GET /api/zsc/audit/:name
Returns the most recent audit_log rows scoped to this secret's
origin_id = "zsc:<name>", filtered to ZSC transition types
(secret_*). Ordered by zeqond_number descending — most recent
first.
Auth
Admin cookie (zeq_admin) required.
Path parameters
| Param | Type | Notes |
|---|---|---|
name | string | The vault key. |
Query parameters
| Param | Type | Default | Notes |
|---|---|---|---|
limit | integer | 50 | Max rows. Capped at 500 server-side. |
Request
curl -H "Cookie: zeq_admin=$ADMIN_JWT" \
"https://YOUR-FRAMEWORK/api/zsc/audit/STRIPE_SECRET_KEY?limit=100"
Response · 200 OK
{
"ok": true,
"name": "STRIPE_SECRET_KEY",
"count": 3,
"rows": [
{
"id": "01928fab-...",
"zeqondNumber": "2289605501",
"transitionId": "8a1f...",
"transitionType": "secret_rotated",
"proofDigest": "cd91f4...",
"createdAt": "2026-05-17T13:20:14.222Z"
},
{
"id": "01928fab-...",
"zeqondNumber": "2289605442",
"transitionId": "61b3...",
"transitionType": "secret_read",
"proofDigest": "f4ce81...",
"createdAt": "2026-05-17T13:19:28.118Z"
},
{
"id": "01928fab-...",
"zeqondNumber": "2289500001",
"transitionId": "1287a0...",
"transitionType": "secret_set",
"proofDigest": "8a1f2c...",
"createdAt": "2026-05-15T08:42:11.012Z"
}
]
}
Field reference
| Field | Type | Notes |
|---|---|---|
zeqondNumber | string (bigint) | The Zeqond of the transition. |
transitionId | string | Stable UUID — input to proof_digest derivation. |
transitionType | enum | One of secret_set, secret_read, secret_rotated, secret_denied. |
proofDigest | string (hex) | SHA-256(name | actor_zid | transition_id | purpose) — see Audit Trail. |
createdAt | ISO 8601 | Wall-clock at row insertion. |
actor_zid and full payload_json are not returned by this endpoint
to keep response size predictable — query the underlying audit_log
table directly for full forensic detail.
Errors
| Status | error | Cause |
|---|---|---|
400 | name required | Empty path segment. |
401 | unauthorized | Admin cookie missing/invalid. |
500 | INTERNAL_ERROR | DB error. |
Verifying the entangled state
Re-derive each proofDigest from (name, actor_zid, transitionId, purpose)
and compare bit-for-bit. Walk the prev_hash chain (visible in the
underlying audit_log table) to confirm no rows have been deleted.
See ZSC Audit Trail — Forensic patterns.
Related
- ZSC Audit Trail — the four transition types + proof formula
pulse > context audit <name>— same data, CLI renderGET /api/zsc/info/:name— current metadata (companion to history)