RFC: Audit logging and tracing improvements#281
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
📝 WalkthroughSummary by CodeRabbit
WalkthroughAdds documentation for operator and sandbox audit logging/tracing configuration, output behavior, span conventions, and sandbox tracing fixes. ChangesAudit logging and tracing documentation
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/audit-logging-tracing.md`:
- Around line 95-99: The fenced examples in the audit logging/tracing doc are
missing a language tag, which triggers markdownlint MD040. Update the affected
fenced blocks in the documentation so they use an explicit language identifier,
and apply the same fix to the other referenced example block as well.
- Around line 131-171: The markdown tables in the audit logging/tracing docs are
missing surrounding blank lines, violating MD058 and markdownlint. Update the
table sections under the proposal span documentation and the span events section
in this file by inserting blank lines before and after each table block so the
formatting is consistent and the repeated table blocks render cleanly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 4ef1affa-226c-4723-8d89-8bfe561292af
📒 Files selected for processing (1)
docs/audit-logging-tracing.md
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
openshift/lightspeed-agentic-sandbox(manual)
8ee7c67 to
75983c4
Compare
75983c4 to
ab21f89
Compare
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/audit-logging-tracing.md`:
- Line 212: The table row for gen_ai.tool.type is missing the trailing pipe,
causing an inconsistent Markdown table format. Update the row in the
audit-logging-tracing table so it matches the same pipe-delimited style as the
surrounding rows, using the table entry for gen_ai.tool.type as the anchor.
- Around line 269-274: The hierarchy example code fence is missing a language
tag, which keeps MD040 failing. Update the unlabeled fence in the audit
logging/tracing example to use the text language tag so the fenced block is
explicitly marked; locate the example by its proposal.lifecycle / agent.run /
tool.exec_command hierarchy snippet.
- Line 65: Fix the typo in the markdown heading so the section title reads
correctly. Update the “Audit logs and span events” heading text by replacing the
misspelled word in that section, using the heading itself as the target since
line numbers may shift.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: b9074e34-708f-4755-be8d-dc9cc4152bb8
📒 Files selected for processing (1)
docs/audit-logging-tracing.md
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
openshift/lightspeed-agentic-sandbox(manual)
|
|
||
| ## Improvements | ||
|
|
||
| ### Audit logs and span events differenceh |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Fix the heading typo.
differenceh is misspelled here; use differences so the section title reads cleanly.
🛠️ Proposed fix
-### Audit logs and span events differenceh
+### Audit logs and span events differences📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ### Audit logs and span events differenceh | |
| ### Audit logs and span events differences |
🧰 Tools
🪛 LanguageTool
[grammar] ~65-~65: Ensure spelling is correct
Context: ...vements ### Audit logs and span events differenceh #### Operator The operator ([audit.go](https...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/audit-logging-tracing.md` at line 65, Fix the typo in the markdown
heading so the section title reads correctly. Update the “Audit logs and span
events” heading text by replacing the misspelled word in that section, using the
heading itself as the target since line numbers may shift.
Source: Linters/SAST tools
| | `tool.output` | `gen_ai.tool.call.result` (Opt-In) | | ||
| | (missing) | `gen_ai.operation.name` = `"execute_tool"` (Required) | | ||
| | (missing) | `gen_ai.tool.call.id` (Recommended) | | ||
| | (missing) | `gen_ai.tool.type` = `"function"` (Recommended) |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Fix the table pipe style.
This row is missing the trailing |, which triggers MD055 and makes the table inconsistent.
🛠️ Proposed fix
-| (missing) | `gen_ai.tool.type` = `"function"` (Recommended)
+| (missing) | `gen_ai.tool.type` = `"function"` (Recommended) |📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| | (missing) | `gen_ai.tool.type` = `"function"` (Recommended) | |
| | (missing) | `gen_ai.tool.type` = `"function"` (Recommended) | |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 212-212: Table pipe style
Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe
(MD055, table-pipe-style)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/audit-logging-tracing.md` at line 212, The table row for
gen_ai.tool.type is missing the trailing pipe, causing an inconsistent Markdown
table format. Update the row in the audit-logging-tracing table so it matches
the same pipe-delimited style as the surrounding rows, using the table entry for
gen_ai.tool.type as the anchor.
Source: Linters/SAST tools
| ``` | ||
| proposal.lifecycle | ||
| └── proposal.analyze | ||
| └── agent.run | ||
| └── tool.exec_command (now properly nested) | ||
| ``` |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Tag the hierarchy example fence.
This example fence is still unlabeled, so MD040 will keep firing. Use text here.
🛠️ Proposed fix
-```
+```text
proposal.lifecycle
└── proposal.analyze
└── agent.run
└── tool.exec_command (now properly nested)
</details>
<!-- suggestion_start -->
<details>
<summary>📝 Committable suggestion</summary>
> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
```suggestion
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 269-269: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/audit-logging-tracing.md` around lines 269 - 274, The hierarchy example
code fence is missing a language tag, which keeps MD040 failing. Update the
unlabeled fence in the audit logging/tracing example to use the text language
tag so the fenced block is explicitly marked; locate the example by its
proposal.lifecycle / agent.run / tool.exec_command hierarchy snippet.
Source: Linters/SAST tools
Document current state of audit logging and tracing in operator and sandbox, and propose improvements: - Configuration via AgenticOLSConfig CRD (operator) and env vars (sandbox) - Audit logs vs span events differences - OTEL semantic conventions alignment for GenAI spans - Tool spans export fix (PR openshift#97) - Standard OTEL SDK initialization (PR openshift#98) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ab21f89 to
7c4d812
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (4)
docs/audit-logging-tracing.md (4)
150-191: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winAdd blank lines before each operator span table.
The
proposal.*and span-event tables need the same separator before each block.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/audit-logging-tracing.md` around lines 150 - 191, Add the missing blank-line separators before each operator span table in the audit logging/tracing docs so the `proposal.lifecycle`, `proposal.analyze` / `proposal.execute` / `proposal.verify` / `proposal.escalate`, `proposal.human_approval`, `proposal.terminal`, and span-event sections all follow the same spacing style and render consistently.Source: Linters/SAST tools
91-95: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winAdd language tags to both fenced examples.
Both unlabeled fences still trigger MD040. Tag them as
text.Also applies to: 269-274
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/audit-logging-tracing.md` around lines 91 - 95, Add language tags to the unlabeled fenced examples in the audit-logging-tracing docs so they no longer trigger MD040. Update both fenced blocks in the affected examples, including the one near the current snippet and the matching one referenced later, and tag them as text to keep the examples rendered consistently.Source: Linters/SAST tools
195-212: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winFix the proposed-change tables and the missing trailing pipe.
Add a blank line before the two tables in this section, and close the
gen_ai.tool.typerow with|so MD058/MD055 stop firing.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/audit-logging-tracing.md` around lines 195 - 212, Add the missing blank line before the inference-span and tool-execution tables in the audit-logging-tracing section, and fix the malformed GenAI semconv table row by closing the gen_ai.tool.type entry with a trailing pipe. Update the Markdown in the affected section so the tables render cleanly and the MD058/MD055 lint errors are resolved.Source: Linters/SAST tools
131-145: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winSeparate the sandbox tables from the preceding prose.
Insert a blank line before each table block here; the current paragraphs run straight into the tables and MD058 still fires.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/audit-logging-tracing.md` around lines 131 - 145, The markdown in audit-logging-tracing.md is missing blank lines before the table blocks, which causes the preceding prose to run into the tables and triggers MD058. Update the documentation around the agent.run and tool.{name} sections so each table is separated from the prior paragraph by a blank line, keeping the table content unchanged and ensuring the formatting is consistent in that area of the file.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In `@docs/audit-logging-tracing.md`:
- Around line 150-191: Add the missing blank-line separators before each
operator span table in the audit logging/tracing docs so the
`proposal.lifecycle`, `proposal.analyze` / `proposal.execute` /
`proposal.verify` / `proposal.escalate`, `proposal.human_approval`,
`proposal.terminal`, and span-event sections all follow the same spacing style
and render consistently.
- Around line 91-95: Add language tags to the unlabeled fenced examples in the
audit-logging-tracing docs so they no longer trigger MD040. Update both fenced
blocks in the affected examples, including the one near the current snippet and
the matching one referenced later, and tag them as text to keep the examples
rendered consistently.
- Around line 195-212: Add the missing blank line before the inference-span and
tool-execution tables in the audit-logging-tracing section, and fix the
malformed GenAI semconv table row by closing the gen_ai.tool.type entry with a
trailing pipe. Update the Markdown in the affected section so the tables render
cleanly and the MD058/MD055 lint errors are resolved.
- Around line 131-145: The markdown in audit-logging-tracing.md is missing blank
lines before the table blocks, which causes the preceding prose to run into the
tables and triggers MD058. Update the documentation around the agent.run and
tool.{name} sections so each table is separated from the prior paragraph by a
blank line, keeping the table content unchanged and ensuring the formatting is
consistent in that area of the file.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: d42038c1-c42c-4c77-9a2d-47dd56b27cc9
📒 Files selected for processing (1)
docs/audit-logging-tracing.md
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
openshift/lightspeed-agentic-sandbox(manual) → reviewed against open PR#97fix-tool-span-parentinginstead of the default branch
Summary
RFC documenting current state of audit logging and tracing, and proposing improvements:
Related PRs
🤖 Generated with Claude Code