Skip to content

codex-otel: add configurable trace metadata#21556

Merged
bbrown-oai merged 2 commits into
mainfrom
dev/bbrown/trace-attributes
May 7, 2026
Merged

codex-otel: add configurable trace metadata#21556
bbrown-oai merged 2 commits into
mainfrom
dev/bbrown/trace-attributes

Conversation

@bbrown-oai
Copy link
Copy Markdown
Contributor

@bbrown-oai bbrown-oai commented May 7, 2026

Add Codex config for static trace span attributes and structured W3C
tracestate field upserts. The config flows through OtelSettings so
callers can attach trace metadata without touching every span call site.

Apply span attributes with an SDK span processor so every exported
trace span carries the configured metadata. Model tracestate as nested
member fields so configured keys can be upserted while unrelated
propagated state in the same member is preserved.

Validate configured tracestate before installing provider-global state,
including header-unsafe values the SDK does not reject by itself. This
keeps Codex from propagating malformed trace context from config.

Update the config schema, public docs, and OTLP loopback coverage for
config parsing, span export, propagation, and invalid-header rejection.

@bbrown-oai
codex-otel: add configurable trace metadata
467fcff 
Add Codex config for static trace span attributes and structured W3C
tracestate field upserts. The config flows through OtelSettings so
callers can attach trace metadata without touching every span call site.

Apply span attributes with an SDK span processor so every exported
trace span carries the configured metadata. Model tracestate as nested
member fields so configured keys can be upserted while unrelated
propagated state in the same member is preserved.

Validate configured tracestate before installing provider-global state,
including header-unsafe values the SDK does not reject by itself. This
keeps Codex from propagating malformed trace context from config.

Update the config schema, public docs, and OTLP loopback coverage for
config parsing, span export, propagation, and invalid-header rejection.
@bbrown-oai bbrown-oai requested a review from a team as a code owner May 7, 2026 16:47
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@bbrown-oai
Copy link
Copy Markdown
Contributor Author

bbrown-oai commented May 7, 2026

I have read the CLA Document and I hereby sign the CLA

github-actions Bot added a commit that referenced this pull request May 7, 2026
@github-actions
@bbrown-oai has signed the CLA in #21556
a7788a6
@bbrown-oai bbrown-oai enabled auto-merge (squash) May 7, 2026 16:55
@owenlin0
Copy link
Copy Markdown
Collaborator

owenlin0 commented May 7, 2026

  • Looks like a bad config value would prevent OTEL from initializing, "and in some binaries can fail startup" (according to codex). Can we just drop these new config values if they are not valid? And log a warning. I believe we have startup_warnings for that on config load.

  • Separately, can we also add "otel" to PROJECT_LOCAL_CONFIG_DENYLIST? Recently I added config keys that repos shouldn't be able to inject, since people can create repos with malicious configs. I didn't add OTEL in that PR but now that I'm thinking about it, it will be good to do.

The current comment says project-local config should not choose “where a user's credentials are sent or which local commands are run” (loader/mod.rs (line 50)); telemetry endpoints and trace propagation markers fit that same class of environment/admin policy.

@bbrown-oai
codex-otel: ignore invalid trace metadata entries
470c96e 
Malformed span attribute keys and tracestate fields are user-editable
config. Provider initialization installs process-global OTEL state, so
sanitize that metadata during config loading. Bad entries now produce
startup warnings instead of making startup fail, while valid sibling
metadata is preserved.

Project-local config comes from repository contents, so deny OTEL
settings there to prevent repositories from controlling telemetry
destinations or trace metadata.
@owenlin0 ChatGPT Codex Connector
Copy link
Copy Markdown
Collaborator

owenlin0 commented May 7, 2026

One small cleanup request: can we reuse the new validate_span_attributes() helper in OtelProvider::from() instead of keeping a separate empty-key check there?

That keeps the config sanitization path and the provider defense-in-depth path using the same validation logic, so we don’t end up with two sources of truth if span attribute validation grows later.

@bbrown-oai bbrown-oai merged commit 31b233c into main May 7, 2026
26 checks passed
@bbrown-oai bbrown-oai deleted the dev/bbrown/trace-attributes branch May 7, 2026 23:06
@github-actions github-actions Bot locked and limited conversation to collaborators May 7, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@owenlin0 owenlin0 owenlin0 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bbrown-oai @owenlin0