git.stella-ops.org/docs/observability/telemetry-sealed-56-001.md

Sealed-mode telemetry helpers (TELEMETRY-OBS-56-001 prep)

Objective

Define behavior and configuration for telemetry when Sealed=true, ensuring no external egress while preserving deterministic local traces/metrics for audits.

Requirements

• Disable external OTLP/exporters automatically when sealed; fallback to in-memory or file OTLP (telemetry-sealed.otlp) with bounded size (default 10 MB, ring buffer).
• Add tag sealed=true to all spans/metrics/logs; suppress exemplars.
• Force scrubbing: treat Scrub.Sealed=true regardless of default settings.
• Sampling: cap to 10% max in sealed mode unless CLI incident toggle raises it (see CLI-OBS-12-001 contract); ceiling 100% with explicit override Telemetry:Sealed:MaxSamplingPercent.
• Clock source: require monotonic clock for duration; emit warning if system clock skew detected >500ms.

Configuration keys

• Telemetry:Sealed:Enabled (bool) — driven by host; when true activate sealed behavior.
• Telemetry:Sealed:Exporter (enum memory|file) — default file.
• Telemetry:Sealed:FilePath (string) — default ./logs/telemetry-sealed.otlp.
• Telemetry:Sealed:MaxBytes (int) — default 10_485_760 (10 MB).
• Telemetry:Sealed:MaxSamplingPercent (int) — default 10.
• Derived flag Telemetry:Sealed:EffectiveIncidentMode (read-only) exposes if incident-mode override lifted sampling ceiling.

File exporter format

• OTLP binary, append-only, deterministic ordering by enqueue time.
• Rotate when exceeding MaxBytes using suffix .1, .2 capped to 3 files; oldest dropped.
• Permissions 0600 by default; fail-start if path is world-readable.

Validation tests to implement with 56-001

• Unit: sealed mode forces exporter swap and tags sealed=true, scrubbed=true.
• Unit: sampling capped at max percent unless incident override set.
• Unit: file exporter rotates deterministically and enforces 0600 perms.
• Integration: sealed + incident mode together still block external exporters and honor scrub rules.

Provenance

• Authored 2025-11-20 to satisfy PREP-TELEMETRY-OBS-56-001 and unblock implementation.