Agent observability has gotten good at answering what happened: OpenTelemetry spans for each model call and tool execution, structured event logs, replayable traces. If a run misbehaves, you can reconstruct the sequence.

But for anything that has to stand up to an incident review or a compliance ask, "what happened" isn't the question. The question is what was authorized:

Why was this tool selected for this step?

Under whose authority did the call run — agent credentials, or a specific user's?

What did a guardrail refuse, and on what rule?