Logger Snippets

Drop-in server snippets that record which AI agents fetch your A2WF policy. Privacy-preserving by default: no IP, no cookies, no query strings, no full Referer, no raw User-Agent. Optional opt-in forwarding to an operator-configured endpoint.

Pick the snippet for your stack

Supporting files

• a2wf-log-event-v1.schema.json - versioned JSON Schema for the log event format.
• agent-signatures.json - community-maintained list of AI agent User-Agent patterns.
• README.md - the long-form documentation as raw Markdown.

What gets logged

Every snippet writes records that match the same log event schema:

{
  "a2wfLogVersion": "1.0",
  "schemaURI": "https://a2wf.org/schema/a2wf-log-event-v1.json",
  "timestamp": "2026-05-17T10:30:00Z",
  "method": "GET",
  "observedPath": "/.well-known/a2wf/siteai.json",
  "statusCode": 200,
  "userAgentCategory": "openai",
  "matchedSignatureId": "openai-gptbot",
  "agentDeclared": false,
  "agentVerified": false,
  "collectionMode": "local",
  "rawFieldsIncluded": []
}

Privacy posture

• By default: no IP address, no cookies, no Authorization header, no query strings, no request body, no full Referer, no raw User-Agent.
• The User-Agent is reduced to a heuristic category from agent-signatures.json. The category is not proof of identity.
• External forwarding (A2WF_LOG_ENDPOINT) is opt-in. When enabled, only the endpoint's origin is recorded, never the full URL with tenant IDs or tokens.
• You (the operator) remain responsible for legal basis, retention, and notices. These snippets do not establish a data-processing agreement on your behalf.

Retention

The snippets do not enforce a retention period. A reasonable starting point for operators without a specific regulatory constraint is 90 days with daily rotation. Operators in regulated sectors should align retention with their sector's requirements.