feat: add activity cli

Registers the new activity CLI so users can query the platform for
activity logs. Also adds documentation for the activity logs to provide
guidance on how to use the CLI.

Author: scotwells

docs/user/README.md

@@ -11,3 +11,8 @@ This guide provides information for users on how to install and use the
 **Resource Commands:**
 
 *   [Organizations](./resources/organizations.md)
+
+**Commands**
+
+- **[Activity](./commands/activity.md)** - interact with the activity system to
+  retrieve audit logs for events happening within your infrastructure

docs/user/commands/activity.md

@@ -0,0 +1,129 @@
+# Activity
+
+The `datumctl activity` command is available for interacting with the [activity
+service] we've made available to Datum Cloud consumers. The activity service
+allows users to query for audit logs that are collected for all interactions
+with the platform.
+
+You can see the full list of commands and CLI options by using the `--help`
+flag.
+
+```shell
+$ datumctl activity --help
+```
+
+This document will guide you through how to query the system using some of the
+most frequently used commands.
+
+[activity service]: https://github.com/datum-cloud/activity
+[milo]: https://github.com/datum-cloud/milo
+
+## Querying audit logs
+
+The `datumctl activity query` command is available to query the system for audit
+logs to understand what's happening within your organization and projects.
+
+### Project and organization audit logs
+
+Use the `--project` and `--organization` flag to control which context audit
+logs are retrieved from.
+
+```shell
+$ datumctl activity query --project datum-cloud
+TIMESTAMP             VERB     USER               NAMESPACE   RESOURCE          NAME       STATUS
+2026-01-14 09:52:43   create   [email protected]               auditlogqueries              201
+2026-01-14 09:44:09   get      [email protected]               dnszones                     201
+2026-01-14 09:44:29   update   [email protected]               dnszones          datum.net  201
+2026-01-14 09:50:22   delete   [email protected]               dnszones          datum.net  201
+```
+
+### Filtering
+
+The `--filter` command is available to filter the audit logs returned in the
+query. The filter option accepts a [CEL expression][cel] to select which audit
+logs should be returned.
+
+```shell
+$ datumctl activity query --project datum-cloud --limit 10 --filter='user.username == "[email protected]" && objectRef.apiGroup == "networking.datumapis.com"'
+TIMESTAMP             VERB   USER               NAMESPACE   RESOURCE   NAME        STATUS
+2026-01-14 10:08:33   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:40   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:27   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:40   get    [email protected]   default     domains    datum.net   200
+
+No more results.
+```
+
+[cel]: https://cel.dev
+
+### Pagination
+
+The `--continue` option is available to paginate requests when additional
+results are available. The CLI will provide the continue option to use for the
+next page of requests.
+
+```shell
+$ datumctl activity query --project datum-cloud --limit 10 --filter='user.username == "[email protected]" && objectRef.apiGroup == "networking.datumapis.com"' --limit 3
+TIMESTAMP             VERB   USER               NAMESPACE   RESOURCE   NAME        STATUS
+2026-01-14 10:08:33   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:40   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:19:48   get    [email protected]   default     domains    datum.net   200
+
+More results available. Use --continue-after '{continue-token}' to get the next page.
+Or use --all-pages to fetch all results automatically.
+```
+
+You can also use the `--all-pages` option to retrieve all pages.
+
+### Output
+
+The `--output` or `-o` option is available to control the format that's
+returned. By default the query command will output a table with common fields
+that are helpful to users to understand the activity. You can also output the
+results as `yaml` or `json` to see the full audit logs that were retrieved by
+the query.
+
+```shell
+$ datumctl activity query --project datum-cloud -o yaml
+apiVersion: audit.k8s.io/v1
+items:
+- annotations:
+    authorization.k8s.io/decision: allow
+    authorization.k8s.io/reason: ""
+    platform.miloapis.com/scope.name: datum-cloud
+    platform.miloapis.com/scope.type: project
+  auditID: 5b842c5a-001f-45c3-97af-d76a4114e9ee
+  level: Request
+  objectRef:
+    apiGroup: networking.datumapis.com
+    apiVersion: v1alpha
+    name: datum.net
+    namespace: default
+    resource: domains
+  requestReceivedTimestamp: "2026-01-14T16:08:33.274159Z"
+  requestURI: /apis/networking.datumapis.com/v1alpha/namespaces/default/domains/datum.net
+  responseStatus:
+    code: 200
+    metadata: {}
+  stage: ResponseComplete
+  stageTimestamp: "2026-01-14T16:08:33.278787Z"
+  user:
+    extra:
+      iam.miloapis.com/parent-api-group:
+      - resourcemanager.miloapis.com
+      iam.miloapis.com/parent-name:
+      - datum-cloud
+      iam.miloapis.com/parent-type:
+      - Project
+      iam.miloapis.com/registrationApproval:
+      - Approved
+    groups:
+    - system:authenticated
+    uid: "328747448287632651"
+    username: [email protected]
+  userAgent: axios/1.13.2
+  verb: get
+  ...
+kind: EventList
+metadata: {}
+```

go.mod

@@ -11,6 +11,7 @@ require (
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/pflag v1.0.10
 	github.com/zalando/go-keyring v0.2.6
+	go.miloapis.com/activity v0.0.0-20260113191412-5f92a716b929
 	go.miloapis.com/milo v0.16.1
 	golang.org/x/oauth2 v0.34.0
 	k8s.io/apiextensions-apiserver v0.35.0
@@ -42,11 +43,11 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/jsonpointer v0.22.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.3 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.1 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
@@ -70,7 +71,6 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.23.2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
@@ -79,25 +79,25 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.opentelemetry.io/otel v1.36.0 // indirect
-	go.opentelemetry.io/otel/trace v1.36.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
-	google.golang.org/protobuf v1.36.8 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.35.0 // indirect
+	k8s.io/apiserver v0.35.0 // indirect
 	k8s.io/component-helpers v0.35.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
+	k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect
 	k8s.io/metrics v0.35.0 // indirect
 	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect