Skip to content
Select themeSelect language

`GET /api/intelligence/audit` — the #358 server-paginated workspace audit board: filtered+paged rows + total + (optional) window facets. Admin-only.

GET
/api/intelligence/audit
curl --request GET \
--url https://example.com/api/intelligence/audit
limit
integer format: int64
offset
integer format: int64
range_hours
integer format: int32

Time window in hours back from now (1h/24h/7d/30d → 1/24/168/720). Default 24.

severity
string

security | override | change (the client-derived SCHWERE tab).

actor
string

An exact actor key — actor_id, else actor_type.

action
string
target_type
string
correlation_id
string format: uuid
q
string

Free-text search over actor id/label/email + action + target type/id.

outcome
string

Exact outcome value (the result-chip filter), e.g. approved | denied.

sort
string

Whitelisted sort key: created_at | actor_key | action | target_type | outcome | severity | workspace (anything else folds to the default created_at DESC). severity/workspace sort by the base-CTE class rank / tenant id.

dir
string

Sort direction asc | desc (default desc).

include_facets
boolean

Recompute the window facets. Default true; the FE sends false for a page/size/select change (the window — hence the facets — is unchanged).

Media typeapplication/json

One page of the audit board: the rows, the filtered total (for the pager), and — only when requested — the window facets (null otherwise; the client keeps the ones it already holds for the unchanged window).

object
facets
One of:
null
items
required
Array<object>
object
action
required
string
actor_email
string | null
actor_id
required
string
actor_label

Resolved human actor label/email for a user actor — the filtered audit-board query (list_filtered) populates these via a LEFT JOIN on user_profiles / auth.users; every other SELECT * decode leaves them None (the column is absent), so #[sqlx(default)] keeps those call sites working unchanged. The UI shows the label when present and falls back to a shortened actor_id otherwise.

string | null
actor_type
required
string
correlation_id
required
string format: uuid
created_at
required
string format: date-time
id
required
string format: uuid
outcome

How a privileged decision RESOLVED: allowed | denied | approved | rejected | scope_bound | frozen | escalated | ... (open vocabulary, set by the writer AuditInput::with_outcome at the decision call sites). None for every non-decision event (a plain mutation, a read) and every historical row; the Reports Audit board renders the result chip only when this is Some. Decoded from the audit_events.outcome column (migration 261); #[sqlx(default)] keeps a projection that omits the column (e.g. a count-only CTE) decoding.

string | null
payload_redacted
required

The redacted event payload (the audit drawer reads it as a typed map). Runtime stays serde_json::Value; the spec types it as an open map.

object
key
additional properties
project_id
string | null format: uuid
reason
string | null
target_id
required
string
target_type
required
string
task_id
string | null format: uuid
workspace_id
string | null format: uuid
kpis
One of:
null
total
required
integer format: int64
Examplegenerated
{
"facets": {
"actions": [
"example"
],
"actor_m2m": 1,
"actor_system": 1,
"actor_user": 1,
"actors": [
"example"
],
"all": 1,
"by_outcome": [
{
"count": 1,
"value": "example"
}
],
"override": 1,
"security": 1,
"targets": [
"example"
]
},
"items": [
{
"action": "example",
"actor_email": "example",
"actor_id": "example",
"actor_label": "example",
"actor_type": "example",
"correlation_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"created_at": "2026-04-15T12:00:00Z",
"id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"outcome": "example",
"payload_redacted": {
"additionalProperty": "example"
},
"project_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"reason": "example",
"target_id": "example",
"target_type": "example",
"task_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"workspace_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
}
],
"kpis": {
"danger_approved": 1,
"danger_escalations": 1,
"danger_rejected": 1,
"member_mutations": 1,
"revocations": 1,
"role_changes": 1,
"scope_bound": 1,
"secret_accesses": 1
},
"total": 1
}