feat(telemetry): default OTLP to otel.proto-labs.ai over HTTP, bearer auth, strict opt-in (Phase 4 of homelab-iac#34)#171
Merged
Conversation
… auth, strict opt-in Phase 4 of homelab-iac#34 — wires protoCLI to the public LGTM ingress that just landed on the ava node. Also tightens the opt-in posture so no telemetry leaves the host unless the user explicitly enables it. Defaults - DEFAULT_OTLP_ENDPOINT: 'http://localhost:4317' → 'https://otel.proto-labs.ai' (Cloudflare-fronted, TLS-terminated, hosts the Tempo / Loki / Mimir stack chosen in homelab-iac#34) - getTelemetryOtlpProtocol() default: 'grpc' → 'http' to match the ingress shape; gRPC override still works for users who run their own local OTel collector. Auth - OTEL_INGRESS_TOKEN env var, plumbed as `Authorization: Bearer <token>` into all three HTTP exporters (trace/log/metric). Header is omitted entirely when the env var is unset, preserving exact-match shape for existing tests against arbitrary collectors. - gRPC path picks up the same token via grpc-js Metadata for users on the gRPC override. - Token convention matches Infisical (homelab-media/prod), composes with the existing settings.json `env` block alongside Langfuse keys. Strict opt-in - initializeTelemetry now requires telemetry.enabled === true for ANY outbound exporter to activate. Previously, Langfuse env vars alone could spin up the Langfuse exporter without an explicit opt-in — closes that hole. Privacy is the default; users opt in via `"telemetry": { "enabled": true }` in settings.json (or --telemetry). - Debug log surfaces when Langfuse env vars are detected but telemetry is disabled, so the new behavior is discoverable rather than silent. Tests - New: bearer header attached to HTTP exporters when OTEL_INGRESS_TOKEN is set; omitted when unset. - Updated: existing "Langfuse auto-activates with disabled telemetry" test inverted to assert the opt-in semantics. - Updated: protocol-default tests on both core and cli sides expect 'http'. - Updated: endpoint-default tests on cli side expect the public ingress. Verified locally: 5311 core / 3774 cli tests pass, typecheck + lint clean. End-to-end smoke against the live ingress is gated on the maintainer adding OTEL_INGRESS_TOKEN to settings.json `env`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (8)
WalkthroughRelease version 0.28.0 encompasses a branding transition from "qwen-code" to "proto-cli", telemetry infrastructure updates (OTLP endpoint and protocol defaults with bearer-token auth), deprecation of a custom logger (QwenLogger) in favor of OpenTelemetry, addition of task plan summaries to message compaction, and UI rendering refinements for thinking messages. Changes
Sequence Diagram(s)sequenceDiagram
participant Agent as Agent Core
participant Compact as Compaction Module
participant TaskStore as Task Store
participant Content as Content[]
Agent->>Agent: Estimate token count
alt Tokens within target
Agent->>Content: Use masked content
else Tokens exceed target
Agent->>TaskStore: Retrieve task store
Agent->>Compact: compactMessages(masked, target, {taskStore})
Compact->>TaskStore: taskStore.list()
TaskStore-->>Compact: tasks[]
Compact->>Compact: extractTaskPlanSummary(tasks)
Compact->>Compact: Build <task-plan> XML<br/>(status markers,<br/>parent-child hierarchy)
Compact->>Content: Append task plan to<br/>compaction summary
Content-->>Agent: Compacted content[]
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Review rate limit: 0/5 reviews remaining, refill in 2 minutes and 15 seconds. Comment |
Updates user-facing docs to match the Phase 4 behavior change: - README Observability section: shows the opt-in setup with both OTEL_INGRESS_TOKEN and Langfuse keys, removes the now-incorrect 'Langfuse activates independently' subsection (it doesn't anymore), notes the new https://otel.proto-labs.ai default endpoint and bearer auth, surfaces gen_ai.response.thinking and thinking_tokens in the trace table. - README upstream-comparison row reflects the LGTM + Langfuse fan-out. - docs/contributing/telemetry.md: rewritten around the opt-in default, documents OTEL_INGRESS_TOKEN, expands the configuration reference table to include otlpProtocol and the new endpoint default, updates the privacy section to lead with 'silence unless you say otherwise'. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Code Coverage Summary
CLI Package - Full Text ReportCore Package - Full Text ReportFor detailed HTML reports, please see the 'coverage-reports-22.x-ubuntu-latest' artifact from the main CI run. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 4 of the LGTM observability rollout tracked in protoLabsAI/homelab-iac#34. Wires protoCLI to the public OTLP/HTTP ingress that just landed on the ava node, and tightens the opt-in posture so no telemetry leaves the host unless the user explicitly enables it.
Three changes in one focused PR
1. Default endpoint + protocol → public LGTM ingress
DEFAULT_OTLP_ENDPOINThttp://localhost:4317https://otel.proto-labs.aiotlpProtocolgrpchttpThe
localhost:4317default has been spammingECONNREFUSEDfor any user with--telemetrywho didn't have a local OTel collector running. With this change,--telemetryworks out of the box against the homelab ingress. gRPC override is still available for users running their own collector.2. Bearer token via
OTEL_INGRESS_TOKENAuthorization: Bearer <token>into all three HTTP exporters (trace/log/metric).Metadatafor the same header.homelab-media/prod); composes with the existingsettings.jsonenvblock alongside Langfuse keys.3. Strict opt-in for any outbound telemetry
initializeTelemetry()now requirestelemetry.enabled === truefor any exporter — including Langfuse — to activate. Previously Langfuse env vars alone could spin up an exporter without an explicit opt-in. Privacy is the default now.Users opt in via:
```json
"telemetry": { "enabled": true }
```
in
settings.json, or--telemetryon the CLI.A debug log surfaces when Langfuse env vars are detected but telemetry is disabled, so the new behavior is discoverable rather than silent.
Test plan
npm run typecheckcleannpm run lintcleansdk.test.ts: bearer header attached whenOTEL_INGRESS_TOKENis set, omitted when unsetOTEL_INGRESS_TOKENfrom Infisical into~/.proto/settings.jsonenvblock, settelemetry.enabled = true, fire a--telemetryturn, verify trace lands in Tempo within ~5s and shows up in Grafana service-graph viewMaintainer rollout note
Existing users with Langfuse keys in
settings.jsonenvwill see telemetry stop landing in Langfuse after this PR ships unless they add"telemetry": { "enabled": true }to their settings. That's the intentional opt-in behavior, but worth a heads-up.Related
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Chores