feat: add activity cli

docs/user/README.md

@@ -11,3 +11,8 @@ This guide provides information for users on how to install and use the
 **Resource Commands:**
 
 *   [Organizations](./resources/organizations.md)
+
+**Commands**
+
+- **[Activity](./commands/activity.md)** - interact with the activity system to
+  retrieve audit logs for events happening within your infrastructure

docs/user/commands/activity.md

@@ -0,0 +1,129 @@
+# Activity
+
+The `datumctl activity` command is available for interacting with the [activity
+service] we've made available to Datum Cloud consumers. The activity service
+allows users to query for audit logs that are collected for all interactions
+with the platform.
+
+You can see the full list of commands and CLI options by using the `--help`
+flag.
+
+```shell
+$ datumctl activity --help
+```
+
+This document will guide you through how to query the system using some of the
+most frequently used commands.
+
+[activity service]: https://github.com/datum-cloud/activity
+[milo]: https://github.com/datum-cloud/milo
+
+## Querying audit logs
+
+The `datumctl activity query` command is available to query the system for audit
+logs to understand what's happening within your organization and projects.
+
+### Project and organization audit logs
+
+Use the `--project` and `--organization` flag to control which context audit
+logs are retrieved from.
+
+```shell
+$ datumctl activity query --project datum-cloud
+TIMESTAMP             VERB     USER               NAMESPACE   RESOURCE          NAME       STATUS
+2026-01-14 09:52:43   create   [email protected]               auditlogqueries              201
+2026-01-14 09:44:09   get      [email protected]               dnszones                     201
+2026-01-14 09:44:29   update   [email protected]               dnszones          datum.net  201
+2026-01-14 09:50:22   delete   [email protected]               dnszones          datum.net  201
+```
+
+### Filtering
+
+The `--filter` command is available to filter the audit logs returned in the
+query. The filter option accepts a [CEL expression][cel] to select which audit
+logs should be returned.
+
+```shell
+$ datumctl activity query --project datum-cloud --limit 10 --filter='user.username == "[email protected]" && objectRef.apiGroup == "networking.datumapis.com"'
+TIMESTAMP             VERB   USER               NAMESPACE   RESOURCE   NAME        STATUS
+2026-01-14 10:08:33   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:40   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:27   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:40   get    [email protected]   default     domains    datum.net   200
+
+No more results.
+```
+
+[cel]: https://cel.dev
+
+### Pagination
+
+The `--continue` option is available to paginate requests when additional
+results are available. The CLI will provide the continue option to use for the
+next page of requests.
+
+```shell
+$ datumctl activity query --project datum-cloud --limit 10 --filter='user.username == "[email protected]" && objectRef.apiGroup == "networking.datumapis.com"' --limit 3
+TIMESTAMP             VERB   USER               NAMESPACE   RESOURCE   NAME        STATUS
+2026-01-14 10:08:33   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:08:40   get    [email protected]   default     domains    datum.net   200
+2026-01-14 10:19:48   get    [email protected]   default     domains    datum.net   200
+
+More results available. Use --continue-after '{continue-token}' to get the next page.
+Or use --all-pages to fetch all results automatically.
+```
+
+You can also use the `--all-pages` option to retrieve all pages.
+
+### Output
+
+The `--output` or `-o` option is available to control the format that's
+returned. By default the query command will output a table with common fields
+that are helpful to users to understand the activity. You can also output the
+results as `yaml` or `json` to see the full audit logs that were retrieved by
+the query.
+
+```shell
+$ datumctl activity query --project datum-cloud -o yaml
+apiVersion: audit.k8s.io/v1
+items:
+- annotations:
+    authorization.k8s.io/decision: allow
+    authorization.k8s.io/reason: ""
+    platform.miloapis.com/scope.name: datum-cloud
+    platform.miloapis.com/scope.type: project
+  auditID: 5b842c5a-001f-45c3-97af-d76a4114e9ee
+  level: Request
+  objectRef:
+    apiGroup: networking.datumapis.com
+    apiVersion: v1alpha
+    name: datum.net
+    namespace: default
+    resource: domains
+  requestReceivedTimestamp: "2026-01-14T16:08:33.274159Z"
+  requestURI: /apis/networking.datumapis.com/v1alpha/namespaces/default/domains/datum.net
+  responseStatus:
+    code: 200
+    metadata: {}
+  stage: ResponseComplete
+  stageTimestamp: "2026-01-14T16:08:33.278787Z"
+  user:
+    extra:
+      iam.miloapis.com/parent-api-group:
+      - resourcemanager.miloapis.com
+      iam.miloapis.com/parent-name:
+      - datum-cloud
+      iam.miloapis.com/parent-type:
+      - Project
+      iam.miloapis.com/registrationApproval:
+      - Approved
+    groups:
+    - system:authenticated
+    uid: "328747448287632651"
+    username: [email protected]
+  userAgent: axios/1.13.2
+  verb: get
+  ...
+kind: EventList
+metadata: {}
+```

go.mod

@@ -11,6 +11,7 @@ require (
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/pflag v1.0.10
 	github.com/zalando/go-keyring v0.2.6
+	go.miloapis.com/activity v0.0.0-20260113191412-5f92a716b929
 	go.miloapis.com/milo v0.16.1
 	golang.org/x/oauth2 v0.34.0
 	k8s.io/apiextensions-apiserver v0.35.0
@@ -42,11 +43,11 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/jsonpointer v0.22.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.3 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.1 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
@@ -70,7 +71,6 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.23.2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
@@ -79,25 +79,25 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.opentelemetry.io/otel v1.36.0 // indirect
-	go.opentelemetry.io/otel/trace v1.36.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
-	google.golang.org/protobuf v1.36.8 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.35.0 // indirect
+	k8s.io/apiserver v0.35.0 // indirect
 	k8s.io/component-helpers v0.35.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
+	k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e // indirect
 	k8s.io/metrics v0.35.0 // indirect
 	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect