CLI Reference
The @agnt-rcpt/openclaw package ships a CLI for inspecting the receipt database outside of active agent sessions. Use it for post-session audits, automated compliance checks, or integration with external tools via JSON output and jq.
npx @agnt-rcpt/openclaw <subcommand> [flags]Subcommands
Section titled “Subcommands”| Subcommand | Purpose |
|---|---|
receipts | List and filter receipts |
verify | Verify the integrity of a receipt chain |
export | Export one receipt or a full chain |
receipts
Section titled “receipts”Lists receipts from the local database, with optional filters.
npx @agnt-rcpt/openclaw receipts [flags]| Flag | Type | Description |
|---|---|---|
--risk | string | Filter by risk level: low, medium, high, critical |
--action | string | Filter by action type (e.g. system.command.execute) |
--status | string | Filter by outcome: success or failure |
--limit | number | Maximum number of results to return |
--db | path | Path to the SQLite database (default: ~/.openclaw/agent-receipts/receipts.db) |
--json | flag | Output raw JSON instead of the default tabular display |
Examples
Section titled “Examples”List all high-risk receipts:
npx @agnt-rcpt/openclaw receipts --risk highList the last 20 receipts in JSON:
npx @agnt-rcpt/openclaw receipts --limit 20 --jsonFilter by action type and output JSON for downstream processing:
npx @agnt-rcpt/openclaw receipts --action system.command.execute --jsonUse jq to filter shell commands by risk level:
npx @agnt-rcpt/openclaw receipts --action system.command.execute --json \ | jq '.receipts[] | select(.risk == "high")'verify
Section titled “verify”Verifies the cryptographic integrity of a receipt chain: checks every Ed25519 signature and every SHA-256 hash link between receipts.
npx @agnt-rcpt/openclaw verify [flags]| Flag | Type | Description |
|---|---|---|
--chain | string | Chain ID to verify (required unless --all is given) |
--all | flag | Verify all chains in the database |
--db | path | Path to the SQLite database |
Examples
Section titled “Examples”Verify a specific chain:
npx @agnt-rcpt/openclaw verify --chain chain_openclaw_main_sid-42Output when the chain is valid:
Chain "chain_openclaw_main_sid-42" is valid: 12 receipts, all signatures and hash links verified.Output when tampering is detected:
Chain "chain_openclaw_main_sid-42": BROKEN at position 7Tamper detected! The following receipts have issues: [7] urn:receipt:...: invalid signature, hash linkVerify every chain in the database:
npx @agnt-rcpt/openclaw verify --allexport
Section titled “export”Exports receipts to a file or stdout, either as individual receipts or as a W3C Verifiable Presentation wrapping a full chain.
npx @agnt-rcpt/openclaw export [flags]| Flag | Type | Description |
|---|---|---|
--id | string | Export a single receipt by ID |
--chain | string | Export all receipts in a chain |
--format | string | Output format: json (default) or vp (W3C Verifiable Presentation) |
--db | path | Path to the SQLite database |
--id vs receipts
Section titled “--id vs receipts”export --id fetches one receipt by its full URN and returns the complete signed credential object — including @context, proof, and all metadata fields. The receipts subcommand returns a collection view with summary fields only; it is designed for filtering and browsing, not for extracting individual credentials for verification.
Examples
Section titled “Examples”Export a single receipt as JSON:
npx @agnt-rcpt/openclaw export --id urn:receipt:abc123...Export a full chain as JSON:
npx @agnt-rcpt/openclaw export --chain chain_openclaw_main_sid-42Export a chain as a W3C Verifiable Presentation:
npx @agnt-rcpt/openclaw export --chain chain_openclaw_main_sid-42 --format vpThe vp format wraps the chain in a standard W3C VP envelope, making it suitable for submission to compliance systems or external verifiers:
{ "@context": ["https://www.w3.org/2018/credentials/v1"], "type": ["VerifiablePresentation"], "verifiableCredential": [ { /* receipt 1 */ }, { /* receipt 2 */ }, { /* … */ } ]}