> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify audit log chain integrity

> Re-verifies the calling tenant's tamper-evident audit hash chain and returns a structured verdict (intact, verified count, and the first broken tenant_seq when a break is found). The check is strictly read-only: it recomputes nothing into storage and never mutates an audit record. Use the optional maxRecords query parameter to bound how many records are inspected.



## OpenAPI

````yaml en/openapi/v3-current/matcher.yaml get /v1/governance/audit-logs/verify
openapi: 3.1.0
info:
  title: Matcher APIs
  description: >-
    Complete API reference for the Matcher reconciliation engine, providing
    automated transaction matching between Midaz Ledger and external systems.
  version: 4.1.0
  license:
    name: Elastic License 2.0
    url: https://www.elastic.co/licensing/elastic-license
servers:
  - url: https://matcher.sandbox.lerian.net
security: []
paths:
  /v1/governance/audit-logs/verify:
    get:
      tags:
        - Governance
      summary: Verify audit log chain integrity
      description: >-
        Re-verifies the calling tenant's tamper-evident audit hash chain and
        returns a structured verdict (intact, verified count, and the first
        broken tenant_seq when a break is found). The check is strictly
        read-only: it recomputes nothing into storage and never mutates an audit
        record. Use the optional maxRecords query parameter to bound how many
        records are inspected.
      operationId: verifyAuditLogChain
      parameters:
        - description: >-
            Maximum number of records to inspect; clamped to the server bound.
            Omit to use the default bound.
          explode: false
          in: query
          name: maxRecords
          schema:
            description: >-
              Maximum number of records to inspect; clamped to the server bound.
              Omit to use the default bound.
            format: int64
            maximum: 10000
            minimum: 1
            type: integer
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditChainVerificationResponse'
          description: OK
        default:
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/Detail'
          description: Error
      security:
        - BearerAuth: []
components:
  schemas:
    AuditChainVerificationResponse:
      additionalProperties: false
      properties:
        firstBrokenSeq:
          description: >-
            tenant_seq of the first record that failed verification; omitted
            when the chain is intact
          examples:
            - 0
          format: int64
          type: integer
        intact:
          description: >-
            True when every inspected record links to the previous one and
            matches its stored hash
          examples:
            - true
          type: boolean
        truncated:
          description: >-
            True when the chain has more records than the inspection bound
            allowed; the verdict then covers only a prefix
          examples:
            - false
          type: boolean
        verifiedCount:
          description: >-
            Number of records confirmed intact (full inspected count when
            intact, otherwise the count before the first break)
          examples:
            - 1024
          format: int64
          type: integer
      required:
        - intact
        - verifiedCount
        - truncated
      type: object
    Detail:
      additionalProperties: false
      properties:
        code:
          description: >-
            Stable, machine-readable domain error code scoped to the emitting
            service (format: <SERVICE>-NNNN).
          examples:
            - ERR-0001
          type: string
        detail:
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem.
          examples:
            - Property foo is required but is missing.
          type: string
        errors:
          description: Optional list of individual error details
          items:
            $ref: '#/components/schemas/ErrorDetail'
          type:
            - array
            - 'null'
        instance:
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem.
          examples:
            - https://example.com/error-log/abc123
          format: uri
          type: string
        status:
          description: HTTP status code
          examples:
            - 400
          format: int64
          type: integer
        title:
          description: >-
            A short, human-readable summary of the problem type. This value
            should not change between occurrences of the error.
          examples:
            - Bad Request
          type: string
        type:
          default: about:blank
          description: A URI reference to human-readable documentation for the error.
          examples:
            - https://example.com/errors/example
          format: uri
          type: string
      type: object
    ErrorDetail:
      additionalProperties: false
      properties:
        location:
          description: >-
            Where the error occurred, e.g. 'body.items[3].tags' or
            'path.thing-id'
          type: string
        message:
          description: Error message text
          type: string
        value:
          description: The value at the given location
      type: object
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: 'Bearer token authentication (format: "Bearer {token}")'

````