Skip to content

GET /api/v1/admin/orgs/:slug/audit/facets

This page is auto-generated from src/admin/routes.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

:warning: Heuristic extraction — not a contract. Response shapes below are mined from c.json(...) literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.

Requires the following capability(ies):

  • audit:r

Other middleware observed on this route (heuristic):

  • requireCapability

#569 Phase C — distinct-value facets for the audit filter dropdowns.

GET /api/v1/admin/orgs/:slug/audit/facets → { actors: string[], repositories: string[], refs: string[], eventNames: string[] }

One round-trip per dimension via Promise.all — NEVER a correlated subquery per row (#569 Phase B’s no-N+1 invariant extends to the dropdown lookup). Every dimension is tenant-fenced via eq(auditLog.tenantId, tenant.id) so a tenant never sees another tenant’s actors / repos / refs / event names. Each dimension is limited to 500 distinct values; truncated dropdowns are a known-limit captured in the runbook.

Sparse-column shape (rule from the design): when no row in this tenant has a value for a dimension (e.g. ci_repository), the dimension’s array comes back empty ([]) — the dashboard renders a disabled “no data” summary instead of breaking the form.

Gated on audit:r so free-tier callers can’t probe the dropdowns even if they hit the JSON API directly.

{
"error": "Org not found"
}
{
"actors": <call>,
"repositories": <call>,
"refs": <call>,
"eventNames": <call>,
"teams": <call>
}
  • File: src/admin/routes.ts
  • Line: 7169