fraqtal/agentic-dev
Template
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
main
agentic-dev/docs/library-decisions/2026-05-14-@opentelemetry/api.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces 
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

3.3 KiB
Raw Permalink Blame History

package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr filter-results verification-commands accepted-cves
@opentelemetry/api ^1.9.0 core approved 2026-05-14
Danijel Martinek
adr-017
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer socketRisk
Apache-2.0 native active pass pass n/a clean pass clean
npm view @opentelemetry/api license
npm view @opentelemetry/api version
pnpm audit --audit-level=moderate

Filter: license

npm view @opentelemetry/api license returns Apache-2.0. Apache-2.0 is on the allowlist.

Filter: types

@opentelemetry/api is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.

Filter: maintenance

Actively maintained by the OpenTelemetry community under the CNCF. The 1.x stable API line receives regular releases; the project is a CNCF incubating project with broad industry backing.

Filter: boundary-fit

ADR-017 §8 explicitly permits @opentelemetry/api for use within core-shared/instrumentation/ without restriction. Feature packages use it via the ITracer/ILogger interfaces only; they do not import this package directly (ESLint boundary rules, ADR-010).

Filter: shadow-check

@opentelemetry/api is the CNCF-standard instrumentation API. No competing tracing API is present in the workspace. The API package is the stable, zero-dependency interface layer intentionally kept separate from SDK implementations.

Filter: eu-residency

@opentelemetry/api is a pure instrumentation API with no network communication, telemetry transmission, or data storage. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against @opentelemetry/api at the time of this trace.

Filter: named-consumer

packages/core-shared/src/instrumentation/ consumes @opentelemetry/api to implement OtelTracer and OtelLogger (ADR-017). packages/core-audit also depends on it for span context propagation in audit records.

Prompt: replaces

Prior to ADR-017, core-shared used Sentry SDK methods directly in SentryTracer and SentryLogger. @opentelemetry/api replaces direct Sentry SDK calls as the instrumentation substrate, allowing vendor swaps via exporter configuration rather than code rewrites.

Prompt: migration-cost-out

Hard. @opentelemetry/api is the instrumentation interface called throughout core-shared/instrumentation/. Migrating away means replacing all span creation, context propagation, and log emission with a different API. The interfaces (ITracer, ILogger, IMetrics) in ADR-014 isolate feature packages, but the core instrumentation layer itself is deeply coupled to the OTel API shape.

Prompt: alternatives-considered

  1. Sentry SDK directly — Rejected in ADR-017: couples the impl to Sentry forever; vendor swap requires rewriting every *Tracer/*Logger pair.
  2. OpenCensus — CNCF predecessor to OpenTelemetry; reached end-of-life and merged into OpenTelemetry. Not viable.

See ADR-017 for the full decision rationale.