Install: cargo install provcheck-cli · or grab a
release binary
(Windows / Linux / macOS) · or
build from source.
Verify C2PA Content Credentials on any file, from any vendor, on any platform.
provcheck is a free, open-source, offline desktop + command-line
verifier for C2PA — the open provenance standard
backed by Adobe, Microsoft, the BBC, and major digital camera
manufacturers. Point it at a file and it tells you:
- whether the file carries a valid C2PA manifest,
- who signed it,
- what tool produced it,
- which AI model generated it (if any),
- the full chain of edits / ingredients back to the source.
No account. No web upload. No vendor lock-in. The file stays on your machine.
v0.1.0 shipped. CLI + library published on crates.io, release binaries on GitHub for Windows / Linux / macOS (Apple Silicon). GUI app builds locally; installer-in-CI is a Milestone 4 follow-up. See the milestones section below for the full roadmap.
cargo install provcheck-cliPuts a provcheck binary on your PATH. This is the fastest path
if you already have Rust installed. Published to crates.io:
provcheck-cli— the binary.provcheck-core— the library, for embedding the verifier in your own Rust tool.
Download the matching archive from the Releases page or grab it directly from provcheck.ai and unpack:
- Windows —
provcheck-<version>-windows-x86_64.zip - macOS (Apple Silicon) —
provcheck-<version>-macos-aarch64.tar.gz - Linux —
provcheck-<version>-linux-x86_64.tar.gz
Intel Mac users: run the Apple Silicon binary through Rosetta, or
use cargo install provcheck-cli above.
Desktop installer with drag-and-drop verification.
- Windows — NSIS installer
- macOS — notarised
.dmg - Linux —
.deb+.AppImage
git clone https://github.com/CreativeMayhemLtd/provcheck.git
cd provcheck
cargo build --release -p provcheck-cli
./target/release/provcheck <file>Two example signed files ship with the repo — a rAIdio.bot music clip and a Doomscroll.fm video bumper. Both verify cleanly:
provcheck examples/rAIdio.bot-sample.mp3
provcheck examples/doomscroll.fm-sample.mp4See examples/README.md for what's in each
sample and how they're signed.
Human-readable:
provcheck my-song.wavMachine-readable (stable JSON schema — matches provcheck_core::Report):
provcheck --json my-song.wavSilent pipeline mode (exit code only):
if provcheck --quiet my-song.wav; then
echo "signed + verified"
fi| Code | Meaning |
|---|---|
0 |
File carries a valid C2PA manifest that verified. |
1 |
File is unsigned, or its manifest is invalid / tampered. |
2 |
I/O error, unreadable file, or internal error. |
Whatever the upstream c2pa crate
supports. At the time of writing: WAV, MP3, JPEG, PNG, HEIC, AVIF,
WebP, MP4, MOV. The crate's format list is authoritative — we track
it.
AI-generated content needs a trustable provenance signal or every
downstream ingester (archives, platforms, newsrooms, journalists) has
to guess. C2PA is the open standard that delivers it. Adobe has a
developer-facing CLI (c2patool) and a web verifier
(contentcredentials.org) — useful tools, but neither is a polished
cross-platform desktop app you can ship with other software or point
a non-technical recipient at.
provcheck fills that gap. It:
- runs locally (privacy-preserving — files never leave your machine),
- ships as a single binary,
- is free and permissively licensed (Apache-2.0),
- is bundled with rAIdio.bot (and, later, vAIdeo.bot) so every output those tools produce is trivially re-verifiable by recipients,
- works on ANY C2PA-signed content, not just ours.
| # | Deliverable | Status |
|---|---|---|
| 1 | Workspace scaffold + provcheck-core crate + fixtures |
Done |
| 2 | provcheck-cli with human + JSON output, integration tests |
Done |
| 3 | Tauri GUI (drag-drop verifier) | Done (local build; installer CI in M4 follow-up) |
| 4 | CI + GitHub Releases for Win/Mac/Linux | Done (v0.1.0; Intel-mac binary deferred — use cargo install or Rosetta) |
| — | Crates.io publication | Done — provcheck-cli + provcheck-core |
| 5 | Bundle CLI inside rAIdio.bot tools/ + build.ps1 gate |
Pending |
| 6 | Website download page + vAIdeo.bot bundling | Deferred |
Early-stage. Issues and PRs welcome once the core is wired
(milestone 1-2). The intended design is: provcheck-core is the
canonical verifier — CLI and GUI are thin adapters over it. If
behaviour differs between CLI and GUI, that's a bug in the adapters,
not the core.
Apache-2.0. See LICENSE.
provcheck is maintained by Creative Mayhem UG,
a Berlin studio. Website: provcheck.ai.
Contact: info@rAIdio.bot.
The C2PA standard itself is developed by the
Coalition for Content Provenance and Authenticity.
The upstream c2pa Rust crate
that does the heavy lifting is maintained by Adobe's Content
Authenticity Initiative.
We don't compete with any of that — we extend it.
