Skip to main content

What Opticon records

For each Guard API call, Guardian Bastion writes a trace to Opticon containing:
  • The original input (text / image / file)
  • The final action and policy hits
  • The masked output (only when action == "MASK")
  • The tracing metadata you provide in the opticon field

Attach tracing metadata

Pass an opticon object in the request body: 
{
  "messages": [{ "role": "user", "content": "..." }],
  "opticon": {
    "trace_id": "trace-abc-123",
    "session_id": "chat-session-001",
    "user_id": "end-user-456",
    "metadata": { "environment": "production", "client_version": "2.1.0" },
    "tags": ["chatbot", "customer-service"]
  }
}

Field guide

FieldPurpose
trace_idCorrelate with your application logs. Omit to let Guard Server generate one.
session_idGroup a multi-turn conversation’s traces together.
user_idIdentify the end user for per-user analysis.
metadataFree-form — use for environment, client version, deployment region, etc.
tagsFilterable in Opticon dashboards.
You never pass Opticon credentials. Opticon public/secret keys and host are managed server-side per Project — your client only provides tracing metadata.

What you don’t control

  • Retention period (set by your administrator)
  • Whether masked output is stored (set by the Project’s policy; Input is always stored)
  • Who can view traces (IAM Policy)