tare audit verify-chain

Verify the checkpoint root chain and signatures end to end

Usage:
  tare audit verify-chain [flags]

Flags:
      --allow-unsigned   exit 0 even when checkpoints are unsigned (structure-only)
      --deep             also rebuild every sealed window from current content and check it against its root (detects edits/deletes/back-dated inserts)

Global Flags:
      --base-url string   override the active profile's base URL for this invocation
      --jwks-url string   JWKS URL for signature verification (default: <base-url>/.well-known/jwks.json)
  -p, --profile string    credential profile (overrides AGENTROUTER_PROFILE / active)
  -q, --quiet             Suppress progress output; only errors and the final summary go to stderr
  -v, --verbose           Verbose output: plain-mode progress lines plus full per-blob chunk logs to stderr