Request correlation
Every REST request and MCP tool call returns a request_id. That ID is the shared join key for client logs, API logs, MCP logs, audit events, usage events, and support debugging.
Correlation contract
Slab5 generates one request ID at the API/MCP boundary and carries it through the app-plane operation. The same ID should be present in:
- The REST or MCP response envelope.
- Structured server logs.
- Audit events for mutations.
- Usage events for API requests, MCP tool calls, storage operations, webhook deliveries, and other metered work.
- Support notes when a developer reports a failed or surprising request.
Request IDs are operational identifiers, not authorization tokens. They do not grant access to workspace data.
REST flow
Successful REST responses include request_id at the top level:
{
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"data": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"id": : var(--shiki-token-string)">"contact_uuid",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"name": : var(--shiki-token-string)">"Jane Doe"
},
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_01hzn7y7x8z9"
}Failed REST responses include request_id inside the error envelope. Client applications should log the request ID with the user-visible error code and the idempotency key when a write was attempted.
MCP flow
MCP tool calls include the same ID in the JSON-RPC response envelope and the structured tool content:
{
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"jsonrpc": : var(--shiki-token-string)">": var(--shiki-token-constant)">2.: var(--shiki-token-constant)">0",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"id": : var(--shiki-token-string)">"contact-: var(--shiki-token-constant)">1",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"result": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"structuredContent": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"status": : var(--shiki-token-string)">"executed",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"tool": : var(--shiki-token-string)">"create_contact",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_01hzn7y7x8z9",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"contact": {
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"id": : var(--shiki-token-string)">"contact_uuid",
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"name": : var(--shiki-token-string)">"Jane Doe"
}
}
},
: var(--shiki-token-string)">"color: var(--shiki-token-parameter)">: var(--shiki-token-string)">"request_id": : var(--shiki-token-string)">"req_01hzn7y7x8z9"
}Agents should preserve the request ID in traces or task state. Do not paste tokens, raw request bodies, or secret-bearing headers into prompts or traces.
Support workflow
When debugging a reported issue:
- Start from the
request_idin the client, agent trace, or error response. - Find the API request or MCP tool call event for the workspace.
- Check the matching audit event if the operation was a mutation.
- Check the usage event to confirm metering and plan-limit behavior.
- Use structured logs for service-level failures after workspace and permission checks are understood.
If the developer cannot provide a request ID, ask for the endpoint or tool name, approximate timestamp, workspace, and client-side error code. Do not ask for raw credentials or full authorization headers.
Storage rules
Store request IDs in application logs and support tickets. Do not use request IDs as idempotency keys, resource IDs, or customer-facing invoice identifiers.