Implementation Plan: Observability and Evidence

Make execution inspectable and governance-verifiable by unifying telemetry (logs/metrics/traces), evidence capture, and correlation IDs across protocols and domain events, while enforcing privacy and anti-leakage constraints.

Provenance & Traceability

Architectural Decisions (ADRs)

ADR ID	Decision Title	Impact on This Plan
ADR-029	Observability Stack Architecture	Establishes OTLP + OTel Collector + OpenObserve + Vanta + Logfire.

Product Requirements (PRDs)

PRD ID	Requirement Title	Satisfied By (SDS)	Acceptance Criteria
PRD-010	AI Governance Runtime	SDS-047	REQ-GS-004 (governance metrics exposure)

Software Design Specifications (SDS)

SDS ID	Service/Component	Bounded Context	SEA-DSL Spec File	Implementation Status
SDS-030	Semantic Observability Envelope	`shared`	N/A	Draft
SDS-047	GovernedSpeed™ Governance Runtime	`governance-runtime`	N/A	Proposed

Note: SDS-043 (Risk & Evidence Service) has been superseded by SDS-047 per ADR-031.

Provenance Chain

graph TD
  ADR29[ADR-029: Observability Stack] --> PRD10[PRD-010: AI Governance Runtime]
  PRD10 --> SDS47[SDS-047: GovernedSpeed™ Runtime]
  ADR29 --> SDS30[SDS-030: Semantic Observability Envelope]
  SDS47 -.-> SDS43[SDS-043: SUPERSEDED]

  style SDS43 fill:#ffcccc

Architecture and Design

Design Principles Applied

Isomorphism: Semantic context (sea.domain, sea.concept, sea.regime_id) is preserved as OTel resource attributes.
Invariants: PII scrubbing before export; high cardinality blocking (SDS-030, ADR-029).
Idempotency: Evidence artifacts are content-hash deduped (SDS-047).

Dependency Justification

No new dependencies for plan completion; align with ADR-029 standard components.

Expected Filetree

/
├── docs/specs/shared/adr/029-observability-stack-architecture.md
├── docs/specs/shared/sds/030-semantic-observability.md
└── docs/specs/shared/sds/047-governedspeed-governance-runtime.sds.yaml

Proposed Cycles

Cycle	Branch	Wave	Files Modified	Files Created	Specs Implemented
C1A	`cycle/p009-c1a-semantic-envelope`	1	`docs/specs/shared/sds/030-semantic-observability.md`	—	Envelope + privacy/anti-leakage rules
C1B	`cycle/p009-c1b-evidence-bundles`	1	`docs/specs/shared/sds/047-governedspeed-governance-runtime.sds.yaml`	`schemas/events/governance/evidence/*` (if needed)	Evidence artifact model
C2A	`cycle/p009-c2a-correlation-ids`	2	`docs/specs/shared/sds/030-semantic-observability.md`	—	Correlation propagation rules

Task Breakdown

Wave 1 (Parallel)

C1A: Finalize the semantic observability envelope (modes, scrubbing, cardinality constraints)
- Implements: Standard wrapper for telemetry signals with sensitivity handling
- Satisfies: ADR-029 invariants and SDS-030 constraints
- Files: docs/specs/shared/sds/030-semantic-observability.md
C1B: Finalize evidence artifact capture and retrieval surfaces
- Implements: Evidence hash, submission events, risk snapshots
- Satisfies: PRD-010 REQ-GS-004 and SDS-047 contracts
- Files: docs/specs/shared/sds/047-governedspeed-governance-runtime.sds.yaml, schemas/events/governance/evidence/*

Wave 2 (Depends on Wave 1)

C2A: Standardize correlation ID propagation across inbound requests, domain events, and telemetry
- Implements: Trace/span correlation and causation chains
- Satisfies: SDS-030 envelope and ADR-029 observability guarantees
- Files: docs/specs/shared/sds/030-semantic-observability.md

Validation & Verification

Spec Validation

Ensure observability envelope forbids PII in exported telemetry by default (scrub or delete)
Confirm evidence artifacts are defined with tamper-evident hashing (SHA256) per SDS-047

Implementation Validation

Metrics are OTLP-exported and include governance gauges/counters (PRD-010 REQ-GS-004)
Logs correlate with traces via trace_id/span_id (ADR-029)
Evidence bundles can be reconstructed for a governance decision (SDS-047)

Open Questions

What is the canonical location/config for the OTel Collector pipeline in this repo (file path + deployment target)? infra/otel/collector-config.yaml
Which “semantic context attributes” are mandatory vs optional, and how are they derived (from identity tokens, manifests, or flows)? sea.domain, sea.command, sea.cqrs_kind
What retention policy applies to full_fidelity payload mode (and how is it enforced)? 7d hot / 90d cold

Risks & Mitigation

Risk	Likelihood	Impact	Mitigation Strategy
Telemetry leaks sensitive provenance	Medium	High	SDS-030 sensitivity hashing, payload modes, and k-anonymity constraints.
Cardinality explosion increases costs	Medium	Medium	Enforce SDS-030 cardinality guardrails and aggregation modes.

Rollback Strategy

Fall back to aggregated payload mode + reduced attribute set while keeping correlation IDs intact.

Linked Specifications

Type	ID/Doc	Document
ADR	ADR-029	`docs/specs/shared/adr/029-observability-stack-architecture.md`
PRD	PRD-010	`docs/specs/shared/prd/010-ai-governance-runtime.md`
SDS	SDS-030	`docs/specs/shared/sds/030-semantic-observability.md`
SDS	SDS-047	`docs/specs/shared/sds/047-governedspeed-governance-runtime.sds.yaml`

Superseded: SDS-043 (Risk & Evidence Service) has been merged into SDS-047 per ADR-031.