Skip to main content
The Prometheus Protocol provides two primary command-line tools for interacting with the ecosystem: the App Store CLI for managing the full application lifecycle, and the Auth CLI for managing OAuth client registration.

The App Store CLI

The official CLI for developers, auditors, and community members. It handles everything from submitting an app for verification to performing audits and finalizing governance votes.

Usage

The way you invoke the CLI depends on your role:
  • For Developers
  • For Auditors & Community Members
The CLI is included in projects created with create-motoko-mcp-server. You interact with it via npm run scripts. Note the required -- to pass arguments.
npm run app-store -- <command> [options]

Developer Commands

Commands for managing the application lifecycle from within your project.

init

Initializes a new prometheus.yml configuration file in the current directory. This file contains the metadata for your service. 
npm run app-store init -y

release

The recommended all-in-one command for publishing. Automatically handles the entire workflow:
  1. Updates version number in source code
  2. Commits and pushes version change to GitHub
  3. Updates prometheus.yml with commit hash and WASM path
  4. Builds WASM using reproducible Docker environment
  5. Publishes to registry and creates verification bounties
npm run app-store release 1.0.0

# Advanced options:
npm run app-store release 1.0.0 --skip-git    # Manual git control
npm run app-store release 1.0.0 --skip-build  # Use pre-built WASM
npm run app-store release 1.0.0 --network ic  # Publish to mainnet

build

Builds your WASM file using the reproducible build system (Docker-based). The release command calls this automatically. 
npm run app-store build

status

Checks the current verification status of your application (e.g., Pending, Auditing, Verified, Rejected). 
npm run app-store status

publish (deprecated)

Legacy command for publishing. Use release instead for the full automated workflow. 
npm run app-store publish 1.0.0

Auditor & Bounty Commands

Commands for discovering, auditing, and claiming rewards.

bounty list

Lists all available bounties on the network, showing their status (Open, Reserved, or Claimed). 
npx @prometheus-protocol/app-store-cli bounty list

bounty reserve <bounty-id>

Reserves an open bounty by staking USDC collateral. This grants you an exclusive lock to perform the audit. 
npx @prometheus-protocol/app-store-cli bounty reserve <bounty-id>

bounty create

Creates a new bounty to incentivize a specific audit for a WASM. 
npx @prometheus-protocol/app-store-cli bounty create <amount> <token-canister-id> --wasm-id <id> --audit-type <type>

bounty claim <bounty-id>

Claims the reward for a reserved bounty after your corresponding attestation has been successfully submitted and approved. 
npx @prometheus-protocol/app-store-cli bounty claim <bounty-id>

attest generate

Generates a template YAML file for a specific audit type (e.g., security_v1). 
npx @prometheus-protocol/app-store-cli attest generate --type security_v1

attest submit <file>

Submits a completed attestation file for a bounty you have reserved. 
npx @prometheus-protocol/app-store-cli attest submit attestation.yml --bounty-id <bounty_id>

The Auth CLI

This tool manages your service’s registration with the Prometheus OAuth provider. It is typically used via npm run scripts from within a service developer’s project.

register

Interactively registers your service as a new OAuth client. It saves the output to .auth_client.json. 
npm run auth register

update

Interactively updates an existing OAuth client registration. This is commonly used to change the redirect URI when moving from a local to a production environment. 
npm run auth update

list

Lists all resource servers (OAuth clients) registered by your current identity. 
npm run auth list

delete

Deletes an existing resource server registration. 
npm run auth delete