07-proxy-sync-telemetry.md

Part 7 — Optional: proxy, sync, telemetry

These features are opt-in. Nothing leaves your machine until you configure it. Redaction applies before outbound paths — see concepts.md.

LLM HTTP proxy

Run Kaizen in front of an Anthropic-style API so model calls become EventSource::Proxy rows in the same SQLite store.

kaizen proxy run
kaizen proxy run --listen 127.0.0.1:3847
kaizen proxy run --upstream https://api.anthropic.com

Client setup, X-Kaizen-Session, and [proxy] keys: llm-proxy.md.

CLI-only: there is no MCP tool for proxy run.

Sync (redacted ingest)

When [sync] in config points at an endpoint, kaizen sync flushes the redacted outbox.

kaizen sync run --once
kaizen sync run
kaizen sync status

Contract for operators: ingest-contract.md.

Pluggable telemetry

Sinks (including file, PostHog, Datadog, OTLP, or dev) receive the same redaction story as sync. Exported batches include a project_name label from GitHub origin or workspace folder so providers can facet by repo while workspace_hash stays stable for joins. The file exporter appends one JSON summary line per batch to ~/.kaizen/projects/<slug>/telemetry.ndjson (no extra build feature).

kaizen telemetry configure
kaizen telemetry print-effective-config
# After adding `type = "file"` and running sync or `telemetry push`, watch lines:
kaizen telemetry tail

Templates and env resolution: config.md and telemetry usage.

CLI-only: telemetry subcommands are not MCP tools.

Reading back from the provider (optional)

Export and query are separate paths: pluggable exporters send redacted batches upstream; [telemetry.query] enables pull (when a provider is implemented and credentials are set). Pulled event-shaped rows are stored in SQLite and can feed summary, insights, metrics, guidance, and retro when you pass --source provider or --source mixed.

• Setup and TTL: config.md (provider, cache_ttl_seconds).
• User-facing walkthrough: Part 2 — data source (local, provider, mixed) and the later parts that reference it.
• Ingest contract (including workspace-facts batches): ingest-contract.md.

CLI-only: there is no MCP tool for telemetry pull or for choosing --source (hosts should shell to the CLI).

Exercise

1. Read llm-proxy.md and decide whether proxy fits your threat model (loopback default, API key forwarding).
2. With sync disabled (empty endpoint), run kaizen sync status and confirm the outbox is idle or empty.
3. Run kaizen telemetry print-effective-config and verify no secrets are printed (redacted resolution only).

Next: Part 8 — MCP