Agent observability has gotten good at answering what happened: OpenTelemetry spans for each model call and tool execution, structured event logs, replayable traces. If a run misbehaves, you can reconstruct the sequence.
But for anything that has to stand up to an incident review or a compliance ask, "what happened" isn't the question. The question is what was authorized:
Why was this tool selected for this step?
Under whose authority did the call run — agent credentials, or a specific user's?
What did a guardrail refuse, and on what rule?







