Add opt-in OpenTelemetry diagnostics groundwork#963
Conversation
Add Diagnostics UI for configuring an OpenTelemetry connection with explicit OTLP/gRPC or OTLP/HTTP protocol selection. Persist the endpoint and protocol settings, create a probe-only tray connector, and send a single minimal OpenTelemetry probe when a saved endpoint is configured. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Split shared telemetry names from span-local attributes, keep span names at point of use, and make helper outcome tagging consistent across success, failure, and cancellation. Validation: .\build.ps1 dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Add shared System.Diagnostics.Metrics helpers and emit a probe counter alongside the existing OTLP trace probe. Register and flush both trace and metric providers from the tray-owned exporter path. Validation: .\build.ps1 dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Wire the tray-owned OpenTelemetry sink to emit a safe structured log probe alongside trace and metric probes. Add an allowlisted log export policy, include log flushing in probe lifecycle checks, and cover the policy in tray tests. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Reject credential-bearing or parameterized endpoint URLs, reset protocol defaults on clear, and make probe sink disposal best-effort during reconfiguration and shutdown. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
|
Codex review: needs real behavior proof before merge. Reviewed July 11, 2026, 12:10 AM ET / 04:10 UTC. Summary Reproducibility: not applicable. This PR adds a new opt-in diagnostics capability rather than fixing broken established behavior. Review metrics: 3 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review detailsBest possible solution: Ship the default-off, tray-owned diagnostics boundary only after a redacted isolated current-head run visibly shows Send probe again creating an additional collector event without changing saved settings. Do we have a high-confidence way to reproduce the issue? Not applicable: this PR adds a new opt-in diagnostics capability rather than fixing broken established behavior. Is this the best way to solve the issue? Yes, technically: the exporter is default-off and tray-owned, shared code avoids SDK coupling, endpoint and data boundaries are explicit, and automatic application remains deduplicated; exact-head proof and product acceptance are still required. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 622c0e27c6b0. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (9 earlier review cycles; latest 8 shown)
|
Derive trace, metric, and log HTTP/protobuf exporter URLs from the configured collector base while preserving gRPC endpoint behavior. Normalize version-only and signal-specific HTTP paths before appending signal suffixes, and add focused coverage for base paths, /v1 paths, signal-specific inputs, mixed-case suffixes, and gRPC pass-through. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Add telemetry documentation covering opt-in behavior, current probe-only exports, future instrumentation boundaries, endpoint handling, and plain HTTP guidance. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
fb30e32 to
020d655
Compare
Point agents at the durable telemetry conventions and summarize the operational rules for safe OpenTelemetry changes. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 4f0e93ff-d320-454d-b00a-865dac727d0c
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
Summary
Adds an opt-in OpenTelemetry diagnostics endpoint setting in the companion app and lays the groundwork for future OTel instrumentation.
This does not start exporting general app behavior yet. The only data sent today is a small diagnostic probe when the user explicitly configures an OTLP endpoint: one sample trace span, one sample metric, and one sample structured log. If no endpoint is configured, no OpenTelemetry export is enabled.
This is intended for observability and debugging against an endpoint the user controls, not background consumer tracking. OTLP/gRPC and OTLP/HTTP are both supported; HTTP/protobuf derives the signal-specific trace, metric, and log endpoints from the configured collector base URL.
A maintainer follow-up adds an explicit Send probe again action for retrying unchanged saved settings after a collector outage. Automatic startup/settings application remains deduplicated, and the UI continues to distinguish local SDK flush completion from collector acknowledgement.
Telemetry boundary
docs/TELEMETRY.mdestablishes the ongoing telemetry conventions for OpenClaw: export is opt-in, disabled by default, and sent only to the user-configured endpoint. Future instrumentation should stay limited to low-cardinality operational diagnostics, avoid user content and secrets, avoid arbitrary existing log export, and use the shared OpenClaw trace/metric/log conventions deliberately.Screenshots
OpenClaw WinUI
OTLP/gRPC
OTLP/HTTP
Validation
.\build.ps1— passeddotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore— 2737 passed, 31 skippeddotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore— 1685 passeddotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore --filter "FullyQualifiedName~OpenTelemetryEndpointConnectionTests|FullyQualifiedName~DiagnosticsPageContractTests"— 68 passed05bb0d78— all jobs passed, including the previously failing accessibility and WSL network-recovery shardspython .agents\skills\autoreview\scripts\autoreview --mode local --stream-engine-outputwith UTF-8 environment — clean, no accepted/actionable findingsReal behavior proof