Skip to content

Structured telemetry from the guard proxy (OTEL + file sinks) #24

Description

@ernestprovo23

Surfaced via a conclave council run (synthesize + adversarial passes), 2026-06-07.

Council verdict: DEFER (not cut). Design is sound — closer to a forensic audit trail than a logging side-channel — but it is not a security primitive and adds surface before core integrity features are proven.

Initial scope (council-recommended): file-sink-only with mandatory redaction enforced at WardenEvent construction (so all sinks inherit it; assert no sink emits a raw secret). OTLP gRPC/HTTP exporters as optional extras in a follow-on.

Constraints

  • All OTEL exporters optional extras; base install unaffected.
  • Telemetry I/O failures never break the guarded session (best-effort); non-blocking w.r.t. stdio proxying.

Effort: M.
Sequencing: after #15 (schema diff), #16 (cosign), #17 (fuzzing) are stable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    deferredValid but sequenced for a later cycleenhancementNew feature or requestroadmapPlanned work from the threat model / roadmap

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions