👁️ title: How Logging Works description: Technical deep dive into intercept, audit, and diagnostic telemetry in Control Core.
👁️ How Logging Works
Control Core captures telemetry through two coordinated paths:
- Control Plane audit path - API and UI interactions are persisted as audit events.
- Bouncer diagnostic path - policy decision and operational telemetry is generated near enforcement.
Intercept Layer and ext_proc
- AI Pilot
ext_procintegrates with policy evaluation and mutation/redaction logic. - Decision context can include request metadata, policy selection hints, and response mutation details.
- Redaction behavior is policy-governed so sensitive fields can be masked before storage/share.
📌 Zero-Persistence vs Diagnostic Mode
| Mode | Purpose | Storage behavior |
|---|---|---|
| Zero-Persistence | Minimize retained telemetry footprint | Keep only mandatory control/audit events |
| Diagnostic | Troubleshooting and root-cause analysis | Capture high-fidelity traces in bounded retention windows |
Use Diagnostic mode for incident windows and return to Zero-Persistence when active troubleshooting closes.
📌 What Is Captured
- Policy decision outcomes, decision latency, and selected policy identifiers
- Bouncer operational status events (sync, registration, heartbeat)
- Control Plane user/API actions and administrative changes
- Diagnostic package metadata (
TICKET_REF,README.txt, hash/signature metadata)