Skip to main content
afauth status prints a local snapshot of the agent’s identity and readiness — the did:key, where the key lives, the trust-attestor binding (and whether it’s live), and a summary of known accounts. Where afauth whoami prints the bare did:key for scripts, status answers the operational question: who am I, where’s my key, and am I linked to a trust attestor?
afauth status
afauth status --json
It reads only local files (key.json, trust.json, accounts.json) and makes no network calls, so the link state is a local judgment — it flags expired and orphaned bindings, but cannot confirm a server-side revocation at the attestor.

Output

DID        did:key:z6Mk...
Key file   ~/.afauth/key.json
Algorithm  ed25519
Created    2026-05-20T12:00:00Z
Link       ✓ trust.afauth.org · live, expires in 88d (email)
Accounts   2 services — 1 UNCLAIMED, 1 CLAIMED   → afauth accounts list
If no identity exists yet, status prints a hint to run afauth init and exits.
StateMeaning
not linkedNo binding on file — attested_only services will reject signup. Run afauth trust link.
liveBinding is valid and matches the active key.
expiringBinding is idle and within 48h of lapsing — mint once (e.g. afauth call) to refresh it, or re-link.
expiredBinding lapsed after ~90 days unused — re-link.
orphanedBinding is for a different key (e.g. after a key rotation that left trust.json behind) — re-link.

Flags

FlagDefaultDescription
--key$AFAUTH_HOME/key.json or ~/.afauth/key.jsonKey file to inspect.
--jsonfalseEmit a stable machine-readable object instead of the human view.

See also