> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Claude Cowork monitoring

> Send Claude Cowork OpenTelemetry session events to Runlayer

Claude Cowork can export organization-wide OpenTelemetry logs directly to
Runlayer. Use this setup when you want Cowork sessions to appear in Runlayer
Sessions without installing a local hook or daemon on each user's machine.

Runlayer accepts Cowork <Tooltip tip="OpenTelemetry Protocol">OTLP</Tooltip> logs at:

```text theme={null}
https://<your-tenant>.runlayer.com/api/v1/hooks/cowork/otlp/v1/logs
```

For manual local payload tests, use the local app URL:

```text theme={null}
http://localhost:3000/api/v1/hooks/cowork/otlp/v1/logs
```

Do not use `localhost` in Claude Cowork monitoring settings. Cowork exports
from Anthropic's VM, so `localhost` points at the Cowork environment, not your
developer machine. To test with a real Cowork session against a local Runlayer
stack, expose your local app through a reachable HTTPS tunnel and use that
tunnel URL as the OTLP endpoint.

## Requirements

* Claude Team or Enterprise with Cowork monitoring access
* Claude desktop app version 1.1.4173 or later
* A Runlayer organization API key with the **Shadow AI Scan** role
* Full session scanning enabled for **Claude Cowork** in Runlayer

## Create the Runlayer API key

<Steps>
  <Step title="Open Organization API keys">
    In Runlayer, go to **Settings -> Organization API keys**.
  </Step>

  <Step title="Create a scoped key">
    Click **Create Organization API Key**, give it a name such as
    `Claude Cowork OTLP`, and select **Shadow AI Scan**.
  </Step>

  <Step title="Copy the key">
    Copy the generated `rl_org_...` value. Cowork uses this key in the OTLP
    header, and Runlayer rejects user API keys or org keys without the
    **Shadow AI Scan** role.
  </Step>
</Steps>

## Enable Cowork in Runlayer

<Steps>
  <Step title="Open Full session scanning">
    In Runlayer, go to **Settings -> General -> Full session scanning**.
  </Step>

  <Step title="Enable the API">
    Turn on **Full session scanning APIs**.
  </Step>

  <Step title="Enable Claude Cowork">
    Under **Hook clients**, turn on **Claude Cowork**, then save the settings.
  </Step>
</Steps>

## Configure Claude Cowork

In Claude admin settings, open **Cowork** monitoring settings and set:

| Field         | Value                                                                 |
| ------------- | --------------------------------------------------------------------- |
| OTLP endpoint | `https://<your-tenant>.runlayer.com/api/v1/hooks/cowork/otlp/v1/logs` |
| OTLP protocol | `http/protobuf` recommended; `http/json` also works                   |
| OTLP headers  | `Authorization=Bearer rl_org_...`                                     |

If your organization restricts Cowork network egress, allowlist your Runlayer
tenant hostname, such as `<your-tenant>.runlayer.com`. Cowork exports telemetry
from its VM, so blocked egress prevents events from reaching Runlayer.

After saving the Cowork monitoring settings, start a new Cowork session. Cowork
loads monitoring settings when a session starts, so already-running sessions do
not pick up the new OTLP destination.

## Verify in Runlayer

1. Start a new Cowork session and submit a prompt.
2. Open **Sessions** in Runlayer.
3. Filter by client **Claude Cowork**.

You should see Cowork prompts, tool decisions, tool results, API requests, and
API errors in the session timeline. Runlayer closes Cowork sessions
automatically after they stop sending activity.

## Troubleshooting

<AccordionGroup>
  <Accordion title="No Cowork sessions appear">
    * Confirm **Full session scanning APIs** is on.
    * Confirm **Claude Cowork** is enabled under **Hook clients**.
    * Confirm the Cowork OTLP endpoint includes `/api/v1/hooks/cowork/otlp/v1/logs`.
    * Confirm the OTLP header uses an organization API key with **Shadow AI Scan**.
    * Start a new Cowork session after changing monitoring settings.
    * If Cowork egress allowlisting is enabled, allowlist your Runlayer tenant
      hostname.
  </Accordion>

  <Accordion title="Runlayer returns 403">
    Use an organization API key with the **Shadow AI Scan** role. Personal user
    API keys and org keys without that role are rejected for Cowork OTLP
    ingestion.
  </Accordion>

  <Accordion title="JSON or protobuf">
    Use `http/protobuf` for normal deployments. Use `http/json` when you need to
    inspect payloads while testing. Runlayer accepts both protocols on the same
    endpoint.
  </Accordion>
</AccordionGroup>
