Module verify_signed_events 

ai-memory verify-signed-events-chain — walk the SQL-side signed_events cross-row hash chain (v34, #698 V-4 closeout) and emit a structured chain-integrity report.

Distinct from verify-reflection-chain (which walks the reflects_on edges in memory_links) and from audit verify (which walks the JSONL audit log under <audit_dir>/audit.log). Three complementary verifiers, three load-bearing properties:

• verify-signed-events-chain (this surface): the SQL-side cross-row hash chain on signed_events. Daemon-local tamper-evidence; auditor reads it directly from the database.
• audit verify: the on-disk JSONL chain. Portable evidence format for handoff to a SIEM.
• verify-reflection-chain: per-edge Ed25519 signatures on reflects_on links. Reflection ancestry attestation.

Exit codes

• 0 — chain fully verified.
• 1 — chain break detected (sequence gap, duplicate, or prev_hash mismatch).

Output formats

• --format text (default) — one-line human report on stdout.
• --format json — machine-parseable report mirroring the crate::signed_events::ChainVerificationReport shape.

Structs

ChainVerifyReportJson

JSON-serialised mirror of crate::signed_events::ChainVerificationReport. We don’t derive Serialize on the original because it lives in a non-CLI module; the CLI layer owns the wire shape.

VerifySignedEventsChainArgs

Arguments for ai-memory verify-signed-events-chain.

Functions

run

Run the verifier. Returns the desired process exit code (0 on chain GREEN, 1 on chain break).