> ## Documentation Index
> Fetch the complete documentation index at: https://chatcli.edilsonfreitas.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Exportar Auditoria

> Exporta o log de auditoria completo em formato CSV ou JSON para compliance e análise externa

<ParamField query="format" type="string" default="csv">
  Formato de exportação: `csv`, `json`
</ParamField>

<ParamField query="since" type="string" required>
  Data de início no formato ISO 8601 (ex: `2026-03-01T00:00:00Z`)
</ParamField>

<ParamField query="until" type="string">
  Data de fim no formato ISO 8601 (padrão: agora)
</ParamField>

<ParamField query="action" type="string">
  Filtrar por tipo de ação
</ParamField>

<ParamField query="user" type="string">
  Filtrar por usuário
</ParamField>

<ParamField query="namespace" type="string">
  Filtrar por namespace
</ParamField>

<ResponseExample>
  ```json Response 200 (format=json) theme={"system"}
  {
    "apiVersion": "v1",
    "kind": "AuditExport",
    "metadata": {
      "exportedAt": "2026-03-19T16:00:00Z",
      "from": "2026-03-01T00:00:00Z",
      "to": "2026-03-19T16:00:00Z",
      "totalRecords": 1250,
      "format": "json"
    },
    "records": [
      {
        "id": "audit-20260301-001",
        "timestamp": "2026-03-01T00:05:00Z",
        "action": "runbook.create",
        "user": "admin@empresa.com",
        "role": "admin",
        "resource": "runbook-disk-cleanup",
        "resourceType": "Runbook",
        "namespace": "production",
        "sourceIP": "10.0.1.10",
        "checksum": "sha256:a1b2c3d4..."
      }
    ]
  }
  ```
</ResponseExample>

<ResponseExample>
  ```text Response 200 (format=csv) theme={"system"}
  id,timestamp,action,user,role,resource,resourceType,namespace,sourceIP,checksum
  audit-20260301-001,2026-03-01T00:05:00Z,runbook.create,admin@empresa.com,admin,runbook-disk-cleanup,Runbook,production,10.0.1.10,sha256:a1b2c3d4...
  audit-20260301-002,2026-03-01T01:15:00Z,incident.acknowledge,carlos.silva@empresa.com,operator,INC-20260301-001,Incident,production,10.0.1.50,sha256:e5f6g7h8...
  ```
</ResponseExample>

A exportação em formato CSV retorna o header `Content-Type: text/csv` e o header `Content-Disposition: attachment; filename="audit-export-20260319.csv"` para download automático.

Para exportações grandes (mais de 10.000 registros), a API retorna um `202 Accepted` com um link para download assincrono:

<ResponseExample>
  ```json Response 202 (exportacao grande) theme={"system"}
  {
    "apiVersion": "v1",
    "kind": "AuditExportJob",
    "metadata": {
      "jobId": "export-20260319-001"
    },
    "status": {
      "state": "processing",
      "estimatedRecords": 45000,
      "downloadUrl": "/api/v1/audit/export/download/export-20260319-001",
      "expiresAt": "2026-03-19T22:00:00Z"
    }
  }
  ```
</ResponseExample>


## OpenAPI

````yaml GET /audit/export
openapi: 3.1.0
info:
  title: ChatCLI AIOps Platform API
  description: >-
    REST API for the ChatCLI AIOps Platform — incidents, SLOs, runbooks,
    approvals, postmortems, analytics, audit, federation and health.


    The playground below uses **editable server variables** so you can point
    requests at your own self-hosted instance. Adjust `host`, `port` and
    `basePath` to match your deployment, then click **Try it**.
  version: 1.0.0
  contact:
    name: ChatCLI
    url: https://github.com/diillson/chatcli
  license:
    name: Apache-2.0
    identifier: Apache-2.0
servers:
  - url: http://{host}:{port}/{basePath}
    description: >-
      Self-hosted ChatCLI AIOps Platform — adjust host, port and basePath to
      match your deployment.
    variables:
      host:
        default: localhost
        description: >-
          Hostname or IP of your ChatCLI operator. For Kubernetes, use the
          Service DNS (e.g. chatcli-api.chatcli-system.svc) or your Ingress
          host.
      port:
        default: '8090'
        description: >-
          Port the API listens on. Default is 8090; configurable via Helm value
          `apiPort` or env var CHATCLI_API_PORT.
      basePath:
        default: api/v1
        description: >-
          API base path. Always `api/v1` unless you have a custom proxy rewrite
          in front of the operator.
security:
  - ApiKeyAuth: []
tags:
  - name: Incidents
    description: >-
      Incident lifecycle: list, fetch, acknowledge, resolve, snooze, timeline
      and remediation views.
  - name: Runbooks
    description: Remediation runbooks (list, create, update, delete).
  - name: SLOs
    description: Service Level Objectives and error budgets.
  - name: Approvals
    description: Approval workflow for risky remediations.
  - name: Postmortems
    description: Auto-generated postmortems with review, feedback and close.
  - name: Remediations
    description: Remediation plans and agentic execution history.
  - name: AI Insights
    description: AI root-cause analysis and recommendations per incident.
  - name: Analytics
    description: 'Operational analytics: MTTD, MTTR, trends, capacity, compliance.'
  - name: Audit
    description: Immutable audit log and exports.
  - name: Federation
    description: 'Multi-cluster federation: clusters, status and cross-cluster correlations.'
  - name: Health
    description: Liveness and readiness probes.
paths:
  /audit/export:
    get:
      tags:
        - Audit
      summary: Export Audit Log
      description: >-
        Exports the full audit log in CSV or JSON for compliance and external
        analysis. Large exports return a `202 Accepted` with an async download
        URL.
      operationId: exportAudit
      parameters:
        - name: format
          in: query
          required: false
          description: Export format.
          schema:
            type: string
            enum:
              - csv
              - json
            default: csv
        - name: since
          in: query
          required: true
          description: Start date (ISO 8601).
          schema:
            type: string
            format: date-time
            example: '2026-03-01T00:00:00Z'
        - name: until
          in: query
          required: false
          description: 'End date (ISO 8601). Default: now.'
          schema:
            type: string
            format: date-time
        - name: action
          in: query
          required: false
          description: Filter by action type.
          schema:
            type: string
        - name: user
          in: query
          required: false
          description: Filter by user.
          schema:
            type: string
        - name: namespace
          in: query
          required: false
          description: Filter by namespace.
          schema:
            type: string
      responses:
        '200':
          description: Audit export (sync). Content-Type depends on `format`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditExport'
            text/csv:
              schema:
                type: string
              example: >-
                id,timestamp,action,user,role,resource,resourceType,namespace,sourceIP,checksum

                audit-20260301-001,2026-03-01T00:05:00Z,runbook.create,admin@empresa.com,admin,runbook-disk-cleanup,Runbook,production,10.0.1.10,sha256:a1b2c3d4...
        '202':
          description: Async export job for large result sets
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditExportJob'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/RateLimited'
components:
  schemas:
    AuditExport:
      type: object
      properties:
        apiVersion:
          type: string
          example: v1
        kind:
          type: string
          example: AuditExport
        metadata:
          type: object
          properties:
            exportedAt:
              type: string
              format: date-time
            from:
              type: string
              format: date-time
            to:
              type: string
              format: date-time
            totalRecords:
              type: integer
            format:
              type: string
              enum:
                - csv
                - json
        records:
          type: array
          items:
            $ref: '#/components/schemas/AuditEntry'
    AuditExportJob:
      type: object
      properties:
        apiVersion:
          type: string
          example: v1
        kind:
          type: string
          example: AuditExportJob
        metadata:
          type: object
          properties:
            jobId:
              type: string
        status:
          type: object
          properties:
            state:
              type: string
              example: processing
            estimatedRecords:
              type: integer
            downloadUrl:
              type: string
            expiresAt:
              type: string
              format: date-time
    AuditEntry:
      type: object
      properties:
        id:
          type: string
        timestamp:
          type: string
          format: date-time
        action:
          type: string
        user:
          type: string
        role:
          type: string
        resource:
          type: string
        resourceType:
          type: string
        namespace:
          type: string
        details:
          type: object
          additionalProperties: true
        sourceIP:
          type: string
        userAgent:
          type: string
        checksum:
          type: string
    Error:
      type: object
      required:
        - apiVersion
        - kind
        - error
      properties:
        apiVersion:
          type: string
          example: v1
        kind:
          type: string
          example: Error
        error:
          oneOf:
            - type: object
              required:
                - code
                - message
              properties:
                code:
                  type: integer
                  example: 404
                message:
                  type: string
                  example: Resource not found
                details:
                  type: string
            - type: string
        code:
          type: integer
          description: Top-level code (only used by some endpoints).
          example: 400
  responses:
    Unauthorized:
      description: Missing or invalid API token
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    RateLimited:
      description: Rate limit exceeded for this token's role
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        Bearer token issued by the operator. Format: `Authorization: Bearer
        <token>`.

````