Skip to main content

Claude Cowork & Claude Code OTEL Ingest

AxonFlow can ingest the native OpenTelemetry (OTEL) stream emitted by Claude Cowork (the agentic surface inside Claude Desktop) and Claude Code, and land every event as a canonical, redacted, signed audit record in the same audit_logs store every other governance plane writes to — not a parallel or satellite store. Because those records are canonical, they also feed session summaries and per-user usage reporting with no extra wiring.

It exists because Cowork activity otherwise has no governed audit trail of its own — the native OTEL export is the central-capture path for it. For Claude Code, the same ingest also carries the real authenticated user.email / organization.id, giving unspoofable per-developer attribution.

Enterprise feature

OTEL ingest is an Enterprise capability. The endpoint is authenticated; inbound telemetry is tagged with the org/tenant derived from your license, never from the (spoofable) telemetry attributes.

How it works

  • Endpoint: POST /v1/logs on your AxonFlow agent (standard OTLP/HTTP logs path). Accepts application/x-protobuf and application/json.
  • Auth: HTTP Basic (org:license-key) supplied as an OTLP header. The org/tenant on every stored row come from this authenticated identity.
  • Redact-at-collector: every event's user content (prompts, tool arguments) is masked by the AxonFlow policy engine before anything is persisted.
  • Canonical + signed: each event becomes an audit_logs row (plane = cowork or claude_code) carrying session_id, correlation_id (= the OTEL prompt.id), user_email, and — for api_request events — model / tokens_used / cost. Each row is signed into the existing Ed25519 hash-chained decision chain.

Events captured: user_prompt, tool_result, tool_decision, api_request, api_error.

Configure Claude Cowork (Claude Desktop)

In Claude Desktop → Admin/Organization settings → Cowork:

  1. OTLP endpoint: https://<your-axonflow-agent>/v1/logs
  2. OTLP protocol: http/protobuf (or http/json)
  3. OTLP headers: Authorization=Basic <base64(org:license-key)>
  4. Enable content capture so prompts / tool details flow (off by default):
    • otlpContentCapture.userPrompts
    • otlpContentCapture.toolDetails
  5. If your organization restricts network egress, add the AxonFlow collector domain to the Cowork network-egress allow-list — the exporter runs inside the Cowork sandbox, and traffic to non-allow-listed domains is dropped.

Settings load at session start; start a new Cowork session after changing them.

Configure Claude Code

Set these environment variables (e.g. via your MDM / fleet config) for the Claude Code CLI:

export CLAUDE_CODE_ENABLE_TELEMETRY=1
export OTEL_LOGS_EXPORTER=otlp
export OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
export OTEL_EXPORTER_OTLP_ENDPOINT=https://<your-axonflow-agent>
export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Basic <base64(org:license-key)>"
# Include content (off by default):
export OTEL_LOG_USER_PROMPTS=1
export OTEL_LOG_TOOL_DETAILS=1

Claude Code appends /v1/logs to the endpoint automatically.

What you can report on

Because every event is a canonical audit_logs row keyed on session_id / correlation_id, the unified reporting surfaces (the portal decisions feed, session summaries, per-user usage) work over it with no extra wiring:

  • Prompts and tool activity per user, per session (redacted).
  • Approvals (tool_decision) — accept / reject.
  • Token and cost per call (api_request).

Hard constraints (read before you promise anything)

  • Claude's replies are not captured. Cowork OTEL does not export the model's response text. Summaries are built from prompts, tool activity, approvals, and cost — not Claude's answers. This is a Cowork limitation, not an AxonFlow one.
  • Plain (non-Cowork) Claude Desktop chat emits no telemetry. Capture requires a Cowork session (OTEL) or an MCP tool call routed through the AxonFlow proxy.
  • Content capture is opt-in. Without the otlpContentCapture.* / OTEL_LOG_* switches above, only lengths/metadata flow — prompts and tool details are omitted at the source.
  • Redaction is forced at the collector. PII is masked before persistence regardless of your deployment's PII_ACTION (warn / log / block / redact). Checksum-validated Indonesian PII (NIK / NPWP) is always masked. If detection is disabled, content is withheld (fail-closed) rather than stored in the clear.
  • Integrity boundary. The signed chain proves a record has not been altered once AxonFlow has ingested it — it protects your store. It does not cryptographically bind a record to the action as it happened inside Cowork (that telemetry is emitted by the client). Stronger in-the-flow provenance is available on the AxonFlow proxy (enforcement) plane, where AxonFlow sits in the request path. Align with your compliance team on which guarantee you need.