Skip to content

Commit 5837dfb

Browse files
committed
Export one OTLP span per worker request to Axiom (env-gated)
Hand-rolled OTLP/HTTP JSON, no new deps. Inert without AXIOM_TOKEN/AXIOM_DATASET; export via ctx.waitUntil after the response with all failures swallowed. Spans carry templated route patterns, tenant/auth classification, routed account kind, and upstream status; redaction test proves no srt_/sk-ant-/Bearer material can appear. SUBROUTER_ENV var added per env
1 parent 76e0e67 commit 5837dfb

5 files changed

Lines changed: 730 additions & 28 deletions

File tree

cloudflare/packages/worker/README.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,29 @@ Required Actions secrets:
177177
permissions for both `regatta-subrouter-do-staging` and
178178
`regatta-subrouter-do-production`.
179179

180+
## Observability
181+
182+
Request spans export to Axiom only when both secrets are configured:
183+
184+
- `AXIOM_TOKEN`
185+
- `AXIOM_DATASET`
186+
187+
Optional:
188+
189+
- `AXIOM_DOMAIN` - defaults to `api.axiom.co`.
190+
191+
When either required Axiom setting is missing, telemetry is inert and performs
192+
no export fetch. OAuth refresh alarm events are not emitted as spans in this
193+
round; only the top-level Worker request span is exported.
194+
195+
Example Axiom APL:
196+
197+
```apl
198+
['cmux-prod-otel-traces']
199+
| where ['service.name'] == 'subrouter-do'
200+
| summarize requests=count() by ['url.path'], ['subrouter.auth'], bin(_time, 5m)
201+
```
202+
180203
## Local Dev
181204

182205
Create `.dev.vars` (gitignored) with at least:

0 commit comments

Comments
 (0)