x-cpod-domain: telemetry

Telemetry

Audit events, app events, and traces from the platform.

Try in explorer

AuditEvent

A security/audit log line.

REST path/api/v1/audit-events

Operations

listgetlog

SDK

// list — returns only your records; add filters/search:
await client.telemetry.auditEvents.list()

Field	Type	Description
id*	uuid	Server-assigned ULID with type prefix (e.g. per_…).
tenant_id*	string	Tenant scope — auto-stamped from the caller's JWT.
app_id	string	App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present.
created_at*	date-time	Server stamp.
updated_at*	date-time	Server stamp; updated on every patch.
created_by	uuid	Person id from the caller's JWT (sub).
updated_by	uuid	Person id from the last writer's JWT (sub).
source	string	Provenance tag — defaults to 'edm'.
source_type	enum	Where the write originated. Defaults to 'api'.`frontendbackendserversystemapi`
is_deleted	boolean	Soft-delete flag. Excluded from default list queries.
deleted_at	date-time	Stamped when soft-deleted; null otherwise.
deleted_by	uuid	Person id who soft-deleted; null otherwise.
schema_version	number	Document schema version. Bumped on incompatible writes.
sequence_id	number	Monotonic per-tenant sequence number. Used to detect gaps in the chain.
actor_type	string	Classification of the actor that performed the action.
actor_id	string	Identifier of the actor — a userId or service account ID.
impersonated_user_id	string	Set when an admin or impersonator acts on behalf of another user.
action	string	Dot-separated action name describing the operation performed (e.g. 'accounts.create', 'policy.activate', 'evidence.export').
resource_type	string	EDM entity type of the affected resource (e.g. 'Person', 'SoftwareLicense').
resource_id	string	Identifier of the affected resource.
outcome	string	Result of the action.
reason	string	Reason for a denial or error outcome.
before	json	Snapshot of the resource state before the mutation. Automatically populated for EDM operations.
after	json	Snapshot of the resource state after the mutation. Automatically populated for EDM operations.
changes	json	Computed diff of changed fields between before and after snapshots.
ip	string	Source IP address of the originating request.
user_agent	string	User-Agent string of the originating HTTP client.
request_id	string	Correlation ID for distributed tracing across services.
policy_decision_ids	json	Identifiers of Rego policy decisions that gated this action.
previous_hash	string	SHA-256 hash of the previous AuditEvent in the tenant chain. Read-only; populated by the platform.
record_hash	string	HMAC-SHA-256 of this record using the CORESDK_AUDIT_HMAC_KEY. Read-only; populated by the platform.
worm_ref	string	MinIO Object Lock URL once this event has been flushed to the WORM archive. Read-only; null until archived.
ts	date-time	ISO 8601 UTC timestamp of when the event occurred.

AppEvent

A telemetry event emitted by an Application.

REST path/api/v1/telemetry/app-events

Operations

listgetemit

SDK

// list — returns only your records; add filters/search:
await client.telemetry.appEvents.list()

Field	Type	Description
id*	uuid	Server-assigned ULID with type prefix (e.g. per_…).
tenant_id*	string	Tenant scope — auto-stamped from the caller's JWT.
app_id	string	App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present.
created_at*	date-time	Server stamp.
updated_at*	date-time	Server stamp; updated on every patch.
created_by	uuid	Person id from the caller's JWT (sub).
updated_by	uuid	Person id from the last writer's JWT (sub).
source	string	Provenance tag — defaults to 'edm'.
source_type	enum	Where the write originated. Defaults to 'api'.`frontendbackendserversystemapi`
is_deleted	boolean	Soft-delete flag. Excluded from default list queries.
deleted_at	date-time	Stamped when soft-deleted; null otherwise.
deleted_by	uuid	Person id who soft-deleted; null otherwise.
schema_version	number	Document schema version. Bumped on incompatible writes.
user_id	string	Identifier of the user who triggered the event. Null for anonymous events.
session_id	string	Browser or client session identifier.
event_type	string	Name of the event (e.g. 'page_view', 'record_create', 'search_query', 'rfp_response_approved').
event_category	string	Broad category grouping for the event.
entity_type	string	EDM entity type of the target entity, if this event targets a specific resource.
entity_id	string	Identifier of the target entity, if applicable.
properties	json	Free-form event-specific properties (key-value pairs). Structure is determined by the emitting app.
page_url	string	Full URL of the page where the event occurred.
referrer_url	string	Referrer URL if the user navigated from another page.
user_agent	string	User-Agent string of the originating HTTP client.
ip	string	IP address of the originating client, truncated or anonymised per tenant policy.
geo	json	Geo-location derived from the source IP. Populated by the pipeline.
device	json	Device information parsed from the User-Agent string.
ts	date-time	ISO 8601 UTC timestamp of when the event occurred.

Trace

A trace/span record.

REST path/api/v1/telemetry/traces

Operations

listget

SDK

// list — returns only your records; add filters/search:
await client.telemetry.traces.list()

Field	Type	Description
id*	uuid	Server-assigned ULID with type prefix (e.g. per_…).
tenant_id*	string	Tenant scope — auto-stamped from the caller's JWT.
app_id	string	App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present.
created_at*	date-time	Server stamp.
updated_at*	date-time	Server stamp; updated on every patch.
created_by	uuid	Person id from the caller's JWT (sub).
updated_by	uuid	Person id from the last writer's JWT (sub).
source	string	Provenance tag — defaults to 'edm'.
source_type	enum	Where the write originated. Defaults to 'api'.`frontendbackendserversystemapi`
is_deleted	boolean	Soft-delete flag. Excluded from default list queries.
deleted_at	date-time	Stamped when soft-deleted; null otherwise.
deleted_by	uuid	Person id who soft-deleted; null otherwise.
schema_version	number	Document schema version. Bumped on incompatible writes.
parent_span_id	string	Distributed-tracing parent span ID, if this trace is a child span.
agent_run_id	string	Identifier of the agent run this trace belongs to, if part of a multi-step agent workflow.
user_id	string	Identifier of the user who initiated the LLM call. Null for system-initiated calls.
api_key_id	string	Identifier of the virtual API key used for this call.
model	string	Model identifier in 'provider/model-name' format.
provider	string	LLM provider name.
span_kind	string	Kind of LLM operation represented by this trace.
input_tokens	number	Number of prompt/input tokens consumed.
output_tokens	number	Number of completion/output tokens generated.
cache_read_tokens	number	Number of tokens served from the prompt cache.
cache_write_tokens	number	Number of tokens written into the prompt cache.
latency_ms	number	End-to-end latency of the LLM call in milliseconds.
cache_hit	boolean	Whether this response was served (fully or partially) from the prompt cache.
cost_usd	number	Estimated cost of this LLM call in USD.
finish_reason	string	Reason the model stopped generating. One of 'stop', 'length', 'tool_calls', or 'error'.
routing_rule	string	Identifier of the routing rule that selected the provider for this call.
policy_decisions	json	Policy decisions evaluated for this call by the coreiq policy engine.
security_violations	json	PII or DLP violations detected by the policy engine for this call.
request_hash	string	SHA-256 hash of the canonicalized request payload, used as the cache key.
episode_id	string	Linked evolution episode identifier, if this trace is part of a tracked episode.
ts	date-time	ISO 8601 UTC timestamp of when the LLM call occurred.

Docs

AuditEvent

AppEvent

Trace