
Two terminal agents was one too many
For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

Ask a typical enterprise team running AI agents in production a simple question: what are your agents doing right now?
The answer almost always starts with “well, it depends what you mean by” — and that hedging is the entire problem. The questions any operator should be able to answer in under a minute:
A team that cannot answer those quickly is not just inconvenienced. They are operating in the dark. And operating in the dark is fine when your agents do safe, narrow, deterministic things. It becomes dangerous the moment your agents touch real users, real data, real money — which, in May 2026, almost all of them do.
This is the observability gap that live agent observability closes.
Observability is not new. Every enterprise has logs, metrics, and traces somewhere. Most of those somewheres are post-hoc: data lands in a warehouse, gets indexed, becomes queryable an hour or a day later. That cadence was acceptable when systems made decisions on the timescale of human approvals. AI agents do not.
An agent in a production loop makes hundreds of decisions per minute. Each decision involves a model call, a tool invocation, a state update. By the time a post-hoc dashboard tells you something went wrong, the agent has made another thousand decisions on top of it.
Live observability means three things:
Sub-second visibility. What the agent did one second ago is visible right now, not after a batch job runs.
Inline enrichment. Events arrive with the policy decisions, the user identity, the model used, the cost, the latency, and the structured reason — not as raw text.
Queryable in human time. “Every agent run that touched customer data in the last hour” returns in milliseconds, not minutes.
If your observability is not live in all three senses, you can see history but not the present. You can do forensics but not operations. You can prove what happened, but not steer what is happening.
The benefits compound across roles. Five worth naming explicitly:
An agent’s failure mode is rarely a crash. It is degradation — slower responses, more retries, fallback paths firing, higher token cost per request. Live observability turns those signals into alerts before users notice.
Examples that come up in customer environments:
A model provider regresses. Latency jumps from 800ms to 4s. Without live observability, your agents tank for a week before someone notices. With it, you see the spike inside an hour and reroute.
A prompt template changes. Token cost per request doubles. Without live observability, your monthly bill is a surprise. With it, you see the regression in the deploy that caused it.
A tool dependency throttles you. Retries cascade. Without live observability, you find out from a stakeholder. With it, your error-rate dashboard pages on-call.
An agent’s worst-case behavior is not a crash either. It is use of capabilities it was given but should not have used in this context. A summarization agent calling out to an unexpected endpoint. A data-exploration agent emitting un-redacted PII. A coding agent disabling a validation check to satisfy a failing test.
Live observability lets security teams:
The EU AI Act’s Article 12 — automatically generated logs for high-risk systems — does not specify “post-hoc batch logs.” It says automatically generated. The teams that will pass an Article 12 audit on day one are the teams whose audit log is their observability stream, in real time, with cryptographic chaining for tamper evidence.
For compliance specifically, live observability turns six questions that take six weeks into six queries that take six seconds:
AI inference is volatile. Anthropic prices changed three times in 2025. Bedrock cross-region pricing shifted in early 2026. A team running a fleet of agents without live cost observability is running a fleet of agents on optimism.
Live observability surfaces:
Agents are not deterministic. The interesting thing about running an agent in production is not whether it crashes — it is the distribution of what users ask, what the agent does, where it succeeds, and where it fails to produce a useful answer.
Live observability gives product teams:
This is product analytics for AI products. It is rarer than it should be.
Putting the requirements together, a live agent observability layer has eight properties. Treat this as a checklist:
Inline policy enforcement is the source of truth. Every event is generated as a side effect of a policy decision. There is no separate “logging” path that can diverge from the enforcement path.
Structured events, not strings. Every event has a typed schema: who, what, when, which model, which tool, which policy, which decision, which cost, which latency, which scope.
Tamper-evident audit chain. Events are cryptographically linked. Retroactive tampering is detectable. This is what makes the audit log defensible in front of an auditor or a regulator.
Sub-second propagation to UI. The CISO opens a dashboard. Events from one second ago are visible. The dashboard is a real view of present reality.
Multi-provider normalization. Anthropic, OpenAI, Bedrock, Vertex, Azure, Mistral, Cohere, Ollama, plus a dozen more — all normalized to the same event shape. The dashboard does not care which provider; the engineer asking a question does not care; only the analytics that explicitly slice by provider do.
Real-time anomaly detection. Statistical anomaly detection — 2σ-based on rolling baselines — on every meaningful dimension: latency, cost, error rate, content scanner hit rate, policy denial rate. Anomalies surface as alerts, not as data points buried in a dashboard.
Policy simulator that reads the live stream. “If I enforced this new policy starting today, how many events in the last 30 days would have changed?” The simulator runs against the live event store; it is not a separate copy.
Identity scoping all the way down. Every event is tagged with the org / team / project / app / user scope that produced it. Queries that scope by team return only that team’s events; admin queries return everything.
If any one of these eight is missing, you have observability that is good for forensics but not for operations.
Zentinelle , with the zentinelle-sdk , is the governance and observability pillar of Calliope’s private-AI stack — and it is built on the principle that the policy decision is the event. There is no separate logging path. Every event the dashboard shows is an event that was produced as a side effect of a real, enforced policy decision.
The features mapped to the checklist above:
For agents that sit behind a gateway, Zentinelle’s Django proxy or Go gateway mediates and observes everything. For agents that need to participate from inside their code, the zentinelle-sdk (Python, TypeScript, plus framework plugins for LangChain, CrewAI, Vercel AI SDK, LlamaIndex, MS Agent Framework, and n8n) provides the same evaluate / emit / register / log primitives — so an agent your team owns can participate in the observability stream without proxying its traffic.
Both modes produce the same event shape. Both feed the same dashboards. Both contribute to the same tamper-evident chain.
Two teams ran a similar AI agent in production through the first quarter of 2026. Both ran on private infrastructure. Both used Claude and GPT models. Both had reasonable security postures on paper.
Team A had post-hoc observability. Logs in a warehouse. Reports run weekly. Audit log generated quarterly.
Team B had live observability. Every event indexed in real time, with anomaly detection on five dimensions and an alerts queue staffed during business hours.
In Q1:
Team A discovered, in the Q1 review, that a tool call had been silently failing for six weeks. They had not noticed because the agent’s downstream behavior was indistinguishable from “the user did not need this tool today.” Cost to fix: a week of investigation, a week of remediation, a quarterly post-mortem.
Team B discovered the same failure mode within four hours of it starting. Their error-rate-per-tool dashboard fired an alert. The on-call engineer rolled back the tool’s most recent deploy. Cost to fix: a half-day.
Multiply that delta across every quarter, every team, every agent. The compounded cost of post-hoc observability is what makes “live” not a nice-to-have but the operational baseline for serious AI in 2026.
If you are setting up live agent observability for the first time, the order that has worked:
Pick the platform first, not the metrics. Choose a layer that makes policy decisions the source of truth for events. Otherwise you will spend a year arguing about which “log” is correct.
Get one team’s agents fully instrumented before you scale. A team with five agents and live observability beats a department with fifty agents and post-hoc logs.
Tune anomaly detection by hand for the first month. Baselines need real production traffic. Expect false positives. Expect to tighten thresholds.
Wire the dashboards into your existing on-call rotation. Observability you do not look at is not observability.
Then add the policy simulator and the audit chain. Once the live stream is real, simulations and audit become straightforward queries on top of it.
In May 2026, with three months until the EU AI Act’s high-risk obligations land, with foundation model providers changing pricing and latency monthly, with agents moving from prototype to production faster than most platform teams can keep up — knowing what your agents are doing, live, in your own cloud, is the single most leveraged investment you can make in your AI stack.
Not because it makes the agents better. Because it makes you able to keep running them.
This is the third post in our private-AI series. Next: how preview environments stitch the runtime and governance pillars together, so policy violations surface in CI — not in a 2 a.m. Slack page from compliance.

For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

When Operational Reliability Is the Regulation Most regulated industries have a data-protection focus: customer …