68d9e554b0
Adds langfuseMiddleware in internal/shared so every daemon's shared.Run gets free production-traffic trace visibility when LANGFUSE_URL + LANGFUSE_PUBLIC_KEY + LANGFUSE_SECRET_KEY are set. Same env names + file shape as the multi_coord_stress driver, so operators ship one /etc/lakehouse/langfuse.env across the deploy. Wiring is auth-gated: middleware runs INSIDE the RequireAuth group, so 401s from credential-stuffing don't pollute traces. /health is exempt so LB probes don't either. Missing env vars → nil client → middleware is a passthrough no-op (fail-open per ADR-005 5.1). Bundled deploy: - langfuse.env.example template (mode 0640, root:lakehouse) - 11 systemd units gain `EnvironmentFile=-/etc/lakehouse/langfuse.env` (leading - so missing file = OK) - REPLICATION.md bootstrap section documents setup Tests (4): nil passthrough, /health bypass, real-request emission, status-writer wrapping. All green. STATE_OF_PLAY OPEN list: 5 rows → 4 rows. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
20 lines
863 B
Plaintext
20 lines
863 B
Plaintext
# /etc/lakehouse/langfuse.env — Langfuse trace observability.
|
|
#
|
|
# Mode 0640, root:lakehouse. Loaded by every daemon's systemd unit
|
|
# via EnvironmentFile=-/etc/lakehouse/langfuse.env. The `-` prefix
|
|
# means "missing file is OK" — Langfuse is optional. If the file is
|
|
# missing or any of the three env vars below is empty, every daemon
|
|
# runs without Langfuse and with no logged warnings (best-effort).
|
|
#
|
|
# When all three are set, every authenticated HTTP request to every
|
|
# daemon emits one Langfuse trace + span, browseable at LANGFUSE_URL.
|
|
# /health is exempt to keep LB probes from polluting traces.
|
|
#
|
|
# Same env vars + same shape as the file the multi_coord_stress
|
|
# driver reads — operators ship one langfuse.env across the whole
|
|
# deploy.
|
|
|
|
LANGFUSE_URL=http://localhost:3001
|
|
LANGFUSE_PUBLIC_KEY=pk-lf-staffing
|
|
LANGFUSE_SECRET_KEY=sk-lf-staffing-secret
|