authkeep
SIG Protocol alpha·dff0564

dump-state

Verify and dump derived relationship state as JSON.

Verify the event feed and dump the derived relationship state as pretty-printed JSON. This command runs a full verification pass before producing output.

Usage

ak dump-state <SIG_METADATA>

Arguments

ArgumentDescription
<SIG_METADATA>SIG metadata URL (https://...) or local file path.

Behavior

  1. Runs the same full verification as ak verify (signatures, sequence ordering, payload validation).
  2. Derives the current FeedState by replaying all events in order.
  3. Outputs the state as pretty-printed JSON to stdout. If verification fails, the command exits with a non-zero code and does not produce state output.

Example

ak dump-state ./issuer-root/.well-known/sig.json

Output:

{
  "issuer": "did:web:example.com",
  "last_sequence": 3,
  "relationships": {
    "rel-alice-eng": {
      "relationship_id": "rel-alice-eng",
      "subject": "did:web:alice.example.com",
      "relationship_type": "employee",
      "roles": ["engineer", "deploy"],
      "status": "active",
      "valid_from": "2025-01-15T00:00:00Z",
      "valid_until": null,
      "last_event_id": "evt-001",
      "last_updated": "2025-01-15T00:00:00Z"
    },
    "rel-bob-contractor": {
      "relationship_id": "rel-bob-contractor",
      "subject": "did:web:bob.example.com",
      "relationship_type": "contractor",
      "roles": ["audit"],
      "status": "revoked",
      "valid_from": "2025-02-01T00:00:00Z",
      "valid_until": null,
      "last_event_id": "evt-003",
      "last_updated": "2025-03-01T00:00:00Z"
    }
  }
}

Notes

  • The output reflects the current derived state after replaying every event. Revoked relationships appear with "status": "revoked".
  • Pipe the output to jq for further filtering, e.g., ak dump-state sig.json | jq '.relationships | to_entries[] | select(.value.status == "active")'.
  • This command is read-only and does not modify any files.