autonomy audit query¶
Query retained audit records
Synopsis¶
Reads audit records from the local audit store and prints matching records.
When --pg-url is set (or AUTONOMY_AUDIT_PG_URL is in the environment), records
are read from the PostgreSQL audit_events table. Otherwise the local JSONL file
store is used (--audit-dir).
Filters (all optional, ANDed together):
--event-type exact event name (e.g. "rollout.plan.created")
--category audit domain: rollout | ha | relay | cert | auth | system | rollback
--actor operator identity (e.g. "alice@example.com")
--outcome result: success | failure | denied | pending
--source emitting component: orchestrator | edge | cli
--start-time RFC3339 inclusive lower bound (e.g. "2026-01-01T00:00:00Z")
--end-time RFC3339 inclusive upper bound
--limit maximum records to return (default 100, 0 = no limit)
Output:
--output text tabwriter table (default): TIMESTAMP EVENT ACTOR RESOURCE OUTCOME SOURCE
--output json pretty-printed JSON array
Usage¶
autonomy audit query [flags]
Options¶
--actor string filter by operator identity
--audit-dir string audit storage directory (default: AUTONOMY_AUDIT_DIR or XDG state path)
--category string audit domain filter: rollout | ha | relay | cert | auth | system | rollback
--end-time string inclusive RFC3339 end time
--event-type string exact event name filter (e.g. "rollout.plan.created")
--limit int maximum records to return (0 = no limit) (default 100)
--outcome string result filter: success | failure | denied | pending
--output string output format: "text" (tabwriter table) or "json" (array) (default "text")
--pg-url string PostgreSQL URL for DB-backed audit query (env: AUTONOMY_AUDIT_PG_URL)
--source string component filter: orchestrator | edge | cli
--start-time string inclusive RFC3339 start time (e.g. 2026-01-01T00:00:00Z)
See also¶
autonomy audit— Query and export retained audit records