Observability & Auditing
Deploying AI agents to production requires deep, structured observability. Because agents can navigate workflows dynamically, standard HTTP logs are insufficient. Datafuse provides a comprehensive, session-aware Audit and Logging Pipeline that maps agent actions from start to finish.
Metric Tracking Capabilities
Datafuse intercepts every tool request at the gateway boundary, capturing core telemetry metrics:
- Execution Latency: Network-level breakdown showing proxy duration vs. provider response latency.
- Response Payload Audits: Raw byte sizes and response structures to alert on API contract shifts.
- Result Status Verification: Track downstream HTTP errors, database connection failures, and validation exceptions.
- LLM Session Tracking: Group multiple, sequential tool calls under a single parent agent session ID to trace complex multi-step reasoning workflows.
Dynamic Telemetry Visualizations
The Datafuse Console renders real-time execution statistics directly under /app/logs, grouping executions by latency curves, throughput, and error density.
LATENCY DISTRIBUTION CURVE (Real-Time Console)
500ms │ █
400ms │ █ █ █
300ms │ █ █ █ █ █
200ms │ █ █ █ █ █ █ █
100ms │ █ █ █ █ █ █ █ █ █
0ms └───────────────────────────────
GET POST DELETE PATCH
Structured Audit Schema
Every API invocation generates a strongly-typed audit trail.
Here is an example of an audit payload compiled by our telemetry services:
{
"id": "e2f1e687-cc51-4f51-b847-ec074d0a68d0",
"project_id": "proj_01j7v68s...",
"session_id": "session_agent_alpha_92",
"action": "slack.post_message",
"resource_type": "toolkit",
"resource_id": "slack",
"duration_ms": 234,
"status_code": 200,
"metadata_json": {
"ip": "12.34.56.78",
"caller": "handshake_bot",
"mutating": true
},
"created_at": "2026-05-23T03:07:43Z"
}
Decoupled Audit Logging
Developers can record custom application-level traces or operational messages directly through our unified SDKs.
This is highly useful for creating end-to-end debugging trails, linking LLM thoughts to external API calls:
from datafuse.generated import AuditLogCreate
# Record custom agent reasoning step in Datafuse console
sdk.logs.create_audit_log(
audit_log_create=AuditLogCreate(
action="agent.reasoning_step",
resource_type="agent_reasoning",
resource_id="session_123",
metadata_json={
"thought": "User requested channel publish. Searching for Ably integration...",
"decision": "Invoke ably.publish_message"
}
)
)
Enforcing Zero-Retention Compliance
For industries governed by strict compliance laws (such as healthcare, banking, and government contracts), storing raw tool payloads on third-party servers presents a significant regulatory risk.
The Zero-Retention Vault
Datafuse offers a cryptographically enforced Zero-Retention Mode at the VPC container level:
- Ephemeral Proxy Ingress: Payloads are parsed completely in-memory inside container memory buffers.
- Instant Memory Purging: As soon as the payload response is returned to the client SDK, the buffer is zeroed out.
- Cryptographic Truncation: Logs retain only the metadata (timestamp, action slug, latency, status code) while the raw
argumentsandresponsestructures are cryptographically redacted, ensuring zero PII leakages.
!WARNING When Zero-Retention Mode is activated, payloads cannot be recovered. Live debugging in the Console must be conducted in real-time via authenticated secure logging streams, as history data is never persisted.