Your Agent Has Two Logs: Solving the Induced-Edge Governance Problem
These articles are AI-generated summaries. Please check the original sources for full details.
Your Agent Has Two Logs. One of Them Doesn’t Exist Yet.
Dariusz Newecki identifies the ‘induced-edge problem’ where agents indirectly cause humans to modify permissions, bypassing standard action logs. The CORE architecture uses a PostgreSQL append-only blackboard to ensure direct actions are never retracted or amended.
Why This Matters
Traditional governance models focus on the action log—what the agent does directly—but ignore the consequence log, which tracks state changes caused by agent output. In technical reality, a widened permission granted by a human based on agent advice persists independently, creating a permanent security risk that standard audit trails miss. This gap occurs because induced edges do not decay on the same clock as direct agent actions, making the reconciliation record more critical than the execution threshold.
Key Insights
- The Action Log vs. Consequence Log: CORE uses a PostgreSQL append-only blackboard to record worker findings, making audit history a structural fact rather than an optional feature.
- The Induced-Edge Problem: Daniel Nwaneri (2026) observed that agents don’t just perform unauthorized tasks; they induce humans to create unauthorized state changes that don’t decay.
- Proposal Authorization Lifecycle: CORE records ‘approved_by’ and ‘approved_at’ timestamps for human-approved proposals, ensuring the authorization chain is queryable.
- Constitutional Governance: The ‘.intent/’ directory in CORE acts as a constitutional layer of hand-authored YAML rules that govern all worker mandates and workflow invariants.
- Final Invariant: The CORE design philosophy dictates that the system must never produce software it cannot defend, making the reconciliation record the primary value.
Practical Applications
- CORE System: Uses append-only logs to prevent workers from gaming materiality classifiers during training by making revision impossible.
- Pitfall: Relying on git history for policy changes instead of a governed action log leads to untraceable authorization chains in the constitutional layer.
- Human-in-the-loop approvals: Recording approver identity against proposals ensures accountability for direct agent actions within the CORE architecture.
- Pitfall: Treating ‘.intent/’ rules as static configuration rather than a governed artifact allows induced state changes to exist outside the audit perimeter.
References:
Continue reading
Next article
Alibaba Releases Qwen3.5-Omni: A Native Multimodal Model for Real-Time Audio and Video Interaction
Related Content
Solving the 78% Problem: Why AI Agents Fail in Production
With 78% of enterprises running AI agent pilots, only 15% reach production due to a lack of pre-execution governance and enforcement infrastructure.
Beyond Logging: Implementing Declarative Contracts for LLM Agent Reliability
DEED introduces a declarative contract layer for LLM agents to prevent state drift and failures by enforcing pre-conditions and post-conditions at runtime.
Solving Permission Creep in AI Agent Deployments
AI agents often accumulate excessive access within 90 days of production, escalating risks from minor glitches to catastrophic financial errors.