POST /api/chain/:slug/audit/decrypt
Decrypt a sealed audit-log row. Owner-only — admin role does
not suffice. Each successful decryption is itself recorded on the
chain via a decrypt_event transition, so the operation is auditable
("who opened what, when").
Auth
Authorization: Bearer zeq_ak_… AND owner of the entangled state.
Cost
0 ZEQ for the decrypt itself, but it writes a transition (5 ZEQ) to record the decrypt event. Net: 5 ZEQ atomic.
Request
curl -X POST https://YOUR-FRAMEWORK/api/chain/zeq07090490306/audit/decrypt \
-H "Authorization: Bearer zeq_ak_..." \
-H "Content-Type: application/json" \
-d '{
"transition_id": "tx_2026-05-10T13:08:32Z_..."
}'
Body
Provide exactly one of:
| Field | Type | Notes |
|---|---|---|
transition_id | uuid | The transition row to decrypt. |
zeqond | string (bigint) | The integer Zeqond. Returns the row at exactly that Zeqond. |
Response · 200 OK
{
"ok": true,
"row": {
"transition_id": "tx_...",
"zeqond_number": "2289003912",
"transition_type": "compute_call",
"payload": {
/* …decrypted payload bytes, JSON-parsed if applicable… */
},
"decrypted_at_zeqond": "2289003920",
"decrypted_by_zid": "ZEQ07090490306"
},
"decrypt_event_transition_id": "tx_decrypt_2026-05-10T13:08:40Z_..."
}
What gets sealed
By default the framework stores only the SHA-256 hash of every
event payload — the bytes never leave the device that emitted them.
But if the entangled state is configured for sealed-payload mode (HITE
encryption with the entangled state's data-encrypt="true" observer flag), the
encrypted bytes ARE stored on the entangled state so the owner can later decrypt
them for audit purposes.
This endpoint is the only path back to the plaintext.
Errors
| Status | Code | Cause |
|---|---|---|
401 | — | Missing or bad Bearer key. |
403 | not_owner | Caller is admin but not owner. |
404 | transition_not_found | Bad ID or wrong machine. |
412 | not_sealed | The row was hash-only (no encrypted bytes to decrypt). |
402 | INSUFFICIENT_BALANCE | Wallet < 5 ZEQ for the decrypt-event transition. |
Why owner-only
admin covers chain operations (members, settings, contracts). But
re-reading historic audit content is a different gate — it should
require the owner because it can expose the contents of every
operator call ever made on the entangled state. Foundation has a separate legal-
hold path that doesn't go through this endpoint.
Related
- State machines — what gets audited
- HITE encryption — what seals the bytes
/api/chain/:slug/admins— RBAC list for the entangled state