Claude Cowork

Claude Cowork is Anthropic’s agentic desktop app for knowledge work — file organization, research synthesis, document creation, and multi-step task automation. It emits OpenTelemetry events using the same schema as Claude Code, so the same Last9 setup gives you full visibility into Cowork sessions: prompts submitted, tools invoked, API costs, and errors.

What gets exported

Cowork exports five event types as OpenTelemetry log records, identical in structure to Claude Code events:

Event	Emitted when	Key attributes
`claude_code.user_prompt`	User submits a prompt	`prompt.length`, `session.id`, `user.email`
`claude_code.api_request`	Claude API responds	`llm.usage.total_tokens`, `cost_usd`, `model`, `duration_ms`
`claude_code.api_error`	API call fails	`error.message`, `http.status_code`, `retry_attempt`
`claude_code.tool_result`	Tool execution completes	`tool.name`, `tool.success`, `duration_ms`
`claude_code.tool_decision`	Permission prompt resolved	`tool.name`, `tool.decision` (`accept`/`reject`), `decision.source`

All events include a prompt.id UUID linking every event produced while processing a single user prompt, plus workspace.host_paths identifying which local directories were selected for the session.

Prerequisites

Last9 account — Sign up at app.last9.io
Claude Desktop with Cowork enabled — Download at claude.com/download
Team or Enterprise plan with admin access
OTLP credentials — Get your endpoint and auth header from Integrations → OpenTelemetry

Setup

Get your Last9 OTLP credentials

Navigate to Integrations → OpenTelemetry in your Last9 dashboard. Copy:
- OTLP Endpoint (e.g., https://otlp-aps1.last9.io:443)
- Authorization header (e.g., Basic <base64-token>)
Open Cowork monitoring settings

In Claude Desktop, go to Settings → Monitoring (admin access required).
Configure the OTLP connection

Fill in the three fields:

Field Value
OTLP endpoint https://<your-last9-otlp-endpoint>/v1/logs
OTLP protocol http/json
OTLP headers Authorization=Basic <your-last9-auth-token>

Unlike the Claude Code CLI (which appends /v1/logs automatically), Cowork requires the full path including /v1/logs when using http/json or http/protobuf protocol.

The placeholder in the UI shows Authorization=Bearer your-token. For Last9, use Basic, not Bearer.
Save and restart Claude Desktop

Click Save. Configuration is loaded at session start — you must restart the Desktop app for the settings to take effect.
Run a Cowork task and verify

Start any Cowork task. Navigate to Logs in Last9 and filter by service.name = cowork or search for claude_code.api_request to confirm events are flowing.

Field	Value
OTLP endpoint	`https://<your-last9-otlp-endpoint>/v1/logs`
OTLP protocol	`http/json`
OTLP headers	`Authorization=Basic <your-last9-auth-token>`

What you can do in Last9

Cost tracking per user

Every claude_code.api_request event carries cost_usd, input_tokens, and output_tokens tagged with user.email. Filter Last9 Logs by user to see per-person Cowork spend across your organization.

Session replay via `prompt.id`

All events from a single user interaction share a prompt.id UUID. Filter Last9 Logs by a specific prompt.id to reconstruct the full sequence:

user_prompt → api_request → tool_decision → tool_result → api_request

Tool usage audit

claude_code.tool_decision events record every permission prompt with tool.decision = accept | reject. Use this to understand which file operations or tools users are approving or blocking in their Cowork sessions.

Workspace visibility

The workspace.host_paths attribute identifies which local directories were shared with Cowork during the session — useful for auditing which data sources are being accessed.

Shared schema with Claude Code

Cowork reuses Claude Code’s OTel event schema via the Claude Agent SDK. If you are already sending Claude Code telemetry to Last9, Cowork events will land in the same log stream and can be distinguished by:

terminal.type — set to cowork for Cowork sessions vs cli for Claude Code
workspace.host_paths — only present in Cowork events

You can use a single Last9 dashboard covering both products by filtering on service.name (claude-code vs cowork) or grouping on terminal.type.

Troubleshooting

No events in Last9 after running a Cowork task

Confirm you restarted Claude Desktop after saving the settings — configuration loads at session start only
Verify the OTLP protocol is set to http/json — Last9 requires HTTP, not gRPC
Check the header format: Authorization=Basic <token> with no extra quotes

401 / authentication errors

Confirm you are using Basic, not Bearer, in the Authorization header
Regenerate the token from Integrations → OpenTelemetry if it has expired

Settings panel not visible

Cowork monitoring configuration requires admin access on Team or Enterprise plans — confirm your role in the Claude admin console

Please get in touch with us on Discord or Email if you have any questions.