Audit Chain

Use this page to verify the tamper-evident audit chain stored in the database.

Who This Is For

• operators validating audit integrity
• teams building evidence and compliance workflows
• developers who need to understand the audit verification CLI

When To Use This

Use audit-chain verification when you need to confirm the append-only audit history is still internally consistent.

How It Works

The audit CLI surface is:

• locksmith audit verify-chain

Requirements:

• a reachable PostgreSQL database
• LOCKSMITH_DB_URL, --db-url, or the local env file path generated by locksmith init

Verification behavior:

• the CLI reads the audit chain from the database
• if there are zero records, it reports that cleanly
• otherwise it prints the verified record count and last sequence

Example

./bin/locksmith audit verify-chain

Or explicitly:

./bin/locksmith audit verify-chain \
  --db-url "postgres://locksmith:locksmith@localhost:5432/locksmith?sslmode=disable"

Typical success output:

audit chain verified: 1250 records through sequence 1250

Common Mistakes

• assuming audit verification can run without database access
• treating the raw events feed as equivalent to a chain verification command
• skipping audit verification in environments where audit integrity matters operationally

Related Pages

• Events
• License Audit
• Self-Hosting