Telemetry

Telemetry is disabled unless you enable it. When enabled, Kernia should emit anonymous operational events that help maintainers understand package usage and CLI outcomes without collecting user data, secrets, provider credentials, database URLs, tokens, or email addresses.

What can be collected

Telemetry events should be aggregate and redacted:

Enable telemetry

from kernia.telemetry import telemetry

auth = init(KerniaOptions(
    database=adapter,
    secret=env.KERNIA_SECRET,
    plugins=[
        telemetry(enabled=True),
    ],
))

Or use an environment variable if your deployment standardizes runtime flags:

KERNIA_TELEMETRY=1

Disable explicitly

auth = init(KerniaOptions(
    database=adapter,
    secret=env.KERNIA_SECRET,
    telemetry=False,
))

Debug locally

Debug mode should print the redacted telemetry payload without sending it:

KERNIA_TELEMETRY_DEBUG=1

Privacy rules

Telemetry must not include:

• Emails, names, usernames, phone numbers, or IP addresses.
• OAuth client ids or client secrets.
• Stripe keys, webhook secrets, SCIM tokens, or API keys.
• Database URLs.
• Cookie values, session tokens, JWTs, OTPs, or reset tokens.
• Full auth configuration objects.

Test coverage

Tests should verify telemetry is off by default, debug mode does not send events, CI/test environments do not send unless explicitly enabled, and redaction removes secret-like values from every event.