You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(cli,inspect,runtime): wire run attribution flags and filters
Add agentctl run attribution flags with local defaults and prod guardrails,
logs/inspector filtering by tenant/thread/actor, OTel gen_ai scope attributes,
and resume behavior that preserves persisted thread identity.
Closes#111.
Co-authored-by: Cursor <cursoragent@cursor.com>
Copy file name to clipboardExpand all lines: CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
8
8
9
9
### Added
10
10
11
+
-**Run attribution** (issue #111): `tenant_id`, `thread_id`, `actor_id`, `parent_run_id`, `request_id`, `idempotency_key`, and `source` on `runs`; trace events carry matching tenant/thread/actor for filterable logs and inspector queries. `agentctl run` accepts `--tenant-id`, `--thread-id`, `--actor-id` (local defaults `tenant-1` / `thread-1` / `user-1`); `agentctl logs` and `GET /api/runs` filter by the same dimensions. `--resume` reuses persisted `run_id` and `thread_id`. OTel spans emit `gen_ai.tenant.id`, `gen_ai.thread.id`, `gen_ai.actor.id`, and `gen_ai.request.id`. See [`docs/ATTRIBUTION.md`](docs/ATTRIBUTION.md).
11
12
-**Trace payload redaction** (issue #110): trace events are sanitized, key-redacted, and size-capped before SQLite storage. Defaults mask common secret key names; override via `Project.spec.traces.redactKeys`, `maxPayloadBytes`, and `spec.traces.redaction` (`maxDepth`, `maxBytes` for binary previews, `maxStringChars`). HITL edit `argsDiff` is redacted before persistence. Local runs use [trace.NewRecorderForGraph] from project spec.
12
13
-**Optional OpenTelemetry trace export** (issue #108): `Project.spec.telemetry` (`enabled`, `serviceName`, `endpoint` with `env:` tokens, `consoleExport`) emits WayFind-aligned `gen_ai.*` spans (`agent.run`, `model.chat`, `tool.exec`, `approval`) alongside SQLite traces. Disabled by default; init failures log a warning and never fail runs. See [`docs/OTEL.md`](docs/OTEL.md) for a Jaeger quick start.
13
14
-**`agentctl inspect --web`** — read-only local inspector (default `http://127.0.0.1:8787`) over SQLite state: runs, trace timeline, run steps, applied deployment resources, and checkpoints ([#109](https://github.com/LAA-Software-Engineering/agentic-control-plane/issues/109)).
Issue [#111](https://github.com/LAA-Software-Engineering/agentic-control-plane/issues/111) adds lightweight tenancy and attribution to `runs` and `trace_events`.
4
+
5
+
## Fields
6
+
7
+
| Field | Purpose |
8
+
| --- | --- |
9
+
|`tenant_id`| Outermost multi-tenant scope |
10
+
|`thread_id`| Session continuity across runs and `--resume`|
11
+
|`actor_id`| Who triggered the run (caller-asserted for now) |
12
+
|`parent_run_id`| Lineage for sub-runs (not set on resume of the same run) |
13
+
|`request_id`| Per-invocation correlation id (distinct from `run_id`) |
14
+
|`idempotency_key`| Optional dedupe key for accidental re-triggers |
Trace events duplicate `tenant_id`, `thread_id`, and `actor_id` from the parent run so `logs` and the inspector can filter without joins.
18
+
19
+
## CLI defaults (local only)
20
+
21
+
When flags are omitted, `agentctl run` stores:
22
+
23
+
-`tenant_id`: `tenant-1`
24
+
-`thread_id`: `thread-1`
25
+
-`actor_id`: `user-1`
26
+
-`source`: `cli`
27
+
28
+
**Do not rely on these defaults in CI or production.** Pass real actor ids (for example the CI principal) and include tenant/environment context in `thread_id`.
`agentctl run --resume <run-id>` reuses the original `run_id` and `thread_id` from the persisted run row. Attribution flags on resume are ignored so thread timelines stay coherent. `--parent-run-id` is for genuine sub-runs, not resumes.
When telemetry is enabled, spans emit `gen_ai.tenant.id`, `gen_ai.thread.id`, `gen_ai.actor.id`, `gen_ai.run.id`, and `gen_ai.request.id` alongside existing gen_ai attributes. See [OTEL.md](./OTEL.md).
60
+
61
+
## Production guidance
62
+
63
+
- SQLite attribution is advisory; DB-level tenant isolation belongs to a future remote/Postgres store.
64
+
-`actor_id` is supplied by the caller and is not authenticated in this release.
0 commit comments