## §SELF — miscsubjects capability (paste without context)
**Principle:** Self-explaining payload — no external context required. This _self block is the capability: what it is, how to run it, how to change it, and where to look next.
**Path:** OIP > CF > CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
**Capability:** `CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID` — Find all audit logs (a list of who made what change when) for a Cloudflare Account by ID. This can be used to query activity on your Cloudflare account at a particular time. Since and before are requi MCP: https://auditlogs.mcp.cloudflare.com/sse
**RUN NOW (open this URL):** https://miscsubjects.com/api/dispatch?invoke=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&body=%3Carg1%3E&share=<TOKEN>
**Example call:** [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]<arg1>[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]
- **type · runner:** tool · fn · cf_auditlogs
- **run it:** Open run_now (URL, fires the example), or POST https://miscsubjects.com/api/dispatch {"key":"CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID","body":"<arg1>"}. From the router: null
- **inputs:** {"$schema":"http://json-schema.org/draft-07/schema#","type":"object","properties":{"account_name":{"description":"The account name to filter audit logs by.","type":"string"},"action_result":{"description":"Whether the action was a success or failure.","type":"string","enum":["success","failure",""]},"action_type":{"description":"The type of action that was performed.","type":"string","enum":["create","delete","view","update","login"]},"actor_context":{"description":"The context in which the actor was operating.","type":"string","enum":["api_key","api_token","dash","oauth","origin_ca_key"]},"actor_email":{"description":"The email of the actor who triggered the event.","type":"string","format":"email","pattern":"^(?!\\.)(?!.*\\.\\.)([A-Za-z0-9_'+\\-\\.]*)[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\\-]*\\.)+[A-Za-z]{2,}$"},"actor_id":{"description":"The unique identifier of the actor.","type":"string"},"actor_ip_address":{"description":"The IP address of the actor.","type":"string"},"actor_token_id":{"description":"The API token ID used by the actor.","type":"string"},"actor_token_name":{"description":"The name of the API token used by the actor.","type":"string"},"actor_type":{"description":"The type of actor (e.g., user, token).","type":"string","enum":["cloudflare_admin","account","user","system"]},"audit_log_id":{"description":"The unique identifier of the audit log entry.","type":"string"},"raw_cf_ray_id":{"description":"The Cloudflare Ray ID associated with the request.","type":"string"},"raw_method":{"description":"The HTTP method used in the request (e.g., GET, POST).","type":"string"},"raw_status_code":{"description":"The HTTP status code returned by the request.","type":"number"},"raw_uri":{"description":"The URI accessed in the request.","type":"string"},"resource_id":{"description":"The unique identifier of the resource affected.","type":"string"},"resource_product":{"description":"The Cloudflare product related to the resource.","type":"string"},"resource_type":{"description":"The type of resource affected.","type":"string"},"resource_scope":{"description":"The scope of the resource (e.g., account, zone).","type":"string","enum":["memberships","accounts","user","zones"]},"zone_id":{"description":"The ID of the zone associated with the log.","type":"string"},"zone_name":{"description":"The name of the zone associated with the log.","type":"string"},"since":{"type":"string","pattern":"^(\\d{4}-\\d{2}-\\d{2}|(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z))$","description":"The start of the time slice to look at. Can be YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ"},"before":{"type":"string","pattern":"^(\\d{4}-\\d{2}-\\d{2}|(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z))$","description":"The end of the time slice to look at. Can be YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ"},"direction":{"description":"The sort direction of the logs (asc or desc).","type":"string","enum":["desc","asc"]},"limit":{"description":"The number of results to return (max 1000).","type":"number","minimum":1,"maximum":1000},"cursor":{"description":"Pagination cursor for fetching the next set of results.","type":"string"}},"required":["since","before"]}
- **outputs:** { ok, result, invocation, yield, _self } — result is this object's output; yield is tokens/cost/material; invocation is the ledgered record.
- **auth · risk:** none · low
### Machine Contract
- Read this article first; do not infer the row shape from memory.
- If acting with a URL-only tool, open run_now after replacing placeholder args.
- If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
- If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.
### Invocation, Ledger, Repair
- root tree: https://miscsubjects.com/api/dispatch?map=1&format=markdown
- parent system article: https://miscsubjects.com/api/dispatch?map=CF&format=markdown
- append-only ledger: https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- receipt pattern: https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
- replay: POST /api/dispatch {"replay":"inv_ID"}
- repair: POST /api/dispatch {"key":"CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID","body":"corrected args","repairs":"inv_ID"}
### Troubleshooting
- **unknown key** — Use the did_you_mean links or ask URL; never guess another key. · https://miscsubjects.com/api/dispatch?ask=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- **argument/body mismatch** — Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes. · https://miscsubjects.com/api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- **expired or corrupted token** — Report token_expired/token_corrupted from the response; owner mints a fresh scoped link. · https://miscsubjects.com/api/dispatch?explain=1&share=<TOKEN>
- **tool returned ok:false / exit nonzero** — Do not call it sent. Read the receipt, correct the body, fire a repair. · https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
### Logical proof (verify each step)
1. Every capability is an invokable object with its own _self — this block. → https://miscsubjects.com/api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
2. You run it by POSTing to /api/dispatch; in a model turn the router tag is [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]args[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]. → https://miscsubjects.com/api/dispatch?registry=1
3. Every invocation is ledgered with actor, cost, and material/waste. → https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
4. You can ask the build for capabilities in plain language. → https://miscsubjects.com/api/dispatch?ask=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
5. The whole build is one self-describing map, with the terminal key. → https://miscsubjects.com/api/dispatch?build=1
### Where to look next
- **registry** — Every capability, self-describing · https://miscsubjects.com/api/dispatch?registry=1
- **ask** — Ask the build what to use, in plain language · https://miscsubjects.com/api/dispatch?ask=<question>
- **history** — This capability's invocation history — its edges · https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
- **build** — The whole build as one map (terminal key) · https://miscsubjects.com/api/dispatch?build=1
*Self-explaining. Not project knowledge — fetch specifics from the links above.*