zhongwei/gh-cskiro-claudex-claude-code-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e8a12140c24a70e7a59e5bd6afcace26994ee26
gh-cskiro-claudex-claude-co…/skills/otel-monitoring-setup/modes/mode2-enterprise.md
Zhongwei Li 4e8a12140c Initial commit
2025-11-29 18:16:51 +08:00

573 lines
15 KiB
Markdown
Raw Blame History

# Mode 2: Enterprise Setup (Connect to Existing Infrastructure)
**Goal:** Configure Claude Code to send telemetry to centralized company infrastructure
**When to use:**
- Company has centralized OTEL Collector endpoint
- Team rollout scenario
- Want aggregated team metrics
- Privacy/compliance requires centralized control
- No need for local Grafana dashboards
**Prerequisites:**
- OTEL Collector endpoint URL (e.g., `https://otel.company.com:4317`)
- Authentication credentials (API key or mTLS certificates)
- Optional: Team/department identifiers
- Write access to `~/.claude/settings.json`
**Estimated Time:** 2-3 minutes
---
## Phase 0: Gather Requirements
### Step 0.1: Collect endpoint information from user
Ask the user for the following details:
1. **OTEL Collector Endpoint URL**
- Format: `https://otel.company.com:4317` or `http://otel.company.com:4318`
- Protocol: gRPC (port 4317) or HTTP (port 4318)
2. **Authentication Method**
- API Key/Bearer Token
- mTLS certificates
- Basic Auth
- No authentication (internal network)
3. **Team/Environment Identifiers**
- Team name (e.g., `team=platform`)
- Environment (e.g., `environment=production`)
- Department (e.g., `department=engineering`)
- Any other custom attributes
4. **Optional: Protocol Preferences**
- Default: gRPC (more efficient)
- Alternative: HTTP (better firewall compatibility)
**Example Questions:**
```
To configure enterprise telemetry, I need a few details:
1. **Endpoint:** What is your OTEL Collector endpoint URL?
(e.g., https://otel.company.com:4317)
2. **Protocol:** HTTPS or HTTP? gRPC or HTTP/protobuf?
3. **Authentication:** Do you have an API key, certificate, or other credentials?
4. **Team identifier:** What team/department should metrics be tagged with?
(e.g., team=platform, department=engineering)
```
---
## Phase 1: Backup Existing Settings
### Step 1.1: Backup settings.json
**Always backup before modifying!**
```bash
# Check if settings.json exists
if [ -f ~/.claude/settings.json ]; then
cp ~/.claude/settings.json ~/.claude/settings.json.backup.$(date +%Y%m%d-%H%M%S)
echo "✅ Backup created: ~/.claude/settings.json.backup.$(date +%Y%m%d-%H%M%S)"
else
echo "⚠️ No existing settings.json found - will create new one"
fi
```
### Step 1.2: Read existing settings
```bash
# Check current settings
cat ~/.claude/settings.json
```
**Important:** Preserve all existing settings when adding telemetry configuration!
---
## Phase 2: Update Claude Code Settings
### Step 2.1: Determine configuration based on authentication method
**Scenario A: API Key Authentication**
```json
{
"env": {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "grpc",
"OTEL_EXPORTER_OTLP_ENDPOINT": "https://otel.company.com:4317",
"OTEL_EXPORTER_OTLP_HEADERS": "Authorization=Bearer YOUR_API_KEY_HERE",
"OTEL_METRIC_EXPORT_INTERVAL": "60000",
"OTEL_LOGS_EXPORT_INTERVAL": "5000",
"OTEL_LOG_USER_PROMPTS": "1",
"OTEL_METRICS_INCLUDE_SESSION_ID": "true",
"OTEL_METRICS_INCLUDE_VERSION": "true",
"OTEL_METRICS_INCLUDE_ACCOUNT_UUID": "true",
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=production,deployment=enterprise"
}
}
```
**Scenario B: mTLS Certificate Authentication**
```json
{
"env": {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "grpc",
"OTEL_EXPORTER_OTLP_ENDPOINT": "https://otel.company.com:4317",
"OTEL_EXPORTER_OTLP_CERTIFICATE": "/path/to/client-cert.pem",
"OTEL_EXPORTER_OTLP_CLIENT_KEY": "/path/to/client-key.pem",
"OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE": "/path/to/ca-cert.pem",
"OTEL_METRIC_EXPORT_INTERVAL": "60000",
"OTEL_LOGS_EXPORT_INTERVAL": "5000",
"OTEL_LOG_USER_PROMPTS": "1",
"OTEL_METRICS_INCLUDE_SESSION_ID": "true",
"OTEL_METRICS_INCLUDE_VERSION": "true",
"OTEL_METRICS_INCLUDE_ACCOUNT_UUID": "true",
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=production,deployment=enterprise"
}
}
```
**Scenario C: HTTP Protocol (Port 4318)**
```json
{
"env": {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "http/protobuf",
"OTEL_EXPORTER_OTLP_ENDPOINT": "https://otel.company.com:4318",
"OTEL_EXPORTER_OTLP_HEADERS": "Authorization=Bearer YOUR_API_KEY_HERE",
"OTEL_METRIC_EXPORT_INTERVAL": "60000",
"OTEL_LOGS_EXPORT_INTERVAL": "5000",
"OTEL_LOG_USER_PROMPTS": "1",
"OTEL_METRICS_INCLUDE_SESSION_ID": "true",
"OTEL_METRICS_INCLUDE_VERSION": "true",
"OTEL_METRICS_INCLUDE_ACCOUNT_UUID": "true",
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=production,deployment=enterprise"
}
}
```
**Scenario D: No Authentication (Internal Network)**
```json
{
"env": {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "grpc",
"OTEL_EXPORTER_OTLP_ENDPOINT": "http://otel.internal.company.com:4317",
"OTEL_METRIC_EXPORT_INTERVAL": "60000",
"OTEL_LOGS_EXPORT_INTERVAL": "5000",
"OTEL_LOG_USER_PROMPTS": "1",
"OTEL_METRICS_INCLUDE_SESSION_ID": "true",
"OTEL_METRICS_INCLUDE_VERSION": "true",
"OTEL_METRICS_INCLUDE_ACCOUNT_UUID": "true",
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=production,deployment=enterprise"
}
}
```
### Step 2.2: Update settings.json
**Method 1: Manual Update (Safest)**
1. Open `~/.claude/settings.json` in editor
2. Merge the telemetry configuration into existing `env` object
3. Preserve all other settings
4. Save file
**Method 2: Programmatic Update (Use with Caution)**
```bash
# Read existing settings
existing_settings=$(cat ~/.claude/settings.json)
# Create merged settings (requires jq)
cat ~/.claude/settings.json | jq '. + {
"env": (.env // {} | . + {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "grpc",
"OTEL_EXPORTER_OTLP_ENDPOINT": "https://otel.company.com:4317",
"OTEL_EXPORTER_OTLP_HEADERS": "Authorization=Bearer YOUR_API_KEY_HERE",
"OTEL_METRIC_EXPORT_INTERVAL": "60000",
"OTEL_LOGS_EXPORT_INTERVAL": "5000",
"OTEL_LOG_USER_PROMPTS": "1",
"OTEL_METRICS_INCLUDE_SESSION_ID": "true",
"OTEL_METRICS_INCLUDE_VERSION": "true",
"OTEL_METRICS_INCLUDE_ACCOUNT_UUID": "true",
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=production,deployment=enterprise"
})
}' > ~/.claude/settings.json.new
# Validate JSON
if jq empty ~/.claude/settings.json.new 2>/dev/null; then
mv ~/.claude/settings.json.new ~/.claude/settings.json
echo "✅ Settings updated successfully"
else
echo "❌ Invalid JSON - restoring backup"
rm ~/.claude/settings.json.new
fi
```
### Step 2.3: Validate configuration
```bash
# Check that settings.json is valid JSON
jq empty ~/.claude/settings.json
# Display telemetry configuration
jq '.env | with_entries(select(.key | startswith("OTEL_") or . == "CLAUDE_CODE_ENABLE_TELEMETRY"))' ~/.claude/settings.json
```
---
## Phase 3: Test Connectivity (Optional)
### Step 3.1: Test OTEL endpoint reachability
```bash
# Test gRPC endpoint (port 4317)
nc -zv otel.company.com 4317
# Test HTTP endpoint (port 4318)
curl -v https://otel.company.com:4318/v1/metrics -d '{}' -H "Content-Type: application/json"
```
### Step 3.2: Validate authentication
```bash
# Test with API key
curl -v https://otel.company.com:4318/v1/metrics \
-H "Authorization: Bearer YOUR_API_KEY_HERE" \
-H "Content-Type: application/json" \
-d '{}'
# Expected: 200 or 401/403 (tells us auth is working)
# Unexpected: Connection refused, timeout (network issue)
```
---
## Phase 4: User Instructions
### Step 4.1: Provide restart instructions
**Display to user:**
```
✅ Configuration complete!
**Important Next Steps:**
1. **Restart Claude Code** for telemetry to take effect
- Telemetry configuration is only loaded at startup
- Close all Claude Code sessions and restart
2. **Verify with your platform team** that they see metrics
- Metrics should appear within 60 seconds of restart
- Tagged with: team=platform, environment=production
- Metric prefix: claude_code_claude_code_*
3. **Dashboard access**
- Contact your platform team for Grafana/dashboard URLs
- Dashboards should be centrally managed
**Troubleshooting:**
If metrics don't appear:
- Check network connectivity to OTEL endpoint
- Verify authentication credentials are correct
- Check firewall rules allow outbound connections
- Review OTEL Collector logs on backend (platform team)
- Verify OTEL_EXPORTER_OTLP_ENDPOINT is correct
**Rollback:**
If you need to disable telemetry:
- Restore backup: cp ~/.claude/settings.json.backup.TIMESTAMP ~/.claude/settings.json
- Or set: "CLAUDE_CODE_ENABLE_TELEMETRY": "0"
```
---
## Phase 5: Create Team Rollout Documentation
### Step 5.1: Generate rollout guide for team distribution
**Create file: `claude-code-telemetry-setup-guide.md`**
```markdown
# Claude Code Telemetry Setup Guide
**For:** [Team Name] Team Members
**Last Updated:** [Date]
## Overview
We're collecting Claude Code usage telemetry to:
- Track API costs and optimize spending
- Measure productivity metrics (LOC, commits, PRs)
- Understand token usage patterns
- Identify high-value use cases
**Privacy:** All metrics are aggregated and anonymized at the team level.
## Setup Instructions
### Step 1: Backup Your Settings
```bash
cp ~/.claude/settings.json ~/.claude/settings.json.backup
```
### Step 2: Update Configuration
Add the following to your `~/.claude/settings.json`:
```json
{
"env": {
"CLAUDE_CODE_ENABLE_TELEMETRY": "1",
"OTEL_METRICS_EXPORTER": "otlp",
"OTEL_LOGS_EXPORTER": "otlp",
"OTEL_EXPORTER_OTLP_PROTOCOL": "grpc",
"OTEL_EXPORTER_OTLP_ENDPOINT": "https://otel.company.com:4317",
"OTEL_EXPORTER_OTLP_HEADERS": "Authorization=Bearer [PROVIDED_BY_PLATFORM_TEAM]",
"OTEL_METRIC_EXPORT_INTERVAL": "60000",
"OTEL_LOGS_EXPORT_INTERVAL": "5000",
"OTEL_LOG_USER_PROMPTS": "1",
"OTEL_METRICS_INCLUDE_SESSION_ID": "true",
"OTEL_METRICS_INCLUDE_VERSION": "true",
"OTEL_METRICS_INCLUDE_ACCOUNT_UUID": "true",
"OTEL_RESOURCE_ATTRIBUTES": "team=[TEAM_NAME],environment=production"
}
}
```
**Important:** Replace `[PROVIDED_BY_PLATFORM_TEAM]` with your API key.
### Step 3: Restart Claude Code
Close all Claude Code sessions and restart for changes to take effect.
### Step 4: Verify Setup
After 5 minutes of usage:
1. Check team dashboard: [DASHBOARD_URL]
2. Verify your metrics appear in the team aggregation
3. Contact [TEAM_CONTACT] if you have issues
## What's Being Collected?
**Metrics:**
- Session counts and active time
- Token usage (input, output, cached)
- API costs by model
- Lines of code modified
- Commits and PRs created
**Events/Logs:**
- User prompts (anonymized)
- Tool executions
- API requests
**NOT Collected:**
- Source code content
- File names or paths
- Personal identifiers (beyond account UUID for deduplication)
## Dashboard Access
**Team Dashboard:** [URL]
**Login:** Use your company SSO
## Support
**Issues?** Contact [TEAM_CONTACT] or #claude-code-telemetry Slack channel
**Opt-Out:** Contact [TEAM_CONTACT] if you need to opt out for specific projects
```
---
## Phase 6: Success Criteria
### Checklist for Mode 2 completion:
- ✅ Backed up existing settings.json
- ✅ Updated settings with correct OTEL endpoint
- ✅ Added authentication (API key or certificates)
- ✅ Set team/environment resource attributes
- ✅ Validated JSON configuration
- ✅ Tested connectivity (optional)
- ✅ Provided restart instructions to user
- ✅ Created team rollout documentation (if applicable)
**Expected outcome:**
- Claude Code sends telemetry to central endpoint within 60 seconds of restart
- Platform team can see metrics tagged with team identifier
- User has clear instructions for verification and troubleshooting
---
## Troubleshooting
### Issue 1: Connection Refused
**Symptoms:** Claude Code can't reach OTEL endpoint
**Checks:**
```bash
# Test network connectivity
ping otel.company.com
# Test port access
nc -zv otel.company.com 4317
# Check corporate VPN/proxy
echo $HTTPS_PROXY
```
**Solutions:**
- Connect to corporate VPN
- Use HTTP proxy if required: `HTTPS_PROXY=http://proxy.company.com:8080`
- Try HTTP protocol (port 4318) instead of gRPC
- Contact network team to allow outbound connections
### Issue 2: Authentication Failed
**Symptoms:** 401 or 403 errors in logs
**Checks:**
```bash
# Verify API key format
jq '.env.OTEL_EXPORTER_OTLP_HEADERS' ~/.claude/settings.json
# Test manually
curl -v https://otel.company.com:4318/v1/metrics \
-H "Authorization: Bearer YOUR_KEY" \
-d '{}'
```
**Solutions:**
- Verify API key is correct and not expired
- Check header format: `Authorization=Bearer TOKEN` (no quotes, equals sign)
- Confirm permissions with platform team
- Try rotating API key
### Issue 3: Metrics Not Appearing
**Symptoms:** Platform team doesn't see metrics after 5 minutes
**Checks:**
```bash
# Verify telemetry is enabled
jq '.env.CLAUDE_CODE_ENABLE_TELEMETRY' ~/.claude/settings.json
# Check endpoint configuration
jq '.env.OTEL_EXPORTER_OTLP_ENDPOINT' ~/.claude/settings.json
# Confirm Claude Code was restarted
ps aux | grep claude
```
**Solutions:**
- Restart Claude Code (telemetry loads at startup only)
- Verify endpoint URL has correct protocol and port
- Check with platform team if OTEL Collector is receiving data
- Review OTEL Collector logs for errors
- Verify resource attributes match expected format
### Issue 4: Certificate Errors (mTLS)
**Symptoms:** SSL/TLS handshake errors
**Checks:**
```bash
# Verify certificate paths
ls -la /path/to/client-cert.pem
ls -la /path/to/client-key.pem
ls -la /path/to/ca-cert.pem
# Check certificate validity
openssl x509 -in /path/to/client-cert.pem -noout -dates
```
**Solutions:**
- Ensure certificate files are readable
- Verify certificates haven't expired
- Check certificate chain is complete
- Confirm CA certificate matches server
- Contact platform team for new certificates if needed
---
## Enterprise Configuration Examples
### Example 1: Multi-Environment Setup
**Development:**
```json
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=development,user=john.doe"
```
**Staging:**
```json
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=staging,user=john.doe"
```
**Production:**
```json
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,environment=production,user=john.doe"
```
### Example 2: Department-Level Aggregation
```json
"OTEL_RESOURCE_ATTRIBUTES": "department=engineering,team=platform,squad=backend,environment=production"
```
Enables queries like:
- Cost by department
- Usage by team within department
- Squad-level productivity metrics
### Example 3: Project-Based Tagging
```json
"OTEL_RESOURCE_ATTRIBUTES": "team=platform,project=api-v2-migration,environment=production"
```
Track costs and effort for specific initiatives.
---
## Additional Resources
- **OTEL Specification:** https://opentelemetry.io/docs/specs/otel/
- **Claude Code Metrics Reference:** See `data/metrics-reference.md`
- **Enterprise Architecture:** See `data/enterprise-architecture.md`
- **Team Dashboard Queries:** See `data/prometheus-queries.md`
---
**Mode 2 Complete!**
Reference in New Issue View Git Blame Copy Permalink