Claude Cowork & Claude Code OTEL Ingest
AxonFlow can ingest the native OpenTelemetry (OTEL) stream emitted by Claude Cowork (the agentic surface inside Claude Desktop) and Claude Code, and land every event as a canonical, redacted, signed audit record in the same audit_logs store every other governance plane writes to — not a parallel or satellite store. Because those records are canonical, they also feed session summaries and per-user usage reporting with no extra wiring.
It exists because Cowork activity otherwise has no governed audit trail of its own — the native OTEL export is the central-capture path for it. For Claude Code, the same ingest also carries the real authenticated user.email / organization.id, giving unspoofable per-developer attribution.
OTEL ingest is an Enterprise capability. The endpoint is authenticated; inbound telemetry is tagged with the org/tenant derived from your license, never from the (spoofable) telemetry attributes.
How it works
- Endpoint:
POST /v1/logson your AxonFlow agent (standard OTLP/HTTP logs path). Acceptsapplication/x-protobufandapplication/json. - Auth: HTTP Basic (
org:license-key) supplied as an OTLP header. The org/tenant on every stored row come from this authenticated identity. - Redact-at-collector: every event's user content (prompts, tool arguments) is masked by the AxonFlow policy engine before anything is persisted.
- Canonical + signed: each event becomes an
audit_logsrow (plane = coworkorclaude_code) carryingsession_id,correlation_id(= the OTELprompt.id),user_email, and — forapi_requestevents —model/tokens_used/cost. Each row is signed into the existing Ed25519 hash-chained decision chain.
Events captured: user_prompt, tool_result, tool_decision, api_request, api_error.
Configure Claude Cowork (Claude Desktop)
In Claude Desktop → Admin/Organization settings → Cowork:
- OTLP endpoint:
https://<your-axonflow-agent>/v1/logs - OTLP protocol:
http/protobuf(orhttp/json) - OTLP headers:
Authorization=Basic <base64(org:license-key)> - Enable content capture so prompts / tool details flow (off by default):
otlpContentCapture.userPromptsotlpContentCapture.toolDetails
- If your organization restricts network egress, add the AxonFlow collector domain to the Cowork network-egress allow-list — the exporter runs inside the Cowork sandbox, and traffic to non-allow-listed domains is dropped.
Settings load at session start; start a new Cowork session after changing them.
Configure Claude Code
Set these environment variables (e.g. via your MDM / fleet config) for the Claude Code CLI:
export CLAUDE_CODE_ENABLE_TELEMETRY=1
export OTEL_LOGS_EXPORTER=otlp
export OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
export OTEL_EXPORTER_OTLP_ENDPOINT=https://<your-axonflow-agent>
export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic <base64(org:license-key)>"
# Include content (off by default):
export OTEL_LOG_USER_PROMPTS=1
export OTEL_LOG_TOOL_DETAILS=1
Claude Code appends /v1/logs to the endpoint automatically.
What you can report on
Because every event is a canonical audit_logs row keyed on session_id / correlation_id, the unified reporting surfaces (the portal decisions feed, session summaries, per-user usage) work over it with no extra wiring:
- Prompts and tool activity per user, per session (redacted).
- Approvals (
tool_decision) — accept / reject. - Token and cost per call (
api_request).
Hard constraints (read before you promise anything)
- Claude's replies are not captured. Cowork OTEL does not export the model's response text. Summaries are built from prompts, tool activity, approvals, and cost — not Claude's answers. This is a Cowork limitation, not an AxonFlow one.
- Plain (non-Cowork) Claude Desktop chat emits no telemetry. Capture requires a Cowork session (OTEL) or an MCP tool call routed through the AxonFlow proxy.
- Content capture is opt-in. Without the
otlpContentCapture.*/OTEL_LOG_*switches above, only lengths/metadata flow — prompts and tool details are omitted at the source. - Redaction is forced at the collector. PII is masked before persistence regardless of your deployment's
PII_ACTION(warn / log / block / redact). Checksum-validated Indonesian PII (NIK / NPWP) is always masked. If detection is disabled, content is withheld (fail-closed) rather than stored in the clear. - Integrity boundary. The signed chain proves a record has not been altered once AxonFlow has ingested it — it protects your store. It does not cryptographically bind a record to the action as it happened inside Cowork (that telemetry is emitted by the client). Stronger in-the-flow provenance is available on the AxonFlow proxy (enforcement) plane, where AxonFlow sits in the request path. Align with your compliance team on which guarantee you need.
Related
- Audit Logging — the canonical
audit_logsstore this plane writes to. - Non-Repudiation — the Ed25519 signed decision chain.
- Detection Posture — per-org PII detection configuration.
- Per-Developer Identity — attributing the same records to an individual developer.
