> ## Documentation Index
> Fetch the complete documentation index at: https://docs.acornops.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# List workspace audit log events



## OpenAPI

````yaml /openapi/control-plane-public.json get /api/v1/workspaces/{workspaceId}/audit-log
openapi: 3.1.0
info:
  title: AcornOps Control Plane API
  version: 0.0.1-experimental.1
  description: >-
    Control plane API for workspaces, targets, Kubernetes clusters, virtual
    machines, sessions, runs, auth, and internal execution wiring.
servers:
  - url: https://api.acornops.dev
security: []
tags:
  - name: health
    description: Health and readiness endpoints.
  - name: auth
    description: >-
      OIDC, password, browser session, and external integration account link
      endpoints.
  - name: workspaces
    description: Workspace, target, Kubernetes cluster, and VM management endpoints.
  - name: webhooks
    description: Best-effort webhook subscription and delivery history endpoints.
  - name: sessions
    description: Session and message endpoints.
  - name: runs
    description: Run query, cancel, and stream endpoints.
  - name: workflows
    description: >-
      Workspace workflow definitions, schedules, sessions, and approval inbox
      endpoints.
  - name: agents
    description: >-
      Workspace-scoped custom agent definitions, triggers, versions, tests, and
      activity.
  - name: admin
    description: Operator-only admin API protected exclusively by admin bearer tokens.
  - name: internal
    description: Internal execution endpoints for execution-engine.
paths:
  /api/v1/workspaces/{workspaceId}/audit-log:
    get:
      tags:
        - workspaces
      summary: List workspace audit log events
      parameters:
        - in: path
          name: workspaceId
          required: true
          schema:
            type: string
            format: uuid
            example: 4b930d98-add9-4924-ab26-3c16d96ec373
        - in: query
          name: limit
          required: false
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 50
        - in: query
          name: cursor
          required: false
          schema:
            type: string
        - in: query
          name: category
          required: false
          schema:
            type: string
            enum:
              - membership
              - workspace
              - target
              - session
              - run
              - approval
              - mcp
              - tool
        - in: query
          name: eventType
          required: false
          schema:
            type: string
        - in: query
          name: actorUserId
          required: false
          schema:
            type: string
        - in: query
          name: objectType
          required: false
          schema:
            type: string
        - in: query
          name: from
          required: false
          schema:
            type: string
            format: date-time
        - in: query
          name: to
          required: false
          schema:
            type: string
            format: date-time
      responses:
        '200':
          description: >-
            Workspace audit event page payload: { items, nextCursor? }. Events
            include operation=read|write.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WorkspaceAuditEventPage'
        '400':
          description: Invalid audit filter, blank string filter, date range, or cursor.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Requires read_audit_log.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '409':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '429':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - userSession: []
components:
  schemas:
    WorkspaceAuditEventPage:
      type: object
      required:
        - items
      properties:
        items:
          type: array
          items:
            $ref: '#/components/schemas/WorkspaceAuditEvent'
        nextCursor:
          type: string
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
            message:
              type: string
            retryable:
              type: boolean
            details:
              type: object
              additionalProperties: true
              description: Optional structured error details.
    WorkspaceAuditEvent:
      type: object
      required:
        - id
        - workspaceId
        - category
        - eventType
        - operation
        - actor
        - object
        - summary
        - metadata
        - occurredAt
      properties:
        id:
          type: string
          format: uuid
        workspaceId:
          type: string
          format: uuid
        category:
          type: string
        eventType:
          type: string
        operation:
          type: string
          enum:
            - read
            - write
        actor:
          type: object
          additionalProperties: true
        object:
          type: object
          additionalProperties: true
        summary:
          type: string
        metadata:
          type: object
          additionalProperties: true
        occurredAt:
          type: string
          format: date-time
      additionalProperties: true
  securitySchemes:
    userSession:
      type: apiKey
      in: cookie
      name: acornops_cp_session

````