Skip to content
Oris Docs
Sign in Get API Key

Audit compliance

Goal

Pull a complete audit trail for a tenant, validate the SHA-256 hash chain end to end, confirm the chain head matches the on-chain Merkle anchor.

Prerequisites

  • Operator API key (read scope on the audit endpoints).
  • The developer id you want to audit.

Step 1: Verify chain integrity

status = client.audit.verify(developer_id="dev_...")
assert status.valid is True
assert status.anchor_matches is True
print(status.chain_length, status.last_anchor_block)

The endpoint walks the chain, recomputes every hash_chain_curr = sha256(prev || row_bytes), and confirms the head against OrisAuditLogRegistry.

Step 2: Query the trail

rows = client.audit.list(
    agent_id="ag_...",
    action="payment.completed",
    start_date="2026-05-01",
    end_date="2026-05-31",
    limit=200,
)


for r in rows:
    print(r.id, r.created_at, r.bundle_id_keccak, r.verdict, r.sar_flagged)

Step 3: Validate a specific row’s inclusion proof

proof = client.audit.get_inclusion_proof(audit_id=rows[0].id)


# Validate locally using the on-chain anchor + Merkle path
ok = client.audit.validate_proof_offline(proof)
assert ok

Verification

  • audit.verify() returns valid=true and anchor_matches=true.
  • Sample 10 rows; their inclusion proofs all validate.

Troubleshooting

  • anchor_matches=false — the on-chain anchor was not committed in the last hour. Wait for the next anchor cycle and retry.
  • Inclusion proof validation fails — verify the on-chain block referenced in the proof is finalized.

Where to go next