OIP capability: CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
This is one executable OIP object. It is the leaf where prose stops and exact invocation begins.
Find all audit logs (a list of who made what change when) for a Cloudflare Account by ID. This can be used to query activity on your Cloudflare account at a particular time. Since and before are requi MCP: https://auditlogs.mcp.cloudflare.com/sse
Parent system: Cloudflare API. Root: /a/oip. Machine doc: /api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&format=markdown. Invocation history: /api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID.
Invoke
Example: [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]<arg1>[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]
Run URL: https://miscsubjects.com/api/dispatch?invoke=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&body=%3Carg1%3E&share=<TOKEN>
Auth: none. Risk: low.
Machine contract
- Read this article first; do not infer the row shape from memory.
- If acting with a URL-only tool, open run_now after replacing placeholder args.
- If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
- If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.
Troubleshooting
- unknown key - Use the did_you_mean links or ask URL; never guess another key.
- argument/body mismatch - Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes.
- expired or corrupted token - Report token_expired/token_corrupted from the response; owner mints a fresh scoped link.
- tool returned ok:false / exit nonzero - Do not call it sent. Read the receipt, correct the body, fire a repair.
Receipt loop
After any action, open the receipt. If it is wrong, repair it with POST /api/dispatch {key, body, repairs:"inv_ID"}. If you need to repeat the exact recorded call, replay it with POST /api/dispatch {replay:"inv_ID"}.
Full generated capability doc
§SELF — miscsubjects capability (paste without context)
Principle: Self-explaining payload — no external context required. This _self block is the capability: what it is, how to run it, how to change it, and where to look next. Path: OIP > CF > CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID Capability: CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID — Find all audit logs (a list of who made what change when) for a Cloudflare Account by ID. This can be used to query activity on your Cloudflare account at a particular time. Since and before are requi MCP: https://auditlogs.mcp.cloudflare.com/sse RUN NOW (open this URL): https://miscsubjects.com/api/dispatch?invoke=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&body=%3Carg1%3E&share=<TOKEN> Example call: [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]<arg1>[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]
- type · runner: tool · fn · cf_auditlogs
- run it: Open run_now (URL, fires the example), or POST https://miscsubjects.com/api/dispatch {"key":"CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID","body":"<arg1>"}. From the router: null
- inputs: {"$schema":"http://json-schema.org/draft-07/schema#","type":"object","properties":{"account_name":{"description":"The account name to filter audit logs by.","type":"string"},"action_result":{"description":"Whether the action was a success or failure.","type":"string","enum":["success","failure",""]},"action_type":{"description":"The type of action that was performed.","type":"string","enum":["create","delete","view","update","login"]},"actor_context":{"description":"The context in which the actor was operating.","type":"string","enum":["api_key","api_token","dash","oauth","origin_ca_key"]},"actor_email":{"description":"The email of the actor who triggered the event.","type":"string","format":"email","pattern":"^(?!\\.)(?!.\\.\\.)([A-Za-z0-9_'+\\-\\.])[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\\-]*\\.)+[A-Za-z]{2,}$"},"actor_id":{"description":"The unique identifier of the actor.","type":"string"},"actor_ip_address":{"description":"The IP address of the actor.","type":"string"},"actor_token_id":{"description":"The API token ID used by the actor.","type":"string"},"actor_token_name":{"description":"The name of the API token used by the actor.","type":"string"},"actor_type":{"description":"The type of actor (e.g., user, token).","type":"string","enum":["cloudflare_admin","account","user","system"]},"audit_log_id":{"description":"The unique identifier of the audit log entry.","type":"string"},"raw_cf_ray_id":{"description":"The Cloudflare Ray ID associated with the request.","type":"string"},"raw_method":{"description":"The HTTP method used in the request (e.g., GET, POST).","type":"string"},"raw_status_code":{"description":"The HTTP status code returned by the request.","type":"number"},"raw_uri":{"description":"The URI accessed in the request.","type":"string"},"resource_id":{"description":"The unique identifier of the resource affected.","type":"string"},"resource_product":{"description":"The Cloudflare product related to the resource.","type":"string"},"resource_type":{"description":"The type of resource affected.","type":"string"},"resource_scope":{"description":"The scope of the resource (e.g., account, zone).","type":"string","enum":["memberships","accounts","user","zones"]},"zone_id":{"description":"The ID of the zone associated with the log.","type":"string"},"zone_name":{"description":"The name of the zone associated with the log.","type":"string"},"since":{"type":"string","pattern":"^(\\d{4}-\\d{2}-\\d{2}|(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z))$","description":"The start of the time slice to look at. Can be YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ"},"before":{"type":"string","pattern":"^(\\d{4}-\\d{2}-\\d{2}|(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z))$","description":"The end of the time slice to look at. Can be YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ"},"direction":{"description":"The sort direction of the logs (asc or desc).","type":"string","enum":["desc","asc"]},"limit":{"description":"The number of results to return (max 1000).","type":"number","minimum":1,"maximum":1000},"cursor":{"description":"Pagination cursor for fetching the next set of results.","type":"string"}},"required":["since","before"]}
- outputs: { ok, result, invocation, yield, _self } — result is this object's output; yield is tokens/cost/material; invocation is the ledgered record.
- auth · risk: none · low
Machine Contract
- Read this article first; do not infer the row shape from memory.
- If acting with a URL-only tool, open run_now after replacing placeholder args.
- If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
- If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.
Invocation, Ledger, Repair
- root tree: https://miscsubjects.com/api/dispatch?map=1&format=markdown
- parent system article: https://miscsubjects.com/api/dispatch?map=CF&format=markdown
- append-only ledger: https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- receipt pattern: https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
- replay: POST /api/dispatch {"replay":"inv_ID"}
- repair: POST /api/dispatch {"key":"CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID","body":"corrected args","repairs":"inv_ID"}
Troubleshooting
- unknown key — Use the did_you_mean links or ask URL; never guess another key. · https://miscsubjects.com/api/dispatch?ask=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- argument/body mismatch — Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes. · https://miscsubjects.com/api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- expired or corrupted token — Report token_expired/token_corrupted from the response; owner mints a fresh scoped link. · https://miscsubjects.com/api/dispatch?explain=1&share=<TOKEN>
- tool returned ok:false / exit nonzero — Do not call it sent. Read the receipt, correct the body, fire a repair. · https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
Logical proof (verify each step)
- Every capability is an invokable object with its own _self — this block. → https://miscsubjects.com/api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- You run it by POSTing to /api/dispatch; in a model turn the router tag is [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]args[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]. → https://miscsubjects.com/api/dispatch?registry=1
- Every invocation is ledgered with actor, cost, and material/waste. → https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- You can ask the build for capabilities in plain language. → https://miscsubjects.com/api/dispatch?ask=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- The whole build is one self-describing map, with the terminal key. → https://miscsubjects.com/api/dispatch?build=1
Where to look next
- registry — Every capability, self-describing · https://miscsubjects.com/api/dispatch?registry=1
- ask — Ask the build what to use, in plain language · https://miscsubjects.com/api/dispatch?ask=<question>
- history — This capability's invocation history — its edges · https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- build — The whole build as one map (terminal key) · https://miscsubjects.com/api/dispatch?build=1
Self-explaining. Not project knowledge — fetch specifics from the links above.