coder
diff --git a/‎.github/workflows/stale.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/stale.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/audit/request.go
Lines changed: 14 additions & 6 deletions b/‎coderd/audit/request.go
Lines changed: 14 additions & 6 deletions
diff --git a/‎docs/admin/automation.md
Lines changed: 5 additions & 10 deletions b/‎docs/admin/automation.md
Lines changed: 5 additions & 10 deletions
diff --git a/‎docs/admin/users.md
Lines changed: 9 additions & 8 deletions b/‎docs/admin/users.md
Lines changed: 9 additions & 8 deletions
diff --git a/‎docs/api/authentication.md
Lines changed: 12 additions & 2 deletions b/‎docs/api/authentication.md
Lines changed: 12 additions & 2 deletions
diff --git a/‎scripts/apidocgen/generate.sh
Lines changed: 3 additions & 3 deletions b/‎scripts/apidocgen/generate.sh
Lines changed: 3 additions & 3 deletions
diff --git a/‎scripts/apidocgen/markdown-template/security.def
Lines changed: 14 additions & 26 deletions b/‎scripts/apidocgen/markdown-template/security.def
Lines changed: 14 additions & 26 deletions
@@ -13,7 +13,7 @@ jobs:
     steps:
       # v5.1.0 has a weird bug that makes stalebot add then remove its own label
       # https://github.com/actions/stale/pull/775
-      - uses: actions/stale@v6.0.0
+      - uses: actions/stale@v7.0.0
         with:
           stale-issue-label: "stale"
           stale-pr-label: "stale"
 
@@ -157,7 +157,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 		}
 
 		ip := parseIP(p.Request.RemoteAddr)
-		err := p.Audit.Export(ctx, database.AuditLog{
+		auditLog := database.AuditLog{
 			ID:               uuid.New(),
 			Time:             database.Now(),
 			UserID:           httpmw.APIKey(p.Request).UserID,
@@ -171,9 +171,13 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			StatusCode:       int32(sw.Status),
 			RequestID:        httpmw.RequestID(p.Request),
 			AdditionalFields: p.AdditionalFields,
-		})
+		}
+		err := p.Audit.Export(ctx, auditLog)
 		if err != nil {
-			p.Log.Error(logCtx, "export audit log", slog.Error(err))
+			p.Log.Error(logCtx, "export audit log",
+				slog.F("audit_log", auditLog),
+				slog.Error(err),
+			)
 			return
 		}
 	}
@@ -192,7 +196,7 @@ func BuildAudit[T Auditable](ctx context.Context, p *BuildAuditParams[T]) {
 		p.AdditionalFields = json.RawMessage("{}")
 	}
 
-	err := p.Audit.Export(ctx, database.AuditLog{
+	auditLog := database.AuditLog{
 		ID:               uuid.New(),
 		Time:             database.Now(),
 		UserID:           p.UserID,
@@ -206,9 +210,13 @@ func BuildAudit[T Auditable](ctx context.Context, p *BuildAuditParams[T]) {
 		StatusCode:       int32(p.Status),
 		RequestID:        p.JobID,
 		AdditionalFields: p.AdditionalFields,
-	})
+	}
+	err := p.Audit.Export(ctx, auditLog)
 	if err != nil {
-		p.Log.Error(ctx, "export audit log", slog.Error(err))
+		p.Log.Error(ctx, "export audit log",
+			slog.F("audit_log", auditLog),
+			slog.Error(err),
+		)
 		return
 	}
 }
 
@@ -2,13 +2,9 @@
 
 We recommend automating Coder deployments through the CLI. Examples include [updating templates via CI/CD pipelines](../templates/change-management.md).
 
-## Tokens
+## Authentication
 
-Long-lived tokens can be generated to perform actions on behalf of your user account:
-
-```console
-coder tokens create
-```
+Coder uses authentication tokens to grant machine users access to the REST API. Follow the [Authentication](../api/authentication.md) page to learn how to generate long-lived tokens.
 
 ## CLI
 
@@ -23,14 +19,13 @@ coder workspaces ls
 
 ## REST API
 
-You can use tokens with the Coder's REST API using the `Coder-Session-Token` HTTP header.
+You can review the [API reference](../api/index.md) to find the necessary routes and payload. Alternatively, you can enable the [Swagger](https://swagger.io/) endpoint to read the documentation and do requests against the API:
 
 ```console
-curl 'https://dev.coder.com/api/v2/workspaces' \
-  -H 'Coder-Session-Token: *****'
+coder server --swagger-enable
 ```
 
-> At this time, we do not publish an API reference. However, [codersdk](https://github.com/coder/coder/tree/main/codersdk) can be grepped to find the necessary routes and payloads.
+By default, the local Swagger endpoint is http://localhost:3000/swagger.
 
 ## Golang SDK
 
 
@@ -6,14 +6,15 @@ This article walks you through the user roles available in Coder and creating an
 
 Coder offers these user roles in the community edition:
 
-|                                            | User Admin | Template Admin | Owner |
-| ------------------------------------------ | ---------- | -------------- | ----- |
-| Add and remove Users                       | ✅         |                | ✅    |
-| Manage groups (enterprise)                 | ✅         |                | ✅    |
-| Change User roles                          |            |                | ✅    |
-| Manage **ALL** Templates                   |            | ✅             | ✅    |
-| View, update and delete **ALL** Workspaces |            | ✅             | ✅    |
-| Execute and use **ALL** Workspaces         |            |                | ✅    |
+|                                                       | Auditor | User Admin | Template Admin | Owner |
+| ----------------------------------------------------- | ------- | ---------- | -------------- | ----- |
+| Add and remove Users                                  |         | ✅         |                | ✅    |
+| Manage groups (enterprise)                            |         | ✅         |                | ✅    |
+| Change User roles                                     |         |            |                | ✅    |
+| Manage **ALL** Templates                              |         |            | ✅             | ✅    |
+| View, update and delete **ALL** Workspaces            |         |            | ✅             | ✅    |
+| Execute and use **ALL** Workspaces                    |         |            |                | ✅    |
+| View all user operation [Audit Logs](./audit-logs.md) | ✅      |            |                | ✅    |
 
 A user may have one or more roles. All users have an implicit Member role
 that may use personal workspaces.
 
@@ -1,4 +1,14 @@
 # Authentication
 
-- API Key (CoderSessionToken)
-  - Parameter Name: **Coder-Session-Token**, in: header.
+Long-lived tokens can be generated to perform actions on behalf of your user account:
+
+```console
+coder tokens create
+```
+
+You can use tokens with the Coder's REST API using the `Coder-Session-Token` HTTP header.
+
+```console
+curl 'http://coder-server:8080/api/v2/workspaces' \
+  -H 'Coder-Session-Token: *****'
+```
@@ -27,12 +27,12 @@ go run github.com/swaggo/swag/cmd/swag@v1.8.6 init \
 popd
 
 pushd "${APIDOCGEN_DIR}"
-npm ci
+yarn
 
 # Make sure that widdershins is installed correctly.
-npm exec -- widdershins --version
+yarn exec -- widdershins --version
 # Render the Markdown file.
-npm exec -- widdershins \
+yarn exec -- widdershins \
 	--user_templates "./markdown-template" \
 	--search false \
 	--omitHeader true \
 
@@ -1,27 +1,15 @@
 <!-- APIDOCGEN: BEGIN SECTION -->
-{{= data.tags.section }}# Authentication
-{{ for (var s in data.api.components.securitySchemes) { }}
-{{ var sd = data.api.components.securitySchemes[s]; }}
-{{? sd.type == 'apiKey' }}
-- API Key ({{=s}})
-  - Parameter Name: **{{=sd.name}}**, in: {{=sd.in}}. {{=sd.description || ''}}
-{{?}}
-{{? sd.type == 'http'}}
-- HTTP Authentication, scheme: {{=sd.scheme}}{{? sd.description }}<br/>{{=sd.description}}{{?}}
-{{?}}
-{{? sd.type == 'oauth2'}}
-- oAuth2 authentication. {{=sd.description || ''}}
-{{ for (var f in sd.flows) { }}
-{{ var flow = sd.flows[f]; }}
-    - Flow: {{=f}}
-{{? flow.authorizationUrl}}    - Authorization URL = [{{=flow.authorizationUrl}}]({{=flow.authorizationUrl}}){{?}}
-{{? flow.tokenUrl}}    - Token URL = [{{=flow.tokenUrl}}]({{=flow.tokenUrl}}){{?}}
-{{? flow.scopes && Object.keys(flow.scopes).length}}
-|Scope|Scope Description|
-|---|---|
-{{ for (var sc in flow.scopes) { }}|{{=sc}}|{{=data.utils.join(flow.scopes[sc])}}|
-{{ } /* of scopes */ }}
-{{?}}
-{{ } /* of flows */ }}
-{{?}}
-{{ } /* of securitySchemes */ }}
+# Authentication
+
+Long-lived tokens can be generated to perform actions on behalf of your user account:
+
+```console
+coder tokens create
+```
+
+You can use tokens with the Coder's REST API using the `Coder-Session-Token` HTTP header.
+
+```console
+curl 'http://coder-server:8080/api/v2/workspaces' \
+  -H 'Coder-Session-Token: *****'
+```