Verify audit chain

curl --request GET \
  --url https://api.hq.zone/v1/admin/audit/verify \
  --header 'Authorization: Bearer <token>'

{
  "checked": 123,
  "ok": true,
  "broken_at_seq": 123,
  "broken_reason": "<string>",
  "first_seq": 123,
  "last_seq": 123
}

Admin

Verify audit chain

Re-walks the workspace’s tamper-evident audit hash chain and reports whether it is intact. Admin only. Checks the most recent entries (the limit query parameter defaults to 10000 and is clamped to 1-100000), recomputing each entry’s hash and verifying it links to its predecessor. Returns whether the chain is ok, how many entries were checked, the first and last sequence numbers covered, and, if broken, the sequence number where it first fails and whether the break is a content or linkage mismatch.

GET

admin

audit

verify

Verify audit chain

curl --request GET \
  --url https://api.hq.zone/v1/admin/audit/verify \
  --header 'Authorization: Bearer <token>'

{
  "checked": 123,
  "ok": true,
  "broken_at_seq": 123,
  "broken_reason": "<string>",
  "first_seq": 123,
  "last_seq": 123
}

Authorizations

Authorization

string

header

required

Personal Access Token. Send as Authorization: Bearer hq_pat_....

Query Parameters

limit

integer<int64> | null

Verify the most recent limit entries by seq (default 10000, max 100000). The chain is walked in ascending seq order; the entry at min_seq - 1 is fetched as the linkage anchor.

Response

Chain verification result

checked

integer<int64>

required

How many entries were walked.

boolean

required

True iff every checked entry's hash recomputes AND links to its predecessor. A single edited/inserted/removed/reordered row flips this.

broken_at_seq

integer<int64> | null

The seq where the chain first breaks (None when ok).

broken_reason

string | null

"content" (entry hash doesn't recompute) or "linkage" (prev_hash doesn't match the predecessor's entry hash).

first_seq

integer<int64> | null

last_seq

integer<int64> | null

List audit log

⌘I