Why Agent Observability Is Harder Than Logging
A log line can tell you that something happened.
For agents, that is rarely enough.
An agent run is not just a sequence of function calls. It is a moving relationship between the user request, the context the agent saw, the plan it formed, the tools it used, the evidence those tools returned, the assumptions it carried forward, and the final answer it chose to give. When something goes wrong, the question is not only “what error occurred?” It is “why did the system believe this was the right next step?”
That is why agent observability is harder than logging.
Logs are still necessary. They tell us about latency, exits, retries, payloads, and service health. But production agents need a richer record. They need traces that explain behavior, not just events.
Logs Record Events. Traces Preserve Context.
Traditional application logs are built around services doing known work.
A request comes in. A handler runs. A database query succeeds or fails. A response goes out. If the system is well-instrumented, the logs and metrics help reconstruct what happened across the stack.
Agents add another layer: the system is deciding what work to do while it is doing the work.
That means the trace needs to preserve the decision context. What was the user asking for? What files, memories, documents, or previous messages were visible? What constraints were in force? What approvals were required? Which assumptions came from live tool output, and which came from stale context?
Without that context, a completed run can be almost impossible to debug. The final answer may look reasonable. The tool calls may look valid in isolation. The failure lives in the gap between what the agent knew and what it should have known.
A useful agent trace does not just say, “tool called.” It says what the agent believed the tool would resolve.
Tool Output Is Evidence, Not Decoration.
Agents often summarize tool output into a short internal conclusion and move on.
That is efficient when the conclusion is correct. It is dangerous when the conclusion drops the important caveat.
A build command may exit successfully but emit a warning about a missing asset. A search may return no matches because it searched the wrong directory. A file read may show the old implementation, but a later edit changes the contract. A deployment probe may return 200 while serving a stale shell.
If the trace only stores the fact that the tool ran, the reviewer has to trust the agent's interpretation. That is not observability. That is a transcript with the most important part compressed away.
The trace should keep the evidence close to the claim. When the agent says the route exists, the route check should be visible. When it says the source supports a claim, the source should be visible. When it says a build passed, the command, exit code, and relevant output should be visible.
For agent systems, tool results are not debug noise. They are the evidence layer.
Reasoning Drift Is a Production Signal.
A normal service can drift from expected behavior because data changes, dependencies change, or traffic changes.
Agents can drift inside a single run.
They start with one interpretation of the task. A tool result adds new information. An error forces a recovery path. A file reveals a different architecture than expected. A user constraint should narrow the allowed next step. The agent should update its plan as the evidence changes.
Quiet failures happen when it does not.
The run continues from an old assumption. The final answer reflects the original plan, not the observed system. The agent performs a plausible next action that no longer fits the evidence. From the outside, the trace looks active. Internally, the reasoning has drifted away from the facts.
This is the part ordinary logs miss. They can show the sequence of calls, but not whether the agent incorporated the result of each call into the next decision.
A good trace makes drift reviewable. It shows the claim before the tool call, the evidence after the tool call, and the updated plan. If the plan does not change when the evidence says it should, that is a reliability signal.
The Boundary Matters as Much as the Error.
Agent observability also has to capture boundaries.
Some boundaries are technical: schema validation, missing files, command failures, rate limits, timeouts. Some are operational: do not publish without approval, do not overwrite unrelated work, do not rely on memory for current system state. Some are judgment boundaries: escalate when the consequence is public, irreversible, legal, financial, or high impact.
When a boundary is crossed, the trace should make that visible.
Did the agent notice the dirty git tree before editing? Did it stop before pushing? Did it ask for approval before external publication? Did it distinguish a local draft from a live post? Did it report the failed dependency instead of pretending the path worked?
These are not just policy questions. They are observability questions. If the runtime cannot show whether the boundary was recognized, it cannot enforce the behavior reliably.
Observability Should Feed Evals.
The point of collecting richer traces is not to admire them later.
The trace should become raw material for evaluation.
When an agent skips verification, the trace tells us which verification step was missing. When it makes an unsupported claim, the trace tells us which evidence was absent. When it swallows a tool error, the trace tells us where recovery should have happened. When it crosses an approval boundary, the trace tells us what gate failed.
Each of those failures can become a regression case.
That is the loop: observe the run, identify the failure mode, encode the check, and make the next run fail loudly if the same pattern appears again. Without observability, evals become abstract rubrics. With observability, evals become operational memory.
Build the Trace Around the Questions You Will Ask.
Agent observability does not need to record everything forever.
It needs to record the things you will need when trust breaks.
What did the user ask for? What context was available? What did the agent decide to do? What tools did it call? What evidence came back? What changed after each result? What checks ran? What boundaries applied? What did the agent claim in the end?
If those questions are answerable, failures become debuggable. If they are not, the system falls back to vibes: the answer sounded confident, the trace looked busy, the model probably knew what it was doing.
That is not enough for production.
Reliable agents need logs, but they also need evidence, context, decision history, and boundaries. They need traces built for behavior, not just infrastructure.
Because the hardest agent failures are not always the ones where the system stops.
They are the ones where the system keeps going for the wrong reason.