> ## Documentation Index
> Fetch the complete documentation index at: https://chatcli.edilsonfreitas.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Listar Eventos de Auditoria

> Retorna o log de auditoria com todas as ações realizadas na plataforma

<ParamField query="action" type="string">
  Filtrar por tipo de ação: `incident.acknowledge`, `incident.snooze`, `approval.approve`, `approval.reject`, `runbook.create`, `runbook.update`, `runbook.delete`, `remediation.execute`, `config.update`
</ParamField>

<ParamField query="user" type="string">
  Filtrar por usuário que executou a ação
</ParamField>

<ParamField query="resource" type="string">
  Filtrar por recurso afetado (ex: `INC-20260319-001`)
</ParamField>

<ParamField query="since" type="string">
  Filtrar eventos a partir de uma data ISO 8601
</ParamField>

<ParamField query="until" type="string">
  Filtrar eventos até uma data ISO 8601
</ParamField>

<ParamField query="page" type="integer" default="1">
  Número da página
</ParamField>

<ParamField query="pageSize" type="integer" default="50">
  Itens por página (máximo 200)
</ParamField>

<ResponseExample>
  ```json Response 200 theme={"system"}
  {
    "apiVersion": "v1",
    "kind": "AuditLogList",
    "metadata": {
      "totalCount": 156,
      "page": 1,
      "pageSize": 50
    },
    "items": [
      {
        "id": "audit-20260319-001",
        "timestamp": "2026-03-19T15:35:00Z",
        "action": "approval.approve",
        "user": "carlos.silva@empresa.com",
        "role": "operator",
        "resource": "APR-20260319-001",
        "resourceType": "Approval",
        "namespace": "production",
        "details": {
          "incident": "INC-20260319-001",
          "comment": "Aprovado — análise de IA confirma necessidade de aumento de memória"
        },
        "sourceIP": "10.0.1.50",
        "userAgent": "Mozilla/5.0"
      },
      {
        "id": "audit-20260319-002",
        "timestamp": "2026-03-19T15:30:00Z",
        "action": "incident.acknowledge",
        "user": "carlos.silva@empresa.com",
        "role": "operator",
        "resource": "INC-20260319-001",
        "resourceType": "Incident",
        "namespace": "production",
        "details": {
          "message": "Investigando aumento de memória no payment-service"
        },
        "sourceIP": "10.0.1.50",
        "userAgent": "Mozilla/5.0"
      },
      {
        "id": "audit-20260319-003",
        "timestamp": "2026-03-19T15:21:05Z",
        "action": "remediation.execute",
        "user": "system",
        "role": "system",
        "resource": "INC-20260319-001",
        "resourceType": "Remediation",
        "namespace": "production",
        "details": {
          "runbook": "runbook-oomkill-standard",
          "step": "diagnose-memory-usage",
          "result": "success"
        },
        "sourceIP": "internal",
        "userAgent": "chatcli-operator/1.0"
      }
    ]
  }
  ```
</ResponseExample>


## OpenAPI

````yaml GET /audit
openapi: 3.1.0
info:
  title: ChatCLI AIOps Platform API
  description: >-
    REST API for the ChatCLI AIOps Platform — incidents, SLOs, runbooks,
    approvals, postmortems, analytics, audit, federation and health.


    The playground below uses **editable server variables** so you can point
    requests at your own self-hosted instance. Adjust `host`, `port` and
    `basePath` to match your deployment, then click **Try it**.
  version: 1.0.0
  contact:
    name: ChatCLI
    url: https://github.com/diillson/chatcli
  license:
    name: Apache-2.0
    identifier: Apache-2.0
servers:
  - url: http://{host}:{port}/{basePath}
    description: >-
      Self-hosted ChatCLI AIOps Platform — adjust host, port and basePath to
      match your deployment.
    variables:
      host:
        default: localhost
        description: >-
          Hostname or IP of your ChatCLI operator. For Kubernetes, use the
          Service DNS (e.g. chatcli-api.chatcli-system.svc) or your Ingress
          host.
      port:
        default: '8090'
        description: >-
          Port the API listens on. Default is 8090; configurable via Helm value
          `apiPort` or env var CHATCLI_API_PORT.
      basePath:
        default: api/v1
        description: >-
          API base path. Always `api/v1` unless you have a custom proxy rewrite
          in front of the operator.
security:
  - ApiKeyAuth: []
tags:
  - name: Incidents
    description: >-
      Incident lifecycle: list, fetch, acknowledge, resolve, snooze, timeline
      and remediation views.
  - name: Runbooks
    description: Remediation runbooks (list, create, update, delete).
  - name: SLOs
    description: Service Level Objectives and error budgets.
  - name: Approvals
    description: Approval workflow for risky remediations.
  - name: Postmortems
    description: Auto-generated postmortems with review, feedback and close.
  - name: Remediations
    description: Remediation plans and agentic execution history.
  - name: AI Insights
    description: AI root-cause analysis and recommendations per incident.
  - name: Analytics
    description: 'Operational analytics: MTTD, MTTR, trends, capacity, compliance.'
  - name: Audit
    description: Immutable audit log and exports.
  - name: Federation
    description: 'Multi-cluster federation: clusters, status and cross-cluster correlations.'
  - name: Health
    description: Liveness and readiness probes.
paths:
  /audit:
    get:
      tags:
        - Audit
      summary: List Audit Events
      description: Returns the audit log with all platform actions.
      operationId: listAudit
      parameters:
        - name: action
          in: query
          required: false
          description: Filter by action type.
          schema:
            type: string
            example: approval.approve
        - name: user
          in: query
          required: false
          description: Filter by user.
          schema:
            type: string
        - name: resource
          in: query
          required: false
          description: Filter by affected resource.
          schema:
            type: string
        - name: since
          in: query
          required: false
          description: ISO 8601 timestamp lower bound.
          schema:
            type: string
            format: date-time
        - name: until
          in: query
          required: false
          description: ISO 8601 timestamp upper bound.
          schema:
            type: string
            format: date-time
        - name: page
          in: query
          required: false
          description: Page number.
          schema:
            type: integer
            default: 1
        - name: pageSize
          in: query
          required: false
          description: Items per page (max 200).
          schema:
            type: integer
            default: 50
            maximum: 200
      responses:
        '200':
          description: Paginated audit log
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditLogList'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/RateLimited'
components:
  schemas:
    AuditLogList:
      type: object
      properties:
        apiVersion:
          type: string
          example: v1
        kind:
          type: string
          example: AuditLogList
        metadata:
          $ref: '#/components/schemas/ListMetadata'
        items:
          type: array
          items:
            $ref: '#/components/schemas/AuditEntry'
    ListMetadata:
      type: object
      properties:
        totalCount:
          type: integer
          example: 42
        page:
          type: integer
          example: 1
        pageSize:
          type: integer
          example: 20
    AuditEntry:
      type: object
      properties:
        id:
          type: string
        timestamp:
          type: string
          format: date-time
        action:
          type: string
        user:
          type: string
        role:
          type: string
        resource:
          type: string
        resourceType:
          type: string
        namespace:
          type: string
        details:
          type: object
          additionalProperties: true
        sourceIP:
          type: string
        userAgent:
          type: string
        checksum:
          type: string
    Error:
      type: object
      required:
        - apiVersion
        - kind
        - error
      properties:
        apiVersion:
          type: string
          example: v1
        kind:
          type: string
          example: Error
        error:
          oneOf:
            - type: object
              required:
                - code
                - message
              properties:
                code:
                  type: integer
                  example: 404
                message:
                  type: string
                  example: Resource not found
                details:
                  type: string
            - type: string
        code:
          type: integer
          description: Top-level code (only used by some endpoints).
          example: 400
  responses:
    Unauthorized:
      description: Missing or invalid API token
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    RateLimited:
      description: Rate limit exceeded for this token's role
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        Bearer token issued by the operator. Format: `Authorization: Bearer
        <token>`.

````