Observability & governance

If an agent did it, it's on record.

Because AgentGuide sits on the path of every model call, tool invocation, and agent turn, observability isn't an SDK you hope every team integrates — it's a property of the traffic. And the same position makes governance enforceable, not advisory.

Usage events

Four event families, one attribution model.

LLM, MCP, ACP, and builtin traffic each produce durable, typed usage events. Every event carries the agent that caused it — so cost, latency, and errors roll up per agent, not just per endpoint.

time kind agent target tokens in / out latency
14:02:11 llm support-triage anthropic · claude-sonnet-5 8,412 / 1,203 2.1s
14:02:13 mcp support-triage crm-tools · lookup_account 340ms
14:02:19 builtin report-writer turn · plan-execute 31,908 / 4,551 18.7s
14:02:24 acp codex-dev turn · session 7f3a 12,050 / 2,340 timeout
token economics

Cost-grade token detail

Prompt, completion, cached, and reasoning tokens are recorded separately — the numbers you actually need to explain a bill or tune a cache.

call chains

Spans, not just counters

Agent turns open interaction spans; inner model calls and tool executions nest underneath. You see the chain of causation, not four disconnected logs.

honest errors

Failures classified

Client errors, upstream failures, and internal faults are distinguished per event — so an agent misbehaving and a provider outage never blur together.

Analytics & integration

Query it here. Aggregate it anywhere.

built in

Metrics Admin API

Summaries with pipeline health, per-protocol timeseries and breakdowns, recent interaction events, and per-agent usage and activity views — queryable the moment the gateway is running.

  • Per-agent rollups Usage, activity, interactions, and health per registered agent.
  • Prometheus exposition Scrape the gateway; build trends and alerting in Grafana.
  • OpenTelemetry seam A sink adapter designed for exporting events to your tracing stack.
  • Retention control Configurable retention with automatic cleanup — observability that respects your storage.

Governance

Enforcement at the only place it can't be skipped.

Guidelines in a wiki don't stop an agent at 3 a.m. Controls at the gateway do. AgentGuide's governance is structural: if traffic doesn't satisfy policy, it doesn't reach the model, the tool, or the agent.

access

Identity & keys

  • Virtual keys per app, team, or agent — issue, rotate, revoke centrally
  • Upstream secrets never leave the gateway
  • Route-level auth requirements, fail-closed
actions

Permission gates

  • Deny by default; auto-approve where safe; interactive human approval where it counts
  • Unanswered requests time out to denial
  • Every decision attributable and on record
blast radius

Runaway protection

  • Agent recursion-depth limits stop agent-calls-agent loops at the gate
  • Per-agent concurrency caps and turn timeouts reject rather than queue
  • Panic containment: one bad turn never takes down the gateway
resources

Scoped capability

  • Agents reach only the model routes and MCP tools bound to them
  • Managed coding agents run in pooled, isolated processes confined to allowed filesystem roots
  • Missing tools fail loudly — no silent fallback behavior
  • One route, one owning agent: attribution stays unambiguous

Put your agents on the radar

Start observing before you scale to a fleet.

The teams that succeed with multi-agent systems are the ones that could see their single agents first. Deploy the gateway, route one agent through it, and watch the picture appear.