sovsealsovseal
WelcomePlatformSelf-HostedCookbooksIntegrationsSDK ReferenceAPI ReferenceComponentsChangelog
Verified by the sovseal team

Observability

Dashboards, metrics, and audit logs available to Platform projects.

Overview

Observability on sovseal respects the zero-trust data boundary. The Edge servers measure request flows and resource allocations solely at Layer A (unencrypted metadata). This design allows you to monitor sync operations and storage sizes without compromising cryptographic confidentiality.

Per-Project Metrics

The sovseal Dashboard visualizes operational health metrics:

  • Replication Lag: Time delta between local client commit and remote Edge receipt.
  • Ciphertext Bytes Stored: Total volume of encrypted payloads residing in the storage bucket.
  • Operation Counts: Total number of store_memory (write), recall_memory (read), and check_in requests.
  • Sync Devices: Number of concurrent devices actively replication-synced.

All metrics are compiled from metadata tables (usage_counters) and never traverse decryption blocks.

Webhooks

Wired to real-time events, sovseal webhooks trigger callbacks in your backend when memories are updated.

[!IMPORTANT] Zero-Knowledge Webhook Security Invariant Webhook payloads carry only metadata and client-side payload hashes. Plaintext memory values are never transmitted in webhook bodies to prevent leakage to external servers.

Supported Events

  • memory.add: Triggered when a new encrypted snapshot is replication-synced.
  • memory.delete: Triggered when a memory block is deleted.
  • quota.limit_reached: Triggered when a tier-limit is hit.

Webhook Payload Example (memory.add)

{
  "event": "memory.add",
  "project_id": "proj_8f7e6d...",
  "agent_id": "9f8e7d... (sha256 hash of project+key)",
  "sequence_number": 42,
  "client_payload_hash": "a1b2c3d4e5f6... (VSR anchor)",
  "timestamp": "2026-06-10T11:22:37Z",
  "ciphertext_size_bytes": 1284
}

Request Audit Log Export

Administrators can export audit trails from the dashboard Settings page.

  • Export Format: JSON or CSV.
  • Scoping: Filter exports by API key ID, IP range, or operation type.
  • Compliance: Ideal for SOC 2, HIPAA, or internal security verification.

Telemetry Opt-Out

The SDK gathers telemetry data by default (only aggregate counts of operation successes/failures and library version numbers). No payload contents, keys, or user identifiers are ever sent.

Disabling Telemetry

To disable telemetry completely in the SDK or MCP server, set the environment variable:

export SOVSEAL_TELEMETRY_OPTOUT=true

Alternatively, configure the setting in ~/.sovseal/config.json:

{
  "project_id": "...",
  "api_key": "...",
  "telemetry": false
}

Authentication & Tokens

API key types, scopes, rotation, and revocation.

Billing & Credits

Pricing tiers, credit lifecycle, and Layer-A usage metering.

On this page

OverviewPer-Project MetricsWebhooksSupported EventsWebhook Payload Example (memory.add)Request Audit Log ExportTelemetry Opt-OutDisabling Telemetry