> ## Documentation Index
> Fetch the complete documentation index at: https://docs.superserve.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# List team audit-log activity

> Returns audit-log activity for the authenticated team, ordered by
creation time (newest first) by default. Backs the console Audit Logs
page.

Pass `limit` (and `offset`) to fetch one page at a time; the
`X-Total-Count` response header reports the total across all pages.
The activity log grows without bound, so omitting `limit` returns only
the most recent page (up to the 200-row maximum) — page through older
history with `limit` + `offset`. Filter by exact `category` or
`status`, restrict to a window with `start`/`end`, and search with `q`
(case-insensitive substring across sandbox name, secret name, action,
and category).




## OpenAPI

````yaml https://raw.githubusercontent.com/superserve-ai/sandbox/refs/heads/main/api/openapi.yaml get /activity
openapi: 3.1.0
info:
  title: Superserve API
  version: 0.1.0
  description: >
    Superserve provides sandbox infrastructure to run AI agents in the cloud.
    Powered by Firecracker MicroVMs.


    ## Sandbox lifecycle


    ```

    active <--> paused --> deleted

    ```


    A sandbox is `active` when running and `paused` after being paused. Resuming

    a paused sandbox returns it to `active`. Deleting releases all resources.


    | Endpoint | What it does |

    |----------|-------------|

    | `POST /sandboxes` | Create a new sandbox (optionally `from_template`) |

    | `PATCH /sandboxes/:id` | Partially update a running sandbox (e.g. network
    rules) |

    | `POST /sandboxes/:id/pause` | Snapshot full state, suspend the VM |

    | `POST /sandboxes/:id/resume` | Restore from snapshot, continue where it
    left off |

    | `DELETE /sandboxes/:id` | Delete sandbox and all resources |


    ## Sandbox environment


    By default sandboxes boot from the curated `superserve/base` template
    (Ubuntu 24.04,

    1 vCPU, 1 GB RAM, 4 GB disk, with Python 3.12, Node.js 22, npm, git, curl,

    and build-essential pre-installed). Callers can override with any template

    name (e.g. `superserve/python-3.11`, `superserve/node-22`) or a team-owned
    template UUID

    via the `from_template` field on `POST /sandboxes`.


    ## Files and commands


    `/files`, `/exec`, and `/exec/stream` run against a single sandbox and use

    its `X-Access-Token` (returned by create, resume, and activate), not the

    team API key. Two host forms reach them:


    - `https://sandbox.superserve.ai/...` with `X-Superserve-Sandbox-Id:
    <sandbox_id>`.

    - `https://boxd-{sandbox_id}.sandbox.superserve.ai/...` — no routing header
    needed.
  contact:
    name: Superserve Team
  license:
    name: Proprietary
servers:
  - url: https://api.superserve.ai
    description: Production
security: []
paths:
  /activity:
    get:
      tags:
        - Activity
      summary: List team audit-log activity
      description: |
        Returns audit-log activity for the authenticated team, ordered by
        creation time (newest first) by default. Backs the console Audit Logs
        page.

        Pass `limit` (and `offset`) to fetch one page at a time; the
        `X-Total-Count` response header reports the total across all pages.
        The activity log grows without bound, so omitting `limit` returns only
        the most recent page (up to the 200-row maximum) — page through older
        history with `limit` + `offset`. Filter by exact `category` or
        `status`, restrict to a window with `start`/`end`, and search with `q`
        (case-insensitive substring across sandbox name, secret name, action,
        and category).
      operationId: listActivity
      parameters:
        - name: category
          in: query
          required: false
          description: >
            Filter by exact activity category (e.g. `sandbox`, `template`,
            `secret`, `network`).
          schema:
            type: string
        - name: status
          in: query
          required: false
          description: Filter by exact status. Pass `error` to show only failed events.
          schema:
            type: string
        - name: q
          in: query
          required: false
          description: >
            Case-insensitive substring match across sandbox name, secret name,
            action, and category.
          schema:
            type: string
        - name: start
          in: query
          required: false
          description: Only include events at or after this RFC3339 timestamp.
          schema:
            type: string
            format: date-time
        - name: end
          in: query
          required: false
          description: Only include events at or before this RFC3339 timestamp.
          schema:
            type: string
            format: date-time
        - name: sort
          in: query
          required: false
          description: Column to sort by (paired with `order`).
          schema:
            type: string
            enum:
              - created_at
            default: created_at
        - $ref: '#/components/parameters/SortOrder'
        - name: limit
          in: query
          required: false
          description: |
            Maximum rows to return (page size). The activity log is unbounded,
            so omitting `limit` returns only the most recent page (200 rows) —
            not the full history. Values above 200 are clamped to 200.
          schema:
            type: integer
            minimum: 1
            maximum: 200
            default: 200
        - $ref: '#/components/parameters/PageOffset'
      responses:
        '200':
          description: Audit-log activity for the authenticated team
          headers:
            X-Total-Count:
              $ref: '#/components/headers/TotalCount'
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ActivityResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalError'
      security:
        - apiKey: []
components:
  parameters:
    SortOrder:
      name: order
      in: query
      required: false
      description: Sort direction applied to `sort`.
      schema:
        type: string
        enum:
          - asc
          - desc
        default: desc
    PageOffset:
      name: offset
      in: query
      required: false
      description: Rows to skip before the page. Combine with `limit` to paginate.
      schema:
        type: integer
        minimum: 0
        default: 0
  headers:
    TotalCount:
      description: |
        Total rows matching the query across all pages, ignoring `limit` and
        `offset`. Read this alongside a `limit`/`offset` request to render
        pagination controls (page count, "X–Y of Z").
      schema:
        type: integer
        format: int64
  schemas:
    ActivityResponse:
      description: One audit-log activity row returned by the activity list endpoint.
      type: object
      properties:
        id:
          type: string
          format: uuid
        sandbox_id:
          type: string
          format: uuid
          nullable: true
          description: Set on sandbox events; null for events not tied to a sandbox.
        template_id:
          type: string
          format: uuid
          nullable: true
          description: Set on template events; null otherwise.
        actor_id:
          type: string
          format: uuid
          nullable: true
          description: >
            The team member who performed the action; null for system-initiated
            events (e.g. auto-pause, auto-delete).
        category:
          type: string
        action:
          type: string
        status:
          type: string
          nullable: true
        sandbox_name:
          type: string
          nullable: true
        secret_id:
          type: string
          format: uuid
          nullable: true
          description: Set on secret events; null once the secret is purged.
        secret_name:
          type: string
          nullable: true
        duration_ms:
          type: integer
          format: int32
          nullable: true
        error:
          type: string
          nullable: true
        metadata:
          type: object
          additionalProperties: true
        created_at:
          type: string
          format: date-time
    Error:
      type: object
      description: |
        Error envelope. `error.code` is a stable, machine-readable identifier
        (e.g. `bad_request`, `not_found`, `conflict`, `rate_limited`,
        `too_many_builds`, `too_many_templates`, `too_many_sandboxes`,
        `image_pull_failed`, `step_failed`, `snapshot_failed`,
        `start_cmd_failed`, `ready_cmd_failed`, `build_failed`).
        `error.message` is human-readable and may change between releases;
        clients should branch on `code`, not `message`.
      properties:
        error:
          type: object
          properties:
            code:
              type: string
            message:
              type: string
  responses:
    BadRequest:
      description: Invalid request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing or invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    TooManyRequests:
      description: >
        Rate limit hit — the caller's per-team request budget is temporarily
        exhausted. Response body uses error code `rate_limited`. Retry after a
        short backoff; the bucket refills continuously.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    apiKey:
      type: apiKey
      in: header
      name: X-API-Key

````