\n\nvouch --json link-github --wallet-key 0xKEY --attestation '{\"provider\":2,...}'\n\nFlags: --wallet-key <hex>, --attestation <json>"
      },
      {
        "title": "Link a domain via DNS",
        "body": "Link a domain to your wallet. Requires an existing API account (created via vouch init), since DNS alone cannot verify user identity for account creation.\n\nInteractive mode requests a DNS challenge, shows the TXT record to add, then verifies:\n\nvouch link-dns\n\nPipe mode:\n\nvouch --json link-dns --wallet-key 0xKEY --domain example.com\n\nFlags: --wallet-key <hex>, --domain <domain>"
      },
      {
        "title": "Revoke a linked identity",
        "body": "vouch --json revoke-link --wallet-key 0xKEY --provider x\n\nFlags: --wallet-key <hex> (required), --provider <x|github|dns> (required)"
      },
      {
        "title": "Sign outbound messages",
        "body": "Wrap any JSON payload in a signed EIP-712 envelope:\n\nvouch --json sign --payload '{\"msg\":\"hello from agent\"}'\n\nPipe payload via stdin:\n\necho '{\"task\":\"summarize\",\"doc_id\":\"abc\"}' | vouch --json sign\n\nWith explicit runtime key and custom expiry:\n\nvouch --json sign --key 0xRUNTIME_KEY --payload '{\"msg\":\"hello\"}' --expiry 1h\n\nOutput:\n\n{\n  \"envelope\": {\n    \"v\": 1,\n    \"agent_id\": \"0x...\",\n    \"signer\": \"0x...\",\n    \"ts\": 1760000000,\n    \"exp\": 1760003600,\n    \"nonce\": \"0xa1b2c3d4e5f6\",\n    \"payload_hash\": \"0x...\",\n    \"sig\": \"0x...\"\n  },\n  \"payload\": {\"msg\": \"hello from agent\"}\n}\n\nFlags: --payload '<json>' (or stdin), --key <address>, --scope <text>, --expiry <duration>"
      },
      {
        "title": "Verify inbound messages",
        "body": "Checks signature, expiry, nonce replay, payload hash, delegation status, and allowlist:\n\necho \"$SIGNED_JSON\" | vouch --json verify\n\nFrom explicit JSON:\n\nvouch --json verify --envelope '{\"envelope\":{...},\"payload\":{...}}'\n\nFrom a remote endpoint:\n\nvouch --json verify --url https://agent.example.com/latest-signed\n\nOutput:\n\n{\n  \"valid\": true,\n  \"signer\": \"0x...\",\n  \"identities\": [\n    {\"provider\": 1, \"provider_label\": \"alice\"},\n    {\"provider\": 2, \"provider_label\": \"alice-gh\"}\n  ],\n  \"scope\": \"messaging\",\n  \"scope_matched\": true,\n  \"failure_reason\": \"\",\n  \"allowlist_checked\": false,\n  \"allowlist_skipped\": false,\n  \"checked_at\": \"2026-02-23T12:00:00Z\"\n}\n\nThe failure_reason field explains why verification failed when valid is false. The identities array lists all linked identities for the signer.\n\nFlags: --envelope '<json>', --url <endpoint>, --skip-allowlist"
      },
      {
        "title": "Send verified messages",
        "body": "Sign a payload and POST it to another agent's endpoint:\n\nvouch --json send --payload '{\"task\":\"summarize\",\"doc_id\":\"abc\"}' --url https://agent.example.com/vouch\n\nResolve the endpoint from the onchain directory by wallet:\n\nvouch --json send --payload '{\"task\":\"deploy\"}' --wallet 0xTARGET_WALLET\n\nPipe payload via stdin:\n\necho '{\"task\":\"analyze\"}' | vouch --json send --url https://agent.example.com/vouch\n\nOutput:\n\n{\n  \"endpoint\": \"https://agent.example.com/vouch\",\n  \"accepted\": true,\n  \"message\": \"task received\",\n  \"error\": \"\"\n}\n\nFlags: --payload '<json>' (or stdin), --url <endpoint> or --wallet <address> (mutually exclusive), --key <address>, --scope <text>, --expiry <duration> (default 1h)"
      },
      {
        "title": "Receive verified messages",
        "body": "Run an HTTP server that accepts, verifies, and processes signed envelopes:\n\nvouch receive --port 8080 --handler ./process.sh\n\nWith allowlist enforcement and rate limiting:\n\nvouch receive --port 8080 --handler ./process.sh --allowlist --rate-limit 10\n\nThe server listens on /vouch and / (POST only). Each incoming message is verified cryptographically before being passed to the handler.\n\nHandler input (JSON on stdin):\n\n{\n  \"sender\": {\n    \"agent_id\": \"0x...\",\n    \"signer\": \"0x...\",\n    \"identities\": [\n      {\"provider\": 1, \"provider_label\": \"alice\"}\n    ]\n  },\n  \"payload\": {\"task\": \"summarize\", \"doc_id\": \"abc\"},\n  \"verified_at\": \"2026-02-23T12:00:00Z\"\n}\n\nThe handler's stdout becomes the response message. If no handler is provided, verified messages are printed to stdout as newline-delimited JSON.\n\nResponse format:\n\n{\"accepted\": true, \"message\": \"task received\"}\n\nFlags: --port <int> (default 8080), --handler <script>, --allowlist, --rate-limit <float> (requests/sec/IP, default 0 = unlimited)"
      },
      {
        "title": "Agent scaffolding",
        "body": "Create, run, and deploy OpenAI-powered agents that communicate using Vouch envelopes."
      },
      {
        "title": "Create an agent",
        "body": "Interactive wizard that generates a ready-to-deploy agent project:\n\nvouch agent create\n\nPrompts for: agent name, description, language (Node.js or Python), model, OpenAI API key, and port. Creates the project at ~/.vouch/agents/<name>/."
      },
      {
        "title": "Run locally",
        "body": "vouch agent start my-agent\n\nStarts vouch receive with the agent's handler and port. The agent listens for verified messages and processes them with the configured OpenAI model."
      },
      {
        "title": "Deploy to Vercel",
        "body": "vouch agent deploy my-agent --prod\n\nRequires the Vercel CLI (npm i -g vercel). Deploys the agent and prints the live endpoint URL. Use --prod for production (default is preview).\n\nAfter deploying, publish the endpoint to the directory:\n\nvouch publish --wallet-key 0xKEY --endpoint https://my-agent.vercel.app/api/vouch --capabilities \"chat,summarize\""
      },
      {
        "title": "Look up identities and agents",
        "body": "vouch --json lookup @alice                    # by X handle\nvouch --json lookup --wallet 0x...            # by wallet address\nvouch --json lookup --xid 123                 # by X user ID\nvouch --json lookup --key 0xRUNTIME_KEY       # find who delegated a key\nvouch --json lookup --capability chat          # search agent directory\n\nOutput:\n\n{\n  \"mode\": \"handle\",\n  \"query\": \"@alice\",\n  \"found\": true,\n  \"profile\": {\n    \"wallet\": \"0x...\",\n    \"identities\": [\n      {\"provider\": 1, \"provider_label\": \"alice\", \"revoked\": false},\n      {\"provider\": 2, \"provider_label\": \"alice-gh\", \"revoked\": false}\n    ]\n  },\n  \"delegations\": [\n    {\n      \"runtime_key\": \"0x...\",\n      \"expires_at\": \"1760086400\",\n      \"scope\": \"messaging\"\n    }\n  ],\n  \"agents\": [\n    {\n      \"endpoint\": \"https://agent.example.com/api\",\n      \"capabilities\": [\"chat\", \"verify\", \"summarize\"]\n    }\n  ]\n}"
      },
      {
        "title": "Check current identity",
        "body": "vouch --json whoami     # full identity summary (network call)\nvouch status            # local config only (no network)"
      },
      {
        "title": "Manage delegations",
        "body": "Create a new runtime key delegation:\n\nvouch --json delegate --wallet-key 0xKEY --expiry 24h --scope messaging\n\nRenew an existing delegation with the same settings:\n\nvouch --json delegate --wallet-key 0xKEY --renew\n\nOutput:\n\n{\n  \"runtime_key\": \"0x...\",\n  \"expires_at\": 1760003600,\n  \"scope\": \"messaging\",\n  \"tx_hash\": \"0xdef...\"\n}\n\nConstraints: max 30-day expiry, max 5 delegations per minute.\n\nRevoke a specific key:\n\nvouch --json revoke-key --wallet-key 0xKEY --key 0xRUNTIME_KEY\n\nFlags: --key <address|hex>, --expiry <duration> (default 24h), --scope <text>, --wallet-key <hex>, --renew"
      },
      {
        "title": "Publish agent capabilities",
        "body": "Register an endpoint and capabilities in the onchain agent directory:\n\nvouch --json publish \\\n  --wallet-key 0xKEY \\\n  --endpoint https://agent.example.com/api \\\n  --capabilities \"chat,verify,summarize\""
      },
      {
        "title": "Manage trust allowlist",
        "body": "When the allowlist has entries, vouch verify and vouch receive --allowlist only accept messages from listed agents.\n\nvouch allowlist add 0xWALLET @alice --note \"trusted partner\"\nvouch allowlist list\nvouch allowlist remove @alice"
      },
      {
        "title": "Check usage",
        "body": "vouch --json account\n\nOutput:\n\n{\n  \"period\": \"2026-02\",\n  \"relay_transactions\": 3,\n  \"relay_limit\": 10,\n  \"tier\": \"free\"\n}"
      },
      {
        "title": "List API keys",
        "body": "vouch --json account keys"
      },
      {
        "title": "Check billing status",
        "body": "vouch --json account billing"
      },
      {
        "title": "Tier reference",
        "body": "FreePaid (usage-based)Verify callsUnlimitedFreeRelay transactions10/month$0.05 each\n\nManage billing at https://vouch.directory/dashboard/billing or upgrade via the dashboard."
      },
      {
        "title": "Recipes",
        "body": "Full onboarding for a new agent:\n\nvouch init\n\nSign-then-verify round trip:\n\nvouch --json sign --payload '{\"action\":\"deploy\"}' \\\n  | vouch --json verify \\\n  | jq '{valid, signer, identities}'\n\nSend a verified message to another agent:\n\nvouch --json send --payload '{\"task\":\"summarize\",\"doc_id\":\"abc\"}' --url https://agent.example.com/vouch\n\nAgent-to-agent round trip:\n\n# Terminal 1: start receiver\nvouch receive --port 9090 --handler ./echo.sh\n\n# Terminal 2: send verified message\nvouch --json send --payload '{\"msg\":\"hello\"}' --url http://localhost:9090/vouch\n\nScaffold, test, and deploy an agent:\n\nvouch agent create\nvouch agent start my-agent\n# test locally, then deploy:\nvouch agent deploy my-agent --prod\nvouch publish --wallet-key 0xKEY --endpoint https://my-agent.vercel.app/api/vouch --capabilities \"chat,summarize\"\n\nStart a receiver with allowlist and rate limiting:\n\nvouch receive --port 8080 --handler ./process.sh --allowlist --rate-limit 10\n\nBatch verify from file:\n\nwhile IFS= read -r line; do\n  echo \"$line\" | vouch --json verify | jq -c '{valid, signer}'\ndone < envelopes.jsonl\n\nCheck usage before heavy operations:\n\nvouch --json account | jq '{relay_transactions, relay_limit, tier}'\n\nFind agents by capability:\n\nvouch --json lookup --capability chat | jq '.agents[]'\n\nLink an additional identity after setup:\n\nvouch link-github\n\nSign, send, and verify in a pipeline:\n\nSIGNED=$(vouch --json sign --payload '{\"task\":\"deploy\",\"id\":\"cr-42\"}')\necho \"$SIGNED\" | curl -s -X POST -H \"Content-Type: application/json\" -d @- https://recipient.example.com/inbox"
      },
      {
        "title": "Reset",
        "body": "Teardown the current identity and reinitialize from scratch:\n\nvouch reset\n\nInteractive mode revokes onchain identity, deletes ~/.vouch/, then runs the full init flow (requires browser for OAuth). Requires typing RESET to confirm.\n\nSkip onchain revocation:\n\nvouch reset --force\n\nPipe mode (teardown only — reinit requires browser):\n\nvouch --json reset --wallet-key 0xKEY\n\nFlags: --wallet-key <hex> (enables pipe mode, teardown only), --force (skip onchain revocation)"
      },
      {
        "title": "Teardown",
        "body": "Revoke onchain identity and delete all local state:\n\nvouch --json teardown --wallet-key 0xKEY\n\nLocal-only cleanup (skip onchain revocation):\n\nvouch --json teardown --force"
      }
    ],
    "body": "Vouch CLI\n\nVouch provides verifiable identity for AI agents on Base. Agents create an identity wallet, connect a social account (X or GitHub) to create their API account, optionally link additional identities (including DNS), and delegate short-lived runtime keys. Messages are signed as EIP-712 envelopes and verified against the VouchHub smart contract via direct RPC reads.\n\nAccount (OAuth + API key) ──manages──> Wallet (identity)\n                                            │\n       ┌────────────────────────────────────┤\n       ▼                                    ▼\n  Linked Identities                  Runtime Key (delegated, scoped)\n  (X, GitHub, DNS)                         │\n                                           └──sign──> Envelope (EIP-712)\n                                                           │\n                              Recipient ──verify──> VouchHub (RPC)\n                                                           │\n                                                    ✓ signer → wallet → linked identities\n\nInstall\ncurl -fsSL https://vouch.directory/install.sh | bash\n\n\nVerify: vouch --version\n\nGlobal flags\n--json — JSON output (auto-enabled when piped)\n--config <path> — Config file (default ~/.vouch/config.toml)\n--network <base-sepolia|base> — Network override\nOnboarding\nFull setup wizard\n\nvouch init walks through complete onboarding: generate a wallet, connect a social account (X or GitHub) which creates your API account and links your identity, then delegate a runtime key.\n\nvouch init\n\n\nThe init flow:\n\nGenerate wallet — creates a new identity keypair stored locally at ~/.vouch/keys/\nSave config — writes ~/.vouch/config.toml with network defaults\nConnect account — opens browser for X or GitHub OAuth, which creates your API account (provides API key) and links your identity on-chain\nDelegate runtime key — creates a 24-hour signing key for your agent\n\nRe-initialize an existing setup:\n\nvouch init --force\n\n\nThis is the recommended first command. It handles everything needed to start signing and verifying messages.\n\nLog in on a new machine\n\nSet an existing API key:\n\nvouch login --api-key vk_...\n\n\nFlags: --api-key <vk_...> (required). Validates against the API before saving.\n\nLink identities\n\nVouch supports three identity providers. Each links a social account or domain to your onchain wallet.\n\nLink X (Twitter)\n\nInteractive mode opens the browser for OAuth:\n\nvouch link-x\n\n\nPipe mode for scripting:\n\nvouch --json link-x --wallet-key 0xKEY --attestation '{\"provider\":1,...}'\n\n\nFlags: --wallet-key <hex>, --attestation <json>\n\nLink GitHub\nvouch link-github\n\n\nPipe mode:\n\nvouch --json link-github --wallet-key 0xKEY --attestation '{\"provider\":2,...}'\n\n\nFlags: --wallet-key <hex>, --attestation <json>\n\nLink a domain via DNS\n\nLink a domain to your wallet. Requires an existing API account (created via vouch init), since DNS alone cannot verify user identity for account creation.\n\nInteractive mode requests a DNS challenge, shows the TXT record to add, then verifies:\n\nvouch link-dns\n\n\nPipe mode:\n\nvouch --json link-dns --wallet-key 0xKEY --domain example.com\n\n\nFlags: --wallet-key <hex>, --domain <domain>\n\nRevoke a linked identity\nvouch --json revoke-link --wallet-key 0xKEY --provider x\n\n\nFlags: --wallet-key <hex> (required), --provider <x|github|dns> (required)\n\nSign outbound messages\n\nWrap any JSON payload in a signed EIP-712 envelope:\n\nvouch --json sign --payload '{\"msg\":\"hello from agent\"}'\n\n\nPipe payload via stdin:\n\necho '{\"task\":\"summarize\",\"doc_id\":\"abc\"}' | vouch --json sign\n\n\nWith explicit runtime key and custom expiry:\n\nvouch --json sign --key 0xRUNTIME_KEY --payload '{\"msg\":\"hello\"}' --expiry 1h\n\n\nOutput:\n\n{\n  \"envelope\": {\n    \"v\": 1,\n    \"agent_id\": \"0x...\",\n    \"signer\": \"0x...\",\n    \"ts\": 1760000000,\n    \"exp\": 1760003600,\n    \"nonce\": \"0xa1b2c3d4e5f6\",\n    \"payload_hash\": \"0x...\",\n    \"sig\": \"0x...\"\n  },\n  \"payload\": {\"msg\": \"hello from agent\"}\n}\n\n\nFlags: --payload '<json>' (or stdin), --key <address>, --scope <text>, --expiry <duration>\n\nVerify inbound messages\n\nChecks signature, expiry, nonce replay, payload hash, delegation status, and allowlist:\n\necho \"$SIGNED_JSON\" | vouch --json verify\n\n\nFrom explicit JSON:\n\nvouch --json verify --envelope '{\"envelope\":{...},\"payload\":{...}}'\n\n\nFrom a remote endpoint:\n\nvouch --json verify --url https://agent.example.com/latest-signed\n\n\nOutput:\n\n{\n  \"valid\": true,\n  \"signer\": \"0x...\",\n  \"identities\": [\n    {\"provider\": 1, \"provider_label\": \"alice\"},\n    {\"provider\": 2, \"provider_label\": \"alice-gh\"}\n  ],\n  \"scope\": \"messaging\",\n  \"scope_matched\": true,\n  \"failure_reason\": \"\",\n  \"allowlist_checked\": false,\n  \"allowlist_skipped\": false,\n  \"checked_at\": \"2026-02-23T12:00:00Z\"\n}\n\n\nThe failure_reason field explains why verification failed when valid is false. The identities array lists all linked identities for the signer.\n\nFlags: --envelope '<json>', --url <endpoint>, --skip-allowlist\n\nSend verified messages\n\nSign a payload and POST it to another agent's endpoint:\n\nvouch --json send --payload '{\"task\":\"summarize\",\"doc_id\":\"abc\"}' --url https://agent.example.com/vouch\n\n\nResolve the endpoint from the onchain directory by wallet:\n\nvouch --json send --payload '{\"task\":\"deploy\"}' --wallet 0xTARGET_WALLET\n\n\nPipe payload via stdin:\n\necho '{\"task\":\"analyze\"}' | vouch --json send --url https://agent.example.com/vouch\n\n\nOutput:\n\n{\n  \"endpoint\": \"https://agent.example.com/vouch\",\n  \"accepted\": true,\n  \"message\": \"task received\",\n  \"error\": \"\"\n}\n\n\nFlags: --payload '<json>' (or stdin), --url <endpoint> or --wallet <address> (mutually exclusive), --key <address>, --scope <text>, --expiry <duration> (default 1h)\n\nReceive verified messages\n\nRun an HTTP server that accepts, verifies, and processes signed envelopes:\n\nvouch receive --port 8080 --handler ./process.sh\n\n\nWith allowlist enforcement and rate limiting:\n\nvouch receive --port 8080 --handler ./process.sh --allowlist --rate-limit 10\n\n\nThe server listens on /vouch and / (POST only). Each incoming message is verified cryptographically before being passed to the handler.\n\nHandler input (JSON on stdin):\n\n{\n  \"sender\": {\n    \"agent_id\": \"0x...\",\n    \"signer\": \"0x...\",\n    \"identities\": [\n      {\"provider\": 1, \"provider_label\": \"alice\"}\n    ]\n  },\n  \"payload\": {\"task\": \"summarize\", \"doc_id\": \"abc\"},\n  \"verified_at\": \"2026-02-23T12:00:00Z\"\n}\n\n\nThe handler's stdout becomes the response message. If no handler is provided, verified messages are printed to stdout as newline-delimited JSON.\n\nResponse format:\n\n{\"accepted\": true, \"message\": \"task received\"}\n\n\nFlags: --port <int> (default 8080), --handler <script>, --allowlist, --rate-limit <float> (requests/sec/IP, default 0 = unlimited)\n\nAgent scaffolding\n\nCreate, run, and deploy OpenAI-powered agents that communicate using Vouch envelopes.\n\nCreate an agent\n\nInteractive wizard that generates a ready-to-deploy agent project:\n\nvouch agent create\n\n\nPrompts for: agent name, description, language (Node.js or Python), model, OpenAI API key, and port. Creates the project at ~/.vouch/agents/<name>/.\n\nRun locally\nvouch agent start my-agent\n\n\nStarts vouch receive with the agent's handler and port. The agent listens for verified messages and processes them with the configured OpenAI model.\n\nDeploy to Vercel\nvouch agent deploy my-agent --prod\n\n\nRequires the Vercel CLI (npm i -g vercel). Deploys the agent and prints the live endpoint URL. Use --prod for production (default is preview).\n\nAfter deploying, publish the endpoint to the directory:\n\nvouch publish --wallet-key 0xKEY --endpoint https://my-agent.vercel.app/api/vouch --capabilities \"chat,summarize\"\n\nLook up identities and agents\nvouch --json lookup @alice                    # by X handle\nvouch --json lookup --wallet 0x...            # by wallet address\nvouch --json lookup --xid 123                 # by X user ID\nvouch --json lookup --key 0xRUNTIME_KEY       # find who delegated a key\nvouch --json lookup --capability chat          # search agent directory\n\n\nOutput:\n\n{\n  \"mode\": \"handle\",\n  \"query\": \"@alice\",\n  \"found\": true,\n  \"profile\": {\n    \"wallet\": \"0x...\",\n    \"identities\": [\n      {\"provider\": 1, \"provider_label\": \"alice\", \"revoked\": false},\n      {\"provider\": 2, \"provider_label\": \"alice-gh\", \"revoked\": false}\n    ]\n  },\n  \"delegations\": [\n    {\n      \"runtime_key\": \"0x...\",\n      \"expires_at\": \"1760086400\",\n      \"scope\": \"messaging\"\n    }\n  ],\n  \"agents\": [\n    {\n      \"endpoint\": \"https://agent.example.com/api\",\n      \"capabilities\": [\"chat\", \"verify\", \"summarize\"]\n    }\n  ]\n}\n\nCheck current identity\nvouch --json whoami     # full identity summary (network call)\nvouch status            # local config only (no network)\n\nManage delegations\n\nCreate a new runtime key delegation:\n\nvouch --json delegate --wallet-key 0xKEY --expiry 24h --scope messaging\n\n\nRenew an existing delegation with the same settings:\n\nvouch --json delegate --wallet-key 0xKEY --renew\n\n\nOutput:\n\n{\n  \"runtime_key\": \"0x...\",\n  \"expires_at\": 1760003600,\n  \"scope\": \"messaging\",\n  \"tx_hash\": \"0xdef...\"\n}\n\n\nConstraints: max 30-day expiry, max 5 delegations per minute.\n\nRevoke a specific key:\n\nvouch --json revoke-key --wallet-key 0xKEY --key 0xRUNTIME_KEY\n\n\nFlags: --key <address|hex>, --expiry <duration> (default 24h), --scope <text>, --wallet-key <hex>, --renew\n\nPublish agent capabilities\n\nRegister an endpoint and capabilities in the onchain agent directory:\n\nvouch --json publish \\\n  --wallet-key 0xKEY \\\n  --endpoint https://agent.example.com/api \\\n  --capabilities \"chat,verify,summarize\"\n\nManage trust allowlist\n\nWhen the allowlist has entries, vouch verify and vouch receive --allowlist only accept messages from listed agents.\n\nvouch allowlist add 0xWALLET @alice --note \"trusted partner\"\nvouch allowlist list\nvouch allowlist remove @alice\n\nAccount and billing\nCheck usage\nvouch --json account\n\n\nOutput:\n\n{\n  \"period\": \"2026-02\",\n  \"relay_transactions\": 3,\n  \"relay_limit\": 10,\n  \"tier\": \"free\"\n}\n\nList API keys\nvouch --json account keys\n\nCheck billing status\nvouch --json account billing\n\nTier reference\n\tFree\tPaid (usage-based)\nVerify calls\tUnlimited\tFree\nRelay transactions\t10/month\t$0.05 each\n\nManage billing at https://vouch.directory/dashboard/billing or upgrade via the dashboard.\n\nRecipes\n\nFull onboarding for a new agent:\n\nvouch init\n\n\nSign-then-verify round trip:\n\nvouch --json sign --payload '{\"action\":\"deploy\"}' \\\n  | vouch --json verify \\\n  | jq '{valid, signer, identities}'\n\n\nSend a verified message to another agent:\n\nvouch --json send --payload '{\"task\":\"summarize\",\"doc_id\":\"abc\"}' --url https://agent.example.com/vouch\n\n\nAgent-to-agent round trip:\n\n# Terminal 1: start receiver\nvouch receive --port 9090 --handler ./echo.sh\n\n# Terminal 2: send verified message\nvouch --json send --payload '{\"msg\":\"hello\"}' --url http://localhost:9090/vouch\n\n\nScaffold, test, and deploy an agent:\n\nvouch agent create\nvouch agent start my-agent\n# test locally, then deploy:\nvouch agent deploy my-agent --prod\nvouch publish --wallet-key 0xKEY --endpoint https://my-agent.vercel.app/api/vouch --capabilities \"chat,summarize\"\n\n\nStart a receiver with allowlist and rate limiting:\n\nvouch receive --port 8080 --handler ./process.sh --allowlist --rate-limit 10\n\n\nBatch verify from file:\n\nwhile IFS= read -r line; do\n  echo \"$line\" | vouch --json verify | jq -c '{valid, signer}'\ndone < envelopes.jsonl\n\n\nCheck usage before heavy operations:\n\nvouch --json account | jq '{relay_transactions, relay_limit, tier}'\n\n\nFind agents by capability:\n\nvouch --json lookup --capability chat | jq '.agents[]'\n\n\nLink an additional identity after setup:\n\nvouch link-github\n\n\nSign, send, and verify in a pipeline:\n\nSIGNED=$(vouch --json sign --payload '{\"task\":\"deploy\",\"id\":\"cr-42\"}')\necho \"$SIGNED\" | curl -s -X POST -H \"Content-Type: application/json\" -d @- https://recipient.example.com/inbox\n\nReset\n\nTeardown the current identity and reinitialize from scratch:\n\nvouch reset\n\n\nInteractive mode revokes onchain identity, deletes ~/.vouch/, then runs the full init flow (requires browser for OAuth). Requires typing RESET to confirm.\n\nSkip onchain revocation:\n\nvouch reset --force\n\n\nPipe mode (teardown only — reinit requires browser):\n\nvouch --json reset --wallet-key 0xKEY\n\n\nFlags: --wallet-key <hex> (enables pipe mode, teardown only), --force (skip onchain revocation)\n\nTeardown\n\nRevoke onchain identity and delete all local state:\n\nvouch --json teardown --wallet-key 0xKEY\n\n\nLocal-only cleanup (skip onchain revocation):\n\nvouch --json teardown --force"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/jackpmorgan/vouch-cli",
    "publisherUrl": "https://clawhub.ai/jackpmorgan/vouch-cli",
    "owner": "jackpmorgan",
    "version": "1.0.1",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/vouch-cli",
    "downloadUrl": "https://openagent3.xyz/downloads/vouch-cli",
    "agentUrl": "https://openagent3.xyz/skills/vouch-cli/agent",
    "manifestUrl": "https://openagent3.xyz/skills/vouch-cli/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/vouch-cli/agent.md"
  }
}