orangecheck
docs / @orangecheck/cli

@orangecheck/cli

Shell interface to OrangeCheck. Check, verify, create, challenge, and discover from your terminal or a script.

yarn global add @orangecheck/cli

oc check --addr bc1q... --min-sats 100000 --min-days 30
# ✓ pass
#   sats:  125,000
#   days:  47
#   score: 18.2

Exit code 0 on pass, 2 on fail, 1 on error. --json on every command for machine-readable output.

Commands

oc check — sybil gate

oc check --addr bc1q...        --min-sats 100000 --min-days 30
oc check --identity github:alice --min-sats 50000
oc check --id a3f5b8c2...       --min-sats 100000

Ideal for CI. Exits 2 on fail — CI steps that use oc check fail naturally when thresholds aren't met.

oc verify — raw attestation

# Inline flags
oc verify --addr bc1q... --msg "$(cat message.txt)" --sig "..."

# From a JSON file
oc verify --file attestation.json

# From stdin
cat attestation.json | oc verify

Accepts either { addr, msg, sig } or the full wire shape { address, message, signature, scheme }.

oc discover — list attestations

oc discover --identity nostr:npub1alice...
oc discover --addr bc1q... --limit 10
oc discover --id a3f5b8c2... --json

oc challenge issue / oc challenge verify — auth

# Print the signable message to stdout, metadata to stderr
oc challenge issue --addr bc1q... --audience https://example.com --purpose login

# JSON output for scripting
oc challenge issue --addr bc1q... --json > challenge.json

Verify a signed challenge:

oc challenge verify \
  --msg "$(cat challenge-message.txt)" \
  --sig "$(cat signature.b64)" \
  --expected-nonce a1b2c3d4e5f6789012345678901234ab

# Or pipe a JSON envelope
cat signed.json | oc challenge verify --expected-nonce a1b2c3d4...

GitHub Actions example

Require an OrangeCheck proof before running a deploy step:

- name: Require OrangeCheck proof
  run: |
    npx -y @orangecheck/cli check \
      --addr ${{ vars.MAINTAINER_BTC_ADDR }} \
      --min-sats 1000000 \
      --min-days 180 \
      --json

The check command exits 2 when thresholds aren't met, failing the step.

Shell pipelines

Build an airdrop allowlist

while read addr; do
  if oc check --addr "$addr" --min-sats 100000 --min-days 30 --json \
       | jq -e '.ok' >/dev/null; then
    echo "$addr"
  fi
done < candidates.txt > allowlist.txt

For larger drops, @orangecheck/airdrop-gate ships a dedicated batch filter.

Verify a badge from a Nostr profile

curl -s "https://ochk.io/api/discover?identity=nostr:npub1alice..." \
  | jq '.attestations[0]' \
  | oc verify --json

Cron-based alerting

# Alert if a key address drops below its commitment
* * * * * oc check --addr bc1q... --min-sats 10000000 --json \
  | jq -e '.ok' >/dev/null || mail -s "OC drop" ops@example.com

Output modes

  • Default — compact human-readable with exit codes.
  • --json — full machine-readable JSON, suitable for jq.

Exit codes:

CodeMeaning
0Success / pass / valid / found
1Error (bad flags, network failure)
2Decision is "no" (threshold fail, invalid, not found)

License

MIT.