Observability
Zero-instrumentation audit logging and OTEL export. Every agent operation is automatically captured with cryptographic integrity—no code changes required.
The Problem
Observability is critical for enterprise AI—forensics, provenance, audit trails, compliance. Today, DIY instrumentation is the only option: labor-intensive, ad-hoc, and lacking end-to-end visibility across the trust mesh.
Without MACAW
- • Manual instrumentation in every service
- • No correlation across agent boundaries
- • Logs lack cryptographic proof
- • Compliance audits are painful
With MACAW
- • Automatic capture at every endpoint
- • Distributed tracing across the mesh
- • Cryptographically signed audit trail
- • Export to your existing stack
Two Log Streams
MACAW maintains two separate log streams, each optimized for different use cases:
Events Log
Operational source of truth. High-volume, real-time visibility into system behavior.
- • Tool invocations
- • Policy evaluations
- • Agent registration/deregistration
- • Prompt lifecycle events
Audit Log
Compliance-critical record with cryptographic signatures. Tamper-evident and forensically verifiable.
- • Signed with agent's private key
- • Hash-chained for deletion detection
- • Regulatory-grade retention
- • SIEM integration ready
Audit Signing Modes
Choose the signing mode that matches your compliance requirements. Configure via the Console.
| Mode | Security | Use Case |
|---|---|---|
| plain | None | Development, testing |
| signed | Per-event Ed25519 | Tamper-evident, forensically verifiable |
| crypto | Hash chain + signature | Deletion/insertion detectable |
| blockchain | Merkle tree anchoring | Third-party attestation, regulatory |
OTEL Export
Export telemetry to your existing observability stack via OpenTelemetry. Configure destinations in the Console—no code changes needed.
Multiple destinations can be configured simultaneously, each with its own endpoint, authentication, and filtering rules.
| Backend | Protocol |
|---|---|
| Datadog | OTLP/HTTP |
| Splunk | OTLP/HTTP |
| Grafana / Tempo | OTLP/gRPC |
| Jaeger | OTLP/gRPC |
| New Relic | OTLP/HTTP |
| Custom OTLP | gRPC or HTTP |
Distributed Tracing
Trace requests across the entire trust mesh. Every invocation carries context that links it to the originating request, regardless of how many agents or tools are involved.
- •W3C Trace Context propagation
- •Automatic span creation at each endpoint
- •Policy decisions attached to spans
- •Cross-tenant isolation preserved
Request Flow (single trace):
User → Agent A → Tool X → LLM
│ │ │
▼ ▼ ▼
[span] [span] [span]
│ │ │
└─────────┴───────┘
│
Linked by trace_id
Each span includes:
• caller_id, tool_name
• policy_decision
• latency, status
• signature verification resultCustom Events
Add application-specific events to the same log streams using the SDK. Custom events are signed with your agent's key and included in the audit trail.
from macaw_client import MACAWClient
client = MACAWClient(app_name="my-app")
client.register()
# Log a custom event (signed and audit-logged)
client.log_event(
event_type="user_action",
data={"action": "export_report", "format": "pdf"}
)
# Events appear in both streams with your identity