From 55f9f8b8bab84dc05b8692671a9d90f371ceb49d Mon Sep 17 00:00:00 2001 From: Nora Date: Wed, 8 Jul 2026 23:23:31 -0600 Subject: [PATCH] =?UTF-8?q?docs(sp42):=20README.md=20=E2=80=94=20fix=20aud?= =?UTF-8?q?it-log=20verify=20paragraph=20that=20referenced=20pre-SP23=2012?= =?UTF-8?q?7.0.0.1=20bind?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ad19ceb..6a70641 100644 --- a/README.md +++ b/README.md @@ -431,8 +431,8 @@ in a single walk. `verify_chain` is the integrity check that backs the audit promise — it is intentionally cheap (one indexed walk) and intentionally side-effect-free so a scheduler can run it on a cron and alert on any -non-`{ok: true}` result. Chain verification is **not** access-gated -beyond the same `127.0.0.1` bind the rest of the API uses; for a +non-`{ok: true}` result. Chain verification is gated by the standard +`matrix_gate` dependency (admin role for the `/verify` subpath); for a hostile multi-operator deployment, wrap the route in your reverse proxy. ## Encryption at Rest