Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sedata-ai.tech/llms.txt

Use this file to discover all available pages before exploring further.

Auth is configured via the exporterAuth field on TelemetryConfig. The same credential is forwarded to the safety-check API automatically. The simplest mode — works with Sedata Cloud out of the box. 
import type { TelemetryConfig } from '@sedata-ai/mcp'

const config: TelemetryConfig = {
  serverName: 'my-server',
  serverVersion: '1.0.0',
  exporterEndpoint: 'https://otel.sedata-ai.tech/v1',
  exporterAuth: {
    type: 'bearer',
    token: process.env.SEDATA_TOKEN!,
  },
}
The exporter sends Authorization: Bearer <token> on every request.

API key

Some collectors prefer a custom header. Use apiKey to send x-api-key: 
const config: TelemetryConfig = {
  serverName: 'my-server',
  serverVersion: '1.0.0',
  exporterEndpoint: 'https://collector.example.com/v1',
  exporterAuth: {
    type: 'apiKey',
    apiKey: process.env.OTEL_API_KEY!,
  },
}
This also enables safetyCheck to authenticate against api.sedata-ai.tech/security/safety-check.

Basic auth

type: 'basic' is accepted by ConfigValidator but the basic header is currently a no-op in the exporter setup (it’s commented out in telemetry.ts). Until that ships, use bearer or apiKey and put basic-auth behind a proxy if you must. 
// Validates, but the header is not yet emitted.
const config: TelemetryConfig = {
  // ...
  exporterAuth: {
    type: 'basic',
    username: 'collector',
    password: 'secret',
  },
}
Track #auth-basic for status. Until it lands, use a sidecar (nginx, envoy, caddy) to inject the Authorization: Basic ... header.

No auth (private network)

Skip exporterAuth entirely if your collector is open inside a private network: 
const config: TelemetryConfig = {
  serverName: 'my-server',
  serverVersion: '1.0.0',
  exporterEndpoint: 'http://otel-collector.cluster.local:4318/v1',
}

Console exporter (no auth)

For local dev, skip the exporter entirely: 
const config: TelemetryConfig = {
  serverName: 'my-server',
  serverVersion: '1.0.0',
  exporterType: 'console',
}
No exporterEndpoint or exporterAuth is needed.

How auth flows to safety checks

instrumentServer extracts the auth token from your config and stashes it for safetyCheck to use. Both bearer.token and apiKey.apiKey get forwarded to the safety endpoint as the x-api-key header. 
exporterAuth: { type: 'bearer', token: 'sk_live_xxx' }
// → safety API gets: x-api-key: sk_live_xxx

exporterAuth: { type: 'apiKey', apiKey: 'sk_live_xxx' }
// → safety API gets: x-api-key: sk_live_xxx
If you want a different credential for the safety API, call setTelemetryApiKey directly: 
import { setTelemetryApiKey } from '@sedata-ai/mcp/dist/safety-check'

setTelemetryApiKey('different-key')

Validation rules

ConfigValidator enforces that the right field is present for each type:
typeRequired field
bearertoken
apiKeyapiKey
basicusername and password
Missing fields throw with a clear message at instrumentServer time — auth problems fail loud, not silently.