The latest articles on Forem by Jason Shotwell (@json_shotwell). https://forem.com/json_shotwell https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3784414%2Fdbb18967-e0a4-4481-8d5e-29712fdd0666.png https://forem.com/json_shotwell en Jason Shotwell Mon, 20 Apr 2026 00:17:40 +0000 https://forem.com/json_shotwell/building-bilateral-receipts-for-ai-agent-actions-1k4p https://forem.com/json_shotwell/building-bilateral-receipts-for-ai-agent-actions-1k4p <p>Your AI agent just approved a $75,000 loan. Can you prove who authorized it? Can you prove what the result was? Can you prove the policy that was active when the decision was made?</p> <p>If your answer involves grepping log files, you have a problem. August 2026 is coming, and the EU AI Act requires tamper-evident records for high-risk AI systems. Not logs. Records.</p> <p>I built a system that solves this. Here's how it works.</p> <h2> The Problem: Logging Is Not Proof </h2> <p>Most AI agent frameworks have some form of logging. LangChain has callbacks. CrewAI has verbose mode. OpenAI has the API response. But none of them answer the hard questions:</p> <p>Was this action authorized before it ran? Logs record what happened. They don't prove what was supposed to happen.</p> <p>Can you verify the record hasn't been tampered with? Anyone with write access to your log store can alter a record after the fact. During a regulatory audit, that's a problem.</p> <p>Can a third party verify without your help? If the auditor needs your internal tooling to check a record, the verification isn't independent.</p> <p>These aren't theoretical concerns. EU AI Act Article 12 requires record-keeping with integrity guarantees. Article 14 requires human oversight that's demonstrable. If your agent approved a high-stakes decision and a regulator asks for proof, "here are some log lines" won't cut it.</p> <h2> The Solution: Covenants + Bilateral Receipts </h2> <p>I added a system called Gate to AIR Blackbox that handles both sides: what agents are allowed to do (pre-execution) and what they actually did (post-execution), with cryptographic proof at every step.</p> <p>It has three components:</p> <h3> 1. Covenants — Policy as YAML </h3> <p>A covenant is a YAML file that declares the rules before the agent runs. Three rule types: permit, forbid, require_approval. Conditions are supported via when and unless.</p> <p>agent: loan-processor<br> version: "1.0"<br> rules:</p> <ul> <li>permit: read_credit_score</li> <li>permit: calculate_risk</li> <li>permit: approve_loan when: "amount &lt;= 50000"</li> <li>require_approval: approve_loan when: "amount &gt; 50000"</li> <li>forbid: delete_records</li> <li>forbid: modify_credit_score Precedence is strict: forbid &gt; require_approval &gt; permit &gt; default deny. If no rule matches, the action is denied. This is deliberate — fail closed, not open.</li> </ul> <p>The covenant is SHA-256 hashed, and that hash is embedded in every receipt. Change one rule, and every subsequent receipt carries a different hash. An auditor can verify exactly which policy was active for any past action.</p> <h3> 2. Bilateral Receipts — Two-Phase Proof </h3> <p>Every action produces a receipt with two cryptographic phases:</p> <p>Phase 1 (Authorization): The gate evaluates the covenant, makes a decision, and signs the authorization with Ed25519. The action payload is SHA-256 hashed — raw data (PII, financial details) never enters the receipt.</p> <p>Phase 2 (Seal): After execution, the result is hashed and sealed into the same receipt with a second Ed25519 signature. The seal covers the authorization signature, binding the entire lifecycle.</p> <p>from air_blackbox.gate import Gate, Covenant</p> <p>covenant = Covenant.from_yaml("covenant.yaml")<br> gate = Gate(covenant=covenant)</p> <h1> Phase 1: Authorization </h1> <p>receipt = gate.authorize(<br> agent_id="loan-processor",<br> action_name="approve_loan",<br> payload={"applicant": "<a href="mailto:jane@example.com">jane@example.com</a>", "amount": 75000},<br> context={"amount": 75000},<br> )</p> <p>if receipt.authorized:<br> result = process_loan(...)</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Phase 2: Seal<br> gate.seal(receipt, result=result, status="success")<br> </code></pre> </div> <h1> <br> <br> <br> Any third party can verify with just the public key<br> </h1> <p>report = gate.verify(receipt)<br> print(report["overall"]) # True<br> A single receipt answers all three hard questions:</p> <p>Was it authorized? The authorization signature proves the covenant was checked and the decision was made before execution.<br> Is it tamper-proof? Ed25519 signatures are asymmetric. Altering any field invalidates the signature. No shared secret needed to verify.<br> Can a third party verify? Give them the public key and the receipt. That's it.</p> <h3> 3. HMAC-SHA256 Audit Chains </h3> <p>Individual receipts are strong. But an attacker could delete a receipt entirely. To prevent that, every receipt is also chained into an HMAC-SHA256 audit trail — each entry includes the hash of the previous entry. Delete or alter one, and every entry after it breaks.</p> <p>This is the same principle behind blockchain, but without the overhead. No consensus, no network, no tokens. Just a hash chain stored locally.</p> <h2> Delegation Chains </h2> <p>The real world isn't one agent doing one thing. It's orchestrators delegating to sub-agents, which delegate to other sub-agents. Gate handles this with parent_receipt_id:</p> <h1> Orchestrator gets authorized </h1> <p>parent = gate.authorize("orchestrator", "delegate_task",<br> payload={"task": "send confirmation"})</p> <h1> Sub-agent links back to parent </h1> <p>child = gate.authorize("notifier", "send_email",<br> payload={"to": "<a href="mailto:jane@co.com">jane@co.com</a>"},<br> parent_receipt=parent)</p> <h1> Walk the chain back to the root </h1> <p>chain = gate.walk_delegation_chain(child)</p> <h1> [orchestrator_receipt, notifier_receipt] </h1> <p>Every receipt in the chain is independently verifiable. If a sub-agent misbehaves, the chain shows exactly who authorized the delegation and when.</p> <h2> Human Approval </h2> <p>When a covenant rule says require_approval, Gate pauses execution and calls your callback. You decide the interface — Slack, email, CLI prompt, whatever:</p> <p>def slack_approval(receipt):<br> # Send to Slack, wait for button click<br> return ask_slack_channel(receipt)</p> <p>gate = Gate(covenant=covenant, on_approval_needed=slack_approval)<br> If no callback is registered, require_approval defaults to deny. Fail closed.</p> <p>The approval decision is signed into the receipt. A regulator can verify that a human was in the loop for that specific action.</p> <h2> What It Doesn't Do </h2> <p>Some things Gate deliberately avoids:</p> <p>It doesn't store raw payloads. Only SHA-256 hashes. Your PII never enters the receipt.<br> It doesn't require a network. Everything runs locally. No cloud dependency.<br> It doesn't make legal compliance claims. It provides technical building blocks for audit-readiness. A covenant + receipt + chain is evidence, not certification.</p> <h2> Numbers </h2> <p>I stress-tested the system with 58 tests covering covenants, receipts, the gate engine, delegation chains, persistence, adversarial tampering, and edge cases.</p> <p>Performance on Apple Silicon: 9,300+ authorizations per second, 3,500+ full lifecycles (authorize + seal + verify) per second with Ed25519 signing. A 100-deep delegation chain verifies correctly. A 50-rule covenant evaluates correctly.</p> <p>Adversarial tests: swapping receipt IDs after signing, changing covenant hashes, flipping the authorized flag, altering the decision field — all detected by signature verification.</p> <h2> Try It </h2> <p>pip install air-blackbox[gate]<br> from air_blackbox.gate import Gate, Covenant</p> <p>covenant = Covenant.from_yaml_string("""<br> agent: my-agent<br> version: "1.0"<br> rules:</p> <ul> <li>permit: read</li> <li>require_approval: write</li> <li>forbid: delete """)</li> </ul> <p>gate = Gate(covenant=covenant)<br> receipt = gate.authorize("my-agent", "read")<br> print(receipt.authorized) # True<br> print(gate.verify(receipt)["overall"]) # True<br> The full source is at github.com/airblackbox/airblackbox under sdk/air_blackbox/gate/. Example covenants for a loan processor and a browser automation agent are included.</p> <h2> What's Next </h2> <p>The covenant DSL today handles simple field-operator-value conditions. Next up: boolean logic (and/or), regex matching on action names, and rate-limit rules (e.g., "permit send_email unless more than 10 in the last hour").</p> <p>The receipt format is designed for interoperability. The long-term goal is a published spec that any framework can implement — so receipts from a LangChain agent and a CrewAI agent chain together seamlessly.</p> <p>If this is useful to you, star the repo. If you find a bug, open an issue. If you have a use case that doesn't fit, I want to hear about it.</p> <p>This is not a certified compliance test. It is a technical building block for teams preparing for EU AI Act enforcement (August 2, 2026).</p> ai python opensource security Jason Shotwell Wed, 15 Apr 2026 19:32:39 +0000 https://forem.com/json_shotwell/three-questions-every-eu-ai-act-auditor-will-ask-about-your-python-ai-agent-31mf https://forem.com/json_shotwell/three-questions-every-eu-ai-act-auditor-will-ask-about-your-python-ai-agent-31mf <p>The EU AI Act's high-risk enforcement deadline is August 2, 2026. That is 109 days from today.</p> <p>If your Python code runs an AI agent that makes decisions affecting someone's money, healthcare, job, housing, or insurance, those decisions are about to become legal records. The system producing them has to prove three things. This post walks through those three questions, why most Python AI codebases cannot answer them, and what a small community of open-source developers is building to close the gap.</p> <p>I am one of those developers, and I want to be up front: the tool I am about to describe stands on work done by others. I will credit them throughout.</p> <h2> About the scanner </h2> <p><a href="https://github.com/airblackbox/air-trust" rel="noopener noreferrer">AIR Blackbox</a> is the flight recorder for autonomous AI agents. Record, replay, enforce, audit. It is Apache 2.0, runs locally, and finishes a full scan in under ten seconds.</p> <h3> Install </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox </code></pre> </div> <h3> Run your first scan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>air-blackbox comply <span class="nt">--scan</span> <span class="nb">.</span> </code></pre> </div> <h3> Expected output (abbreviated) </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Article 9 — Risk Management PASS (3/3 checks) Article 10 — Data Governance WARN (2/3 checks) Article 11 — Technical Documentation PASS (4/4 checks) Article 12 — Record-Keeping FAIL (2/5 checks) Article 13 — Transparency WARN (4/6 checks) Article 14 — Human Oversight PASS (3/3 checks) Article 15 — Accuracy &amp; Robustness FAIL (3/6 checks) </code></pre> </div> <p>Every <code>FAIL</code> and <code>WARN</code> line includes a fix hint pointing at the specific code location and the specific regulatory clause.</p> <p>Now let us go through the three questions.</p> <h2> Question 1: Is this the same agent that acted yesterday? </h2> <p>An AI agent running a continuous decision loop, a <code>while True</code>, a scheduled runner, or a tick-based pattern is almost certainly executing in a different process today than yesterday. It reloaded memory from some store. It fetched its tool set. It started producing outputs.</p> <p>How does a regulator know the agent producing today's loan denial is the same agent that was approved in last month's conformity assessment? How do you prove a compromised environment did not load tampered memory and produce a subtly different agent wearing the same name?</p> <p>This is the agent identity continuity gap. The <a href="https://www.federalregister.gov/documents/2026/01/08/2026-00206/request-for-information-regarding-security-considerations-for-artificial-intelligence-agents" rel="noopener noreferrer">NIST RFI on AI Agent Security (Docket NIST-2025-0035)</a> names it explicitly. The FINOS AI Governance Framework response to that RFI treats it as a primary unresolved problem.</p> <h3> The community is already solving this </h3> <p>Three open standards exist today, built by different people for different use cases, all interoperable:</p> <ol> <li> <a href="https://github.com/airblackbox/air-trust" rel="noopener noreferrer"><strong>air-trust</strong></a>: Ed25519 agent identity keys and HMAC-SHA256 audit chain. What we ship.</li> <li> <a href="https://github.com/Cyberweasel777/agent-action-receipt-spec" rel="noopener noreferrer"><strong>AAR (Agent Action Receipt)</strong></a>: per-action Ed25519 signing. Designed by <a href="https://github.com/Cyberweasel777" rel="noopener noreferrer">@Cyberweasel777</a>.</li> <li> <a href="https://www.npmjs.com/package/botindex-aar" rel="noopener noreferrer"><strong>SCC (Session Continuity Certificate)</strong></a>: session-level identity with Merkle memory roots, capability hash lineage, and prior-session chaining. Co-designed by <a href="https://github.com/botbotfromuk" rel="noopener noreferrer">@botbotfromuk</a> and <a href="https://github.com/Cyberweasel777" rel="noopener noreferrer">@Cyberweasel777</a> in a <a href="https://github.com/finos/ai-governance-framework/issues/266" rel="noopener noreferrer">public FINOS thread</a>.</li> </ol> <p>AIR Blackbox v1.12.0 detects all three. The goal is not to push our scheme, it is to give your code a clean pass if you have adopted any industry-recognized identity binding.</p> <h3> What a failing scan looks like </h3> <p>If your code is an autonomous agent and none of these schemes are in use, the scanner reports:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Article 12 — Record-Keeping FAIL Agent identity binding Autonomous agent detected in 3 file(s) (agent.py, tick.py, loop.py) but no stable cryptographic identity binding found. Checked for: air-trust, AAR, SCC. </code></pre> </div> <h3> The simplest fix using air-trust </h3> <p>Persist a stable signing key across restarts so every tick is provably signed by the same agent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pathlib</span> <span class="kn">import</span> <span class="n">Path</span> <span class="kn">import</span> <span class="n">air_trust</span> <span class="n">KEY_PATH</span> <span class="o">=</span> <span class="n">Path</span><span class="p">.</span><span class="nf">home</span><span class="p">()</span> <span class="o">/</span> <span class="sh">"</span><span class="s">.air-trust</span><span class="sh">"</span> <span class="o">/</span> <span class="sh">"</span><span class="s">keys</span><span class="sh">"</span> <span class="o">/</span> <span class="sh">"</span><span class="s">my-agent-ed25519.key</span><span class="sh">"</span> <span class="n">identity</span> <span class="o">=</span> <span class="n">air_trust</span><span class="p">.</span><span class="nc">AgentIdentity</span><span class="p">(</span> <span class="n">agent_name</span><span class="o">=</span><span class="sh">"</span><span class="s">my-agent</span><span class="sh">"</span><span class="p">,</span> <span class="n">owner</span><span class="o">=</span><span class="sh">"</span><span class="s">team@company.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">agent_version</span><span class="o">=</span><span class="sh">"</span><span class="s">1.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">tick</span><span class="p">():</span> <span class="k">with</span> <span class="n">air_trust</span><span class="p">.</span><span class="nf">trust</span><span class="p">(</span><span class="n">identity</span><span class="p">):</span> <span class="nf">make_decision</span><span class="p">()</span> </code></pre> </div> <p>If you would rather use AAR or SCC, the scanner still passes as long as the library is imported and the key path is persistent. Pick what fits your stack.</p> <h2> Question 2: Will it behave the same way tomorrow? </h2> <p>Earlier this month, Atherik was acquired. They solve this problem at runtime: AI models give different outputs on different GPUs, driver versions, and cuDNN settings. The acquisition is the market confirming the gap is real.</p> <p>Runtime solutions help if you can afford them. Most teams cannot. And for SR 11-7 model validation, the Federal Reserve guidance governing model risk management in US financial services, reproducibility is a mandatory audit requirement, not an optional feature.</p> <h3> What reproducibility failure looks like </h3> <p>Same model, same seed, same input, on two different GPUs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">torch</span> <span class="n">model</span> <span class="o">=</span> <span class="nc">SomeModel</span><span class="p">()</span> <span class="n">tensor</span> <span class="o">=</span> <span class="n">torch</span><span class="p">.</span><span class="nf">randn</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">10</span><span class="p">).</span><span class="nf">cuda</span><span class="p">()</span> <span class="n">output</span> <span class="o">=</span> <span class="nf">model</span><span class="p">(</span><span class="n">tensor</span><span class="p">)</span> </code></pre> </div> <p>Run this on an NVIDIA A100 and on an NVIDIA H100 with identical PyTorch 2.4 and cuDNN 8.9. The two outputs will differ. cuDNN picks different kernels based on hardware capabilities. The model is no longer deterministic. That is an EU AI Act Article 15 robustness violation and an SR 11-7 validation failure.</p> <h3> What the scanner checks </h3> <p>AIR Blackbox v1.12.0 added three checks for this. To my knowledge, these are the first of their kind in compliance tooling. If you know of another open-source tool doing this, please tell me, I want to credit it and learn from it.</p> <h3> Check 1: RNG seeds across all sources </h3> <p>The scanner looks for seed setting across Python's <code>random</code>, NumPy, PyTorch CPU, PyTorch CUDA, TensorFlow, and JAX. Missing any one breaks reproducibility. Partial coverage warns, missing all of them in an ML codebase fails.</p> <h3> Check 2: Deterministic algorithm flags </h3> <p>Seeds alone are not enough. cuDNN defaults to picking the fastest kernel, which is often non-deterministic. TensorFlow ops behave the same way. The scanner looks for these flags in your Python code and in your <code>.env</code>, Dockerfile, YAML, and shell scripts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">torch</span> <span class="n">torch</span><span class="p">.</span><span class="nf">use_deterministic_algorithms</span><span class="p">(</span><span class="bp">True</span><span class="p">)</span> <span class="n">torch</span><span class="p">.</span><span class="n">backends</span><span class="p">.</span><span class="n">cudnn</span><span class="p">.</span><span class="n">deterministic</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">torch</span><span class="p">.</span><span class="n">backends</span><span class="p">.</span><span class="n">cudnn</span><span class="p">.</span><span class="n">benchmark</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">CUBLAS_WORKSPACE_CONFIG</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">:4096:8</span><span class="sh">'</span> </code></pre> </div> <p>TensorFlow equivalent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">tensorflow</span> <span class="k">as</span> <span class="n">tf</span> <span class="n">tf</span><span class="p">.</span><span class="n">config</span><span class="p">.</span><span class="n">experimental</span><span class="p">.</span><span class="nf">enable_op_determinism</span><span class="p">()</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">TF_DETERMINISTIC_OPS</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">1</span><span class="sh">'</span> </code></pre> </div> <h3> Check 3: Hardware abstraction </h3> <p>Hardcoded <code>.to("cuda")</code> without a capability fallback crashes on CPU-only, Apple Silicon, or AMD hardware. Worse, it silently produces different outputs when you migrate between GPU generations.</p> <p>Flagged as non-compliant:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">model</span> <span class="o">=</span> <span class="nc">SomeModel</span><span class="p">().</span><span class="nf">to</span><span class="p">(</span><span class="sh">"</span><span class="s">cuda</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Compliant:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">torch</span> <span class="n">device</span> <span class="o">=</span> <span class="n">torch</span><span class="p">.</span><span class="nf">device</span><span class="p">(</span><span class="sh">"</span><span class="s">cuda</span><span class="sh">"</span> <span class="k">if</span> <span class="n">torch</span><span class="p">.</span><span class="n">cuda</span><span class="p">.</span><span class="nf">is_available</span><span class="p">()</span> <span class="k">else</span> <span class="sh">"</span><span class="s">cpu</span><span class="sh">"</span><span class="p">)</span> <span class="n">model</span> <span class="o">=</span> <span class="nc">SomeModel</span><span class="p">().</span><span class="nf">to</span><span class="p">(</span><span class="n">device</span><span class="p">)</span> </code></pre> </div> <p>None of these checks require GPU hardware to run. The scanner reads your code, flags the anti-patterns, and you fix them at CI/CD time before a regulator, auditor, or on-call engineer finds them in production.</p> <h2> Question 3: Can the user understand why it made this decision? </h2> <p>Article 13 of the EU AI Act covers transparency. Six sub-requirements:</p> <ul> <li>13(2): instructions for use</li> <li>13(3)(a): identity of the provider</li> <li>13(3)(b): characteristics, capabilities, and limitations</li> <li>13(3)(c): changes to the system after conformity assessment</li> <li>13(3)(d): human oversight measures including output interpretation</li> <li>Article 50: users must be informed they are interacting with AI</li> </ul> <p>Most compliance tools skip Article 13 because it is documentation-heavy and hard to automate. AIR Blackbox v1.12.0 ships what I believe is the first Article 13 static scanner. Again, if I am wrong, please tell me so I can credit the prior work.</p> <h3> What the Article 13 scan looks like </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Article 13 — Transparency and Provision of Information PASS AI disclosure to users FAIL Capability and limitation documentation No MODEL_CARD.md, SYSTEM_CARD.md, or capability docs found WARN Instructions for use Only README.md found. Article 13(2) expects dedicated instructions PASS Provider identity disclosure WARN Output interpretation support No confidence scores, rationale, or explanation patterns detected PASS Change logging and versioning </code></pre> </div> <p>Each check maps to a specific clause. Each failure comes with a fix hint. The output interpretation check catches agents that return decisions without any reasoning trace, confidence score, or rationale. In my experience this is the most common gap in current Python AI codebases.</p> <h3> A concrete example </h3> <p>A Regulation B compliant credit decision needs to be explainable to the applicant. An agent returning a boolean <code>approved</code> / <code>denied</code> without rationale fails this.</p> <p>Flagged version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">predict_creditworthiness</span><span class="p">(</span><span class="n">applicant</span><span class="p">):</span> <span class="k">return</span> <span class="n">model</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">applicant</span><span class="p">)</span> </code></pre> </div> <p>Passing Article 13(3)(d):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">predict_creditworthiness</span><span class="p">(</span><span class="n">applicant</span><span class="p">):</span> <span class="n">prediction</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">applicant</span><span class="p">)</span> <span class="n">confidence</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">predict_proba</span><span class="p">(</span><span class="n">applicant</span><span class="p">).</span><span class="nf">max</span><span class="p">()</span> <span class="n">reasoning</span> <span class="o">=</span> <span class="nf">generate_reasoning_trace</span><span class="p">(</span><span class="n">applicant</span><span class="p">,</span> <span class="n">prediction</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">decision</span><span class="sh">"</span><span class="p">:</span> <span class="n">prediction</span><span class="p">,</span> <span class="sh">"</span><span class="s">confidence_score</span><span class="sh">"</span><span class="p">:</span> <span class="n">confidence</span><span class="p">,</span> <span class="sh">"</span><span class="s">rationale</span><span class="sh">"</span><span class="p">:</span> <span class="n">reasoning</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <h2> The pattern holds across every industry </h2> <p>Every industry where AI makes consequential decisions follows the same structure:</p> <ol> <li>A traditionally analog market goes digital.</li> <li>AI gets embedded in the decision-making layer.</li> <li>Those AI decisions fall under EU AI Act Annex III or Colorado SB 205.</li> <li>Nobody audits the AI layer for compliance.</li> <li>The regulatory deadline is months away, not years.</li> </ol> <p>My <a href="https://dev.to/shotwellj/the-unaudited-ai-layer">previous post</a> walked through tokenized real estate. 1.4 trillion dollar projected 2026 market. 80 plus platforms globally. Zero of them scanning their AI systems for compliance. The pattern holds everywhere:</p> <ul> <li> <strong>Healthcare</strong>: AI-assisted clinical decisions are Annex III high-risk. Most clinical AI systems have no agent identity binding, no determinism flags, no structured output interpretation.</li> <li> <strong>Financial services</strong>: credit underwriting, trading signals, fraud detection. SR 11-7 requires reproducibility. The hardware determinism check alone flags violations in most codebases.</li> <li> <strong>Insurance</strong>: underwriting, claims, risk scoring. Annex III high-risk. Article 13 transparency obligations apply directly.</li> <li> <strong>Hiring and HR</strong>: resume screening, interview scoring. Explicitly listed in Annex III. Agent identity continuity matters because hiring decisions affect protected classes.</li> </ul> <p>The opportunity is not any single industry. It is the open-source compliance infrastructure underneath all of them, and that infrastructure is being built in public, by people like the ones I credited above, right now.</p> <h2> What this tool is not </h2> <p>This part matters. A good compliance scanner cannot be the only thing standing between your AI agent and a regulator.</p> <ul> <li>This checks technical requirements, not legal compliance. It is a linter, not a lawyer.</li> <li>Passing every check does not mean you are legally compliant. It means your code implements the technical controls the regulation references.</li> <li>Legal interpretation is your counsel's job.</li> <li>Static analysis cannot catch every runtime issue. Pair it with trust-layer integrations for runtime evidence.</li> <li>Pattern-based detection has false positives. If you see one, report it, it makes the scanner better.</li> </ul> <h2> How to help </h2> <p>If you read this far, you probably work on AI systems that will need to pass an audit. The scanner only gets better with your feedback.</p> <ul> <li>Try it. <code>pip install air-blackbox &amp;&amp; air-blackbox comply --scan .</code> </li> <li>If it misses a pattern, <a href="https://github.com/airblackbox/air-trust/issues" rel="noopener noreferrer">open an issue</a>. Include the code pattern and the article it should map to. Every issue is a new check.</li> <li>If it produces a false positive on your code, <a href="https://github.com/airblackbox/air-trust/issues" rel="noopener noreferrer">open an issue</a>. Every correction flows into training data for a fine-tuned compliance model, so false positives become easier to catch next time.</li> <li>If you are building in the same space (identity, determinism, audit trails), I would like to coordinate. Ping me on the repo or on <a href="https://github.com/jshotwell" rel="noopener noreferrer">@jshotwell</a>.</li> </ul> <h2> Try it </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox <span class="nb">cd</span> /path/to/your/ai/project air-blackbox comply <span class="nt">--scan</span> <span class="nb">.</span> <span class="nt">-v</span> </code></pre> </div> <h3> Useful links </h3> <ul> <li>Repo: <a href="https://github.com/airblackbox/air-trust" rel="noopener noreferrer">github.com/airblackbox/air-trust</a> </li> <li>PyPI: <a href="https://pypi.org/project/air-blackbox" rel="noopener noreferrer">pypi.org/project/air-blackbox</a> </li> <li>Docs and demos: <a href="https://airblackbox.ai" rel="noopener noreferrer">airblackbox.ai</a> </li> <li>Interactive browser demo: <a href="https://airblackbox.ai/demo/hub" rel="noopener noreferrer">airblackbox.ai/demo/hub</a> </li> </ul> <h3> Thanks </h3> <ul> <li> <a href="https://github.com/botbotfromuk" rel="noopener noreferrer">@botbotfromuk</a> and <a href="https://github.com/Cyberweasel777" rel="noopener noreferrer">@Cyberweasel777</a> for the SCC and AAR specs that v1.12.0 detects.</li> <li>The <a href="https://github.com/finos/ai-governance-framework" rel="noopener noreferrer">FINOS AI Governance Framework</a> maintainers, whose public thread on NIST RFI Docket NIST-2025-0035 shaped a big part of this release.</li> <li>Everyone who has filed an issue on the scanner. Every correction is a data point.</li> </ul> <p>109 days to August 2, 2026. Run the scan. See what is missing. Fix it before someone else's audit does it under pressure.</p> ai opensource python euaiact Jason Shotwell Sun, 12 Apr 2026 23:10:55 +0000 https://forem.com/json_shotwell/the-unaudited-ai-layer-why-every-industry-running-ai-transactions-needs-a-compliance-check-22jm https://forem.com/json_shotwell/the-unaudited-ai-layer-why-every-industry-running-ai-transactions-needs-a-compliance-check-22jm <p>Every major industry is quietly embedding AI into its transaction layer. Property valuations. Insurance underwriting. Lending decisions. Medical diagnostics. Hiring algorithms. These AI systems make millions of consequential decisions per day, and almost none of them are being audited for regulatory compliance.</p> <p>The EU AI Act goes into enforcement on August 2, 2026. Colorado's AI Act follows close behind. And the AI systems making your industry's highest-stakes decisions? Most of them have never been scanned for compliance with the regulations that now govern them.</p> <p>I built <a href="https://github.com/air-blackbox" rel="noopener noreferrer">AIR Blackbox</a>, an open-source CLI tool that scans Python AI projects for EU AI Act technical requirements. It checks six articles covering risk management, data governance, documentation, record-keeping, human oversight, and robustness. One install, one scan, one report.</p> <p>But here is what I have been thinking about: the same compliance gap exists in every industry where AI makes decisions that affect people's lives, money, or access to services. Let me walk through where this matters most.</p> <h2> The Pattern </h2> <p>Every industry below follows the same structure:</p> <ol> <li>A massive, traditionally analog market goes digital</li> <li>AI gets embedded into the decision-making layer</li> <li>Those AI decisions fall under high-risk classification in the EU AI Act, Colorado SB 205, or both</li> <li>Nobody is auditing the AI layer for compliance</li> <li>The regulatory deadline is months away</li> </ol> <p>The opportunity is not in any single industry. It is in the compliance infrastructure that sits underneath all of them.</p> <h2> 1. Tokenized Real Estate and Real-World Assets ($1.4T projected 2026) </h2> <p>Tokenization platforms use AI for property valuation, investor risk scoring, automated KYC/AML, and fraud detection. Every one of those AI systems makes "consequential decisions" about people's investments.</p> <p>The compliance gap: platforms spend 30% of their budget on securities and blockchain compliance. They spend 0% on auditing the AI systems that actually make the decisions.</p> <p>Regulatory exposure: EU AI Act (essential financial services, Annex III), MiCA (crypto-asset service providers), Colorado SB 205 (consequential financial decisions), SEC (securities compliance).</p> <p>There are 80+ tokenization service providers globally. Zero of them have AI governance tooling.</p> <h2> 2. Insurance and InsurTech </h2> <p>AI underwriting models decide who gets coverage and at what price. Claims processing AI determines whether your claim gets paid or denied. Fraud detection AI flags (or misses) suspicious activity.</p> <p>These are textbook high-risk AI systems under the EU AI Act. Insurance is explicitly called out in Annex III as an essential service where AI decisions require full compliance.</p> <p>The compliance gap: InsurTech companies have built sophisticated ML models for pricing and claims, but the governance layer (documentation, audit trails, human oversight, bias detection) is often bolted on as an afterthought, if it exists at all.</p> <p>Market size: The global InsurTech market is projected to exceed $150B by 2030. Every AI-driven underwriting model in Europe needs to satisfy Articles 9-15 by August 2026.</p> <h2> 3. Lending and Credit Decisioning (FinTech) </h2> <p>AI credit scoring determines who gets a loan, what interest rate they pay, and whether they get approved or denied. This is one of the most heavily regulated AI use cases on the planet.</p> <p>The compliance gap: traditional banks have compliance departments. FinTech startups building AI lending products often don't. They have ML engineers building scoring models and growth teams optimizing approval rates, but the Article 12 audit trail? The Article 14 human override? Often missing.</p> <p>Regulatory exposure: EU AI Act (credit and financial services, Annex III), Colorado SB 205 (consequential credit decisions), Fair Lending laws (US), Consumer Duty (UK).</p> <h2> 4. Healthcare AI and MedTech </h2> <p>Diagnostic AI (radiology, pathology, dermatology), treatment recommendation engines, clinical decision support, mental health chatbots, and drug interaction checkers. Every one of these makes decisions that directly affect patient outcomes.</p> <p>The compliance gap: the FDA has a pathway for AI/ML-based Software as a Medical Device (SaMD). But FDA clearance does not cover EU AI Act compliance. A diagnostic AI can be FDA-cleared AND non-compliant with the EU AI Act simultaneously. Two separate compliance requirements, two separate audit processes, and most companies are only thinking about one of them.</p> <p>Regulatory exposure: EU AI Act (safety component in medical devices, Annex I + Annex III for health-related AI), MDR (Medical Devices Regulation), FDA (US), state-level healthcare AI transparency laws.</p> <h2> 5. HR Tech and Recruitment AI </h2> <p>Resume screening AI, candidate scoring models, automated interview analysis, workforce analytics, and performance management AI. Employment is one of the most explicitly regulated AI categories globally.</p> <p>This is one of the first verticals where enforcement has already started. New York City's Local Law 144 requires bias audits for automated employment decision tools. The EU AI Act classifies employment AI as high-risk. Colorado SB 205 covers AI making employment decisions.</p> <p>The compliance gap: many HR Tech vendors market "AI-powered hiring" without the infrastructure to prove their models are free of bias, properly documented, or equipped with human oversight. The marketing moved faster than the governance.</p> <h2> 6. Autonomous Vehicles and Mobility </h2> <p>Self-driving vehicle AI, fleet management optimization, route planning, driver safety scoring, and predictive maintenance. The AI is making life-safety decisions at highway speed.</p> <p>The compliance gap: automotive OEMs have strong safety testing cultures. But the EU AI Act introduces requirements beyond safety testing: documentation standards, audit trails, and transparency obligations that traditional automotive compliance processes were not designed to cover.</p> <p>Regulatory exposure: EU AI Act (safety component in vehicles, Annex I), existing vehicle type-approval regulations, emerging UNECE regulations for autonomous driving.</p> <h2> 7. EdTech and AI Tutoring </h2> <p>Adaptive learning platforms, automated grading, student performance prediction, dropout risk scoring, and AI-generated educational content. Education is explicitly listed in the EU AI Act's high-risk categories.</p> <p>The compliance gap: EdTech companies have moved aggressively into AI-powered personalization, but few have the documentation, bias detection, or human oversight mechanisms that the EU AI Act requires. A student scoring model that determines course placement is a high-risk AI system, whether the company building it realizes that or not.</p> <h2> 8. Legal Tech </h2> <p>Contract analysis AI, legal research assistants, case outcome prediction, document review automation, and AI-generated legal briefs. Ironic that the tools lawyers use may themselves be non-compliant.</p> <p>The compliance gap: legal AI tools process privileged information and influence case strategy. The EU AI Act classifies AI used in the administration of justice as high-risk. Most legal AI vendors focus on accuracy and speed, not on the governance infrastructure that regulators will demand.</p> <h2> The Common Thread </h2> <p>Every industry above has the same profile:</p> <ul> <li>AI is making decisions that materially affect people</li> <li>Regulations now classify those AI systems as high-risk</li> <li>The compliance infrastructure (documentation, audit trails, human oversight, bias detection, robustness testing) is either incomplete or absent</li> <li>The enforcement deadline is months away</li> <li>Nobody is scanning the AI layer</li> </ul> <h2> What AIR Blackbox Does </h2> <p>AIR Blackbox is an open-source CLI tool that scans Python AI projects for compliance with six EU AI Act technical requirements:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox air-blackbox scan <span class="nb">.</span> </code></pre> </div> <p>It checks:</p> <ul> <li> <strong>Article 9</strong>: Risk management system</li> <li> <strong>Article 10</strong>: Data governance</li> <li> <strong>Article 11</strong>: Technical documentation</li> <li> <strong>Article 12</strong>: Record-keeping and audit trails</li> <li> <strong>Article 14</strong>: Human oversight</li> <li> <strong>Article 15</strong>: Accuracy, robustness, cybersecurity</li> </ul> <p>With Phase 2 (shipping now), it maps results across the EU AI Act, ISO 42001, NIST AI RMF, and Colorado SB 205 simultaneously. One scan, four frameworks.</p> <p>The scanner does not care what industry you are in. It cares whether your AI system has the technical controls that regulators require. A property valuation model and a credit scoring model need the same six compliance checks. The regulations are the same. The scan is the same.</p> <h2> The Bigger Vision </h2> <p>I think of AIR Blackbox as the compliance verification layer for AI transactions. The same way a financial audit verifies that accounting standards are met, an AIR Blackbox scan verifies that AI governance standards are met.</p> <p>Every tokenized real estate transaction should carry an AIR Blackbox evidence bundle proving the valuation AI was audited. Every AI lending decision should reference a signed compliance report. Every autonomous vehicle software update should pass a governance scan before deployment.</p> <p>The industries are different. The compliance requirement is the same. And right now, with 4 months until the EU AI Act's August 2026 deadline, most of these industries are flying blind.</p> <h2> Try It </h2> <p>AIR Blackbox is open-source and free:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox air-blackbox scan your-project/ </code></pre> </div> <p>GitHub: <a href="https://github.com/air-blackbox" rel="noopener noreferrer">github.com/air-blackbox</a><br> Website: <a href="https://airblackbox.ai" rel="noopener noreferrer">airblackbox.ai</a></p> <p>If you are building AI systems in any of the industries above, scan your project. The results might surprise you.</p> <p><em>Disclaimer: AIR Blackbox scans for technical requirements. This is not a certified compliance test. It is a starting point to identify potential gaps. Consult a qualified attorney for legal compliance guidance.</em></p> <p><em>I'm Jason Shotwell, the builder behind AIR Blackbox. I write about AI governance, open-source compliance tooling, and the race to August 2026. Follow me on <a href="https://dev.to/airblackbox">Dev.to</a> for more.</em></p> ai opensource programming llm Jason Shotwell Sat, 11 Apr 2026 04:24:54 +0000 https://forem.com/json_shotwell/cryptographic-proof-of-agent-to-agent-handoffs-in-python-43f https://forem.com/json_shotwell/cryptographic-proof-of-agent-to-agent-handoffs-in-python-43f <p>When your AI pipeline hands off from one agent to another, how do you prove it happened?</p> <p>Not "there's a log entry." Prove it. Cryptographically. In a way that holds up when someone asks: <em>which agent made this decision, and did it actually receive the data it claimed to receive?</em></p> <p>That's what I shipped this week in <a href="https://github.com/airblackbox/air-trust" rel="noopener noreferrer">air-trust v0.6.1</a>: Ed25519 signed handoffs for multi-agent Python systems.</p> <h2> The Problem </h2> <p>Multi-agent pipelines are becoming the default architecture for serious AI work. A research agent gathers context, hands off to a writer agent, which hands off to a fact-checker, which hands off to a publisher. Each agent does a piece of the work.</p> <p>But when something goes wrong — or when a regulator asks for an audit trail — you have a problem. Your logs show <em>what</em> happened. They don't prove <em>who</em> did it or that the data wasn't modified in transit.</p> <p>Three specific failure modes that are genuinely hard to detect today:</p> <ol> <li> <strong>Payload tampering</strong>: Agent A says it handed off document X. Agent B received document X. But was it the same X? Without a hash comparison locked in at handoff time, you can't know.</li> <li> <strong>Identity spoofing</strong>: An agent claims to be "research-bot." Is it? If agents communicate over any shared message bus, impersonation is trivial.</li> <li> <strong>Silent unsigned records</strong>: You think your audit chain has signatures. It doesn't — the signing key was missing and the library failed silently. (This was actually a bug in air-trust v0.6.0 that we fixed in v0.6.1.)</li> </ol> <p>The EU AI Act's Article 12 requires high-risk AI systems to maintain logs "sufficient to ensure traceability." Unsigned JSON files don't meet that bar for systems making consequential decisions.</p> <h2> The Solution: Three Record Types + Ed25519 Keys </h2> <p><code>air-trust</code> adds three new event types to its audit chain:</p> <ul> <li> <strong><code>handoff_request</code></strong> — Agent A says "I want to hand off to Agent B with this payload"</li> <li> <strong><code>handoff_ack</code></strong> — Agent B acknowledges receipt</li> <li> <strong><code>handoff_result</code></strong> — Agent B reports back what it produced</li> </ul> <p>Each record is automatically signed with the agent's Ed25519 private key. The verifier checks all three: valid signatures, matching counterparties, payload hash integrity, and nonce uniqueness (to prevent replay attacks).</p> <h3> Install </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install</span> <span class="s2">"air-trust[handoffs]"</span> </code></pre> </div> <p>The <code>[handoffs]</code> extra pulls in the <code>cryptography</code> library for Ed25519 support. The core audit chain has no external dependencies.</p> <h3> Generate keypairs for each agent </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 <span class="nt">-m</span> air_trust keygen <span class="nt">--agent</span> research-bot python3 <span class="nt">-m</span> air_trust keygen <span class="nt">--agent</span> writer-bot </code></pre> </div> <p>Keys are stored at <code>~/.air-trust/keys/</code> with <code>0600</code> permissions.</p> <h3> Instrument the handoff </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">air_trust</span> <span class="kn">from</span> <span class="n">air_trust</span> <span class="kn">import</span> <span class="n">trust</span><span class="p">,</span> <span class="n">session</span><span class="p">,</span> <span class="n">AuditChain</span> <span class="c1"># Research agent side </span><span class="n">chain</span> <span class="o">=</span> <span class="nc">AuditChain</span><span class="p">()</span> <span class="n">air_trust</span><span class="p">.</span><span class="nf">trust</span><span class="p">(</span><span class="n">identity</span><span class="o">=</span><span class="n">air_trust</span><span class="p">.</span><span class="nc">AgentIdentity</span><span class="p">(</span> <span class="n">agent_id</span><span class="o">=</span><span class="sh">"</span><span class="s">research-bot</span><span class="sh">"</span><span class="p">,</span> <span class="n">fingerprint</span><span class="o">=</span><span class="sh">"</span><span class="s">research-bot</span><span class="sh">"</span> <span class="p">))</span> <span class="k">with</span> <span class="nf">session</span><span class="p">(</span><span class="n">chain</span><span class="p">):</span> <span class="c1"># ... do research work ... </span> <span class="n">iid</span> <span class="o">=</span> <span class="n">chain</span><span class="p">.</span><span class="nf">handoff_request</span><span class="p">(</span> <span class="n">counterparty_id</span><span class="o">=</span><span class="sh">"</span><span class="s">writer-bot</span><span class="sh">"</span><span class="p">,</span> <span class="n">payload</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">summary</span><span class="sh">"</span><span class="p">:</span> <span class="n">research_summary</span><span class="p">},</span> <span class="p">)</span> <span class="c1"># Writer agent side (separate process, same or different machine) </span><span class="n">air_trust</span><span class="p">.</span><span class="nf">trust</span><span class="p">(</span><span class="n">identity</span><span class="o">=</span><span class="n">air_trust</span><span class="p">.</span><span class="nc">AgentIdentity</span><span class="p">(</span> <span class="n">agent_id</span><span class="o">=</span><span class="sh">"</span><span class="s">writer-bot</span><span class="sh">"</span><span class="p">,</span> <span class="n">fingerprint</span><span class="o">=</span><span class="sh">"</span><span class="s">writer-bot</span><span class="sh">"</span> <span class="p">))</span> <span class="k">with</span> <span class="nf">session</span><span class="p">(</span><span class="n">chain</span><span class="p">):</span> <span class="n">chain</span><span class="p">.</span><span class="nf">handoff_ack</span><span class="p">(</span> <span class="n">interaction_id</span><span class="o">=</span><span class="n">iid</span><span class="p">,</span> <span class="n">counterparty_id</span><span class="o">=</span><span class="sh">"</span><span class="s">research-bot</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># ... do writing work ... </span> <span class="n">chain</span><span class="p">.</span><span class="nf">handoff_result</span><span class="p">(</span> <span class="n">interaction_id</span><span class="o">=</span><span class="n">iid</span><span class="p">,</span> <span class="n">counterparty_id</span><span class="o">=</span><span class="sh">"</span><span class="s">research-bot</span><span class="sh">"</span><span class="p">,</span> <span class="n">payload</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">article</span><span class="sh">"</span><span class="p">:</span> <span class="n">finished_article</span><span class="p">},</span> <span class="p">)</span> </code></pre> </div> <h3> Verify the chain </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 <span class="nt">-m</span> air_trust verify audit_chain.jsonl </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>INTEGRITY PASS 47 events, 47 valid HMAC links COMPLETENESS PASS 2 sessions complete, no gaps HANDOFFS PASS 1 interaction verified interaction abc123: request PASS Ed25519 OK (research-bot) ack PASS Ed25519 OK (writer-bot) result PASS Ed25519 OK (writer-bot) payload PASS SHA-256 hash match nonce PASS unique </code></pre> </div> <p>If someone tampers with the payload between request and result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>HANDOFFS FAIL 1 interaction failed interaction abc123: result FAIL payload hash mismatch expected: a3f2c1... got: 9d4e8b... </code></pre> </div> <h2> How It Works Under the Hood </h2> <h3> The signing payload </h3> <p>Every signed record commits to six fields, pipe-delimited:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csvs"><code><span class="k">interaction</span><span class="err">_</span><span class="k">id</span><span class="err">|</span><span class="k">counterparty</span><span class="err">_</span><span class="k">id</span><span class="err">|</span><span class="k">payload</span><span class="err">_</span><span class="k">hash</span><span class="err">|</span><span class="k">nonce</span><span class="err">|</span><span class="k">type</span><span class="err">|</span><span class="k">timestamp</span> </code></pre> </div> <p>The <code>payload_hash</code> is SHA-256 of the JSON-serialized payload. This means:</p> <ol> <li>The signature covers the payload content, not just the record metadata</li> <li>Payload mutation is detectable even if the signature itself isn't forged</li> <li>The nonce prevents an attacker from replaying a valid old record</li> </ol> <h3> Ed25519 vs. HMAC </h3> <p>The tamper-evident chain (spec v1.0) uses HMAC-SHA256 with a shared secret — this catches post-hoc modification of stored records. But HMAC is symmetric: anyone with the secret key can forge a record.</p> <p>Signed handoffs (spec v1.2) use Ed25519 asymmetric keys. The private key never leaves the agent. The public key is embedded in every signed record. This means:</p> <ul> <li> <strong>Non-repudiation</strong>: agent A can prove it signed the request, and nobody else can produce that signature</li> <li> <strong>No shared secret</strong>: agents don't need to trust each other's key management</li> <li> <strong>Public key in the record</strong>: verifiers don't need a key registry — the public key is self-contained in the audit log</li> </ul> <h3> The audit chain is layered </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v1.0 HMAC chain — tamper detection for all records v1.1 Session sequences — completeness: no gaps, no replays within a session v1.2 Signed handoffs — identity proof at agent boundaries </code></pre> </div> <p>Each layer is backward compatible. A v1.0 chain verifies clean under v1.2. A v1.2 chain with no handoffs still passes.</p> <h2> What We Fixed in v0.6.1 </h2> <p>The silent failure modes I mentioned earlier were real bugs in v0.6.0, caught during a design review after shipping:</p> <p><strong>Bug 1 — Signed records written without signatures</strong>: If the <code>cryptography</code> package wasn't installed, handoff records were written silently without signatures. The verifier then silently skipped them. The chain appeared to verify clean. It now raises <code>ImportError</code> at write time instead.</p> <p><strong>Bug 2 — Verifier skipped unsigned records</strong>: Even with the library installed, if an agent had no keypair, records were written unsigned and the verifier skipped checking them. It now flags these as <code>missing_signature</code> with severity <code>warn</code>.</p> <p><strong>Bug 3 — Session ID leaked on exception</strong>: If a <code>session()</code> block raised, the ContextVar holding the session ID wasn't reset, so the next session wrote events with the wrong session ID. Fixed with a <code>finally</code> block.</p> <p><strong>Bug 4 — Thread safety</strong>: The global chain and identity singletons weren't protected by a lock. In threaded code (common with agent frameworks), you could get cross-thread identity clobbering. Fixed with <code>threading.Lock()</code>.</p> <p>I'm documenting these because they're the kind of bugs that would be catastrophic in a compliance context — you think you have signed records, you don't. Soundness matters more than features here.</p> <h2> What This Is (and Isn't) </h2> <p>This is a <strong>technical audit layer</strong>, not a legal compliance certification. <code>air-trust</code> helps you answer: <em>did these agents interact in the way the logs claim, and is the data intact?</em> It doesn't answer whether your system meets every requirement of the EU AI Act — that's a legal question involving risk classification, conformity assessments, and a lot more.</p> <p>Think of it as a linter for your audit chain. Fast, local, no cloud, no API keys. It either passes or it tells you exactly what's wrong.</p> <h2> Try It </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install</span> <span class="s2">"air-trust[handoffs]"</span> python3 <span class="nt">-m</span> air_trust keygen <span class="nt">--agent</span> my-agent python3 examples/signed_handoff.py <span class="c"># in the repo</span> python3 <span class="nt">-m</span> air_trust verify audit_chain.jsonl </code></pre> </div> <p>Interactive demo (no install): <a href="https://airblackbox.ai/demo/signed-handoff" rel="noopener noreferrer">airblackbox.ai/demo/signed-handoff</a></p> <p>GitHub: <a href="https://github.com/airblackbox/air-trust" rel="noopener noreferrer">github.com/airblackbox/air-trust</a></p> <h2> What's Next </h2> <p>The roadmap has two items queued for Phase 3:</p> <ul> <li> <strong>Remote verification endpoint</strong> — post a chain to a verifier service and get a signed attestation back (useful for third-party audits)</li> <li> <strong>Framework trust layers</strong> — drop-in <code>air_trust</code> wrappers for LangChain, CrewAI, and AutoGen that auto-instrument handoffs with zero code changes</li> </ul> <p>If you're building multi-agent systems and care about auditability, I'd genuinely like to know what your current setup looks like. Comments open.</p> ai python opensource euaiact Jason Shotwell Fri, 03 Apr 2026 14:46:01 +0000 https://forem.com/json_shotwell/write-ai-policies-that-actually-work-custom-rule-examples-2di9 https://forem.com/json_shotwell/write-ai-policies-that-actually-work-custom-rule-examples-2di9 <h1> Write AI Policies That Actually Work: Custom Rule Examples </h1> <p>Most AI governance policies are as useful as a chocolate teapot — they look impressive in meetings but melt the moment they touch production heat.</p> <h2> The Problem: Your AI Policies Are Theater, Not Engineering </h2> <p>Here's what I see in every "AI governance" document that crosses my desk:</p> <ul> <li>"AI systems must be fair and unbiased" (What does that mean? Fair to whom? Measured how?)</li> <li>"Models must be regularly monitored" (How often is regular? What metrics matter?)</li> <li>"Data privacy must be maintained" (Which data? What constitutes a violation?)</li> </ul> <p>These aren't policies. They're wishes written in corporate speak.</p> <p>Meanwhile, your AI agents are burning through API quotas, hallucinating customer data, and making decisions that would make a compliance officer weep. You need rules that actually fire when something goes wrong, not mission statements that make executives feel better about their AI initiatives.</p> <p>The gap between "we have AI governance" and "our AI governance actually works" is filled with custom rules that trigger on specific, measurable violations. Not vibes. Not best practices. Executable code that says "this specific thing happened, therefore that specific action must be taken."</p> <h2> Architecture: How Policy Rules Actually Work </h2> <p>Here's how Airblackbox turns your governance requirements into executable policies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>graph TD A[AI Agent Request] --&gt; B[Gateway Proxy] B --&gt; C[LLM Provider] C --&gt; D[Response Capture] D --&gt; E[Rule Engine] E --&gt; F{Policy Check} F --&gt;|Pass| G[Log &amp; Forward] F --&gt;|Fail| H[Block &amp; Alert] F --&gt;|Warn| I[Flag &amp; Forward] J[Custom Rules] --&gt; E K[EU AI Act Rules] --&gt; E L[Rate Limits] --&gt; E H --&gt; M[Compliance Dashboard] I --&gt; M G --&gt; N[Observability Store] style F fill:#ff6b6b style J fill:#4ecdc4 style M fill:#45b7d1 </code></pre> </div> <p>The Gateway sits between your agent and the LLM, captures everything, runs your custom rules against the traffic, and either blocks, warns, or passes through based on what it finds.</p> <p>Think of it as a firewall, but instead of blocking ports, it blocks prompts that violate your policies.</p> <h2> Implementation: Building Custom Policy Rules </h2> <p>Let's build three real rules that solve actual problems developers face.</p> <h3> Rule 1: Rate Limiting by User Role </h3> <p>Problem: Your intern shouldn't be able to burn through the entire monthly GPT-4 budget in one afternoon experimenting with creative writing prompts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># custom_rules/rate_limiting.py </span><span class="kn">from</span> <span class="n">airblackbox.rules</span> <span class="kn">import</span> <span class="n">Rule</span><span class="p">,</span> <span class="n">RuleResult</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span> <span class="kn">import</span> <span class="n">redis</span> <span class="k">class</span> <span class="nc">UserRoleLimiter</span><span class="p">(</span><span class="n">Rule</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">redis</span> <span class="o">=</span> <span class="n">redis</span><span class="p">.</span><span class="nc">Redis</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="sh">'</span><span class="s">localhost</span><span class="sh">'</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">6379</span><span class="p">,</span> <span class="n">db</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">limits</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">intern</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">requests_per_hour</span><span class="sh">'</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="sh">'</span><span class="s">tokens_per_day</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1000</span><span class="p">},</span> <span class="sh">'</span><span class="s">developer</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">requests_per_hour</span><span class="sh">'</span><span class="p">:</span> <span class="mi">50</span><span class="p">,</span> <span class="sh">'</span><span class="s">tokens_per_day</span><span class="sh">'</span><span class="p">:</span> <span class="mi">10000</span><span class="p">},</span> <span class="sh">'</span><span class="s">admin</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">requests_per_hour</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">tokens_per_day</span><span class="sh">'</span><span class="p">:</span> <span class="mi">50000</span><span class="p">}</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">evaluate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">response</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">metadata</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">user_id</span><span class="sh">'</span><span class="p">)</span> <span class="n">user_role</span> <span class="o">=</span> <span class="n">metadata</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">user_role</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">intern</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Default to most restrictive </span> <span class="k">if</span> <span class="n">user_role</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">limits</span><span class="p">:</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Unknown user role: </span><span class="si">{</span><span class="n">user_role</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">block</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># Check hourly request limit </span> <span class="n">hour_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">requests:</span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s">:</span><span class="si">{</span><span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">().</span><span class="nf">strftime</span><span class="p">(</span><span class="sh">'</span><span class="s">%Y%m%d%H</span><span class="sh">'</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="n">hourly_requests</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">redis</span><span class="p">.</span><span class="nf">incr</span><span class="p">(</span><span class="n">hour_key</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">redis</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">hour_key</span><span class="p">,</span> <span class="mi">3600</span><span class="p">)</span> <span class="c1"># Expire after 1 hour </span> <span class="k">if</span> <span class="n">hourly_requests</span> <span class="o">&gt;</span> <span class="n">self</span><span class="p">.</span><span class="n">limits</span><span class="p">[</span><span class="n">user_role</span><span class="p">][</span><span class="sh">'</span><span class="s">requests_per_hour</span><span class="sh">'</span><span class="p">]:</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">User </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s"> exceeded hourly limit (</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">limits</span><span class="p">[</span><span class="n">user_role</span><span class="p">][</span><span class="sh">'</span><span class="s">requests_per_hour</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">block</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">current_requests</span><span class="sh">'</span><span class="p">:</span> <span class="n">hourly_requests</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># Check daily token limit </span> <span class="n">day_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">tokens:</span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s">:</span><span class="si">{</span><span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">().</span><span class="nf">strftime</span><span class="p">(</span><span class="sh">'</span><span class="s">%Y%m%d</span><span class="sh">'</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="n">current_tokens</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">redis</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">day_key</span><span class="p">)</span> <span class="ow">or</span> <span class="mi">0</span><span class="p">)</span> <span class="n">estimated_tokens</span> <span class="o">=</span> <span class="nf">len</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">prompt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">))</span> <span class="o">//</span> <span class="mi">4</span> <span class="c1"># Rough estimation </span> <span class="k">if</span> <span class="n">current_tokens</span> <span class="o">+</span> <span class="n">estimated_tokens</span> <span class="o">&gt;</span> <span class="n">self</span><span class="p">.</span><span class="n">limits</span><span class="p">[</span><span class="n">user_role</span><span class="p">][</span><span class="sh">'</span><span class="s">tokens_per_day</span><span class="sh">'</span><span class="p">]:</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">User </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s"> would exceed daily token limit</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">block</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">current_tokens</span><span class="sh">'</span><span class="p">:</span> <span class="n">current_tokens</span><span class="p">,</span> <span class="sh">'</span><span class="s">estimated_tokens</span><span class="sh">'</span><span class="p">:</span> <span class="n">estimated_tokens</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># Update token counter after successful validation </span> <span class="n">self</span><span class="p">.</span><span class="n">redis</span><span class="p">.</span><span class="nf">incrby</span><span class="p">(</span><span class="n">day_key</span><span class="p">,</span> <span class="n">estimated_tokens</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">redis</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">day_key</span><span class="p">,</span> <span class="mi">86400</span><span class="p">)</span> <span class="c1"># Expire after 24 hours </span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Rate limit check passed for </span><span class="si">{</span><span class="n">user_role</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">requests_remaining</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">limits</span><span class="p">[</span><span class="n">user_role</span><span class="p">][</span><span class="sh">'</span><span class="s">requests_per_hour</span><span class="sh">'</span><span class="p">]</span> <span class="o">-</span> <span class="n">hourly_requests</span><span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Rule 2: PII Detection and Redaction </h3> <p>Problem: Your customer service agent just tried to send someone's SSN to OpenAI. This is not ideal for anyone involved.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># custom_rules/pii_protection.py </span><span class="kn">import</span> <span class="n">re</span> <span class="kn">from</span> <span class="n">airblackbox.rules</span> <span class="kn">import</span> <span class="n">Rule</span><span class="p">,</span> <span class="n">RuleResult</span> <span class="k">class</span> <span class="nc">PIIProtectionRule</span><span class="p">(</span><span class="n">Rule</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">patterns</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">ssn</span><span class="sh">'</span><span class="p">:</span> <span class="sa">r</span><span class="sh">'</span><span class="s">\b\d{3}-?\d{2}-?\d{4}\b</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">credit_card</span><span class="sh">'</span><span class="p">:</span> <span class="sa">r</span><span class="sh">'</span><span class="s">\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">email</span><span class="sh">'</span><span class="p">:</span> <span class="sa">r</span><span class="sh">'</span><span class="s">\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">phone</span><span class="sh">'</span><span class="p">:</span> <span class="sa">r</span><span class="sh">'</span><span class="s">\b\d{3}[-.]?\d{3}[-.]?\d{4}\b</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">ip_address</span><span class="sh">'</span><span class="p">:</span> <span class="sa">r</span><span class="sh">'</span><span class="s">\b(?:\d{1,3}\.){3}\d{1,3}\b</span><span class="sh">'</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">evaluate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">response</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span> <span class="n">prompt</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">prompt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span> <span class="n">violations</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">redacted_prompt</span> <span class="o">=</span> <span class="n">prompt</span> <span class="k">for</span> <span class="n">pii_type</span><span class="p">,</span> <span class="n">pattern</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">patterns</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="n">matches</span> <span class="o">=</span> <span class="n">re</span><span class="p">.</span><span class="nf">finditer</span><span class="p">(</span><span class="n">pattern</span><span class="p">,</span> <span class="n">prompt</span><span class="p">,</span> <span class="n">re</span><span class="p">.</span><span class="n">IGNORECASE</span><span class="p">)</span> <span class="k">for</span> <span class="n">match</span> <span class="ow">in</span> <span class="n">matches</span><span class="p">:</span> <span class="n">violations</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="n">pii_type</span><span class="p">,</span> <span class="sh">'</span><span class="s">value</span><span class="sh">'</span><span class="p">:</span> <span class="n">match</span><span class="p">.</span><span class="nf">group</span><span class="p">(),</span> <span class="sh">'</span><span class="s">position</span><span class="sh">'</span><span class="p">:</span> <span class="n">match</span><span class="p">.</span><span class="nf">span</span><span class="p">()</span> <span class="p">})</span> <span class="c1"># Redact the PII </span> <span class="n">redacted_prompt</span> <span class="o">=</span> <span class="n">redacted_prompt</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span> <span class="n">match</span><span class="p">.</span><span class="nf">group</span><span class="p">(),</span> <span class="sa">f</span><span class="sh">'</span><span class="s">[REDACTED_</span><span class="si">{</span><span class="n">pii_type</span><span class="p">.</span><span class="nf">upper</span><span class="p">()</span><span class="si">}</span><span class="s">]</span><span class="sh">'</span> <span class="p">)</span> <span class="k">if</span> <span class="n">violations</span><span class="p">:</span> <span class="c1"># For high-risk PII, block entirely </span> <span class="n">high_risk</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">ssn</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">credit_card</span><span class="sh">'</span><span class="p">]</span> <span class="k">if</span> <span class="nf">any</span><span class="p">(</span><span class="n">v</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="ow">in</span> <span class="n">high_risk</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">violations</span><span class="p">):</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">High-risk PII detected: </span><span class="si">{</span><span class="p">[</span><span class="n">v</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">violations</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">block</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">violations</span><span class="sh">'</span><span class="p">:</span> <span class="n">violations</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># For lower-risk PII, redact and warn </span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">PII detected and redacted: </span><span class="si">{</span><span class="p">[</span><span class="n">v</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">violations</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">modify</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">violations</span><span class="sh">'</span><span class="p">:</span> <span class="n">violations</span><span class="p">,</span> <span class="sh">'</span><span class="s">modified_prompt</span><span class="sh">'</span><span class="p">:</span> <span class="n">redacted_prompt</span> <span class="p">}</span> <span class="p">)</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span><span class="n">passed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sh">"</span><span class="s">No PII detected</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Rule 3: Content Appropriateness with Business Context </h3> <p>Problem: Your legal research agent keeps trying to get ChatGPT to write creative fiction about murder trials. Your lawyers are not amused.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># custom_rules/content_appropriateness.py </span><span class="kn">from</span> <span class="n">airblackbox.rules</span> <span class="kn">import</span> <span class="n">Rule</span><span class="p">,</span> <span class="n">RuleResult</span> <span class="kn">import</span> <span class="n">openai</span> <span class="k">class</span> <span class="nc">ContentAppropriatenessRule</span><span class="p">(</span><span class="n">Rule</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">allowed_domains</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="nc">OpenAI</span><span class="p">()</span> <span class="c1"># For moderation API </span> <span class="n">self</span><span class="p">.</span><span class="n">allowed_domains</span> <span class="o">=</span> <span class="n">allowed_domains</span> <span class="ow">or</span> <span class="p">[]</span> <span class="c1"># Business context keywords that make otherwise flagged content acceptable </span> <span class="n">self</span><span class="p">.</span><span class="n">business_contexts</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">legal_research</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">case law</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">legal precedent</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">court ruling</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">litigation</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">security_research</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">vulnerability</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">penetration test</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">security audit</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">medical_research</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">clinical trial</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">medical study</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">patient care</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">content_moderation</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">content policy</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">moderation guidelines</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">user safety</span><span class="sh">'</span><span class="p">]</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">evaluate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">response</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span> <span class="n">prompt</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">prompt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span> <span class="n">user_domain</span> <span class="o">=</span> <span class="n">metadata</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">user_domain</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">general</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Run OpenAI's moderation check </span> <span class="k">try</span><span class="p">:</span> <span class="n">moderation_response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="n">moderations</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nb">input</span><span class="o">=</span><span class="n">prompt</span><span class="p">)</span> <span class="n">flagged</span> <span class="o">=</span> <span class="n">moderation_response</span><span class="p">.</span><span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">flagged</span> <span class="n">categories</span> <span class="o">=</span> <span class="n">moderation_response</span><span class="p">.</span><span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">categories</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Moderation check failed: </span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">block</span><span class="sh">"</span> <span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">flagged</span><span class="p">:</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span><span class="n">passed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sh">"</span><span class="s">Content passed moderation</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Content is flagged, check for business context exceptions </span> <span class="n">flagged_categories</span> <span class="o">=</span> <span class="p">[</span><span class="n">cat</span> <span class="k">for</span> <span class="n">cat</span><span class="p">,</span> <span class="n">flagged</span> <span class="ow">in</span> <span class="n">categories</span><span class="p">.</span><span class="n">__dict__</span><span class="p">.</span><span class="nf">items</span><span class="p">()</span> <span class="k">if</span> <span class="n">flagged</span><span class="p">]</span> <span class="c1"># Check if user domain allows this type of content </span> <span class="k">if</span> <span class="n">user_domain</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">business_contexts</span><span class="p">:</span> <span class="n">context_keywords</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">business_contexts</span><span class="p">[</span><span class="n">user_domain</span><span class="p">]</span> <span class="k">if</span> <span class="nf">any</span><span class="p">(</span><span class="n">keyword</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="ow">in</span> <span class="n">prompt</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="k">for</span> <span class="n">keyword</span> <span class="ow">in</span> <span class="n">context_keywords</span><span class="p">):</span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Content flagged but allowed for </span><span class="si">{</span><span class="n">user_domain</span><span class="si">}</span><span class="s"> context</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">warn</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">flagged_categories</span><span class="sh">'</span><span class="p">:</span> <span class="n">flagged_categories</span><span class="p">,</span> <span class="sh">'</span><span class="s">business_context</span><span class="sh">'</span><span class="p">:</span> <span class="n">user_domain</span><span class="p">,</span> <span class="sh">'</span><span class="s">justification</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Business context exception applied</span><span class="sh">'</span> <span class="p">}</span> <span class="p">)</span> <span class="c1"># No business context exception, block the request </span> <span class="k">return</span> <span class="nc">RuleResult</span><span class="p">(</span> <span class="n">passed</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Content flagged for: </span><span class="si">{</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">flagged_categories</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">action</span><span class="o">=</span><span class="sh">"</span><span class="s">block</span><span class="sh">"</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">flagged_categories</span><span class="sh">'</span><span class="p">:</span> <span class="n">flagged_categories</span><span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Wiring It All Together </h3> <p>Now let's create a policy engine that runs all these rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># policy_engine.py </span><span class="kn">from</span> <span class="n">airblackbox</span> <span class="kn">import</span> <span class="n">Gateway</span> <span class="kn">from</span> <span class="n">custom_rules.rate_limiting</span> <span class="kn">import</span> <span class="n">UserRoleLimiter</span> <span class="kn">from</span> <span class="n">custom_rules.pii_protection</span> <span class="kn">import</span> <span class="n">PIIProtectionRule</span> <span class="kn">from</span> <span class="n">custom_rules.content_appropriateness</span> <span class="kn">import</span> <span class="n">ContentAppropriatenessRule</span> <span class="c1"># Initialize the gateway with custom rules </span><span class="n">gateway</span> <span class="o">=</span> <span class="nc">Gateway</span><span class="p">()</span> <span class="c1"># Add your custom rules </span><span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">UserRoleLimiter</span><span class="p">())</span> <span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">PIIProtectionRule</span><span class="p">())</span> <span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">ContentAppropriatenessRule</span><span class="p">(</span> <span class="n">allowed_domains</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">legal_research</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">security_research</span><span class="sh">'</span><span class="p">]</span> <span class="p">))</span> <span class="c1"># Start the gateway </span><span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">gateway</span><span class="p">.</span><span class="nf">start</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="sh">"</span><span class="s">0.0.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">8080</span><span class="p">)</span> </code></pre> </div> <h2> Pitfalls: What Will Break and How to Fix It </h2> <h3> 1. Rule Ordering Matters </h3> <p><strong>Problem</strong>: Your PII redaction rule runs after your rate limiting rule, so you're counting tokens for text that gets modified.</p> <p><strong>Solution</strong>: Rules run in the order you add them. Put modification rules (like PII redaction) first, then validation rules (like rate limits).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Wrong order </span><span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">UserRoleLimiter</span><span class="p">())</span> <span class="c1"># Counts original tokens </span><span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">PIIProtectionRule</span><span class="p">())</span> <span class="c1"># Then redacts </span> <span class="c1"># Right order </span><span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">PIIProtectionRule</span><span class="p">())</span> <span class="c1"># Redacts first </span><span class="n">gateway</span><span class="p">.</span><span class="nf">add_rule</span><span class="p">(</span><span class="nc">UserRoleLimiter</span><span class="p">())</span> <span class="c1"># Counts redacted tokens </span></code></pre> </div> <h3> 2. Performance Death by A Thousand Cuts </h3> <p><strong>Problem</strong>: You added 20 rules that each make external API calls. Your response time went from 200ms to 5 seconds.</p> <p><strong>Solution</strong>: Cache expensive operations and use async where possible:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">functools</span> <span class="kn">import</span> <span class="n">lru_cache</span> <span class="kn">import</span> <span class="n">asyncio</span> <span class="k">class</span> <span class="nc">OptimizedPIIRule</span><span class="p">(</span><span class="n">Rule</span><span class="p">):</span> <span class="nd">@lru_cache</span><span class="p">(</span><span class="n">maxsize</span><span class="o">=</span><span class="mi">1000</span><span class="p">)</span> <span class="k">def</span> <span class="nf">_check_patterns</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">text_hash</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span> <span class="c1"># Expensive regex operations cached by hash </span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="nf">_find_pii_violations</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">evaluate_async</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">response</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span> <span class="c1"># Run expensive operations in parallel </span> <span class="n">text_hash</span> <span class="o">=</span> <span class="nf">hash</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">prompt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">))</span> <span class="n">violations</span> <span class="o">=</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">to_thread</span><span class="p">(</span> <span class="n">self</span><span class="p">.</span><span class="n">_check_patterns</span><span class="p">,</span> <span class="n">text_hash</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">prompt</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span> <span class="p">)</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="nf">_build_result</span><span class="p">(</span><span class="n">violations</span><span class="p">)</span> </code></pre> </div> <h3> 3. State Management in Distributed Systems </h3> <p><strong>Problem</strong>: You're running multiple gateway instances behind a load balancer. Rate limits work inconsistently because each instance has its own Redis connection and state.</p> <p><strong>Solution</strong>: Use Redis Cluster or a shared state backend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">redis.sentinel</span> <span class="k">class</span> <span class="nc">DistributedUserRoleLimiter</span><span class="p">(</span><span class="n">Rule</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="c1"># Use Redis Sentinel for high availability </span> <span class="n">sentinel</span> <span class="o">=</span> <span class="n">redis</span><span class="p">.</span><span class="n">sentinel</span><span class="p">.</span><span class="nc">Sentinel</span><span class="p">([</span> <span class="p">(</span><span class="sh">'</span><span class="s">localhost</span><span class="sh">'</span><span class="p">,</span> <span class="mi">26379</span><span class="p">),</span> <span class="p">(</span><span class="sh">'</span><span class="s">localhost</span><span class="sh">'</span><span class="p">,</span> <span class="mi">26380</span><span class="p">),</span> <span class="p">(</span><span class="sh">'</span><span class="s">localhost</span><span class="sh">'</span><span class="p">,</span> <span class="mi">26381</span><span class="p">)</span> <span class="p">])</span> <span class="n">self</span><span class="p">.</span><span class="n">redis</span> <span class="o">=</span> <span class="n">sentinel</span><span class="p">.</span><span class="nf">master_for</span><span class="p">(</span><span class="sh">'</span><span class="s">mymaster</span><span class="sh">'</span><span class="p">,</span> <span class="n">socket_timeout</span><span class="o">=</span><span class="mf">0.1</span><span class="p">)</span> </code></pre> </div> <h2> Measurement: How to Know It's Working </h2> <p>Your rules are only as good as your ability to measure their effectiveness. Here's how to build observability into your policy engine:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># monitoring.py </span><span class="kn">from</span> <span class="n">dataclasses</span> <span class="kn">import</span> <span class="n">dataclass</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">json</span> <span class="nd">@dataclass</span> <span class="k">class</span> <span class="nc">RuleMetrics</span><span class="p">:</span> <span class="n">rule_name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">executions</span><span class="p">:</span> <span class="nb">int</span> <span class="n">blocks</span><span class="p">:</span> <span class="nb">int</span> <span class="n">warnings</span><span class="p">:</span> <span class="nb">int</span> <span class="n">avg_execution_time</span><span class="p">:</span> <span class="nb">float</span> <span class="n">last_violation</span><span class="p">:</span> <span class="n">datetime</span> <span class="k">class</span> <span class="nc">PolicyMonitor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">metrics</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">record_execution</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">rule_name</span><span class="p">,</span> <span class="n">execution_time</span><span class="p">,</span> <span class="n">result</span><span class="p">):</span> <span class="k">if</span> <span class="n">rule_name</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">metrics</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">metrics</span><span class="p">[</span><span class="n">rule_name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">executions</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">'</span><span class="s">blocks</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">'</span><span class="s">warnings</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">'</span><span class="s">total_time</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">'</span><span class="s">last_violation</span><span class="sh">'</span><span class="p">:</span> <span class="bp">None</span> <span class="p">}</span> <span class="n">m</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">metrics</span><span class="p">[</span><span class="n">rule_name</span><span class="p">]</span> <span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">executions</span><span class="sh">'</span><span class="p">]</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">total_time</span><span class="sh">'</span><span class="p">]</span> <span class="o">+=</span> <span class="n">execution_time</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">action</span> <span class="o">==</span> <span class="sh">'</span><span class="s">block</span><span class="sh">'</span><span class="p">:</span> <span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">blocks</span><span class="sh">'</span><span class="p">]</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">last_violation</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="k">elif</span> <span class="n">result</span><span class="p">.</span><span class="n">action</span> <span class="o">==</span> <span class="sh">'</span><span class="s">warn</span><span class="sh">'</span><span class="p">:</span> <span class="n">m</span><span class="p">[</span><span class="sh">'</span><span class="s">warnings</span><span class="sh">'</span><span class="p">]</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">def</span> <span class="nf">get_dashboard_data</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">dashboard</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">rule_name</span><span class="p">,</span> <span class="n">data</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">metrics</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="n">dashboard</span><span class="p">[</span><span class="n">rule_name</span><span class="p">]</span> <span class="o">=</span> <span class="nc">RuleMetrics</span><span class="p">(</span> <span class="n">rule_name</span><span class="o">=</span><span class="n">rule_name</span><span class="p">,</span> <span class="n">executions</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">executions</span><span class="sh">'</span><span class="p">],</span> <span class="n">blocks</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">blocks</span><span class="sh">'</span><span class="p">],</span> <span class="n">warnings</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">warnings</span><span class="sh">'</span><span class="p">],</span> <span class="n">avg_execution_time</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">total_time</span><span class="sh">'</span><span class="p">]</span> <span class="o">/</span> <span class="nf">max</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">executions</span><span class="sh">'</span><span class="p">],</span> <span class="mi">1</span><span class="p">),</span> <span class="n">last_violation</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">last_violation</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="k">return</span> <span class="n">dashboard</span> </code></pre> </div> <p>Key metrics to track:</p> <ul> <li> <strong>Rule execution frequency</strong> (are your rules actually running?)</li> <li> <strong>Block/warn rates</strong> (too high = rules too strict, too low = rules not catching issues)</li> <li> <strong>False positive rates</strong> (measure via manual review of blocked requests)</li> <li> <strong>Performance impact</strong> (rule execution time vs total request time)</li> </ul> <h2> Next Steps </h2> <p>You now have the blueprint for AI policies that actually enforce themselves. But reading about rules and running them in production are different beasts entirely.</p> <p>Want to see this in action? Clone the <a href="https://github.com/airblackbox/policy-examples" rel="noopener noreferrer">Airblackbox policy examples repo</a> and run these rules against real traffic. The repo includes:</p> <ul> <li>Complete working examples of all three rules above</li> <li>Docker Compose setup with Redis and monitoring dashboards</li> <li>Test scenarios that trigger each rule type</li> <li>Performance benchmarks for rule execution</li> </ul> <p>Or jump straight into the deep end: Install Airblackbox, point it at your existing AI agents, and watch what your policies actually catch. You'll be surprised what your agents are trying to do when you're not looking.</p> <p>Because the best AI governance policy is the one that runs itself. Everything else is just expensive theater.</p> <p><em><a href="https://airblackbox.com" rel="noopener noreferrer">Try Airblackbox</a> — Because your AI agents need adult supervision, not mission statements.</em></p> airblackbox aidebugging observability tutorial Jason Shotwell Thu, 02 Apr 2026 14:59:23 +0000 https://forem.com/json_shotwell/why-your-streaming-ai-agent-looks-broken-and-how-to-fix-it-23a7 https://forem.com/json_shotwell/why-your-streaming-ai-agent-looks-broken-and-how-to-fix-it-23a7 <h1> Why Your Streaming AI Agent Looks Broken (And How to Fix It) </h1> <p>Your streaming AI agent appears to think for 30 seconds, then vomits a wall of text all at once — congratulations, you've built a very expensive typewriter with performance anxiety.</p> <h2> The Problem: When "Streaming" Isn't Actually Streaming </h2> <p>You've hooked up your beautiful AI agent to OpenAI's streaming API. The docs promise smooth, real-time token delivery. Your code looks perfect. But users are staring at loading spinners for eons, then getting hit with text dumps that would make a fire hose jealous.</p> <p>The culprit? <strong>Gateway buffering</strong>. </p> <p>Every reverse proxy, load balancer, and observability tool between your agent and OpenAI is helpfully "optimizing" your stream by collecting tokens into neat little batches. Your streaming response gets turned into a buffered response, and your users get a front-row seat to watching paint dry.</p> <p>This isn't just a UX problem — it's an architecture problem. When your AI agent's thinking process is invisible, users assume it's broken. When responses arrive in chunks instead of flowing naturally, the illusion of intelligence shatters.</p> <p>The deeper issue: most observability solutions for AI agents weren't designed with streaming in mind. They intercept, process, and forward — which is exactly what you don't want when every millisecond matters for perceived responsiveness.</p> <h2> Architecture: How Streaming Actually Works (When It Works) </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>graph TD A[User Request] --&gt; B[Your AI Agent] B --&gt; C[Airblackbox Gateway] C --&gt; D[OpenAI API] D --&gt; E[Token Stream] E --&gt; F[Gateway Processing] F --&gt; G[Buffering Decision Point] G --&gt;|Bad Path| H[Buffer Tokens] H --&gt; I[Batch Forward] I --&gt; J[Wall of Text] G --&gt;|Good Path| K[Stream Through] K --&gt; L[Real-time Tokens] L --&gt; M[Smooth User Experience] style H fill:#ff9999 style I fill:#ff9999 style J fill:#ff9999 style K fill:#99ff99 style L fill:#99ff99 style M fill:#99ff99 </code></pre> </div> <p>The critical insight: <strong>observability and streaming are not mutually exclusive</strong>. You can record everything that flows through your system without breaking the flow. The gateway needs to be smart enough to tee the stream — capturing data for debugging while preserving the real-time experience.</p> <h2> Implementation: Building a Streaming-First Gateway </h2> <p>Let's build this properly. We'll create a streaming gateway that captures everything for debugging without breaking the user experience.</p> <h3> Step 1: Set Up the Streaming Gateway </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">asyncio</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">AsyncGenerator</span><span class="p">,</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">Request</span><span class="p">,</span> <span class="n">Response</span> <span class="kn">from</span> <span class="n">fastapi.responses</span> <span class="kn">import</span> <span class="n">StreamingResponse</span> <span class="kn">import</span> <span class="n">httpx</span> <span class="kn">import</span> <span class="n">uvicorn</span> <span class="k">class</span> <span class="nc">StreamingGateway</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">target_base_url</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://api.openai.com</span><span class="sh">"</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">target_base_url</span> <span class="o">=</span> <span class="n">target_base_url</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span> <span class="o">=</span> <span class="n">httpx</span><span class="p">.</span><span class="nc">AsyncClient</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">proxy_stream</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">StreamingResponse</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Proxy streaming requests while capturing data</span><span class="sh">"""</span> <span class="c1"># Capture request metadata </span> <span class="n">call_start</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">request_body</span> <span class="o">=</span> <span class="k">await</span> <span class="n">request</span><span class="p">.</span><span class="nf">body</span><span class="p">()</span> <span class="n">request_data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">request_body</span><span class="p">)</span> <span class="k">if</span> <span class="n">request_body</span> <span class="k">else</span> <span class="p">{}</span> <span class="n">call_record</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">call_</span><span class="si">{</span><span class="nf">int</span><span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">call_start</span><span class="p">,</span> <span class="sh">"</span><span class="s">method</span><span class="sh">"</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span><span class="p">,</span> <span class="sh">"</span><span class="s">path</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span><span class="p">),</span> <span class="sh">"</span><span class="s">request</span><span class="sh">"</span><span class="p">:</span> <span class="n">request_data</span><span class="p">,</span> <span class="sh">"</span><span class="s">response_tokens</span><span class="sh">"</span><span class="p">:</span> <span class="p">[],</span> <span class="sh">"</span><span class="s">latency_ms</span><span class="sh">"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">streaming</span><span class="sh">"</span> <span class="p">}</span> <span class="c1"># Forward request to OpenAI </span> <span class="n">target_url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">target_base_url</span><span class="si">}{</span><span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span><span class="si">}</span><span class="sh">"</span> <span class="n">headers</span> <span class="o">=</span> <span class="nf">dict</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">)</span> <span class="c1"># Remove hop-by-hop headers that break streaming </span> <span class="n">headers</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="sh">'</span><span class="s">host</span><span class="sh">'</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="n">headers</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="sh">'</span><span class="s">content-length</span><span class="sh">'</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">stream_and_record</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Stream response while recording tokens</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="nf">stream</span><span class="p">(</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span><span class="p">,</span> <span class="n">target_url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">content</span><span class="o">=</span><span class="n">request_body</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mf">60.0</span> <span class="p">)</span> <span class="k">as</span> <span class="n">response</span><span class="p">:</span> <span class="c1"># Forward response headers </span> <span class="n">response_headers</span> <span class="o">=</span> <span class="nf">dict</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">)</span> <span class="c1"># Critical: preserve streaming headers </span> <span class="k">if</span> <span class="sh">'</span><span class="s">transfer-encoding</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">response_headers</span><span class="p">:</span> <span class="k">del</span> <span class="n">response_headers</span><span class="p">[</span><span class="sh">'</span><span class="s">content-length</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Stream tokens in real-time </span> <span class="k">async</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="nf">aiter_bytes</span><span class="p">():</span> <span class="k">if</span> <span class="n">chunk</span><span class="p">:</span> <span class="c1"># Record chunk for debugging (non-blocking) </span> <span class="n">self</span><span class="p">.</span><span class="nf">_record_chunk</span><span class="p">(</span><span class="n">call_record</span><span class="p">,</span> <span class="n">chunk</span><span class="p">)</span> <span class="c1"># IMMEDIATELY yield to user (this is the magic) </span> <span class="k">yield</span> <span class="n">chunk</span> <span class="c1"># Finalize recording </span> <span class="n">call_record</span><span class="p">[</span><span class="sh">"</span><span class="s">latency_ms</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">call_start</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1000</span> <span class="n">call_record</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">completed</span><span class="sh">"</span> <span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">call_record</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">call_record</span><span class="p">[</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="n">call_record</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span> <span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">call_record</span><span class="p">)</span> <span class="k">raise</span> <span class="k">return</span> <span class="nc">StreamingResponse</span><span class="p">(</span> <span class="nf">stream_and_record</span><span class="p">(),</span> <span class="n">media_type</span><span class="o">=</span><span class="sh">"</span><span class="s">text/plain</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Cache-Control</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">no-cache</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">_record_chunk</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">call_record</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">],</span> <span class="n">chunk</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Record streaming chunk without blocking</span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="n">chunk_text</span> <span class="o">=</span> <span class="n">chunk</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="sh">'</span><span class="s">utf-8</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">chunk_text</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sh">'</span><span class="s">data: </span><span class="sh">'</span><span class="p">):</span> <span class="n">data_line</span> <span class="o">=</span> <span class="n">chunk_text</span><span class="p">[</span><span class="mi">6</span><span class="p">:].</span><span class="nf">strip</span><span class="p">()</span> <span class="k">if</span> <span class="n">data_line</span> <span class="o">!=</span> <span class="sh">'</span><span class="s">[DONE]</span><span class="sh">'</span><span class="p">:</span> <span class="n">token_data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">data_line</span><span class="p">)</span> <span class="k">if</span> <span class="sh">'</span><span class="s">choices</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">token_data</span><span class="p">:</span> <span class="k">for</span> <span class="n">choice</span> <span class="ow">in</span> <span class="n">token_data</span><span class="p">[</span><span class="sh">'</span><span class="s">choices</span><span class="sh">'</span><span class="p">]:</span> <span class="k">if</span> <span class="sh">'</span><span class="s">delta</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">choice</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">content</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">choice</span><span class="p">[</span><span class="sh">'</span><span class="s">delta</span><span class="sh">'</span><span class="p">]:</span> <span class="n">call_record</span><span class="p">[</span><span class="sh">"</span><span class="s">response_tokens</span><span class="sh">"</span><span class="p">].</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">choice</span><span class="p">[</span><span class="sh">'</span><span class="s">delta</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">content</span><span class="sh">'</span><span class="p">],</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="p">})</span> <span class="k">except</span><span class="p">:</span> <span class="c1"># Don't break streaming for recording failures </span> <span class="k">pass</span> <span class="c1"># FastAPI app </span><span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">Streaming Gateway</span><span class="sh">"</span><span class="p">)</span> <span class="n">gateway</span> <span class="o">=</span> <span class="nc">StreamingGateway</span><span class="p">()</span> <span class="nd">@app.api_route</span><span class="p">(</span><span class="sh">"</span><span class="s">/v1/{path:path}</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PUT</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELETE</span><span class="sh">"</span><span class="p">])</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">proxy_handler</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Handle all OpenAI API routes</span><span class="sh">"""</span> <span class="k">return</span> <span class="k">await</span> <span class="n">gateway</span><span class="p">.</span><span class="nf">proxy_stream</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/debug/calls</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_recorded_calls</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Debug endpoint to inspect recorded calls</span><span class="sh">"""</span> <span class="k">return</span> <span class="n">gateway</span><span class="p">.</span><span class="n">recorded_calls</span> </code></pre> </div> <h3> Step 2: Configure Your AI Agent to Use the Gateway </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">openai</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">AsyncGenerator</span> <span class="k">class</span> <span class="nc">StreamingAgent</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">gateway_url</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://localhost:8000</span><span class="sh">"</span><span class="p">):</span> <span class="c1"># Point OpenAI client to your gateway instead of api.openai.com </span> <span class="n">self</span><span class="p">.</span><span class="n">client</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="nc">AsyncOpenAI</span><span class="p">(</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">your-openai-key</span><span class="sh">"</span><span class="p">,</span> <span class="n">base_url</span><span class="o">=</span><span class="n">gateway_url</span> <span class="o">+</span> <span class="sh">"</span><span class="s">/v1</span><span class="sh">"</span> <span class="c1"># Gateway intercepts here </span> <span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">stream_response</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">prompt</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">AsyncGenerator</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="bp">None</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Stream AI response through the gateway</span><span class="sh">"""</span> <span class="n">stream</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">}],</span> <span class="n">stream</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.7</span> <span class="p">)</span> <span class="k">async</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="k">if</span> <span class="n">chunk</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">delta</span><span class="p">.</span><span class="n">content</span><span class="p">:</span> <span class="c1"># This arrives in real-time thanks to the gateway </span> <span class="k">yield</span> <span class="n">chunk</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">delta</span><span class="p">.</span><span class="n">content</span> <span class="c1"># Usage example </span><span class="k">async</span> <span class="k">def</span> <span class="nf">demo_streaming</span><span class="p">():</span> <span class="n">agent</span> <span class="o">=</span> <span class="nc">StreamingAgent</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Streaming response:</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">agent</span><span class="p">.</span><span class="nf">stream_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Explain quantum computing in simple terms</span><span class="sh">"</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="n">end</span><span class="o">=</span><span class="sh">""</span><span class="p">,</span> <span class="n">flush</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\n\n</span><span class="s">Done!</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="nf">demo_streaming</span><span class="p">())</span> </code></pre> </div> <h3> Step 3: Run the Complete System </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Terminal 1: Start the gateway</span> python streaming_gateway.py uvicorn streaming_gateway:app <span class="nt">--port</span> 8000 <span class="nt">--reload</span> <span class="c"># Terminal 2: Run your agent</span> python streaming_agent.py </code></pre> </div> <h2> Pitfalls: What Will Break and How to Handle It </h2> <h3> 1. <strong>Header Hell</strong> </h3> <p><strong>Problem</strong>: HTTP headers like <code>content-length</code> break streaming.<br><br> <strong>Fix</strong>: Strip hop-by-hop headers and preserve <code>transfer-encoding: chunked</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - keeps content-length </span><span class="n">headers</span> <span class="o">=</span> <span class="nf">dict</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">)</span> <span class="c1"># Good - removes streaming-breaking headers </span><span class="n">headers</span> <span class="o">=</span> <span class="nf">dict</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">)</span> <span class="n">headers</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="sh">'</span><span class="s">host</span><span class="sh">'</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="n">headers</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="sh">'</span><span class="s">content-length</span><span class="sh">'</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> </code></pre> </div> <h3> 2. <strong>Timeout Disasters</strong> </h3> <p><strong>Problem</strong>: Default timeouts kill long-running streams.<br><br> <strong>Fix</strong>: Set generous timeouts and handle partial failures gracefully.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - will timeout on long responses </span><span class="k">async</span> <span class="k">with</span> <span class="n">httpx</span><span class="p">.</span><span class="nc">AsyncClient</span><span class="p">()</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="c1"># Uses default 5-second timeout </span> <span class="c1"># Good - allows for long streams </span><span class="k">async</span> <span class="k">with</span> <span class="n">httpx</span><span class="p">.</span><span class="nc">AsyncClient</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="mf">60.0</span><span class="p">)</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">client</span><span class="p">.</span><span class="nf">stream</span><span class="p">(...)</span> <span class="k">as</span> <span class="n">response</span><span class="p">:</span> <span class="c1"># Handle timeouts without breaking user experience </span></code></pre> </div> <h3> 3. <strong>Recording Blocks Streaming</strong> </h3> <p><strong>Problem</strong>: Heavy processing in the recording path slows token delivery.<br><br> <strong>Fix</strong>: Make recording async and non-blocking. Never let observability break user experience.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Bad - synchronous recording blocks streaming </span><span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">response</span><span class="p">:</span> <span class="nf">process_and_store_chunk</span><span class="p">(</span><span class="n">chunk</span><span class="p">)</span> <span class="c1"># This blocks! </span> <span class="k">yield</span> <span class="n">chunk</span> <span class="c1"># Good - async recording doesn't block </span><span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">response</span><span class="p">:</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">create_task</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="nf">_record_chunk_async</span><span class="p">(</span><span class="n">chunk</span><span class="p">))</span> <span class="c1"># Non-blocking </span> <span class="k">yield</span> <span class="n">chunk</span> <span class="c1"># Immediate delivery </span></code></pre> </div> <h3> 4. <strong>Memory Leaks from Unbounded Recording</strong> </h3> <p><strong>Problem</strong>: Recording every token forever crashes your gateway.<br><br> <strong>Fix</strong>: Implement rotation and cleanup for recorded data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">StreamingGateway</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">max_recorded_calls</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">1000</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">self</span><span class="p">.</span><span class="n">max_recorded_calls</span> <span class="o">=</span> <span class="n">max_recorded_calls</span> <span class="k">def</span> <span class="nf">_cleanup_old_records</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span><span class="p">)</span> <span class="o">&gt;</span> <span class="n">self</span><span class="p">.</span><span class="n">max_recorded_calls</span><span class="p">:</span> <span class="c1"># Keep only recent calls </span> <span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">recorded_calls</span><span class="p">[</span><span class="o">-</span><span class="n">self</span><span class="p">.</span><span class="n">max_recorded_calls</span><span class="p">:]</span> </code></pre> </div> <h2> Measurement: How to Know It's Working </h2> <h3> 1. <strong>Latency Metrics</strong> </h3> <p>Track time-to-first-token (TTFT) and inter-token latency:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">measure_streaming_performance</span><span class="p">():</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">first_token_time</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">token_times</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">async</span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">agent</span><span class="p">.</span><span class="nf">stream_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Test prompt</span><span class="sh">"</span><span class="p">):</span> <span class="n">current_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">if</span> <span class="n">first_token_time</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">first_token_time</span> <span class="o">=</span> <span class="n">current_time</span> <span class="n">ttft</span> <span class="o">=</span> <span class="p">(</span><span class="n">first_token_time</span> <span class="o">-</span> <span class="n">start_time</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1000</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Time to first token: </span><span class="si">{</span><span class="n">ttft</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">ms</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">inter_token_latency</span> <span class="o">=</span> <span class="p">(</span><span class="n">current_time</span> <span class="o">-</span> <span class="n">token_times</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">])</span> <span class="o">*</span> <span class="mi">1000</span> <span class="k">if</span> <span class="n">token_times</span> <span class="k">else</span> <span class="mi">0</span> <span class="n">token_times</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">current_time</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Inter-token latency: </span><span class="si">{</span><span class="n">inter_token_latency</span><span class="si">:</span><span class="p">.</span><span class="mi">2</span><span class="n">f</span><span class="si">}</span><span class="s">ms</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 2. <strong>Gateway Health Check</strong> </h3> <p>Monitor your gateway's impact on streaming performance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/health/streaming</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">streaming_health</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Check if streaming is working properly</span><span class="sh">"""</span> <span class="n">recent_calls</span> <span class="o">=</span> <span class="p">[</span><span class="n">c</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">gateway</span><span class="p">.</span><span class="n">recorded_calls</span> <span class="k">if</span> <span class="n">c</span><span class="p">[</span><span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="mi">300</span><span class="p">]</span> <span class="n">streaming_calls</span> <span class="o">=</span> <span class="p">[</span><span class="n">c</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">recent_calls</span> <span class="k">if</span> <span class="n">c</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">response_tokens</span><span class="sh">"</span><span class="p">)]</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">streaming_calls</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">unhealthy</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">no_streaming_calls</span><span class="sh">"</span><span class="p">}</span> <span class="n">avg_ttft</span> <span class="o">=</span> <span class="nf">sum</span><span class="p">(</span><span class="n">c</span><span class="p">[</span><span class="sh">"</span><span class="s">response_tokens</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">]</span> <span class="o">-</span> <span class="n">c</span><span class="p">[</span><span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">streaming_calls</span><span class="p">)</span> <span class="o">/</span> <span class="nf">len</span><span class="p">(</span><span class="n">streaming_calls</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">healthy</span><span class="sh">"</span> <span class="k">if</span> <span class="n">avg_ttft</span> <span class="o">&lt;</span> <span class="mf">2.0</span> <span class="k">else</span> <span class="sh">"</span><span class="s">degraded</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">avg_ttft_ms</span><span class="sh">"</span><span class="p">:</span> <span class="n">avg_ttft</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="sh">"</span><span class="s">streaming_calls_5min</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">streaming_calls</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <strong>User Experience Validation</strong> </h3> <p>The ultimate test — does it feel responsive?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">ux_test</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Simulate user experience with streaming</span><span class="sh">"""</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Testing user experience...</span><span class="sh">"</span><span class="p">)</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">token_count</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">async</span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">agent</span><span class="p">.</span><span class="nf">stream_response</span><span class="p">(</span><span class="sh">"</span><span class="s">Write a story about a cat</span><span class="sh">"</span><span class="p">):</span> <span class="n">token_count</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">elapsed</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start_time</span> <span class="k">if</span> <span class="n">token_count</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">✓ First token arrived in </span><span class="si">{</span><span class="n">elapsed</span><span class="o">*</span><span class="mi">1000</span><span class="si">:</span><span class="p">.</span><span class="mi">0</span><span class="n">f</span><span class="si">}</span><span class="s">ms</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">token_count</span> <span class="o">%</span> <span class="mi">10</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="n">rate</span> <span class="o">=</span> <span class="n">token_count</span> <span class="o">/</span> <span class="n">elapsed</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">✓ </span><span class="si">{</span><span class="n">token_count</span><span class="si">}</span><span class="s"> tokens at </span><span class="si">{</span><span class="n">rate</span><span class="si">:</span><span class="p">.</span><span class="mi">1</span><span class="n">f</span><span class="si">}</span><span class="s"> tokens/sec</span><span class="sh">"</span><span class="p">)</span> <span class="n">total_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start_time</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">✓ Complete response: </span><span class="si">{</span><span class="n">token_count</span><span class="si">}</span><span class="s"> tokens in </span><span class="si">{</span><span class="n">total_time</span><span class="si">:</span><span class="p">.</span><span class="mi">1</span><span class="n">f</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Good streaming feels like the AI is thinking out loud. Bad streaming feels like the AI is constipated, then has explosive diarrhea.</p> <h2> Next Steps </h2> <p>Your streaming gateway is working, but this is just the foundation. Real production systems need more sophisticated observability that doesn't break the user experience.</p> <p><strong>Try Airblackbox Gateway</strong> — it handles all of this complexity for you, plus compliance scanning, cost tracking, and performance analytics. It's designed specifically for AI agents that can't afford to buffer.</p> <p>→ <strong>Clone the complete implementation</strong>: <a href="https://github.com/airblackbox/streaming-gateway-demo" rel="noopener noreferrer">github.com/airblackbox/streaming-gateway-demo</a><br><br> → <strong>See it in production</strong>: <a href="https://docs.airblackbox.com/gateway/streaming" rel="noopener noreferrer">docs.airblackbox.com/gateway/streaming</a></p> <p>Because your users shouldn't have to wonder if your AI agent is broken, sleeping, or just having an existential crisis. They should see it thinking, token by token, in real-time.</p> <p>That's how you build AI agents that feel intelligent instead of indifferent.</p> airblackbox aidebugging observability tutorial Jason Shotwell Wed, 01 Apr 2026 15:07:34 +0000 https://forem.com/json_shotwell/connect-crewai-to-airblackbox-3-command-integration-6hi https://forem.com/json_shotwell/connect-crewai-to-airblackbox-3-command-integration-6hi <h1> Connect CrewAI to Airblackbox: 3-Command Integration </h1> <p>Your CrewAI agents are making decisions in a black box. When something goes wrong (and it will), you're debugging with prayer and print statements. That's not engineering. That's wishful thinking.</p> <p>Airblackbox gives your CrewAI agents a flight recorder. Every LLM call, every decision, every failure — captured, indexed, and queryable. Three commands, zero configuration changes to your existing crew.</p> <h2> The Problem </h2> <p>CrewAI agents fail silently. They hallucinate confidently. They forget context mysteriously. When your crew goes sideways, you get an error message and a shrug. Good luck explaining that to your product manager.</p> <p>Without observability:</p> <ul> <li>Agent failures look like "it just stopped working"</li> <li>Performance optimization is guesswork</li> <li>Debugging requires rebuilding the entire conversation history</li> <li>Compliance audits become archaeological expeditions</li> </ul> <h2> The Solution: 3-Command Integration </h2> <p>Install Airblackbox, start the gateway, point your crew at it. That's it. No code changes. No refactoring. No "migration story."</p> <h3> Command 1: Install Airblackbox </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>airblackbox </code></pre> </div> <h3> Command 2: Start the Gateway </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>airblackbox gateway start <span class="nt">--port</span> 8000 </code></pre> </div> <p>This launches an OpenAI-compatible proxy that records everything while staying invisible to your crew.</p> <h3> Command 3: Point CrewAI at the Gateway </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">crewai</span> <span class="kn">import</span> <span class="n">Agent</span><span class="p">,</span> <span class="n">Task</span><span class="p">,</span> <span class="n">Crew</span> <span class="kn">from</span> <span class="n">langchain_openai</span> <span class="kn">import</span> <span class="n">ChatOpenAI</span> <span class="c1"># Only change: point base_url at localhost </span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">OPENAI_API_KEY</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">your-actual-openai-key</span><span class="sh">'</span> <span class="n">llm</span> <span class="o">=</span> <span class="nc">ChatOpenAI</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4</span><span class="sh">"</span><span class="p">,</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">http://localhost:8000/v1</span><span class="sh">"</span> <span class="c1"># &lt;-- This line </span><span class="p">)</span> <span class="n">researcher</span> <span class="o">=</span> <span class="nc">Agent</span><span class="p">(</span> <span class="n">role</span><span class="o">=</span><span class="sh">'</span><span class="s">Research Analyst</span><span class="sh">'</span><span class="p">,</span> <span class="n">goal</span><span class="o">=</span><span class="sh">'</span><span class="s">Find actionable insights about AI governance</span><span class="sh">'</span><span class="p">,</span> <span class="n">backstory</span><span class="o">=</span><span class="sh">"</span><span class="s">You</span><span class="sh">'</span><span class="s">re a meticulous researcher who digs deeper than headlines</span><span class="sh">"</span><span class="p">,</span> <span class="n">llm</span><span class="o">=</span><span class="n">llm</span><span class="p">,</span> <span class="n">verbose</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="n">writer</span> <span class="o">=</span> <span class="nc">Agent</span><span class="p">(</span> <span class="n">role</span><span class="o">=</span><span class="sh">'</span><span class="s">Technical Writer</span><span class="sh">'</span><span class="p">,</span> <span class="n">goal</span><span class="o">=</span><span class="sh">'</span><span class="s">Transform research into clear, actionable content</span><span class="sh">'</span><span class="p">,</span> <span class="n">backstory</span><span class="o">=</span><span class="sh">"</span><span class="s">You turn complex topics into tutorials developers actually bookmark</span><span class="sh">"</span><span class="p">,</span> <span class="n">llm</span><span class="o">=</span><span class="n">llm</span><span class="p">,</span> <span class="n">verbose</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="n">research_task</span> <span class="o">=</span> <span class="nc">Task</span><span class="p">(</span> <span class="n">description</span><span class="o">=</span><span class="sh">'</span><span class="s">Research the latest developments in AI agent observability</span><span class="sh">'</span><span class="p">,</span> <span class="n">agent</span><span class="o">=</span><span class="n">researcher</span><span class="p">,</span> <span class="n">expected_output</span><span class="o">=</span><span class="sh">"</span><span class="s">A detailed report with specific examples and use cases</span><span class="sh">"</span> <span class="p">)</span> <span class="n">writing_task</span> <span class="o">=</span> <span class="nc">Task</span><span class="p">(</span> <span class="n">description</span><span class="o">=</span><span class="sh">'</span><span class="s">Write a technical tutorial based on the research</span><span class="sh">'</span><span class="p">,</span> <span class="n">agent</span><span class="o">=</span><span class="n">writer</span><span class="p">,</span> <span class="n">expected_output</span><span class="o">=</span><span class="sh">"</span><span class="s">A 1000-word tutorial with code examples</span><span class="sh">"</span> <span class="p">)</span> <span class="n">crew</span> <span class="o">=</span> <span class="nc">Crew</span><span class="p">(</span> <span class="n">agents</span><span class="o">=</span><span class="p">[</span><span class="n">researcher</span><span class="p">,</span> <span class="n">writer</span><span class="p">],</span> <span class="n">tasks</span><span class="o">=</span><span class="p">[</span><span class="n">research_task</span><span class="p">,</span> <span class="n">writing_task</span><span class="p">],</span> <span class="n">verbose</span><span class="o">=</span><span class="mi">2</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">crew</span><span class="p">.</span><span class="nf">kickoff</span><span class="p">()</span> </code></pre> </div> <p>That's it. Your crew now has a flight recorder. Every LLM call goes through the gateway, gets recorded, and your crew never knows the difference.</p> <h2> What You Get Immediately </h2> <p><strong>Real-time monitoring:</strong> Watch your agents think in the Airblackbox dashboard at <code>http://localhost:3000</code></p> <p><strong>Conversation trees:</strong> See how tasks flow between agents, where they branch, where they fail</p> <p><strong>Token tracking:</strong> Know exactly what each agent costs, which tasks burn budget</p> <p><strong>Error correlation:</strong> When something breaks, see the full context that led to failure</p> <h2> Architecture: How It Works </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>CrewAI Agent → Airblackbox Gateway → OpenAI API ↓ Dashboard (localhost:3000) ↓ SQLite Database (conversations, tokens, compliance) </code></pre> </div> <p>The gateway is a transparent proxy. Your crew thinks it's talking directly to OpenAI. The gateway intercepts, records, forwards, and responds. Zero latency overhead. Zero behavior changes.</p> <h2> Edge Cases That Will Bite You </h2> <p><strong>Rate limiting:</strong> The gateway inherits OpenAI's rate limits. Your crew might hit them faster now that calls are logged. Solution: The gateway respects <code>Retry-After</code> headers automatically.</p> <p><strong>API key rotation:</strong> If you rotate OpenAI keys, restart the gateway. The proxy caches authentication. Solution: <code>airblackbox gateway restart</code></p> <p><strong>Port conflicts:</strong> Default port 8000 might be taken. Solution: <code>airblackbox gateway start --port 8001</code></p> <h2> Measuring Success </h2> <p>Your CrewAI integration is working when:</p> <ol> <li>Dashboard shows conversation threads: <code>http://localhost:3000/conversations</code> </li> <li>Token costs are tracked per agent: Check the "Analytics" tab</li> <li>EU AI Act compliance scans are running: 6/6 technical checks should show green</li> </ol> <p>Test it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:8000/health <span class="c"># Should return: {"status": "healthy", "gateway": "running", "database": "connected"}</span> </code></pre> </div> <h2> Next Step </h2> <p>Your crew is now observable. Clone the <a href="https://github.com/airblackbox/examples/tree/main/crewai-quickstart" rel="noopener noreferrer">CrewAI integration demo</a> to see advanced patterns: multi-crew orchestration, custom compliance rules, and agent performance optimization.</p> <p>The black box is open. Time to see what your agents are actually thinking.</p> <p><em>Three commands. Zero refactoring. Full observability. Sometimes the best solutions are boringly simple.</em></p> airblackbox aidebugging observability Jason Shotwell Tue, 31 Mar 2026 20:24:53 +0000 https://forem.com/json_shotwell/the-claude-code-leak-proved-what-weve-been-building-for-976 https://forem.com/json_shotwell/the-claude-code-leak-proved-what-weve-been-building-for-976 <p>Today Anthropic accidentally shipped 512,000 lines of Claude Code's source code to npm. A source map file that should have been stripped from the build made it into version 2.1.88 of the @anthropic-ai/claude-code package. Within hours, the entire codebase was mirrored on GitHub and dissected by thousands of developers.</p> <p>The leak itself was a packaging error. Human mistake. It happens.</p> <p>But what the leak <em>revealed</em> is the part that matters.</p> <h3> The Real Problem Isn't the Leak </h3> <p>Check Point Research had already disclosed CVE-2025-59536 back in October — a vulnerability where malicious <code>.mcp.json</code> files in a repository could execute arbitrary shell commands the moment you open Claude Code. No trust prompt. No confirmation dialog. The MCP server initializes, runs whatever commands are in the config, and your API keys are gone before you've read a single line of code.</p> <p>The leaked source code made this worse. Now attackers have the exact orchestration logic for Hooks and MCP servers. They can see precisely how trust prompts are triggered, when they're skipped, and where the gaps are. That's a blueprint for exploitation.</p> <p>And between 00:21 and 03:29 UTC on March 31, anyone who installed Claude Code pulled in a compromised version of axios containing a Remote Access Trojan. A supply chain attack riding the same wave.</p> <p>Three problems, one root cause: <strong>AI agents execute before humans verify.</strong></p> <h3> This Is an Architecture Problem </h3> <p>Every one of these vulnerabilities follows the same pattern:</p> <ol> <li>An AI agent receives instructions (from a config file, a prompt, a dependency)</li> <li>It executes those instructions</li> <li>The human finds out afterward — if they find out at all</li> </ol> <p>This isn't unique to Claude Code. It's the fundamental architecture of every AI agent framework shipping today. LangChain agents, CrewAI crews, AutoGen groups, OpenAI Agents — they all execute first and ask questions never.</p> <p>The missing piece isn't better prompts or more careful packaging. It's an infrastructure layer that sits between intent and execution and enforces verification before action.</p> <h3> What Trust Infrastructure Actually Looks Like </h3> <p>This is what I've been building with AIR Blackbox. The trust layers intercept every AI call at the execution level — not after the fact, not in a dashboard, at the moment of the call.</p> <p>Here's what that looks like in practice with the OpenAI SDK:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">air_openai_trust</span> <span class="kn">import</span> <span class="n">attach_trust</span> <span class="n">client</span> <span class="o">=</span> <span class="nf">attach_trust</span><span class="p">(</span><span class="nc">OpenAI</span><span class="p">())</span> <span class="c1"># Every call through this client now gets: # - HMAC-SHA256 tamper-evident audit record # - PII detection (catches API keys being exfiltrated) # - Prompt injection scanning # - Human delegation flags for sensitive operations </span></code></pre> </div> <p>One import. The client works exactly the same way. But now every call is logged with a cryptographic audit trail, credentials are flagged before they leave your environment, and injection attempts are caught at the point of execution.</p> <p>Applied to the Claude Code vulnerabilities:</p> <p><strong>Malicious MCP config tries to exfiltrate API keys?</strong> The PII detection layer catches credentials in outbound payloads before they're transmitted.</p> <p><strong>Poisoned dependency runs arbitrary commands?</strong> The audit chain logs every action with HMAC-SHA256 signatures. You can't tamper with the record after the fact. Forensic teams can reconstruct exactly what happened.</p> <p><strong>Prompt injection hidden in a repo's config?</strong> The injection scanner catches 20 known attack patterns across 5 categories before they reach the model.</p> <p><strong>Agent executes without human approval?</strong> The human delegation system flags sensitive operations and requires explicit sign-off.</p> <h3> This Isn't About Compliance Anymore </h3> <p>I started building AIR Blackbox for EU AI Act compliance. That's still the wedge — the regulation creates urgency. But today's leak shows the real category:</p> <p><strong>Trust infrastructure for AI operations.</strong></p> <p>Compliance is one use case. The bigger picture is that every AI agent deployment needs an interception layer that verifies, filters, stabilizes, and protects every call. Not a dashboard that shows you what went wrong yesterday. An active layer that prevents it from going wrong right now.</p> <h3> The Uncomfortable Truth </h3> <p>Anthropic is one of the most safety-focused AI companies on the planet. They employ some of the best security engineers in the industry. And a packaging error exposed their entire codebase, a malicious dependency slipped into their supply chain, and a months-old vulnerability in their MCP architecture had already shown that trust prompts could be bypassed entirely.</p> <p>If it happened to Anthropic, it will happen to every company deploying AI agents.</p> <p>The question isn't whether your AI systems will face these problems. It's whether you'll have the infrastructure in place to catch them when they do.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-compliance <span class="o">&amp;&amp;</span> air-compliance scan <span class="nb">.</span> </code></pre> </div> <p>10 PyPI packages. Runs locally. Your code never leaves your machine. Apache 2.0.</p> <p><strong>GitHub:</strong> <a href="https://github.com/airblackbox" rel="noopener noreferrer">github.com/airblackbox</a><br> <strong>Site:</strong> <a href="https://airblackbox.ai" rel="noopener noreferrer">airblackbox.ai</a><br> <strong>Audit Chain Spec:</strong> <a href="https://airblackbox.ai/spec" rel="noopener noreferrer">airblackbox.ai/spec</a></p> ai python security opensource Jason Shotwell Tue, 31 Mar 2026 14:00:30 +0000 https://forem.com/json_shotwell/i-scanned-5-popular-open-source-ai-projects-for-eu-ai-act-compliance-heres-what-i-found-26oh https://forem.com/json_shotwell/i-scanned-5-popular-open-source-ai-projects-for-eu-ai-act-compliance-heres-what-i-found-26oh <p>The EU AI Act enforcement deadline is August 2026. Every AI system deployed in the EU will need to meet specific technical requirements around risk management, data governance, documentation, logging, human oversight, and security.</p> <p>I built an open-source scanner that checks Python AI codebases against these requirements. Then I pointed it at some of the most popular open-source AI projects to see where things stand.</p> <p>The results were eye-opening.</p> <h2> What I Scanned </h2> <p>I ran <a href="https://github.com/air-blackbox/gateway" rel="noopener noreferrer">AIR Blackbox</a> (the scanner itself), <a href="https://github.com/browser-use/browser-use" rel="noopener noreferrer">Browser Use</a> (79K+ stars), <a href="https://github.com/infiniflow/ragflow" rel="noopener noreferrer">RAGFlow</a> (76K+ stars), <a href="https://github.com/BerriAI/litellm" rel="noopener noreferrer">LiteLLM</a> (23K+ stars), and <a href="https://github.com/superlinked/superlinked" rel="noopener noreferrer">Superlinked</a> (15K+ stars) through the same compliance checks.</p> <p>Each scan maps code patterns to six articles from the EU AI Act:</p> <ul> <li> <strong>Article 9</strong> (Risk Management): error handling, fallback patterns, retry logic, risk classification</li> <li> <strong>Article 10</strong> (Data Governance): input validation, schema enforcement, PII handling</li> <li> <strong>Article 11</strong> (Technical Documentation): docstring coverage, type hints, README, model cards</li> <li> <strong>Article 12</strong> (Record-Keeping): structured logging, audit trails, tracing</li> <li> <strong>Article 14</strong> (Human Oversight): approval workflows, rate limiting, permission checks</li> <li> <strong>Article 15</strong> (Robustness &amp; Security): injection defense, output validation, content filtering</li> </ul> <h2> The Results </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Project</th> <th>Stars</th> <th>Score</th> <th>Art. 9</th> <th>Art. 10</th> <th>Art. 11</th> <th>Art. 12</th> <th>Art. 14</th> <th>Art. 15</th> </tr> </thead> <tbody> <tr> <td>AIR Blackbox</td> <td>0.1K</td> <td><strong>91%</strong></td> <td>Pass</td> <td>Pass</td> <td>Pass</td> <td>Pass</td> <td>Pass</td> <td>Pass</td> </tr> <tr> <td>LiteLLM</td> <td>23K+</td> <td><strong>48%</strong></td> <td>Low</td> <td>Med</td> <td>Med</td> <td>Med</td> <td>Med</td> <td>Low</td> </tr> <tr> <td>Browser Use</td> <td>79K+</td> <td><strong>9.4%</strong></td> <td>1.1%</td> <td>5.0%</td> <td>26.0%</td> <td>0.3%</td> <td>12.2%</td> <td>12.2%</td> </tr> <tr> <td>RAGFlow</td> <td>76K+</td> <td><strong>7.9%</strong></td> <td>1.0%</td> <td>7.6%</td> <td>30.6%</td> <td>0.4%</td> <td>4.8%</td> <td>3.2%</td> </tr> <tr> <td>Superlinked</td> <td>15K+</td> <td><strong>2.5%</strong></td> <td>0.0%</td> <td>3.2%</td> <td>8.8%</td> <td>0.0%</td> <td>0.0%</td> <td>3.0%</td> </tr> </tbody> </table></div> <p>To be clear: a low score doesn't mean these are bad projects. Browser Use, RAGFlow, LiteLLM, and Superlinked are excellent tools solving real problems. But they weren't built with EU AI Act technical requirements in mind. Most projects weren't. That's the point.</p> <h2> What the Gaps Look Like </h2> <p><strong>Superlinked (2.5%)</strong> is a Python AI search and recommendation framework used by enterprise customers. Zero files passing on risk management, record-keeping, and human oversight. For a framework handling search queries and user data, the complete absence of audit trails is the most striking finding.</p> <p><strong>RAGFlow (7.9%)</strong> is a RAG engine processing enterprise documents. It has decent documentation coverage (30.6%), but record-keeping is at 0.4%. Two files out of 500 have structured logging. For a system that ingests documents and generates answers, the EU AI Act specifically requires audit trails showing what went in and what came out.</p> <p><strong>Browser Use (9.4%)</strong> is one of the most popular AI browser automation frameworks. It has some human oversight and security patterns already (both at 12.2%), but record-keeping is at 0.3%. One file out of 362 has structured audit logging. For an agent that interacts with live web pages, that's a gap regulators will notice.</p> <p><strong>LiteLLM (48%)</strong> scored the highest of the external projects, with solid input validation and existing logging infrastructure. But it still has gaps in risk classification and injection defense. LiteLLM also recently faced a supply chain attack on PyPI and questions about its compliance certifications, which makes verifiable technical compliance even more relevant.</p> <p><strong>AIR Blackbox (91%)</strong> was purpose-built for this. It includes HMAC-SHA256 tamper-evident audit chains, drop-in trust layers for 6 frameworks, structured risk assessments, and operator guides. The remaining 9% are runtime infrastructure checks (vault config, OpenTelemetry pipeline, live traffic error rates) that require a production deployment to pass.</p> <h2> The Pattern </h2> <p>Across all five projects, Article 12 (Record-Keeping) is consistently the weakest. Most Python AI projects don't have structured audit trails. They have <code>print()</code> statements and maybe some basic logging, but not the kind of tamper-evident, structured records that Article 12 expects.</p> <p>Article 11 (Documentation) is consistently the strongest, because good Python projects already have docstrings and type hints. But documentation alone doesn't satisfy the other five articles.</p> <h2> How the Scanner Works </h2> <p>Install it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox </code></pre> </div> <p>Scan any Python project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>air-blackbox comply <span class="nt">--scan</span> /path/to/your/project <span class="nt">--no-llm</span> <span class="nt">--format</span> table </code></pre> </div> <p>That's it. No API keys needed. No cloud calls. Everything runs locally on your machine. ~1,700 installs this month on PyPI.</p> <p>The scanner walks your Python files and checks for specific patterns. For example, under Article 10 (Data Governance), it looks for Pydantic models, dataclass validators, input sanitization functions, and schema enforcement. Under Article 12 (Record-Keeping), it checks for <code>import logging</code>, structured logger usage, and audit trail patterns.</p> <p>It's a linter for AI governance. It tells you what's missing, not whether you're legally compliant. That's a lawyer's job.</p> <h2> Try It on Your Own Code </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox air-blackbox comply <span class="nt">--scan</span> <span class="nb">.</span> <span class="nt">--no-llm</span> <span class="nt">--format</span> table <span class="nt">--verbose</span> </code></pre> </div> <p>The verbose flag shows you exactly which patterns were found (or missing) for each article. You'll get a percentage score and a breakdown of what passed and what didn't.</p> <p>If you want to start fixing gaps, the trust layers are drop-in:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">air_blackbox</span> <span class="c1"># Attach compliance layers to your framework </span><span class="n">air_blackbox</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="sh">"</span><span class="s">langchain</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># or "crewai", "autogen", "openai", "adk", "rag", "agno" </span></code></pre> </div> <p>This adds audit logging, input validation, and oversight hooks without changing your application code.</p> <h2> What This Means for August 2026 </h2> <p>Most AI teams haven't started thinking about compliance as a technical problem. It's still seen as a legal/policy concern. But the EU AI Act has specific, measurable technical requirements. You can check for them with code.</p> <p>The projects I scanned represent 193K+ GitHub stars across the Python AI ecosystem. The average compliance score (excluding AIR Blackbox) is <strong>17%</strong>. The average internal AI project is probably lower.</p> <p>The good news: these gaps are fixable. Adding structured logging, input validation, and documentation artifacts isn't hard. It's just not something most teams prioritize yet.</p> <p>Start scanning now. Fix gaps incrementally. Don't wait until July 2026.</p> <h2> Links </h2> <ul> <li>GitHub: <a href="https://github.com/air-blackbox/gateway" rel="noopener noreferrer">github.com/air-blackbox</a> </li> <li>PyPI: <code>pip install air-blackbox</code> </li> <li>Live Demo: <a href="https://airblackbox.ai/demo" rel="noopener noreferrer">airblackbox.ai/demo</a> </li> </ul> <p>Apache 2.0. Stars and PRs welcome.</p> python ai opensource euaiact Jason Shotwell Mon, 30 Mar 2026 21:30:10 +0000 https://forem.com/json_shotwell/i-compared-every-open-source-eu-ai-act-scanner-heres-what-i-found-7hp https://forem.com/json_shotwell/i-compared-every-open-source-eu-ai-act-scanner-heres-what-i-found-7hp <p>We scanned LangChain agents, CrewAI workflows, AutoGen conversations, and RAG pipelines for EU AI Act compliance. Out of the box, none of them pass. Not even close.</p> <p>The August 2, 2026 deadline for high-risk AI systems is now less than 5 months away. Fines go up to 35 million euros or 7% of global turnover. And yet most Python AI projects have zero compliance infrastructure.</p> <p>I built <a href="https://airblackbox.ai" rel="noopener noreferrer">AIR Blackbox</a> to fix that. But I also wanted to know: what else is out there? So I dug into every open-source EU AI Act compliance tool I could find and compared them head-to-head.</p> <h2> What the EU AI Act Actually Requires in Your Code </h2> <p>The EU AI Act isn't just paperwork. Articles 9 through 15 impose specific technical requirements on high-risk AI systems:</p> <ul> <li> <strong>Article 9</strong> — Risk management (documented risk assessment processes)</li> <li> <strong>Article 10</strong> — Data governance (training data quality controls)</li> <li> <strong>Article 11</strong> — Technical documentation (auditor-verifiable docs)</li> <li> <strong>Article 12</strong> — Record-keeping (automatic logging of system behavior)</li> <li> <strong>Article 14</strong> — Human oversight (kill-switch, intervention mechanisms)</li> <li> <strong>Article 15</strong> — Robustness (accuracy testing, cybersecurity measures)</li> </ul> <p>These translate directly to code: logging, audit trails, bias detection, documentation generation, and human-in-the-loop checkpoints.</p> <h2> The Tools I Compared </h2> <p>I found six open-source projects specifically targeting EU AI Act compliance:</p> <h3> 1. AIR Blackbox (what I built) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-compliance-checker air-compliance scan <span class="nb">.</span> </code></pre> </div> <p>10 seconds to first scan. 7 PyPI packages. Trust layers for LangChain, CrewAI, AutoGen, OpenAI SDK, and RAG pipelines. Fine-tuned local LLM for contextual analysis. HMAC-SHA256 tamper-evident audit chains.</p> <p>The architecture is different from everything else: instead of just scanning and reporting, the trust layers are runtime compliance components. They hook into your framework's callback system and create a continuous audit trail as your agents run in production.</p> <p>Everything runs locally. No API keys. No cloud. Your code never leaves your machine.</p> <p>GitHub: <a href="https://github.com/airblackbox/gateway" rel="noopener noreferrer">github.com/airblackbox/gateway</a></p> <h3> 2. Systima Comply </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @systima/comply </code></pre> </div> <p>TypeScript-based CLI with a GitHub Action (<code>systima-ai/comply@v1</code>). Supports 37+ frameworks. Strong CI/CD integration for JavaScript/TypeScript teams.</p> <p>The gap: no dedicated Python agent framework support, no audit trails, no fine-tuned model. It scans your code but doesn't understand LangChain's callback system or CrewAI's delegation patterns.</p> <h3> 3. ArkForge MCP EU AI Act Scanner </h3> <p>MCP server that runs inside Claude Desktop, Cursor, or any MCP-compatible client. Python-native, lightweight, single dependency.</p> <p>The gap: MCP-only. No CLI, no GitHub Action, no CI/CD integration. Great inside your editor, but it can't run in your deployment pipeline.</p> <h3> 4. EuConform </h3> <p>Risk classification and bias detection. 100% offline, GDPR-by-design, WCAG 2.2 AA accessible. Strongest bias testing of any tool here.</p> <p>The gap: no framework integrations, no audit chains, no documentation generation.</p> <h3> 5. COMPL-AI </h3> <p>Evaluation framework for generative AI models (not application code). Benchmarking suites that test models against EU AI Act requirements. Different category — useful for model eval, not code scanning.</p> <h3> 6. ARQNXS Compliance Checker </h3> <p>Questionnaire-based assessment. You answer questions, it generates a report. Similar to the EU Commission's own compliance checker. Not a code scanner.</p> <h2> The Comparison Table </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>AIR Blackbox</th> <th>Systima</th> <th>ArkForge</th> <th>EuConform</th> </tr> </thead> <tbody> <tr> <td>Language</td> <td>Python</td> <td>TypeScript</td> <td>Python</td> <td>Python</td> </tr> <tr> <td>CLI scanner</td> <td>Yes</td> <td>Yes</td> <td>No (MCP only)</td> <td>Yes</td> </tr> <tr> <td>GitHub Action</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>Framework trust layers</td> <td>5 frameworks</td> <td>None</td> <td>None</td> <td>None</td> </tr> <tr> <td>Fine-tuned LLM</td> <td>Yes (local)</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Audit trail</td> <td>HMAC-SHA256</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Runs offline</td> <td>Yes</td> <td>Yes</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>Bias detection</td> <td>Yes</td> <td>No</td> <td>No</td> <td>Yes</td> </tr> <tr> <td>GDPR scanning</td> <td>Yes</td> <td>No</td> <td>No</td> <td>Partial</td> </tr> <tr> <td>PyPI packages</td> <td>7</td> <td>0</td> <td>0</td> <td>1</td> </tr> </tbody> </table></div> <h2> What I Learned Building This </h2> <p>Three things surprised me:</p> <p><strong>1. Nobody else does framework-specific compliance.</strong> Every scanner does generic code analysis. None of them understand how LangChain callbacks work, how CrewAI agents delegate, or how AutoGen's conversation patterns create compliance gaps. This is the biggest gap in the space.</p> <p><strong>2. Rule-based scanning isn't enough.</strong> Pattern matching catches the obvious stuff — missing logging, no error handlers. But understanding whether your <code>Article 12</code> implementation actually satisfies the requirement? That takes contextual analysis. That's why we fine-tuned a local LLM on thousands of compliance scenarios.</p> <p><strong>3. Audit trails matter more than scan results.</strong> A scan report says "you passed at this point in time." An HMAC-SHA256 audit chain says "here is cryptographic proof of every compliance check, every agent action, and every human oversight intervention, and it hasn't been tampered with." When an auditor asks for evidence, the second one wins.</p> <h2> Try It </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install and scan in 10 seconds</span> pip <span class="nb">install </span>air-compliance-checker air-compliance scan <span class="nb">.</span> <span class="c"># Add a framework trust layer</span> pip <span class="nb">install </span>air-langchain-trust </code></pre> </div> <p>No configuration. No API keys. No account.</p> <ul> <li> <strong>GitHub</strong>: <a href="https://github.com/airblackbox/gateway" rel="noopener noreferrer">github.com/airblackbox/gateway</a> </li> <li> <strong>Website</strong>: <a href="https://airblackbox.ai" rel="noopener noreferrer">airblackbox.ai</a> </li> <li> <strong>Demo</strong>: <a href="https://airblackbox.ai/demo" rel="noopener noreferrer">airblackbox.ai/demo</a> </li> <li> <strong>Full comparison</strong>: <a href="https://airblackbox.ai/blog/eu-ai-act-compliance-tools-compared" rel="noopener noreferrer">airblackbox.ai/blog/eu-ai-act-compliance-tools-compared</a> </li> </ul> <h2> What's Next </h2> <p>We're expanding framework support to Anthropic Agent SDK and Pydantic AI, growing the training dataset for the fine-tuned model, and publishing the HMAC-SHA256 audit chain spec as an open standard.</p> <p>August 2026 is coming. Your agents need to be ready. Star the repo if this is useful — PRs welcome.</p> ai python opensource euaiact Jason Shotwell Mon, 30 Mar 2026 15:07:08 +0000 https://forem.com/json_shotwell/build-a-dvr-for-your-ai-agent-episode-replay-ui-tutorial-5798 https://forem.com/json_shotwell/build-a-dvr-for-your-ai-agent-episode-replay-ui-tutorial-5798 <h1> Build a DVR for Your AI Agent: Episode Replay UI Tutorial </h1> <p>Your AI agent just crashed in production, and the only evidence is a vague error message and the cold sweat on your forehead.</p> <h2> The Problem: AI Agent Debugging Is Still Medieval </h2> <p>Your autonomous agent was supposed to book a conference room, send three emails, and update a spreadsheet. Instead, it booked three conference rooms, sent the same email 47 times to your CEO, and deleted half your customer database.</p> <p>The logs show:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>INFO: Agent completed task successfully ERROR: Database connection lost INFO: Retrying operation INFO: Task completed </code></pre> </div> <p>Helpful. Really.</p> <p>Traditional debugging assumes deterministic code. But AI agents are probabilistic chaos machines with memory problems and an alarming tendency to hallucinate their way through error handling. Standard logging wasn't built for "the LLM decided that 'delete customer' was the same as 'update customer' because both contain the word 'customer.'"</p> <p>You need to see what the agent was <em>thinking</em>, not just what it did. You need a DVR for AI agents — something that records every decision, every context window, every tool call, and lets you replay the entire episode step by step.</p> <h2> Architecture: How Agent DVR Actually Works </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>graph TD A[AI Agent] --&gt;|Instrumented calls| B[Airblackbox Gateway] B --&gt; C[OpenAI/Anthropic API] C --&gt; B B --&gt;|Records everything| D[Storage Layer] D --&gt; E[Episode Extractor] E --&gt; F[Context Reconstructor] F --&gt; G[Replay UI] G --&gt; H[Step Debugger] G --&gt; I[Context Viewer] G --&gt; J[Decision Tree] subgraph "What gets recorded" K[Prompt templates] L[Full conversations] M[Tool calls &amp; responses] N[Token usage &amp; costs] O[Timing data] P[Error states] end B -.-&gt; K B -.-&gt; L B -.-&gt; M B -.-&gt; N B -.-&gt; O B -.-&gt; P </code></pre> </div> <p>The Airblackbox Gateway sits between your agent and the LLM API, recording everything without changing your code. The Episode Extractor groups related calls into logical sessions. The Context Reconstructor rebuilds the agent's complete mental state at each decision point. The Replay UI lets you step through the episode like a debugger.</p> <h2> Implementation: Building Your Agent DVR </h2> <h3> Step 1: Install and Configure Airblackbox Gateway </h3> <p>First, get the gateway running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install airblackbox</span> pip <span class="nb">install </span>airblackbox <span class="c"># Start the gateway (runs on port 8000)</span> airblackbox gateway <span class="nt">--port</span> 8000 <span class="nt">--storage</span> sqlite:///agent_episodes.db </code></pre> </div> <h3> Step 2: Instrument Your Agent Code </h3> <p>Here's a realistic AI agent that manages GitHub issues. Notice how we change exactly one line — the base URL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># github_agent.py </span><span class="kn">import</span> <span class="n">openai</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">List</span><span class="p">,</span> <span class="n">Dict</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">requests</span> <span class="k">class</span> <span class="nc">GitHubAgent</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">github_token</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="c1"># THIS IS THE ONLY LINE YOU CHANGE </span> <span class="n">self</span><span class="p">.</span><span class="n">client</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">http://localhost:8000/v1</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Points to Airblackbox Gateway </span> <span class="n">api_key</span><span class="o">=</span><span class="n">your_openai_key</span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">github_token</span> <span class="o">=</span> <span class="n">github_token</span> <span class="n">self</span><span class="p">.</span><span class="n">headers</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">token </span><span class="si">{</span><span class="n">github_token</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="k">def</span> <span class="nf">get_issues</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">repo</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Fetch open issues from a GitHub repository</span><span class="sh">"""</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">https://api.github.com/repos/</span><span class="si">{</span><span class="n">repo</span><span class="si">}</span><span class="s">/issues</span><span class="sh">"</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">headers</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">def</span> <span class="nf">analyze_issue_sentiment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">issue</span><span class="p">:</span> <span class="n">Dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Analyze the emotional tone of an issue</span><span class="sh">"""</span> <span class="n">prompt</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"""</span><span class="s"> Analyze the sentiment of this GitHub issue: Title: </span><span class="si">{</span><span class="n">issue</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Body: </span><span class="si">{</span><span class="n">issue</span><span class="p">[</span><span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">][</span><span class="si">:</span><span class="mi">500</span><span class="p">]</span><span class="si">}</span><span class="s"> Classify as: URGENT, FRUSTRATED, NEUTRAL, or GRATEFUL Provide reasoning. </span><span class="sh">"""</span> <span class="n">response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">}],</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">operation</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sentiment_analysis</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">issue_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">issue</span><span class="p">[</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">]}</span> <span class="p">)</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="k">def</span> <span class="nf">generate_response_draft</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">issue</span><span class="p">:</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">sentiment</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Generate appropriate response based on sentiment</span><span class="sh">"""</span> <span class="n">prompt</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"""</span><span class="s"> Draft a response to this </span><span class="si">{</span><span class="n">sentiment</span><span class="si">}</span><span class="s"> GitHub issue: Issue: </span><span class="si">{</span><span class="n">issue</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> Sentiment: </span><span class="si">{</span><span class="n">sentiment</span><span class="si">}</span><span class="s"> Be professional, helpful, and match the appropriate tone. </span><span class="sh">"""</span> <span class="n">response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">}],</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">operation</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">response_generation</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">sentiment</span><span class="sh">"</span><span class="p">:</span> <span class="n">sentiment</span><span class="p">}</span> <span class="p">)</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="k">def</span> <span class="nf">process_issue_batch</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">repo</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">max_issues</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">5</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Process a batch of issues with full context</span><span class="sh">"""</span> <span class="n">issues</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_issues</span><span class="p">(</span><span class="n">repo</span><span class="p">)[:</span><span class="n">max_issues</span><span class="p">]</span> <span class="n">results</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">issue</span> <span class="ow">in</span> <span class="n">issues</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing issue #</span><span class="si">{</span><span class="n">issue</span><span class="p">[</span><span class="sh">'</span><span class="s">number</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">issue</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># This creates a natural "episode" boundary </span> <span class="n">sentiment</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">analyze_issue_sentiment</span><span class="p">(</span><span class="n">issue</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">generate_response_draft</span><span class="p">(</span><span class="n">issue</span><span class="p">,</span> <span class="n">sentiment</span><span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">issue</span><span class="sh">"</span><span class="p">:</span> <span class="n">issue</span><span class="p">,</span> <span class="sh">"</span><span class="s">sentiment</span><span class="sh">"</span><span class="p">:</span> <span class="n">sentiment</span><span class="p">,</span> <span class="sh">"</span><span class="s">draft_response</span><span class="sh">"</span><span class="p">:</span> <span class="n">response</span> <span class="p">})</span> <span class="k">return</span> <span class="n">results</span> <span class="c1"># Usage </span><span class="n">agent</span> <span class="o">=</span> <span class="nc">GitHubAgent</span><span class="p">(</span><span class="n">github_token</span><span class="o">=</span><span class="sh">"</span><span class="s">your_token</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="n">agent</span><span class="p">.</span><span class="nf">process_issue_batch</span><span class="p">(</span><span class="sh">"</span><span class="s">microsoft/vscode</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Step 3: Build the Episode Replay UI </h3> <p>Now create a Flask app that reads from the Airblackbox storage and builds an interactive replay interface:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># episode_replay.py </span><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">render_template</span><span class="p">,</span> <span class="n">jsonify</span><span class="p">,</span> <span class="n">request</span> <span class="kn">import</span> <span class="n">sqlite3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">List</span><span class="p">,</span> <span class="n">Dict</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="k">class</span> <span class="nc">EpisodeReplay</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_path</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">db_path</span> <span class="o">=</span> <span class="n">db_path</span> <span class="k">def</span> <span class="nf">get_episodes</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Extract distinct episodes from recorded calls</span><span class="sh">"""</span> <span class="n">conn</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">db_path</span><span class="p">)</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="c1"># Group calls by session/time windows </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"""</span><span class="s"> SELECT datetime(timestamp, </span><span class="sh">'</span><span class="s">unixepoch</span><span class="sh">'</span><span class="s">) as session_time, COUNT(*) as call_count, MIN(timestamp) as start_time, MAX(timestamp) as end_time, GROUP_CONCAT(operation) as operations FROM llm_calls WHERE metadata LIKE </span><span class="sh">'</span><span class="s">%operation%</span><span class="sh">'</span><span class="s"> GROUP BY date(timestamp, </span><span class="sh">'</span><span class="s">unixepoch</span><span class="sh">'</span><span class="s">), (timestamp - 1640995200) / 3600 -- Group by hour ORDER BY start_time DESC </span><span class="sh">"""</span><span class="p">)</span> <span class="n">episodes</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">():</span> <span class="n">episodes</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">episodes</span><span class="p">),</span> <span class="sh">"</span><span class="s">session_time</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="sh">"</span><span class="s">call_count</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="sh">"</span><span class="s">start_time</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">2</span><span class="p">],</span> <span class="sh">"</span><span class="s">end_time</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">3</span><span class="p">],</span> <span class="sh">"</span><span class="s">operations</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">4</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">row</span><span class="p">[</span><span class="mi">4</span><span class="p">]</span> <span class="k">else</span> <span class="p">[]</span> <span class="p">})</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">return</span> <span class="n">episodes</span> <span class="k">def</span> <span class="nf">get_episode_calls</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">episode_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="n">Dict</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Get all LLM calls for a specific episode</span><span class="sh">"""</span> <span class="n">episodes</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_episodes</span><span class="p">()</span> <span class="k">if</span> <span class="n">episode_id</span> <span class="o">&gt;=</span> <span class="nf">len</span><span class="p">(</span><span class="n">episodes</span><span class="p">):</span> <span class="k">return</span> <span class="p">[]</span> <span class="n">episode</span> <span class="o">=</span> <span class="n">episodes</span><span class="p">[</span><span class="n">episode_id</span><span class="p">]</span> <span class="n">conn</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">db_path</span><span class="p">)</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"""</span><span class="s"> SELECT timestamp, model, messages, response, metadata, tokens_used, cost FROM llm_calls WHERE timestamp BETWEEN ? AND ? ORDER BY timestamp ASC </span><span class="sh">"""</span><span class="p">,</span> <span class="p">(</span><span class="n">episode</span><span class="p">[</span><span class="sh">'</span><span class="s">start_time</span><span class="sh">'</span><span class="p">],</span> <span class="n">episode</span><span class="p">[</span><span class="sh">'</span><span class="s">end_time</span><span class="sh">'</span><span class="p">]))</span> <span class="n">calls</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">():</span> <span class="n">calls</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="mi">2</span><span class="p">]),</span> <span class="sh">"</span><span class="s">response</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="mi">3</span><span class="p">]),</span> <span class="sh">"</span><span class="s">metadata</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="mi">4</span><span class="p">])</span> <span class="k">if</span> <span class="n">row</span><span class="p">[</span><span class="mi">4</span><span class="p">]</span> <span class="k">else</span> <span class="p">{},</span> <span class="sh">"</span><span class="s">tokens_used</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">5</span><span class="p">],</span> <span class="sh">"</span><span class="s">cost</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="mi">6</span><span class="p">]</span> <span class="p">})</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">return</span> <span class="n">calls</span> <span class="n">replay</span> <span class="o">=</span> <span class="nc">EpisodeReplay</span><span class="p">(</span><span class="sh">"</span><span class="s">agent_episodes.db</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">episodes_list</span><span class="p">():</span> <span class="n">episodes</span> <span class="o">=</span> <span class="n">replay</span><span class="p">.</span><span class="nf">get_episodes</span><span class="p">()</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">'</span><span class="s">episodes.html</span><span class="sh">'</span><span class="p">,</span> <span class="n">episodes</span><span class="o">=</span><span class="n">episodes</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/episode/&lt;int:episode_id&gt;</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">episode_detail</span><span class="p">(</span><span class="n">episode_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="n">calls</span> <span class="o">=</span> <span class="n">replay</span><span class="p">.</span><span class="nf">get_episode_calls</span><span class="p">(</span><span class="n">episode_id</span><span class="p">)</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">'</span><span class="s">episode_detail.html</span><span class="sh">'</span><span class="p">,</span> <span class="n">episode_id</span><span class="o">=</span><span class="n">episode_id</span><span class="p">,</span> <span class="n">calls</span><span class="o">=</span><span class="n">calls</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/api/episode/&lt;int:episode_id&gt;/step/&lt;int:step&gt;</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_step_context</span><span class="p">(</span><span class="n">episode_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">step</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="sh">"""</span><span class="s">API endpoint for step-by-step debugging</span><span class="sh">"""</span> <span class="n">calls</span> <span class="o">=</span> <span class="n">replay</span><span class="p">.</span><span class="nf">get_episode_calls</span><span class="p">(</span><span class="n">episode_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">step</span> <span class="o">&gt;=</span> <span class="nf">len</span><span class="p">(</span><span class="n">calls</span><span class="p">):</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Step out of range</span><span class="sh">"</span><span class="p">})</span> <span class="n">current_call</span> <span class="o">=</span> <span class="n">calls</span><span class="p">[</span><span class="n">step</span><span class="p">]</span> <span class="n">context_window</span> <span class="o">=</span> <span class="n">calls</span><span class="p">[</span><span class="nf">max</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">step</span><span class="o">-</span><span class="mi">2</span><span class="p">):</span><span class="n">step</span><span class="o">+</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># Show 2 previous calls </span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span> <span class="sh">"</span><span class="s">current_call</span><span class="sh">"</span><span class="p">:</span> <span class="n">current_call</span><span class="p">,</span> <span class="sh">"</span><span class="s">context_window</span><span class="sh">"</span><span class="p">:</span> <span class="n">context_window</span><span class="p">,</span> <span class="sh">"</span><span class="s">step</span><span class="sh">"</span><span class="p">:</span> <span class="n">step</span><span class="p">,</span> <span class="sh">"</span><span class="s">total_steps</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">calls</span><span class="p">)</span> <span class="p">})</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">'</span><span class="s">__main__</span><span class="sh">'</span><span class="p">:</span> <span class="n">app</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">debug</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">5001</span><span class="p">)</span> </code></pre> </div> <h3> Step 4: Create the Frontend Templates </h3> <p>Create <code>templates/episode_detail.html</code> for the interactive replay:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- templates/episode_detail.html --&gt;</span> <span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;title&gt;</span>Episode Replay - Step by Step<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;style&gt;</span> <span class="nc">.step-debugger</span> <span class="p">{</span> <span class="nl">display</span><span class="p">:</span> <span class="n">flex</span><span class="p">;</span> <span class="nl">height</span><span class="p">:</span> <span class="m">100vh</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.timeline</span> <span class="p">{</span> <span class="nl">width</span><span class="p">:</span> <span class="m">200px</span><span class="p">;</span> <span class="nl">background</span><span class="p">:</span> <span class="m">#f5f5f5</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">20px</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.content</span> <span class="p">{</span> <span class="nl">flex</span><span class="p">:</span> <span class="m">1</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">20px</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.step-item</span> <span class="p">{</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">10px</span><span class="p">;</span> <span class="nl">cursor</span><span class="p">:</span> <span class="nb">pointer</span><span class="p">;</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">4px</span><span class="p">;</span> <span class="nl">margin</span><span class="p">:</span> <span class="m">5px</span> <span class="m">0</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.step-item.active</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="m">#007bff</span><span class="p">;</span> <span class="nl">color</span><span class="p">:</span> <span class="no">white</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.call-details</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="m">#f8f9fa</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">20px</span><span class="p">;</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">8px</span><span class="p">;</span> <span class="nl">margin</span><span class="p">:</span> <span class="m">10px</span> <span class="m">0</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.prompt</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="m">#e3f2fd</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">15px</span><span class="p">;</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">4px</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.response</span> <span class="p">{</span> <span class="nl">background</span><span class="p">:</span> <span class="m">#f3e5f5</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">15px</span><span class="p">;</span> <span class="nl">border-radius</span><span class="p">:</span> <span class="m">4px</span><span class="p">;</span> <span class="nl">margin-top</span><span class="p">:</span> <span class="m">10px</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.metadata</span> <span class="p">{</span> <span class="nl">font-size</span><span class="p">:</span> <span class="m">0.9em</span><span class="p">;</span> <span class="nl">color</span><span class="p">:</span> <span class="m">#666</span><span class="p">;</span> <span class="nl">margin-top</span><span class="p">:</span> <span class="m">10px</span><span class="p">;</span> <span class="p">}</span> <span class="nt">&lt;/style&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"step-debugger"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"timeline"</span><span class="nt">&gt;</span> <span class="nt">&lt;h3&gt;</span>Episode Steps<span class="nt">&lt;/h3&gt;</span> {% for call in calls %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"step-item"</span> <span class="na">onclick=</span><span class="s">"showStep({{ loop.index0 }})"</span> <span class="na">id=</span><span class="s">"step-{{ loop.index0 }}"</span><span class="nt">&gt;</span> <span class="nt">&lt;strong&gt;</span>Step {{ loop.index }}<span class="nt">&lt;/strong&gt;&lt;br&gt;</span> {{ call.metadata.operation|default('LLM Call') }}<span class="nt">&lt;br&gt;</span> <span class="nt">&lt;small&gt;</span>{{ call.tokens_used }} tokens<span class="nt">&lt;/small&gt;</span> <span class="nt">&lt;/div&gt;</span> {% endfor %} <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"content"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"step-content"</span><span class="nt">&gt;</span> <span class="nt">&lt;h2&gt;</span>Select a step to replay<span class="nt">&lt;/h2&gt;</span> <span class="nt">&lt;p&gt;</span>Use the timeline on the left to step through the agent's decision process.<span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"context-window"</span> <span class="na">style=</span><span class="s">"display: none;"</span><span class="nt">&gt;</span> <span class="nt">&lt;h3&gt;</span>Context Window<span class="nt">&lt;/h3&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"context-calls"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="kd">let</span> <span class="nx">currentStep</span> <span class="o">=</span> <span class="o">-</span><span class="mi">1</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">showStep</span><span class="p">(</span><span class="nx">stepIndex</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Update UI</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">.step-item</span><span class="dl">'</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">item</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">item</span><span class="p">.</span><span class="nx">classList</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="s2">`step-</span><span class="p">${</span><span class="nx">stepIndex</span><span class="p">}</span><span class="s2">`</span><span class="p">).</span><span class="nx">classList</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Fetch step details</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api/episode/{{ episode_id }}/step/</span><span class="p">${</span><span class="nx">stepIndex</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">displayStepContent</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="nx">currentStep</span> <span class="o">=</span> <span class="nx">stepIndex</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">displayStepContent</span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">call</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">current_call</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">content</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">step-content</span><span class="dl">'</span><span class="p">);</span> <span class="nx">content</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="s2">` &lt;h2&gt;Step </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">step</span> <span class="o">+</span> <span class="mi">1</span><span class="p">}</span><span class="s2"> of </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">total_steps</span><span class="p">}</span><span class="s2">&lt;/h2&gt; &lt;div class="call-details"&gt; &lt;h3&gt;Operation: </span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">operation</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">LLM Call</span><span class="dl">'</span><span class="p">}</span><span class="s2">&lt;/h3&gt; &lt;div class="prompt"&gt; &lt;h4&gt;Input Prompt:&lt;/h4&gt; &lt;pre&gt;</span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">call</span><span class="p">.</span><span class="nx">messages</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">)}</span><span class="s2">&lt;/pre&gt; &lt;/div&gt; &lt;div class="response"&gt; &lt;h4&gt;LLM Response:&lt;/h4&gt; &lt;pre&gt;</span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">call</span><span class="p">.</span><span class="nx">response</span><span class="p">,</span> <span class="kc">null</span><span class="p">,</span> <span class="mi">2</span><span class="p">)}</span><span class="s2">&lt;/pre&gt; &lt;/div&gt; &lt;div class="metadata"&gt; &lt;strong&gt;Model:&lt;/strong&gt; </span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">model</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;strong&gt;Tokens:&lt;/strong&gt; </span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">tokens_used</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;strong&gt;Cost:&lt;/strong&gt; $</span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">cost</span><span class="p">.</span><span class="nf">toFixed</span><span class="p">(</span><span class="mi">4</span><span class="p">)}</span><span class="s2">&lt;br&gt; &lt;strong&gt;Timestamp:&lt;/strong&gt; </span><span class="p">${</span><span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">call</span><span class="p">.</span><span class="nx">timestamp</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">).</span><span class="nf">toLocaleString</span><span class="p">()}</span><span class="s2"> &lt;/div&gt; &lt;/div&gt; `</span><span class="p">;</span> <span class="c1">// Show context window</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">context_window</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">)</span> <span class="p">{</span> <span class="nf">displayContextWindow</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">context_window</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">displayContextWindow</span><span class="p">(</span><span class="nx">contextCalls</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">contextDiv</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">context-window</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">callsDiv</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">context-calls</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">contextHTML</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">contextCalls</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">call</span><span class="p">,</span> <span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">isCurrentCall</span> <span class="o">=</span> <span class="nx">index</span> <span class="o">===</span> <span class="nx">contextCalls</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">contextHTML</span> <span class="o">+=</span> <span class="s2">` &lt;div class="call-details" style="</span><span class="p">${</span><span class="nx">isCurrentCall</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">border: 2px solid #007bff;</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">opacity: 0.7;</span><span class="dl">'</span><span class="p">}</span><span class="s2">"&gt; &lt;h4&gt;</span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">metadata</span><span class="p">.</span><span class="nx">operation</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">LLM Call</span><span class="dl">'</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">isCurrentCall</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">(Current)</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">''</span><span class="p">}</span><span class="s2">&lt;/h4&gt; &lt;div style="font-size: 0.9em;"&gt; &lt;strong&gt;Input:&lt;/strong&gt; </span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">messages</span><span class="p">[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">content</span><span class="p">?.</span><span class="nf">substring</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">100</span><span class="p">)}</span><span class="s2">...&lt;br&gt; &lt;strong&gt;Output:&lt;/strong&gt; </span><span class="p">${</span><span class="nx">call</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nx">choices</span><span class="p">?.[</span><span class="mi">0</span><span class="p">]?.</span><span class="nx">message</span><span class="p">?.</span><span class="nx">content</span><span class="p">?.</span><span class="nf">substring</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">100</span><span class="p">)}</span><span class="s2">... &lt;/div&gt; &lt;/div&gt; `</span><span class="p">;</span> <span class="p">});</span> <span class="nx">callsDiv</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">contextHTML</span><span class="p">;</span> <span class="nx">contextDiv</span><span class="p">.</span><span class="nx">style</span><span class="p">.</span><span class="nx">display</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">block</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Keyboard navigation</span> <span class="nb">document</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">keydown</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">key</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">ArrowLeft</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">currentStep</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nf">showStep</span><span class="p">(</span><span class="nx">currentStep</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">key</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">ArrowRight</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">currentStep</span> <span class="o">&lt;</span> <span class="p">{{</span> <span class="nx">calls</span><span class="o">|</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span> <span class="p">}})</span> <span class="p">{</span> <span class="nf">showStep</span><span class="p">(</span><span class="nx">currentStep</span> <span class="o">+</span> <span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="nt">&lt;/script&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <h2> Pitfalls: What Will Break and How to Handle It </h2> <h3> Memory Explosion </h3> <p>Recording everything creates massive datasets. Your SQLite file will grow fast.</p> <p><strong>Solution</strong>: Implement retention policies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Cleanup old episodes </span><span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">DELETE FROM llm_calls WHERE timestamp &lt; ?</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="mi">7</span><span class="o">*</span><span class="mi">24</span><span class="o">*</span><span class="mi">3600</span><span class="p">,))</span> <span class="c1"># Keep 1 week </span></code></pre> </div> <h3> Context Window Reconstruction Fails </h3> <p>LLMs have context limits. Long conversations get truncated, breaking replay accuracy.</p> <p><strong>Solution</strong>: Store the actual context sent to the model, not just the messages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># In your gateway configuration </span><span class="n">STORE_FULL_CONTEXT</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">MAX_CONTEXT_TOKENS</span> <span class="o">=</span> <span class="mi">8192</span> </code></pre> </div> <h3> Session Boundary Detection Is Wrong </h3> <p>The replay UI groups unrelated calls into fake "episodes."</p> <p><strong>Solution</strong>: Add explicit session tracking:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Add to your agent code </span><span class="n">response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">messages</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">session_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">session_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">operation</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sentiment_analysis</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">step_index</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">current_step</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Performance Dies with Large Episodes </h3> <p>Rendering 500+ LLM calls in the browser locks up the UI.</p> <p><strong>Solution</strong>: Implement pagination and lazy loading:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Load steps on demand</span> <span class="kd">function</span> <span class="nf">showStep</span><span class="p">(</span><span class="nx">stepIndex</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">stepCache</span><span class="p">[</span><span class="nx">stepIndex</span><span class="p">])</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api/episode/</span><span class="p">${</span><span class="nx">episodeId</span><span class="p">}</span><span class="s2">/step/</span><span class="p">${</span><span class="nx">stepIndex</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">stepCache</span><span class="p">[</span><span class="nx">stepIndex</span><span class="p">]</span> <span class="o">=</span> <span class="nx">data</span><span class="p">;</span> <span class="nf">displayStepContent</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Measurement: How to Know It's Working </h2> <h3> Test with a Controlled Failure </h3> <p>Create an agent that deliberately fails:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">test_episode_recording</span><span class="p">():</span> <span class="n">agent</span> <span class="o">=</span> <span class="nc">GitHubAgent</span><span class="p">(</span><span class="n">github_token</span><span class="o">=</span><span class="sh">"</span><span class="s">invalid_token</span><span class="sh">"</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># This will fail, creating a clear episode </span> <span class="n">results</span> <span class="o">=</span> <span class="n">agent</span><span class="p">.</span><span class="nf">process_issue_batch</span><span class="p">(</span><span class="sh">"</span><span class="s">nonexistent/repo</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Expected failure: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Check the episode was recorded </span> <span class="n">replay</span> <span class="o">=</span> <span class="nc">EpisodeReplay</span><span class="p">(</span><span class="sh">"</span><span class="s">agent_episodes.db</span><span class="sh">"</span><span class="p">)</span> <span class="n">episodes</span> <span class="o">=</span> <span class="n">replay</span><span class="p">.</span><span class="nf">get_episodes</span><span class="p">()</span> <span class="k">assert</span> <span class="nf">len</span><span class="p">(</span><span class="n">episodes</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">"</span><span class="s">No episodes recorded</span><span class="sh">"</span> <span class="c1"># Verify step-by-step data </span> <span class="n">calls</span> <span class="o">=</span> <span class="n">replay</span><span class="p">.</span><span class="nf">get_episode_calls</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> <span class="k">assert</span> <span class="nf">len</span><span class="p">(</span><span class="n">calls</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">"</span><span class="s">No calls in episode</span><span class="sh">"</span> <span class="k">assert</span> <span class="nf">all</span><span class="p">(</span><span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">call</span> <span class="k">for</span> <span class="n">call</span> <span class="ow">in</span> <span class="n">calls</span><span class="p">),</span> <span class="sh">"</span><span class="s">Missing timestamps</span><span class="sh">"</span> </code></pre> </div> <h3> Verify Context Reconstruction </h3> <p>The real test: can you debug a failure you've never seen before?</p> <ol> <li>Run your agent on a complex task</li> <li>Let it fail mysteriously</li> <li>Open the replay UI</li> <li>Step through until you find the exact moment it went wrong</li> <li>You should see the prompt, the response, and understand why</li> </ol> <p>If you can't identify the failure point in under 5 minutes, your episode recording isn't detailed enough.</p> <h3> Check Storage Performance </h3> <p>Monitor your database size and query speed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check episode database size</span> <span class="nb">ls</span> <span class="nt">-lh</span> agent_episodes.db <span class="c"># Query performance test</span> <span class="nb">time </span>sqlite3 agent_episodes.db <span class="s2">"SELECT COUNT(*) FROM llm_calls WHERE timestamp &gt; </span><span class="si">$(</span><span class="nb">date</span> <span class="nt">-d</span> <span class="s1">'1 day ago'</span> +%s<span class="si">)</span><span class="s2">"</span> </code></pre> </div> <p>If queries take longer than 100ms, add indexes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_timestamp</span> <span class="k">ON</span> <span class="n">llm_calls</span><span class="p">(</span><span class="nb">timestamp</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_metadata</span> <span class="k">ON</span> <span class="n">llm_calls</span><span class="p">(</span><span class="n">json_extract</span><span class="p">(</span><span class="n">metadata</span><span class="p">,</span> <span class="s1">'$.session_id'</span><span class="p">));</span> </code></pre> </div> <h2> Next Steps: Build Your Agent DVR </h2> <ol> <li> <strong>Clone the complete demo</strong>: <a href="https://github.com/airblackbox/agent-dvr-tutorial" rel="noopener noreferrer">github.com/airblackbox/agent-dvr-tutorial</a> </li> <li> <strong>Start with your existing agent</strong>: Change one line (the base URL) and start recording</li> <li> <strong>Add session tracking</strong>: Include <code>session_id</code> and <code>operation</code> in your metadata</li> <li> <strong>Build your replay UI</strong>: Use the Flask template above as a starting point</li> </ol> <p>Your AI agents will still be probabilistic chaos machines. But now when they misbehave, you'll have a complete recording of their decision process. No more debugging by vibes — you'll see exactly where the wheels fell off.</p> <p>The DVR doesn't prevent AI agent failures. It just makes them debuggable. Which, honestly, is most of the battle.</p> <p><a href="https://docs.airblackbox.com" rel="noopener noreferrer">Try Airblackbox Gateway</a> — your future debugging self will thank you.</p> airblackbox aidebugging observability tutorial Jason Shotwell Sat, 28 Mar 2026 17:18:56 +0000 https://forem.com/json_shotwell/scanning-your-ai-agents-for-eu-ai-act-gdpr-compliance-in-10-seconds-5hd6 https://forem.com/json_shotwell/scanning-your-ai-agents-for-eu-ai-act-gdpr-compliance-in-10-seconds-5hd6 <p>90% of companies use AI daily. 18% have governance frameworks. The EU AI Act deadline for high-risk systems is August 2, 2026. Penalties: up to 35M EUR or 7% of global turnover.</p> <p>If you ship Python AI agents, your codebase needs to prove compliance with specific technical requirements. I built an open-source tool that checks.</p> <h2> The Problem </h2> <p>The EU AI Act is not vague. It maps to concrete technical requirements across 6 articles. Your AI system needs error handling and fallback logic (Article 9). It needs PII detection and data governance (Article 10). It needs documentation, audit trails, human oversight mechanisms, and injection defense (Articles 11-15).</p> <p>Most teams know the deadline exists. Very few know what it means for their actual code.</p> <p>And if you handle EU personal data, GDPR still applies on top of the AI Act. Consent management, right to erasure, data minimization, cross-border transfer controls. These are not optional.</p> <h2> The Tool </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox air-blackbox comply <span class="nt">--scan</span> <span class="nb">.</span> </code></pre> </div> <p>That is the entire setup. No cloud account. No API keys. No data leaves your machine.</p> <p>AIR Blackbox reads your Python source files, walks the AST and regex patterns, and reports pass/warn/fail on each requirement. It checks real code patterns, not just config files.</p> <h2> What It Checks </h2> <p><strong>EU AI Act (6 articles):</strong></p> <p>Article 9 (Risk Management): Does your code have try/except around LLM calls? Fallback logic? Retry patterns?</p> <p>Article 10 (Data Governance): Is there PII detection before sending data to LLMs? Input validation with Pydantic or dataclasses?</p> <p>Article 11 (Technical Documentation): Docstring coverage on public functions? Type hints? A README and model card?</p> <p>Article 12 (Record-Keeping): Logging framework imported? Tracing integration (OpenTelemetry, LangSmith)? Action-level audit trails?</p> <p>Article 14 (Human Oversight): Approval gates for high-risk actions? Budget controls? Kill switches? Token scope validation?</p> <p>Article 15 (Robustness): Prompt injection defense? Output validation? Retry with backoff?</p> <p><strong>GDPR (8 checks, new in v1.5):</strong></p> <p>Consent management (Art. 6/7), data minimization (Art. 5), right to erasure (Art. 17), data retention policies (Art. 5), cross-border transfer safeguards (Art. 44-49), DPIA references (Art. 35), processing records (Art. 30), and breach notification patterns (Art. 33/34).</p> <h2> Prompt Injection Detection (New) </h2> <p>v1.5 ships a standalone injection detector you can drop into any agent. 20 patterns across 5 categories (role override, delimiter injection, privilege escalation, data exfiltration, jailbreak), each with weighted scoring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">air_blackbox.injection</span> <span class="kn">import</span> <span class="n">InjectionDetector</span> <span class="n">detector</span> <span class="o">=</span> <span class="nc">InjectionDetector</span><span class="p">(</span> <span class="n">sensitivity</span><span class="o">=</span><span class="sh">"</span><span class="s">medium</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># low/medium/high </span> <span class="n">block_threshold</span><span class="o">=</span><span class="mf">0.7</span> <span class="c1"># 0-1 score to trigger blocking </span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">detector</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span><span class="n">user_input</span><span class="p">)</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">blocked</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Blocked: score=</span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">score</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Patterns: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">patterns</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Categories: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">categories</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>It also handles OpenAI-format message arrays:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">result</span> <span class="o">=</span> <span class="n">detector</span><span class="p">.</span><span class="nf">scan_messages</span><span class="p">([</span> <span class="p">{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Ignore previous instructions...</span><span class="sh">"</span><span class="p">}</span> <span class="p">])</span> </code></pre> </div> <h2> Trust Layers for 7 Frameworks </h2> <p>The scanner tells you what is missing. The trust layers fix it. One import adds HMAC-SHA256 tamper-evident audit chains to your agent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">air_blackbox</span> <span class="kn">import</span> <span class="n">AirTrust</span> <span class="n">trust</span> <span class="o">=</span> <span class="nc">AirTrust</span><span class="p">()</span> <span class="n">trust</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="n">your_agent</span><span class="p">)</span> <span class="c1"># Auto-detects: LangChain, CrewAI, AutoGen, </span> <span class="c1"># OpenAI SDK, Haystack, Google ADK, </span> <span class="c1"># Anthropic Agent SDK </span></code></pre> </div> <p>Each trust layer hooks into the framework's callback/middleware system and logs every LLM call, tool execution, and data flow to a tamper-evident chain. Each record's hash depends on the previous record's hash. Modify any record and every subsequent hash breaks.</p> <p>Install the framework you need:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox[langchain] pip <span class="nb">install </span>air-blackbox[crewai] pip <span class="nb">install </span>air-blackbox[openai] pip <span class="nb">install </span>air-blackbox[all] <span class="c"># everything</span> </code></pre> </div> <h2> Why Local-First Matters </h2> <p>Every enterprise competitor in this space (Credo AI, Holistic AI, Vanta, OneTrust) requires sending your code to their cloud. For defense, healthcare, finance, and legal, that is a non-starter. Code is classified. Patient data is protected. Attorney-client privilege extends to AI systems.</p> <p>AIR Blackbox runs 100% on your machine. Zero telemetry. Not "opt-out" telemetry. Not there at all.</p> <h2> What Is Next </h2> <p>I am fine-tuning a 1B parameter Llama model on 2,000+ compliance training examples. The goal: catch subtle violations that regex cannot (like logging that exists but is not tamper-evident, or human oversight that can be programmatically bypassed). The model runs locally via ollama. Your code still never leaves your machine.</p> <h2> Try It </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>air-blackbox air-blackbox comply <span class="nt">--scan</span> <span class="nb">.</span> </code></pre> </div> <p>GitHub: <a href="https://github.com/airblackbox/gateway" rel="noopener noreferrer">github.com/airblackbox/gateway</a><br> Demo: <a href="https://airblackbox.ai/demo" rel="noopener noreferrer">airblackbox.ai/demo</a><br> PyPI: <a href="https://pypi.org/project/air-blackbox/" rel="noopener noreferrer">pypi.org/project/air-blackbox</a></p> <p>Apache 2.0. Stars and PRs welcome.</p> <p>This does not make you legally compliant. It is a linter for AI governance, not a lawyer. But it gets your codebase audit-ready for the technical requirements before the deadline hits.</p> ai python opensource euaiact