wiredepth
Run a check

Open source CLI

Every Wiredepth tool, in your terminal.

MIT licensed Go binary. Free read-only domain checks need no account; the audit-chain verifier needs no account at all. Paid features (watch monitoring, workpaper downloads, NOC dashboard, alerts) sign in with your Wiredepth account.

View on GitHubLatest releaseAudit chain spec

Install

macOS / Linux

curl -fsSL https://wiredepth.com/install.sh | bash

Go install

go install github.com/WiredepthHQ/postvale-cli/cmd/postvale@latest

Windows (PowerShell)

Invoke-WebRequest -Uri https://wiredepth.com/install.ps1 -OutFile install.ps1; .\install.ps1

From source

git clone https://github.com/WiredepthHQ/postvale-cli
cd postvale-cli && go build -o postvale ./cmd/postvale

What it does

The CLI ships in three command groups. Phase 1 needs no Wiredepth account; Phase 2 + 3 sign in with your existing credentials.

Phase 1 - read-only domain checks (no account)

  • postvale checkFull posture (TLS + DMARC + DNS + headers + MTA-STS + BIMI)
  • postvale tlsTLS / SSL certificate + protocol audit
  • postvale dmarcDMARC + SPF + alignment
  • postvale dnsDNS + DNSSEC + CAA + nameservers
  • postvale headersHTTP security headers
  • postvale mta-stsMTA-STS + TLS-RPT
  • postvale bimiBIMI logo discovery + VMC
  • postvale dnssecDNSSEC chain check
  • postvale caaCAA record audit
  • postvale subdomainsSubdomain inventory (CT + zone walk)
  • postvale takeoverSubdomain-takeover risk scan
  • postvale spoofSpoofability verdict (yes / maybe / no)
  • postvale spf flattenSPF flattener + lookup-count audit
  • postvale reputationThreat-intel lookup (blocklists + IOC)
  • postvale scamEmail forensics (paste a header dump)

Phase 2 - monitoring + evidence (sign in with your account)

  • postvale auth loginLoopback OAuth + OS keyring storage
  • postvale watchList, add, remove monitored domains
  • postvale alertsList configured webhook / email endpoints
  • postvale workpaperDownload an audit-binder PDF

Phase 3 - dashboards + CI + audit verification

  • postvale tuiSingle-domain Bubbletea dashboard
  • postvale nocMulti-domain NOC console (mirrors /dashboard/noc)
  • postvale ciCI-friendly check presets (--quiet --no-color --exit-on-fail)
  • postvale audit exportDownload your audit chain segment
  • postvale audit verifyRecompute hashes + check Merkle inclusion (no Wiredepth account required)

Why open source

The Wiredepth audit chain is only useful if you can verify it without us. That requires the verifier source code to be public, auditable, and forkable. Once that's public, every other domain-check command in the same binary may as well be too - the dev surface stays unified, the spec for the audit chain stays one source of truth, and contributors can ship pull requests that exercise the entire CLI.

The CLI never includes proprietary scoring rubrics or pricing logic - just the protocol-level checks (everyone's reading the same DNS records) and the audit-verification math (which must be public by definition). Wiredepth's value is the monitoring infrastructure, threat-intel pipelines, evidence packaging, and continuous coverage; the CLI is the client.

Contributing

PRs welcome. CONTRIBUTING.md in the repo covers the style conventions (short comments, no em-dashes, Conventional Commits) and the pre-push checklist (gofmt, vet, build, test). Issues + feature requests on GitHub Issues.