GET /v1/config/monitoring/activity

Returns the recent watchdog activity for the current project: every evaluation that ran, whether it tripped a rule, whether an alert was sent (and if not, why), and the rule that produced it. Newest first, capped at 100 entries.

Use this to power a status feed, audit which rules fired, or diagnose why an expected alert didn't go out (cooldown, daily cap, deduplication).

Authentication

API key with config:read permission. Project-scoped or tenant-scoped (with X-Project-Id).

Endpoint

GET /v1/config/monitoring/activity

Query parameters

Param	Type	Default	Notes
`hours`	int 1–720	`24`	How far back to fetch — up to 30 days

Response

200 OK

{
  "success": true,
  "data": [
    {
      "timestamp": "2026-04-25T14:30:12Z",
      "ruleId": "wdg_a1b2...",
      "ruleName": "Checkout error spike",
      "passed": false,
      "alertFired": true,
      "suppressedReason": null,
      "severity": "high",
      "summary": "Error count is 4.1× the recent baseline"
    },
    {
      "timestamp": "2026-04-25T14:15:09Z",
      "ruleId": "wdg_a1b2...",
      "ruleName": "Checkout error spike",
      "passed": false,
      "alertFired": false,
      "suppressedReason": "cooldown",
      "severity": "high",
      "summary": "Error count is 3.4× the recent baseline"
    },
    {
      "timestamp": "2026-04-25T14:00:08Z",
      "ruleId": "wdg_a1b2...",
      "ruleName": "Checkout error spike",
      "passed": true,
      "alertFired": false,
      "suppressedReason": null,
      "severity": "low",
      "summary": ""
    }
  ]
}

Field	Type	Notes
`timestamp`	string (ISO 8601)	When the check ran
`ruleId`	UUID	The rule that ran
`ruleName`	string	Snapshot of the rule's name at evaluation time
`passed`	`boolean`	`true` means the rule was satisfied (no alert needed); `false` means it tripped
`alertFired`	`boolean`	Whether an alert was actually delivered
`suppressedReason`	`'cooldown' \| 'daily_cap' \| 'dedup' \| null`	Why an alert was held back even though the rule tripped
`severity`	`'critical' \| 'high' \| 'medium' \| 'low' \| 'info'`	Severity assigned to the evaluation
`summary`	string	One-line description of what triggered the rule (empty for `passed: true`)

For walkthroughs of the suppression reasons see Alert behavior.

Error responses

Status	`error.code`	When
400	`VALIDATION_ERROR`	`hours` is missing, non-numeric, or outside `1–720`
401	`UNAUTHORIZED`	Missing or invalid API key
403	`FORBIDDEN`	Key lacks `config:read`

Example

curl "https://api.sigsentry.com/v1/config/monitoring/activity?hours=48" \
  -H "Authorization: Bearer ss_secret_..."

Filtering by rule

This endpoint returns activity across every rule on the project. Filter client-side on ruleId if you need a per-rule feed. The Activity feed guide covers common filtering patterns.

GET /v1/config/monitoring/activity

On this page