
What to Capture on an Agent Span (and What to Redact)
The attributes worth recording on an agent span, payload-size limits, and redacting PII without losing debuggability.
Author profile
Developer articles and tutorials by gabrielanhaia.
Browse the latest writing surfaced through DevArt.

The attributes worth recording on an agent span, payload-size limits, and redacting PII without losing debuggability.

Tail-sample agent traces on the whole trajectory: always keep the failed, slow, expensive, and eval runs, and drop the boring successes.

Tag spans with agent, step, and tool so you can roll token cost up per run and per feature, then find the step that burns the bill.

Agent decision quality decays quietly across steps and model updates. Build baselines, online sampling, and drift alarms that catch it early.

Single-output evals miss the failures that hurt most. Here is how to score the whole agent run, and where a human still earns the cost.

Model a multi-step agent run as a span tree, record decisions instead of responses, and replay the trajectory to find where it went wrong.

Your agent's real state lives in RAM. When the process dies mid-task, it forgets. Here's how to checkpoint and rebuild it.

Six checks to run before you flip the traffic flag on an LLM agent: tracing, evals, guardrails, cost caps, injection defense, and a runbook.

Handoffs vs a shared bus, message schemas, and the budget guard that stops two agents from talking each other into a bill.

The first five minutes of an agent incident: kill switch, budget freeze, trace triage, blast-radius check, and the eval that closes it.

An agent is not a web service. Package it, decide statelessness, cap concurrency, and scale a workload that blocks on the model.

How agent loops start, how to spot no-progress, and how to kill a runaway before the bill does — with real Python you can ship today.

Long-running agents fill the context window and rot. Here is how to prune by tokens, pin the goal, and summarize-then-drop.

Every tool call an LLM agent makes is a trust boundary. Least-privilege credentials, allow-lists, output validation, and sandboxing in real Python.

Prompt injection is unsolved. Meta's Rule of Two says pick at most two of three risk legs per agent session. Here is how to enforce it.

Step ceilings, per-run token and dollar budgets, and approval gates on dangerous tools. The kill switch every production agent needs.

LangGraph, OpenAI Agents SDK, Claude Agent SDK, Microsoft agent-framework, CrewAI, Pydantic AI: a pick-by-need guide for 2026.

Typed dependencies, validated outputs, and tests that never touch the network. How Pydantic AI puts static types around a stochastic model.

Roles, conversations, or graphs. A field guide to the 2026 multi-agent frameworks, honest verdicts, and when one agent beats a crew.

The agent loop, tool definitions, and computer-use sandboxing with the Claude Agent SDK. Where the risk lives and how to fence it in.

Agents, handoffs, guardrails, sessions. The abstractions that help you ship, and the ones that hide behavior you need to see.

Nodes, edges, state, and checkpoints. When a LangGraph state machine beats an ad-hoc agent loop in production, and what it costs you.

Fixed workflows, fully autonomous loops, and constrained autonomy. How to pick the least-powerful design that still solves the task.

Turn a goal into a plan of typed steps, learn why structured plans beat prose, and re-plan cleanly when a step fails.

Three kinds of agent memory: short-term buffer, long-term store, and the scratchpad. When each applies, the token-budget math, and the code.

Vague tool schemas make agents call the wrong function. Here is how descriptions, strict validation, and tool_choice fix misfires.

Build a real tool-calling agent from scratch: define tools, run the loop, feed results back, and stop cleanly. No framework.

Reason, act, observe in about 60 lines with the bare Anthropic SDK. What ReAct actually is, and what a framework adds on top.

Runaway loops, cost blowups, tool misfires, context rot, state drift, retrieval injection. Seven failure modes your test suite cannot see.

One property separates an agent from a pipeline with LLM calls: the model, not your code, picks what happens next. Here is what that breaks.
Advertisement