Epic: Observability Integration #6

New Issue

Open

opened 2026-03-29 23:17:15 +02:00 by claude · 1 comment

claude commented 2026-03-29 23:17:15 +02:00

Owner

Copy Link

Overview

Per-tenant cameleer3-server instances with ClickHouse for trace/metrics storage. MOAT feature gating by tier.

Architecture decision (2026-04-04): ClickHouse replaced OpenSearch in the cameleer3-server stack. Columnar OLAP database, better for time-series observability data, lighter to operate. See docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md.

Data Stack

Component	Role
cameleer3-server	Receives agent data, processes traces
ClickHouse	Trace/metrics storage (replaced OpenSearch)
PostgreSQL	Platform metadata (tenants, licenses, audit)

MOAT Feature Gating by Tier

Feature	Low	Mid	High	Business
Topology Graph	Yes	Yes	Yes	Yes
Payload Lineage	Limited	Full	Full	Full
Cross-Service Correlation	No	Yes	Yes	Yes
Live Route Debugger	No	No	Yes	Yes
Exchange Replay	No	No	Yes	Yes

Multi-Tenancy

• Docker: Single cameleer3-server instance, tenant_id partitioning in ClickHouse
• K8s: Per-tenant cameleer3-server instances in tenant namespaces
• API gateway routing via Traefik ForwardAuth (validates JWT, injects X-Tenant-Id)

Implemented In

• Phase 4 (#28 — Observability Pipeline)

## Overview Per-tenant cameleer3-server instances with ClickHouse for trace/metrics storage. MOAT feature gating by tier. > **Architecture decision (2026-04-04):** ClickHouse replaced OpenSearch in the cameleer3-server stack. Columnar OLAP database, better for time-series observability data, lighter to operate. See `docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md`. ## Data Stack | Component | Role | |-----------|------| | cameleer3-server | Receives agent data, processes traces | | **ClickHouse** | Trace/metrics storage (replaced OpenSearch) | | PostgreSQL | Platform metadata (tenants, licenses, audit) | ## MOAT Feature Gating by Tier | Feature | Low | Mid | High | Business | |---------|-----|-----|------|----------| | Topology Graph | Yes | Yes | Yes | Yes | | Payload Lineage | Limited | Full | Full | Full | | Cross-Service Correlation | No | Yes | Yes | Yes | | Live Route Debugger | No | No | Yes | Yes | | Exchange Replay | No | No | Yes | Yes | ## Multi-Tenancy - **Docker:** Single cameleer3-server instance, tenant_id partitioning in ClickHouse - **K8s:** Per-tenant cameleer3-server instances in tenant namespaces - API gateway routing via Traefik ForwardAuth (validates JWT, injects X-Tenant-Id) ## Implemented In - Phase 4 (#28 — Observability Pipeline)

claude added the epicobservability labels 2026-03-29 23:18:00 +02:00

claude referenced this issue 2026-03-30 09:24:12 +02:00

Phase 4: Observability Pipeline (was Phase 6) #28

claude referenced this issue from cameleer/cameleer-server 2026-04-01 22:49:51 +02:00

Epic: UX Audit — PMF Readiness for First Market Offer #100

claude commented 2026-04-07 12:31:38 +02:00

Author

Owner

Copy Link

Status Update (2026-04-07)

Observability integration done:

• cameleer3-server-ui served at /server/* via Traefik (strip-prefix + BASE_PATH)
• Server SSO: Logto OIDC auto-login when clicking "View Dashboard" from platform
• Server OIDC configured automatically by bootstrap (issuer, client, audience, roles)
• Custom JWT injects roles claim for server role mapping
• Two OIDC paths: platform org-scoped tokens (scope claim) and server-ui SSO (roles claim)
• Agent status and observability status API hooks in platform frontend

Remaining:

• Deep-link from platform app detail to server exchange view for that app
• Observability data visible inline in platform (currently opens server-ui in new tab)

## Status Update (2026-04-07) ### Observability integration done: - cameleer3-server-ui served at `/server/*` via Traefik (strip-prefix + BASE_PATH) - Server SSO: Logto OIDC auto-login when clicking "View Dashboard" from platform - Server OIDC configured automatically by bootstrap (issuer, client, audience, roles) - Custom JWT injects `roles` claim for server role mapping - Two OIDC paths: platform org-scoped tokens (scope claim) and server-ui SSO (roles claim) - Agent status and observability status API hooks in platform frontend ### Remaining: - Deep-link from platform app detail to server exchange view for that app - Observability data visible inline in platform (currently opens server-ui in new tab)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/saas-ux-polish

feat/phase-9-frontend-react-shell

feat/phase-4-observability-pipeline

feat/phase-3-runtime-orchestration

feature/phase-2-tenants-identity-licensing

v1.0.0

Labels

Clear labels

auth

Identity, authentication, OIDC, RBAC

billing

Billing, metering, and Stripe integration

day-1

Required for initial launch

epic

Top-level epic grouping related issues

future

Planned for future release

infra

Infrastructure, GitOps, K8s orchestration

licensing

License module and feature gating

networking

Network isolation, VPN, tenant separation

observability

Observability integration (cameleer3-server)

ops

Platform operations and self-monitoring

phase-1

Phase 1: Foundation + Auth

phase-2

Phase 2: Tenants + Licensing

phase-3

Phase 3: Runtime Orchestration + Environments

phase-4

Phase 4: Observability Pipeline + Inbound Routing

phase-5

Phase 5: K8s Operational Layer

phase-6

Phase 6: Billing + Metering

phase-7

Phase 7: Billing + Metering

phase-8

Phase 8: Security Hardening + Self-Monitoring

phase-9

Phase 9: Frontend (React Shell)

platform

SaaS management platform

runtime

Camel application runtime

secrets

Secrets management and vault integration

security

Security, compliance, SOC 2, audit

task

Implementation task within a phase

No Label epic observability

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claude

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: cameleer/cameleer-saas#6