From 110afb2c30270228ae4e2e37a7c74e58c225e97b Mon Sep 17 00:00:00 2001
From: David Liu <david.liu@temporal.io>
Date: Thu, 8 Jan 2026 12:47:05 -0500
Subject: [PATCH 1/6] Add audit log query API

---
 .../cloudservice/v1/request_response.proto    | 20 +++++++++++++++++++
 .../api/cloud/cloudservice/v1/service.proto   |  7 +++++++
 2 files changed, 27 insertions(+)

diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto
index cec66ac..96c7efb 100644
--- a/temporal/api/cloud/cloudservice/v1/request_response.proto
+++ b/temporal/api/cloud/cloudservice/v1/request_response.proto
@@ -19,6 +19,7 @@ import "temporal/api/cloud/region/v1/message.proto";
 import "temporal/api/cloud/account/v1/message.proto";
 import "temporal/api/cloud/usage/v1/message.proto";
 import "temporal/api/cloud/connectivityrule/v1/message.proto";
+import "temporal/api/cloud/auditlog/v1/message.proto";
 
 message GetUsersRequest {
     // The requested size of the page to retrieve - optional.
@@ -949,6 +950,25 @@ message DeleteConnectivityRuleResponse {
     temporal.api.cloud.operation.v1.AsyncOperation async_operation = 1;
 }
 
+message GetAuditLogsRequest {
+    // The requested size of the page to retrieve - optional.
+    // Cannot exceed 1000. Defaults to 100.
+    int32 page_size = 1;
+    // The page token if this is continuing from another response - optional.
+    string page_token = 2;
+    // Filter for UTC time >= (defaults to 30 days ago) - optional.
+    google.protobuf.Timestamp start_time_inclusive = 3;
+    // Filter for UTC time < (defaults to current time) - optional.
+    google.protobuf.Timestamp end_time_exclusive = 4;
+}
+
+message GetAuditLogsResponse {
+    // The list of audit logs ordered by inserted time, emit time, log_id
+    repeated temporal.api.cloud.auditlog.v1.LogRecord logs = 1;
+    // The next page's token.
+    string next_page_token = 2;
+}
+
 message ValidateAccountAuditLogSinkRequest {
   // The audit log sink spec that will be validated
   temporal.api.cloud.account.v1.AuditLogSinkSpec spec = 1;
diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
index 1526d4a..b6abcb0 100644
--- a/temporal/api/cloud/cloudservice/v1/service.proto
+++ b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -976,6 +976,13 @@ service CloudService {
         };
     }
 
+    // Get audit logs
+    rpc GetAuditLogs(GetAuditLogsRequest) returns (GetAuditLogsResponse) {
+        option (google.api.http) = {
+            get: "/cloud/account/audit-logs",
+        };
+    }
+
     // Validate customer audit log sink is accessible from Temporal's workflow by delivering an empty file to the specified sink.
     // The operation verifies that the sink is correctly configured, accessible and ready to receive audit logs.
     rpc ValidateAccountAuditLogSink(ValidateAccountAuditLogSinkRequest) returns (ValidateAccountAuditLogSinkResponse) {

From dd41d8d6a9e895a007e5222294120230fd4c4d34 Mon Sep 17 00:00:00 2001
From: David Liu <david.liu@temporal.io>
Date: Thu, 8 Jan 2026 12:53:45 -0500
Subject: [PATCH 2/6] descope account

---
 temporal/api/cloud/cloudservice/v1/service.proto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
index b6abcb0..009f727 100644
--- a/temporal/api/cloud/cloudservice/v1/service.proto
+++ b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -979,7 +979,7 @@ service CloudService {
     // Get audit logs
     rpc GetAuditLogs(GetAuditLogsRequest) returns (GetAuditLogsResponse) {
         option (google.api.http) = {
-            get: "/cloud/account/audit-logs",
+            get: "/cloud/audit-logs",
         };
     }
 

From 292135d7cde668c260059966984d92b9a68c0fae Mon Sep 17 00:00:00 2001
From: David Liu <david.liu@temporal.io>
Date: Thu, 8 Jan 2026 12:55:59 -0500
Subject: [PATCH 3/6] add openapi tag

---
 temporal/api/cloud/cloudservice/v1/service.proto | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
index 009f727..9415bf2 100644
--- a/temporal/api/cloud/cloudservice/v1/service.proto
+++ b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -981,6 +981,15 @@ service CloudService {
         option (google.api.http) = {
             get: "/cloud/audit-logs",
         };
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: ["Account"];
+            summary: "Get audit logs"
+            description: "Gets a list of audit logs."
+            external_docs: {
+                url: "https://docs.temporal.io/cloud/audit-logging";
+                description: "Audit logging documentation";
+            };
+        };
     }
 
     // Validate customer audit log sink is accessible from Temporal's workflow by delivering an empty file to the specified sink.

From 968da7cf8236bf5fde828357b916acfa02fab7d9 Mon Sep 17 00:00:00 2001
From: David Liu <david.liu@temporal.io>
Date: Mon, 12 Jan 2026 09:52:15 -0500
Subject: [PATCH 4/6] fix comment

---
 temporal/api/cloud/cloudservice/v1/request_response.proto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/temporal/api/cloud/cloudservice/v1/request_response.proto b/temporal/api/cloud/cloudservice/v1/request_response.proto
index 96c7efb..d9508c7 100644
--- a/temporal/api/cloud/cloudservice/v1/request_response.proto
+++ b/temporal/api/cloud/cloudservice/v1/request_response.proto
@@ -963,7 +963,7 @@ message GetAuditLogsRequest {
 }
 
 message GetAuditLogsResponse {
-    // The list of audit logs ordered by inserted time, emit time, log_id
+    // The list of audit logs ordered by emit time, log_id
     repeated temporal.api.cloud.auditlog.v1.LogRecord logs = 1;
     // The next page's token.
     string next_page_token = 2;

From 633b4ae8c7e97cc7309c041d521b24c11e519ab2 Mon Sep 17 00:00:00 2001
From: David Liu <david.liu@temporal.io>
Date: Mon, 12 Jan 2026 14:53:19 -0500
Subject: [PATCH 5/6] bump version

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index bf057db..c91125d 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v0.10.0
+v0.10.1

From 4e999cff04777139abb8401ce318b7807489ebd2 Mon Sep 17 00:00:00 2001
From: David Liu <david.liu@temporal.io>
Date: Mon, 12 Jan 2026 14:57:51 -0500
Subject: [PATCH 6/6] fix description

---
 temporal/api/cloud/cloudservice/v1/service.proto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/temporal/api/cloud/cloudservice/v1/service.proto b/temporal/api/cloud/cloudservice/v1/service.proto
index 9415bf2..3f4ca69 100644
--- a/temporal/api/cloud/cloudservice/v1/service.proto
+++ b/temporal/api/cloud/cloudservice/v1/service.proto
@@ -984,7 +984,7 @@ service CloudService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: ["Account"];
             summary: "Get audit logs"
-            description: "Gets a list of audit logs."
+            description: "Returns a paginated list of audit logs for the account, optionally filtered by time range"
             external_docs: {
                 url: "https://docs.temporal.io/cloud/audit-logging";
                 description: "Audit logging documentation";