Skip to content

GET /api/v1/admin/orgs/:slug/assets

This page is auto-generated from src/admin/routes.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

:warning: Heuristic extraction — not a contract. Response shapes below are mined from c.json(...) literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.

Requires the following capability(ies):

  • audit:r

Other middleware observed on this route (heuristic):

  • requireCapability

--- Asset inventory -------------------------------------------------------- GET /api/v1/admin/orgs/:slug/assets?since=ISO8601&limit=1..1000&project=&scope=org-level

Aggregates audit_log into distinct (package, version) pairs for the org, with the latest decision (from the newest row in the window), the count of events, and first/last seen timestamps. Honours the same auth + 404 posture as the rest of the admin surface.

Optional scoping (added for #123 — the dashboard project-scope guard runs through this endpoint now):

  • project=<id>: limit to events whose authenticating key was bound to that project. Project must belong to this org (404 otherwise).
  • scope=org-level: limit to events whose authenticating key had no project binding (or no key at all). Mutually exclusive with project=; the latter wins when both are present. #336 — gated on audit:r. Asset inventory derives entirely from audit_log; the same retention tier that unlocks audit reads unlocks the asset rollup.
{
"error": "Org not found"
}
{
"error": "Project not found for this org"
}
{
"org": <member-expr>,
"since": <call>,
"limit": <limit>,
"count": <member-expr>,
"assets": <assets>
}
  • File: src/admin/routes.ts
  • Line: 7799