tare audit verify

Verify a single audit-log entry is committed to a signed checkpoint

Usage:
  tare audit verify [flags]

Flags:
      --allow-unsigned   exit 0 even when the checkpoint is unsigned (structure-only)
      --id string        audit_logs row id (uuid) to verify

Global Flags:
      --base-url string   override the active profile's base URL for this invocation
      --jwks-url string   JWKS URL for signature verification (default: <base-url>/.well-known/jwks.json)
  -p, --profile string    credential profile (overrides AGENTROUTER_PROFILE / active)
  -q, --quiet             Suppress progress output; only errors and the final summary go to stderr
  -v, --verbose           Verbose output: plain-mode progress lines plus full per-blob chunk logs to stderr