npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@prometheus-protocol/app-store-cli

v1.10.1

Published

A CLI for publishing applications to the Prometheus App Store.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jesse_portaljesse_portal

Keywords

Readme

Prometheus App Store CLI

The official command-line interface for the Prometheus Protocol. This tool provides a complete suite of commands for ai agents, developers, and auditors to manage the full lifecycle of a decentralized application.

Prerequisites

Installation & Usage

The CLI is designed for two primary use cases:

1. For Developers (Inside a Project): The CLI is included as a devDependency in projects created with create-motoko-mcp-server. You will interact with it via npm run scripts defined in your package.json:

# Example from within your app project
npm run app-store -- <command> [options]

Note the required -- to pass arguments to the script.

2. For Auditors: External users should use npx with the full, scoped package name to ensure they are always running the latest version.

# Example for an auditor
npx @prometheus-protocol/app-store-cli <command> [options]

For frequent use, you can install it globally:

npm install -g @prometheus-protocol/app-store-cli

Core Concepts

The CLI is organized around the primary roles within the Prometheus Protocol ecosystem:

  • 🧑‍💻 Developers: Build applications, submit them for verification, and publish new versions.
  • 🕵️ Auditors: Discover bounties, perform security and quality audits, and submit attestations.

Commands

All commands can be run with the --help flag for more details (e.g., npx @prometheus-protocol/app-store-cli bounty --help).

🧑‍💻 Developer Commands

Commands for managing the application lifecycle from within your project.

  • npm run app-store init
    • Initializes a new prometheus.yml configuration file in the current directory.
  • npm run app-store submit
    • Submits your WASM hash and metadata for verification based on your config.
  • npm run app-store status
    • Checks the current verification status of your application.
  • npm run app-store -- publish
    • Publishes a new, verified version of your application to the App Store.

🕵️ Auditor & Bounty Commands

Commands for discovering, auditing, and claiming rewards.

  • npx @prometheus-protocol/app-store-cli bounty list
    • Lists all available bounties on the network, showing their status (Open, Reserved, or Claimed).
  • npx @prometheus-protocol/app-store-cli bounty reserve <bounty-id>
    • Reserves an open bounty by staking reputation tokens, granting an exclusive lock.
  • npx @prometheus-protocol/app-store-cli bounty create
    • Creates a new bounty to incentivize a specific audit for a WASM.
  • npx @prometheus-protocol/app-store-cli bounty claim <bounty-id>
    • Claims a reserved bounty after the corresponding attestation has been successfully submitted.
  • npx @prometheus-protocol/app-store-cli attest generate
    • Generates a template YAML file for a specific audit type.
  • npx @prometheus-protocol/app-store-cli attest submit <file> --bounty-id <id>
    • Submits a completed attestation file for a reserved bounty.

📖 End-to-End Workflow Example

This example shows the complete journey, using the correct invocation for each role.

1. Developer Builds and Submits for Audit (from their project)

⚠️ CRITICAL: Build Reproducibility

Your WASM must be built using the reproducible Docker environment. The verifier will rebuild your code from source and compare SHA-256 hashes. If you build natively (e.g., dfx build), the hashes will not match and verification will fail.

Step 1: Build your WASM reproducibly

# Build using Docker (this ensures reproducibility across platforms)
docker-compose run --rm wasm

# Your WASM will be in: out/out_Linux_x86_64.wasm
# The build script will print the SHA-256 hash

Step 2: Specify your moc version in mops.toml

[toolchain]
moc = "0.16.0"  # ← The verifier will automatically use this version!

Step 3: Update your manifest

Edit prometheus.yml to point to the reproducibly-built WASM:

namespace: my-app
submission:
  repo_url: https://github.com/yourname/your-app
  wasm_path: ./out/out_Linux_x86_64.wasm # ← Must be the Docker build output
  git_commit: abc123... # ← Current commit hash
  name: My Application
  description: A secure MCP server

Step 4: Submit for verification

npm run app-store init  # If you haven't already
npm run app-store submit
npm run app-store status

Why Docker?

The Docker build environment uses pinned toolchain versions specified in your mops.toml:

  • moc (Motoko compiler) - Your choice! (e.g., 0.16.0)
  • ic-wasm version 0.9.3
  • mops-cli version 0.2.0

The verifier automatically detects your moc version from mops.toml and uses the matching Docker image. This ensures your WASM hash exactly matches what the verifier produces, regardless of your host OS (macOS, Windows, Linux).

📚 For detailed build instructions, troubleshooting, and CI/CD examples, see:

2. Sponsor Creates a Bounty (standalone)

  • npx @prometheus-protocol/app-store-cli bounty create 100000000 <token-canister-id> --wasm-id <wasm_id> --audit-type data_safety_v1

3. Auditor Discovers and Completes the Audit (standalone)

  • Discover work: npx @prometheus-protocol/app-store-cli bounty list
  • Reserve the bounty: npx @prometheus-protocol/app-store-cli bounty reserve <bounty_id>
  • Generate template: npx @prometheus-protocol/app-store-cli attest generate --type data_safety_v1
  • Edit the generated attestation.yml with your findings.
  • Submit work for the bounty: npx @prometheus-protocol/app-store-cli attest submit attestation.yml --bounty-id <bounty_id>
  • Get paid: npx @prometheus-protocol/app-store-cli bounty claim <bounty_id>

4. Developer Publishes the Verified Version (from their project)

  • Check for approval: npm run app-store status
  • Publish the new version: npm run app-store -- publish --app-version "0.1.0"

5. End User Installs the App

  • The user can now find the verified application in the App Store, inspect its audit certificate, and install it with confidence.

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

License

This project is licensed under the MIT License.