> ## Documentation Index > Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt > Use this file to discover all available pages before exploring further. # Replay a single check execution > Returns every rule evaluation and state transition emitted for this scheduler-minted check_id (V92), plus the policy snapshot that governed them. ## OpenAPI ````yaml /openapi/monitoring-api.json get /api/v1/forensics/traces/{checkId} openapi: 3.0.1 info: title: DevHelm API description: >- DevHelm monitoring and incident management API. Create and manage uptime monitors, incidents, alert channels, notification policies, and more. version: '1.0' contact: name: DevHelm url: https://devhelm.io email: support@devhelm.io servers: - url: https://api.devhelm.io description: Production security: - BearerAuth: [] tags: - name: Alert Channels description: Alert channel CRUD and connectivity testing - name: Alert Deliveries description: 'Delivery audit trail: inspect per-attempt details for alert deliveries' - name: API Auth description: Identity and quota info for API key authentication - name: API Keys description: Organization API key management - name: Audit Log description: Organization audit trail - name: Check Results description: Query raw check results, uptime statistics, and summary data - name: Dashboard description: Overview dashboard aggregates - name: Deploy Lock description: Mutex for CLI deploy operations - name: Environments description: Variable namespace management for monitors - name: Forensics description: >- Detection engine event-sourced history (policy snapshots, rule evaluations, state transitions) - name: Heartbeat description: Public ping endpoint for heartbeat monitors - name: Incident Policies description: Manage trigger, confirmation, and recovery rules for monitors - name: Incidents description: Incident management and lifecycle - name: Integrations description: Static catalog of supported alert channel integrations - name: Invites description: Organization invite management - name: Maintenance Windows description: Schedule alert-suppression windows for monitors - name: Members description: Organization member management - name: Monitor Alert Channels description: Manage alert channel mappings for a monitor - name: Monitor Assertions description: Manage assertions for a monitor - name: Monitor Auth description: Manage authentication configuration for a monitor - name: Monitors description: Monitor CRUD and lifecycle management - name: Notification Dispatches description: >- Dispatch debugging API: inspect which policies matched an incident and track delivery status - name: Notification Policies description: Org-level notification routing policies with JSONB match rules - name: Notifications description: In-app notification center - name: Organizations description: Organization management - name: Resource Groups description: Resource group CRUD and member management - name: Secrets description: Organization environment secret management - name: Service Subscriptions description: Manage which services an organization tracks - name: Status Data description: Public service status catalog, components, uptime, and incident history - name: Status Pages description: Status page management - name: Tags description: Org-scoped tag management for monitors - name: Vault description: Organization vault management (admin-only) - name: Webhooks description: Webhook endpoint management, event catalog, and delivery history - name: Workspaces description: Workspace management within an organization paths: /api/v1/forensics/traces/{checkId}: get: tags: - Forensics summary: Replay a single check execution description: >- Returns every rule evaluation and state transition emitted for this scheduler-minted check_id (V92), plus the policy snapshot that governed them. operationId: getTrace parameters: - name: checkId in: path required: true schema: type: string format: uuid responses: '200': description: OK content: '*/*': schema: $ref: '#/components/schemas/SingleValueResponseCheckTraceDto' '400': description: Bad request — the payload failed validation content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized — missing or invalid credentials content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden — the actor lacks permission for this resource content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not found — the requested resource does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Conflict — the request collides with current resource state content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error — see the message field for details content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '502': description: Bad gateway — an upstream provider returned an error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '503': description: Service unavailable — try again shortly content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: schemas: SingleValueResponseCheckTraceDto: required: - data type: object properties: data: $ref: '#/components/schemas/CheckTraceDto' ErrorResponse: required: - code - message - status - timestamp type: object properties: status: type: integer description: HTTP status code (mirrors the response status line) format: int32 example: 404 code: type: string description: >- Coarse machine-readable error category (e.g. NOT_FOUND, RATE_LIMITED); stable per status example: NOT_FOUND message: type: string description: Human-readable error message; safe to surface to end users example: Monitor not found timestamp: type: integer description: Server time when the error was produced (epoch milliseconds) format: int64 example: 1737302400000 requestId: type: string description: >- Opaque per-request id; same value as the X-Request-Id response header. Use in support tickets. nullable: true example: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a errors: type: array description: >- Structured per-field rejections; populated for validation errors, null otherwise nullable: true items: nullable: true allOf: - $ref: '#/components/schemas/ErrorEntry' description: Uniform error envelope returned for every non-2xx response example: status: 404 code: NOT_FOUND message: Monitor not found timestamp: 1737302400000 requestId: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a CheckTraceDto: required: - checkId - evaluations - transitions type: object properties: checkId: type: string description: The check execution ID this trace is keyed by format: uuid evaluations: type: array description: All rule evaluations that ran for this check items: $ref: '#/components/schemas/RuleEvaluationDto' transitions: type: array description: >- State-machine transitions this check caused (may be empty if nothing fired) items: $ref: '#/components/schemas/IncidentStateTransitionDto' policySnapshot: nullable: true allOf: - $ref: '#/components/schemas/PolicySnapshotDto' ErrorEntry: required: - code - message type: object properties: code: minLength: 1 type: string description: >- Stable machine-readable code; see ValidationErrorCode for the registry example: MONITOR_HEARTBEAT_GRACE_EXCEEDS_INTERVAL field: type: string description: >- JSON-pointer-like path to the offending field, or null for request-wide errors nullable: true example: config.gracePeriod message: minLength: 1 type: string description: Human-readable message; safe to surface to end users description: One structured validation rejection RuleEvaluationDto: required: - checkId - engineVersion - evaluationDetails - id - inputResultIds - monitorId - occurredAt - policySnapshotHashHex - region - ruleScope - ruleType - ruleIndex - outputMatched type: object properties: id: type: string description: Forensic row UUID format: uuid occurredAt: type: string description: When the evaluation ran format: date-time monitorId: type: string description: Monitor that produced the input check result format: uuid region: minLength: 1 type: string description: Probe region of the input check result policySnapshotHashHex: minLength: 1 type: string description: Hex-encoded hash of the policy snapshot this rule came from ruleIndex: type: integer description: Index into the policy's triggerRules array (0-based) format: int32 ruleType: minLength: 1 type: string description: Rule type (e.g. consecutive_failures, failures_in_window) ruleScope: minLength: 1 type: string description: Rule scope (per_region | multi_region) inputResultIds: minItems: 1 type: array description: check_results IDs that were inputs to this evaluation (newest first) items: type: string description: >- check_results IDs that were inputs to this evaluation (newest first) format: uuid outputMatched: type: boolean description: Whether the rule fired on this evaluation evaluationDetails: type: object additionalProperties: type: object description: Structured details (e.g. failure counts, response-time aggregates) description: Structured details (e.g. failure counts, response-time aggregates) engineVersion: minLength: 1 type: string description: Detection engine version that ran this evaluation checkId: type: string description: >- Scheduler-minted check execution ID (V92) — the causal chain identifier format: uuid triggeringTransitionId: type: string description: >- If this evaluation caused a state transition, points to that transition's id format: uuid nullable: true description: All rule evaluations that ran for this check IncidentStateTransitionDto: required: - affectedRegions - checkId - details - engineVersion - fromStatus - id - monitorId - occurredAt - policySnapshotHashHex - reason - toStatus - triggeringEvaluationIds type: object properties: id: type: string description: Forensic row UUID format: uuid occurredAt: type: string description: When the state transition occurred format: date-time monitorId: type: string description: Monitor this transition pertains to format: uuid incidentId: type: string description: >- Incident this transition belongs to; null for pre-incident (auto-cleared) transitions format: uuid nullable: true fromStatus: minLength: 1 type: string description: Previous status (WATCHING | TRIGGERED | CONFIRMED | RESOLVED) toStatus: minLength: 1 type: string description: New status (WATCHING | TRIGGERED | CONFIRMED | RESOLVED) reason: minLength: 1 type: string description: >- Why the transition fired (trigger | confirm | resolve | auto_clear | reopen) triggeringEvaluationIds: type: array description: >- rule_evaluation ids that caused this transition (may be empty for timeout-driven edges) items: type: string description: >- rule_evaluation ids that caused this transition (may be empty for timeout-driven edges) format: uuid affectedRegions: type: array description: Regions whose evaluations contributed to this transition items: type: string description: Regions whose evaluations contributed to this transition policySnapshotHashHex: minLength: 1 type: string description: >- Hex-encoded hash of the policy snapshot that governed this transition engineVersion: minLength: 1 type: string description: Detection engine version that emitted this transition checkId: type: string description: Scheduler-minted check execution ID (V92) of the triggering result format: uuid details: $ref: '#/components/schemas/StateTransitionDetails' description: >- State-machine transitions this check caused (may be empty if nothing fired) PolicySnapshotDto: required: - engineVersion - firstSeenAt - hashHex - lastSeenAt - policy type: object properties: hashHex: minLength: 1 type: string description: Hex-encoded SHA-256 of the canonical policy JSON policy: type: object additionalProperties: type: object description: Canonical policy document (snake_case, sorted keys) description: Canonical policy document (snake_case, sorted keys) engineVersion: minLength: 1 type: string description: Detection engine version that observed this policy firstSeenAt: type: string description: First time the detection engine evaluated against this policy bytes format: date-time lastSeenAt: type: string description: Most recent time the engine evaluated against this policy bytes format: date-time description: >- Policy snapshot used during this check (all evaluations of a single check are against one policy) nullable: true StateTransitionDetails: required: - source type: object properties: source: type: string description: Actor that produced this transition (pipeline | public-api) enum: - pipeline - public-api description: 'Typed metadata about this transition (currently: actor source)' securitySchemes: BearerAuth: type: http description: API key (dh_live_...) or Auth0 JWT token scheme: bearer bearerFormat: JWT ````