[FEATURE] Include file upload metadata in OTel log events (claude_code.user_prompt)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When OTEL_LOG_USER_PROMPTS=1 is set, the claude_code.user_prompt log event captures the text content of user messages. However, file uploads are completely invisible in OTel logs — no filename, MIME type, file size, or any other metadata is included.
This is a significant gap for enterprise security monitoring. Our organization uses Claude Code and Claude Cowork with an ADOT (AWS Distro for OpenTelemetry) Collector to detect whether users upload files containing PII (personally identifiable information). Currently, we can monitor text prompts but have zero visibility into file-based interactions.
The official documentation states: "Raw file contents and code snippets are not included in metrics or events." We understand and agree with this design decision for file contents. However, file metadata (filename, type, size) is a different category — it carries minimal privacy risk while enabling critical security monitoring use cases.
Current Behavior
When a user uploads a file (e.g., a CSV, PDF, or image) alongside a text prompt:
- ✅ Text prompt content appears in
claude_code.user_promptLogAttributes (whenOTEL_LOG_USER_PROMPTS=1) - ❌ No file metadata is logged — filename, MIME type, file size, and content block type are all absent
Proposed Solution
Add file upload metadata as LogAttributes to the claude_code.user_prompt event. This does not require logging file contents — only metadata is needed.
Suggested attributes:
| Attribute | Type | Example | Description |
|---|---|---|---|
| prompt.files | string (JSON array) | [{"name":"data.csv","mime_type":"text/csv","size_bytes":24576}] | Array of uploaded file metadata |
| prompt.file_count | int | 1 | Number of files attached to the prompt |
Alternative Solutions
_No response_
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
- PII/DLP Monitoring — Detect when users upload files that may contain sensitive data (e.g.,
.csv,.xlsxwith customer records). Even filename and MIME type alone enable basic policy enforcement. - Usage Analytics — Understand how file uploads are used across teams (file types, sizes, frequency).
- Cost Attribution — File uploads (especially images and large documents) significantly affect token consumption. Correlating file metadata with token usage enables better cost analysis.
- Compliance Auditing — Regulated industries need audit trails of what data enters AI systems, even without logging the actual content.
Additional Context
Privacy Considerations
This proposal intentionally excludes file contents from OTel logs. Logging only metadata (filename, type, size) provides meaningful observability without introducing the security risk of sensitive file contents flowing through the telemetry pipeline.
An additional environment variable (e.g., OTEL_LOG_FILE_METADATA=1) could gate this feature, similar to how OTEL_LOG_USER_PROMPTS gates prompt content logging.
Environment
- Platform: macOS / Linux
- Claude Code + Claude Cowork (via Claude Agent SDK)
- OTel Collector: AWS ADOT on ECS
- Export target: CloudWatch Logs
Related Issues
- #15417 — Clarifies that telemetry is exported via logs protocol; mentions
claude_code.user_promptLogAttributes but no file metadata - #9584 — OTel Traces support request (broader observability gap)
- #11057 — Telemetry transparency notification (related privacy/awareness concern)
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗