OpenTelemetry export

Axtary can export payload-free OpenTelemetry traces for teams that want governed agent actions visible in an existing collector or observability stack.

This is off by default. The source of truth remains the local JSONL ledger and signed ledger attestation; OTLP is a delivery path for operational visibility.

Stream from the local proxy

Start a local OTLP/HTTP collector that accepts traces at /v1/traces, then run:

OTLP=http://127.0.0.1:4318/v1/traces
axtary proxy --config axtary.yml \
  --otlp-endpoint "$OTLP"

Every decision record appended by that proxy is sent as a GenAI execute_tool span after the ledger append succeeds. If the collector is unreachable while export is enabled, the proxy reports the failure instead of pretending the span landed.

Export an existing ledger segment

Use this when you want a deterministic collector proof from records that already exist:

OTLP=http://127.0.0.1:4318/v1/traces
axtary export-otel \
  --ledger .axtary/actions.jsonl \
  --endpoint "$OTLP" \
  --decision deny

export-otel verifies the ledger chain first, applies the same filters as export-ledger, then posts OTLP/HTTP traces to the collector.

Span shape

Each span uses the standard GenAI tool-operation fields:

  • gen_ai.operation.name = "execute_tool"
  • gen_ai.tool.name
  • gen_ai.tool.type = "function"

Axtary adds namespaced attributes for the audit fields security teams usually need:

  • axtary.decision
  • axtary.decision.reasons
  • axtary.action.payload_hash
  • axtary.action.hash
  • axtary.ledger.hash
  • axtary.policy.native_rule
  • axtary.policy.version
  • axtary.audit.agent_id
  • axtary.audit.human_owner
  • axtary.audit.task_id
  • axtary.audit.resource

The export never includes normalized payload bodies, tool arguments, provider tokens, auth headers, result rows, file contents, or raw shell commands.

Verify the audit trail

Use OpenTelemetry for operations, not final audit proof:

axtary attest-ledger \
  --config axtary.yml \
  --out attestation.json
axtary verify-export attestation.json

That signed bundle is still the independent evidence packet. OTLP helps your team see Axtary decisions beside the rest of your system traces.