GET /api/audit Bearer

Get Audit Logs

Retrieve the append-only security audit log entries from PocketPaw. Returns timestamped security events with severity levels (INFO, WARNING, CRITICAL, ALERT) and structured metadata.

Overview

Returns recent entries from the append-only audit log (~/.pocketclaw/audit.jsonl). The audit log records tool executions, security events, and Guardian AI decisions.

Parameters

Query Parameters

limit

integer = 50

Maximum number of audit entries to return (most recent first).

Response

Returns an array of audit entry objects:

timestamp string

ISO 8601 timestamp of the event

event string

Event type (e.g., tool_executed, threat_detected, command_blocked)

tool string nullable

Tool name if applicable

input string nullable

Tool input or command that was executed

result string nullable

Execution result or outcome

threat_level string nullable

Threat level if a security check was triggered

curl -X GET "http://localhost:8000/api/audit?limit=50" \
  -H "Authorization: Bearer <token>"

const response = await fetch("http://localhost:8000/api/audit?limit=50", {
  headers: { "Authorization": "Bearer <token>" }
});
const data = await response.json();
console.log(data);

import requests

response = requests.get(
    "http://localhost:8000/api/audit",
    params={"limit": 50},
    headers={"Authorization": "Bearer <token>"}
)
print(response.json())

[
  {
    "timestamp": "2024-01-15T11:45:00Z",
    "event": "tool_executed",
    "tool": "shell",
    "input": "python script.py",
    "result": "success",
    "threat_level": null
  },
  {
    "timestamp": "2024-01-15T11:44:55Z",
    "event": "command_blocked",
    "tool": "shell",
    "input": "rm -rf /",
    "result": "blocked by Guardian AI",
    "threat_level": "critical"
  }
]

Was this page helpful?

Request

curl -X GET "http://localhost:8000/api/audit" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>"

const response = await fetch("http://localhost:8000/api/audit", {
  method: "GET",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer <token>"
},
});

const data = await response.json();
console.log(data);

import requests

response = requests.get(
    "http://localhost:8000/api/audit",
    headers={'Content-Type':'application/json','Authorization':'Bearer <token>'},
)

print(response.json())

package main

import (
    "fmt"
    "net/http"
    "io"
)

func main() {
    req, _ := http.NewRequest("GET", "http://localhost:8000/api/audit", nil)
    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("Authorization", "Bearer <token>")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    body, _ := io.ReadAll(resp.Body)
    fmt.Println(string(body))
}

Response
Send a request to see the response