17 / 20Telemetrysrc/services/analytics/ · src/utils/telemetry/

3-layer analytics pipeline.

GrowthBook for feature flags, first-party event logging via OpenTelemetry, Datadog for metrics. PII handling enforced at compile time via a never type trick. MCP tool names redacted. File paths NEVER logged.

3
Collection layers
never
Type trick forces PII verification at compile time

Three-Layer Architecture

1GrowthBook — Feature gates + experiment exposure. Sends: UUID, device ID, platform, subscription type, rate limit tier, version, user type. Disk-cached for offline starts.
2First-Party Events — OpenTelemetry → /api/event_logging/batch. Dynamic sampling via tengu_event_sampling_config. Failed events → ~/.claude/telemetry/ JSONL with quadratic backoff. Retries without auth on 401.
3Datadog — Metrics only. Disabled for 3P (Bedrock/Vertex/Foundry). Scoped via CLAUDE_AI_INFERENCE_SCOPE OAuth.

PII Protection

Type-level enforcement: AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS = never — compile error if you pass unchecked data. Impossible to accidentally log PII.

MCP tool names → 'mcp_tool' (redacted — reveals user-specific MCP config). Built-in tool names always logged.

File paths NEVER logged. Disabled in: test env, 3P cloud, "no-telemetry" privacy level.