PUBLIC BETA — v0.5 ON PYPI · APACHE 2.0

Open-source
observability and audit
for AI agents.

Instrument your agents with OpenTelemetry-native, audit-grade telemetry. One Helm install. Works alongside the observability stack you already run — Phoenix, Langfuse, Datadog, Honeycomb. No vendor lock-in, no UI to learn, Apache 2.0.

pip install + 3 lines of code
$ pip install 'singleaxis-fabric[anthropic,otlp]'

# In your agent:
from fabric import Fabric

fabric = Fabric.from_env()
fabric.enable_auto_instrumentation()

with fabric.decision(session_id=sid) as d:
    with d.llm_call(system="anthropic",
                      model="claude-haiku-4-5") as call:
        response = client.messages.create(...)
        call.set_usage(
            input_tokens=response.usage.input_tokens,
            output_tokens=response.usage.output_tokens,
        )

# Spans now flow with tenant/agent/session
# attribution + gen_ai.* conventions to whatever
# OTel backend you already use.

The complete audit-grade telemetry surface for AI agents.

Fabric is a Python SDK plus a custom OpenTelemetry collector plus a set of in-pod sidecars, packaged as one Helm chart. Each capability below has a status — green is shipping in the open-source v0.5 today, purple is roadmap, grey is explicitly Commercial (not in the OSS).

Shipping

Decision-span tracing with tenant attribution

Wrap each agent turn in fabric.decision(...). Every span carries fabric.tenant_id, fabric.agent_id, fabric.session_id, fabric.user_id, fabric.profile. Multi-tenant filter, audit-by-user, billing-by-tenant — all queryable from one trace backend.

Shipping

LLM & tool-call child spans (OpenTelemetry GenAI)

decision.llm_call() and decision.tool_call() emit child spans carrying the standard gen_ai.* attributes (system, model, tokens, finish reasons). Auto-instrumentor extras for Anthropic, OpenAI, Bedrock, LangChain, and Cohere light up automatically.

Shipping

Egress allowlist filter at the collector

Custom fabricguard processor strips any span attribute outside the configured namespace allowlist before traces leave your cluster. Last-mile defense against accidental PII or internal-attribute leakage to third-party backends.

Shipping

Memory, retrieval & escalation primitives

decision.remember() records semantic / episodic / scratch memory writes with hashed content. decision.record_retrieval() captures RAG events. decision.request_escalation() is the first-class hook for human-in-the-loop reviews.

Shipping

Framework adapters

Plug-in adapters for LangGraph, Microsoft Agent Framework, and CrewAI that emit Fabric spans without forcing you to refactor your agent code. Your orchestrator stays; Fabric layers on top.

Shipping

PII redaction sidecar

Per-pod sidecar over Unix domain socket. Detects EMAIL, PHONE, SSN, CREDIT_CARD and named entities; returns tag-replaced text (<EMAIL>) by default for prompt forwarding, with HMAC fingerprint mode for telemetry attribution. Sub-millisecond regex pre-filter handles obvious patterns.

Shipping

Inline guardrail sidecar

Per-pod sidecar over Unix domain socket. Composes after PII redaction so the guardrail engine never sees raw sensitive data. Jailbreak defence, off-topic refusal, output safety rails. Pluggable interface lets you swap in commercial classifiers.

Shipping

Adversarial-testing runner

Kubernetes CronJob that runs adversarial probe suites against your agent on a schedule or as a pre-release CI gate. Emits findings as both JSON reports and OpenTelemetry spans tagged event_class=red_team_result so failures flow through the same audit pipeline as everything else.

Shipping

Helm umbrella chart for the full stack

One helm install deploys the collector, custom processors, the PII and guardrail sidecars, and the adversarial-testing runner. Regulatory profiles (permissive-dev, eu-ai-act-high-risk) preset network policies, PDBs, and fail-loud validators.

Shipping

Policy engine (OPA / Rego)

Open Policy Agent embedded at four enforcement points: input, tool-call, output, and egress. Every decision recorded as a fabric.policy.evaluation span event with bundle digest, rule id, action, and reason. Hot-reloadable signed policy bundles.

Shipping

MCP & modern agent primitives

Model Context Protocol session instrumentation (InstrumentedMCPSession wraps tool calls and resource reads). Rich tool-call tracking (arguments, results, errors). Memory-read primitive (recall()). Async-judge queue hook (queue_judge() → SQS / NATS / Redis transports).

Roadmap

Cryptographic workload identity

SPIFFE / SPIRE-shaped identifiers on every span and mTLS handshakes for sidecar-to-collector traffic. Cryptographic proof that a span came from the agent it claims to — what regulated buyers ask for when audit forensics need to stand up in court.

Commercial

Signed audit bundles & regulatory exports

Cryptographically signed evidence packets, WORM-backed storage with 7–10 year retention, per-regulation mapping (EU AI Act, SR 11-7, HIPAA, ISO/IEC 42001, NIST AI RMF). Regulator-acceptable export formats with verifiable provenance. Not OSS — the paid plane that consumes OSS telemetry.

Commercial

LLM-as-judge orchestration & Context Graph

Hosted judge worker pools consume Fabric's queue_judge events and write verdicts back as span events. The Context Graph links retrievals to decisions for full cross-turn provenance. Escalation routing with human-in-the-loop SLAs. Not OSS — the paid plane that consumes OSS telemetry.

One Helm chart. One Python import. Your existing backend.

The agent wraps each turn in fabric.decision(...). The SDK opens UDS connections to in-pod PII and guardrail sidecars and emits OpenTelemetry spans. The collector enforces an egress allowlist before forwarding to whichever OTel-compatible backend you already run.

01

Your agent pod

  • fabric.decision(...) opens the parent span with tenant_id, agent_id, session_id, user_id
  • guard_input() calls the in-pod PII redaction sidecar over Unix domain socket
  • guard_input() calls the in-pod guardrail sidecar over Unix domain socket
  • llm_call(...) wraps the call to your LLM provider (Anthropic, OpenAI, Bedrock, …)
  • Spans flow into the standard OpenTelemetry SDK
02

Fabric OTel collector (in cluster)

  • fabricguard — strips any attribute outside the configured namespace allowlist
  • fabricredact — second-pass PII scan at egress (belt-and-braces)
  • fabricsampler — HMAC-keyed tail sampling per event class
  • fabricpolicy — OPA / Rego policy evaluation
03

Your observability backend

  • Spans render natively in Phoenix, Langfuse, Datadog, Honeycomb, or Grafana
  • Any OpenTelemetry-compatible backend you already run
  • No new dashboard to learn — the data sits where your team already looks

Plugs into what you already run. Replaces nothing.

Fabric is additive, not invasive. Keep your LLM provider, your agent framework, and your observability backend. Add Fabric for the governance and audit telemetry you don't have.

LLM providers
  • Anthropic
  • OpenAI
  • AWS Bedrock
  • Cohere
  • Any OpenAI-compatible API
Agent frameworks
  • LangChain & LangGraph
  • Microsoft Agent Framework
  • CrewAI
  • Plain Python — no framework needed
Observability backends
  • Arize Phoenix
  • Langfuse
  • Datadog
  • Honeycomb
  • Grafana Tempo
  • Any OpenTelemetry-compatible backend
Deployment
  • Kubernetes via Helm (umbrella chart)
  • Python SDK runs in any process
  • Self-host in your cluster — no data leaves
  • Apache 2.0 — audit the code before you deploy

Fabric instruments. SASF evaluates.

SingleAxis ships two distinct products. Fabric is the instrumentation and audit substrate you install in your cluster. The SingleAxis Standardized AI Safety Framework (SASF) is a human-led evaluation methodology — 162 codes across 16 failure categories, EU AI Act-aligned. Use one, the other, or both. They compose.

OPEN SOURCE — APACHE 2.0

SingleAxis Fabric

Open-source instrumentation, redaction, guardrails, and audit-grade telemetry for AI agents.

  • Python SDK plus an OTel collector plus sidecars
  • One Helm install, deployable to your own Kubernetes
  • Works alongside your existing OTel backend
  • OpenTelemetry GenAI semantic conventions
  • No vendor lock-in, code review encouraged
EVALUATION METHODOLOGY

SingleAxis SASF

Standardized human-led AI safety evaluation. Independent third-party verdicts with audit-grade evidence.

  • 162 failure codes across 16 categories
  • Six-layer evaluation: Functionality, Safety, Security, Reliability, Transparency, Privacy
  • GOV meta-layer for organizational governance
  • Aligned to EU AI Act, NIST AI RMF, ISO/IEC 42001, SR 11-7
  • Evidence-grade report suitable for conformity assessment

Five minutes to first traces.

Install the SDK, wrap a turn, point at any OpenTelemetry backend. A real LLM call inside a fabric.decision context produces a parented span tree visible in Phoenix, Langfuse, Datadog, or wherever you ship OTel today.

1

Install the SDK with the provider extra you use

One pip command. The [anthropic] extra (or [openai], [bedrock], …) auto-wires the upstream OTel instrumentor.

pip install 'singleaxis-fabric[anthropic,otlp]'
2

Wrap one agent turn

The SDK manages the OpenTelemetry span lifecycle and attribution.

from fabric import Fabric

fabric = Fabric.from_env()
fabric.enable_auto_instrumentation(capture_content=False)

with fabric.decision(session_id="sess-1",
                     request_id="req-1",
                     user_id="user-42") as decision:
    with decision.llm_call(system="anthropic",
                            model="claude-haiku-4-5-20251001") as call:
        response = anthropic_client.messages.create(...)
        call.set_usage(
            input_tokens=response.usage.input_tokens,
            output_tokens=response.usage.output_tokens,
            finish_reason=response.stop_reason,
        )
3

Point at any OTel backend (or run Phoenix locally)

Spans render natively wherever you already ship OTel. For a self-hosted demo, Phoenix is one container.

export OTEL_EXPORTER_OTLP_ENDPOINT=http://your-collector:4318
export FABRIC_TENANT_ID=tenant-demo
export FABRIC_AGENT_ID=support-bot

# Or run Phoenix locally:
docker run -p 6006:6006 arizephoenix/phoenix:latest
4

For production: Helm install the umbrella chart

The umbrella chart bundles the collector, PII redaction and guardrail sidecars, the policy engine, and the adversarial-testing runner — all shipping in v0.5. Install it from the repo with a regulatory profile (an OCI-published chart is on the roadmap). See the chart README for exporter and Vault/KMS configuration.

git clone https://github.com/singleaxis/singleaxis-fabric

helm install fabric singleaxis-fabric/charts/fabric \
  --namespace fabric --create-namespace \
  --values singleaxis-fabric/charts/fabric/profiles/permissive-dev.yaml \
  --set tenant.id=my-tenant \
  --set presidioSidecar.enabled=true \
  --set nemoSidecar.enabled=true

Hand this to Claude Code or Cursor.

Building your agent with an AI coding assistant? Copy the AGENTS.md below and paste it in — it tells the agent exactly how to instrument your app with Fabric, correctly, the first time.

AGENTS.md
# Add SingleAxis Fabric to this agent

SingleAxis Fabric is OpenTelemetry-native observability + audit for AI agents.
Instrument this app with it as follows. Apache-2.0. Docs: https://fabric.singleaxis.ai

## 1. Install (pick the provider extra you use)
pip install 'singleaxis-fabric[anthropic,otlp]'   # or [openai], [bedrock], ...

## 2. Set the environment
export FABRIC_TENANT_ID=...        # your tenant
export FABRIC_AGENT_ID=...         # this agent's id
export OTEL_EXPORTER_OTLP_ENDPOINT=http://your-collector:4318

## 3. Wrap every agent turn in a decision
from fabric import Fabric, EscalationSummary

fabric = Fabric.from_env()

with fabric.decision(session_id=sid, request_id=rid, user_id=uid) as d:
    # LLM call -> child span carrying the gen_ai.* semantic conventions
    with d.llm_call(system="anthropic", model="claude-haiku-4-5") as call:
        resp = client.messages.create(...)
        call.set_usage(input_tokens=resp.usage.input_tokens,
                       output_tokens=resp.usage.output_tokens,
                       finish_reason=resp.stop_reason)

    # Tool call -> child span (arguments + results are hashed, never stored raw)
    with d.tool_call("search_orders", call_id="call-1") as tool:
        tool.set_arguments(args_json)
        tool.set_result(result_json)
        tool.set_result_count(n)

    # Record the rest of the turn. Each hashes content locally —
    # raw prompts / PII / payloads NEVER leave the process.
    d.record_retrieval("rag", query=q, result_count=n)          # RAG / KG / SQL
    d.remember(kind="semantic", content=note, key="pref:x")     # also recall(...), forget(...)
    d.record_eval(rubric_id="faithfulness-v1", score=0.91,
                  dimension="faithfulness", evaluator_name="my-judge")
    d.record_side_effect("ticket_create", target_system="zendesk",
                         operation="create_ticket", request_payload=payload)
    d.request_escalation(EscalationSummary(reason="low confidence", mode="async"))

## Rules — do not violate
- ONE Decision per agent turn. Never share a Decision across threads / async tasks.
- NEVER put raw prompts, PII, or tool payloads on spans. Pass raw text only to the
  hashing helpers above — Fabric emits SHA-256 hashes and metadata, not content.
- Guardrails fail LOUD: d.guard_input(text) raises if no rails are configured.
- Spans export to ANY OpenTelemetry backend (Phoenix, Langfuse, Datadog, Honeycomb,
  Grafana). Do not add a new dashboard — reuse the one you already run.

Full docs + the umbrella Helm chart: https://github.com/singleaxis/singleaxis-fabric

Designing for regulated industries?

We're looking for design partners for the Beta cohort. Free access during the design phase, founder-led onboarding, and direct influence on which Commercial-plane features ship first.