[BUG] v2.1.153 OTel: OTEL_LOG_TOOL_CONTENT=1 suppresses claude_code.tool_result log emission in logs-only setups; tool_decision missing TOOL_DETAILS enrichment
Bug Type
OpenTelemetry / monitoring telemetry — two documented behaviors don't match emission on v2.1.153 in logs-only setups.
Note: an earlier version of this body reported three bugs. After re-verification with a corrected env configuration, two of the three claims cleared (see the follow-up comment for details). This body now describes only the confirmed bugs.
Claude Code version
v2.1.153
Affected docs
https://code.claude.com/docs/en/monitoring-usage
Reproduction setup
Telemetry env (relevant subset):
export CLAUDE_CODE_ENABLE_TELEMETRY=1
export OTEL_METRICS_EXPORTER=otlp
export OTEL_LOGS_EXPORTER=otlp
# Note: OTEL_TRACES_EXPORTER intentionally NOT set — logs-only pipeline downstream.
export OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
export OTEL_EXPORTER_OTLP_ENDPOINT=<our OTLP collector>
export OTEL_LOG_USER_PROMPTS=1
export OTEL_LOG_TOOL_DETAILS=1
export OTEL_LOG_RAW_API_BODIES=file:</path/to/dir> # also reproduces with =1
export OTEL_LOGRECORD_ATTRIBUTE_VALUE_LENGTH_LIMIT=131072
The downstream OTel collector is a custom build with the otlp receiver and an S3-archive exporter on the logs pipeline only — no traces pipeline (intentional for this report; we're testing what OTEL_LOG_* knobs do on logs alone). Collector is healthy (0 drops, 0 errors) during the windows below.
Bug 1 — OTEL_LOG_TOOL_CONTENT=1 suppresses claude_code.tool_result log emission in logs-only setups
Docs § OTEL_LOG_TOOL_CONTENT scope this knob to span events:
Enable logging of tool input and output content in span events (default: disabled). Requires tracing. Content is truncated at 60 KB
And describe claude_code.tool_result as a separate log event logged on every tool completion. By that reading, setting OTEL_LOG_TOOL_CONTENT=1 should be a no-op when traces aren't exported — the log path should be unaffected.
Observed: with OTEL_LOG_TOOL_CONTENT=1 set in a logs-only configuration (no traces exporter, no traces pipeline), claude_code.tool_result log events stop emitting entirely. Across two sessions and dozens of tool calls, zero tool_result events landed. Other log events (claude_code.tool_decision, claude_code.api_request) continued to emit normally.
Confirmed reverse: unsetting OTEL_LOG_TOOL_CONTENT (with all other env unchanged) restores tool_result emission with all documented attributes. Also has a knock-on effect: with TOOL_CONTENT unset, claude_code.api_request_body events also start emitting (they were missing when TOOL_CONTENT=1, even though api_request_body's docs don't mention this knob).
If this interference is intentional (e.g. tool_result content is meant to be delivered exclusively via the tool.output span event when TOOL_CONTENT is on, suppressing the log event), the docs should call that out. Otherwise this is a regression that materially affects fleets running OTEL_LOG_TOOL_CONTENT without traces — a common configuration since many SIEMs accept logs but not traces.
Bug 2 — OTEL_LOG_TOOL_DETAILS=1 enriches tool_result but not tool_decision
Tool input arguments and parameters are not logged by default. To include them, setOTEL_LOG_TOOL_DETAILS=1. …tool_resultandtool_decisionevents include atool_parametersattribute with Bash commands, MCP server and tool names, and skill names.
Observed: with OTEL_LOG_TOOL_DETAILS=1 set:
claude_code.tool_resultevents DO gettool_parameters(well-formed JSON withbash_command,full_command,timeout, etc.) andtool_input(raw JSON of arguments). ✅claude_code.tool_decisionevents emit with only the baseline metadata keys (decision,event.*,organization.id,prompt.id,session.id,source,terminal.type,tool_name,tool_use_id, identity fields) — notool_parameters, notool_input. ❌
The docs say both events should be enriched. Only tool_result is.
Impact
- Bug 1: silent loss of the
tool_resultlog signal for a documented log event when a knob is set. Materially affects MCP / Bash audit trails for fleets using SIEMs that accept logs only. - Bug 2: blocks the "tool_parameters on tool_decision" auditing pattern documented in the "Audit MCP activity" section — operators can see what tools were called and the parameters, but not which permission decisions were made against which parameters (useful for finding rejected-but-attempted operations).
Suggested resolution
Either (a) fix the emit-side to match the docs, or (b) update the docs to describe the actual interactions on v2.1.x (e.g. "OTEL_LOG_TOOL_CONTENT requires tracing AND suppresses tool_result log event in favor of span-event-only content delivery"; "OTEL_LOG_TOOL_DETAILS enriches tool_result only").
I'm happy to provide additional verification on request.
Related
Issue #49310 covered the introduction of OTEL_LOG_RAW_API_BODIES to the docs; this report verifies against the documented schema introduced there.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗