Stop guessing why your agent hallucinated. Query the database.
In my last post, I introduced the Agent Control Plane—a "Kernel" I built to stop agents from hallucinating rm -rf / commands.
But as we move from safety (preventing bad things) to operations (debugging weird things), we hit a wall.
When a standard software app crashes, you have a stack trace. You know exactly which line failed.
When an AI agent fails, you usually just get a shrug.
- Why did it call the
refundtool with $0? - Did the ABAC policy block it, or did the LLM just forget to call it?
- Was the context window full?
"Sorry, it was the LLM" is not an engineering root cause. It’s an excuse.
If we want to treat Agents as "Digital Employees," we need to treat their execution cycles as Audit Logs.
I added a Flight Recorder to the Kernel. Here is why we need one, and why print() statements aren't enough.
The "Black Box" Problem
Standard LLM observability (LangSmith, Arize, etc.) is great for prompt engineering. They tell you about tokens, latency, and costs.
But they don't tell you about Governance.
I didn't need to know how many tokens the agent used. I needed to know:
- Intent: What tool did the Agent try to use?
- Verdict: Did my Kernel allow it?
- Reasoning: If it was blocked, which policy rule triggered?
Without this triad, debugging is just guessing.
The Implementation: SQLite is All You Need
I didn't want to spin up a complex observability stack. I believe in Scale by Subtraction.
The Flight Recorder is a lightweight, local SQLite engine hooked directly into the Kernel's interceptor chain. It captures the decision logic atomically.
Here is how it looks in the codebase:
# From src/agent_control_plane/flight_recorder.py
class FlightRecorder:
def __init__(self, db_path="agent_blackbox.db"):
self.conn = sqlite3.connect(db_path)
self._init_schema()
def log_interception(self, agent_id, tool_name, args, policy_verdict, violation_reason=None):
"""
Records the 'Black Box' data of an interception event.
"""
self.conn.execute("""
INSERT INTO flight_events
(timestamp, agent_id, tool_name, arguments, policy_verdict, violation_reason)
VALUES (?, ?, ?, ?, ?, ?)
""", (
datetime.now().isoformat(),
agent_id,
tool_name,
json.dumps(args),
policy_verdict, # 'ALLOWED' or 'BLOCKED'
violation_reason
))
self.conn.commit()
It’s boring technology. That’s the point. It’s robust, queryable, and sits right next to your code.
Querying the Crash Site
The real power isn't recording the data; it's interrogating it.
Because it's just SQL, I can answer complex governance questions in milliseconds.
"Show me every time the Finance Agent tried to spend over $1,000 and was blocked."
SELECT timestamp, arguments, violation_reason
FROM flight_events
WHERE agent_id = 'finance_agent'
AND policy_verdict = 'BLOCKED'
AND tool_name = 'process_refund'
ORDER BY timestamp DESC;
"Show me if the new prompt update caused a spike in policy violations."
# kernel_v1_demo.py usage
stats = recorder.get_statistics()
print(f"Total Actions: {stats['total_actions']}")
print(f"Blocked Ratio: {stats['by_verdict'].get('blocked', 0) / stats['total_actions']:.2%}")
This transforms "AI Debugging" from a vibe check into a data science problem.
Governance Without the Bloat
We tend to over-complicate AI infrastructure. We think we need vector DBs for memory and massive cloud logging for audit trails.
The Flight Recorder proves that often, a local file and a rigid schema are superior.
- Zero Latency: It runs in-process with the Kernel.
- Zero Cost: It’s SQLite.
- Total Clarity: You can replay the exact sequence of events that led to a failure.
Try it Yourself
The Kernel v1.0 ships with the Flight Recorder enabled.
Clone the repo, run the demo_flight_recorder() function, and watch it generate a database file. Then, try to break the agent. Force it to access a protected path (/etc/passwd) and watch the recorder catch it red-handed.
**🔗 GitHub Repo: imran-siddique/agent-control-plane**
Intelligence without governance is just a bug waiting to happen. The Flight Recorder is how you catch it.
Top comments (0)