Blog
Research findings, compliance guidance, and engineering insights.
SCITT as the Article 12 Implementation Pattern for Autonomous AI Agents
EU AI Act Article 12 requires logs conformant to recognised standards. SCITT is the IETF-track standard designed for this evidence shape. The article-by-article mapping, the gaps SCITT explicitly leaves open, and a concrete implementation pattern.
/llms.txt is not enough: a discovery suite for agent-facing APIs
A single Markdown file cannot carry everything an agent needs to plan a session against an API. Five surfaces — link index, OpenAPI, agent-card, scope profiles, verification keys — and one principle: predictable availability.
The advisory-lock self-deadlock Postgres can't see
PostgreSQL's deadlock detector walks the row-lock wait graph. Advisory locks held across `await` boundaries can form cycles through application code that the detector cannot see. Reproduction, real diagnostic output, and the structural fix.
Near Frontier-Quality LLM, No Cloud, No Subscription, Unlimited Tokens: gpt-oss:120b on Strix Halo + Ubuntu 26.04
A 96 GB Strix Halo box arrived in 4 days, runs gpt-oss:120b at 35 tok/s on Ubuntu 26.04, and draws 40-140W. The three kernel parameters every 2025-era guide misses, the benchmark table, and a runnable bench script.
pg-boss in production: footguns we hit and how to avoid them
Four operational footguns we hit running pg-boss at AGLedger for about a year. One is fixed upstream; the other three still bite. Self-contained reproductions, citations, and the patterns we settled on.
Why receipts must be signed: a threat model for agent accountability
Logging answers "what happened?" Signed receipts answer "can you prove it to someone who does not trust you?" Four scenarios where logs quietly fail and what signing buys you mechanically.
Cutting PostgreSQL Audit-Report Query Time 44% with GROUPING SETS and Materialized CTEs
Six aggregations per request became two. Total DB time dropped 44% under sustained load. The anti-pattern, the rewrite, and the honest caveat about why wall-clock p50 did not move.
Frictionless Compliance: How Accountability Gates Guide AI Agents to Success
70 traces, 4 LLM providers. A bare policy denial causes agents to fabricate, quit, or loop. Add a directive and AGLedger tools — agents complete the full accountability lifecycle. No system prompt changes.
What We Learned Adapting to Google A2A v1.0
27 experiments, 30 multi-agent runs. A2A handles task delegation. It does not handle accountability. Here is what the data shows and how AGLedger bridges the gap.
Zero Mocks, Real Infrastructure: How AGLedger Tests an Accountability Engine
36 tests against a live API. Real EKS, real Aurora, real webhooks, real LLM agents. Why we deleted 117 tests last week and what the testbed covers now.
Zero Dispatcher Calls: When Accountability Became the Coordination Layer
We removed the task dispatcher from a 3-agent system. Instead of breaking, agents coordinated entirely through accountability tools — 56 receipts, 41 auto-settled, 0 dispatcher calls.
We Published Our Security Whitepaper
AGLedger's security architecture is now public. 18 sections covering trust boundaries, cryptographic design, threat model, compliance mappings, and post-quantum readiness.
Designing APIs for AI Agents: Lessons from 3 LLM Providers
36 tools tanked completion to 0%. 10 focused tools achieved full lifecycle closure. What we learned testing Claude, GPT, and Gemini against the same API.
Budget LLMs Outperform Premium Models at Task Completion
Haiku and GPT-4o-mini beat Sonnet and GPT-4o at actually finishing work. The "Doers vs Planners" phenomenon.
Zero-Scaffolding API Discovery: Can Agents Learn Your API from Scratch?
HTTP + llms.txt achieved 100% record lifecycle completion. SDK achieved 0%. What this means for API design.
60 Records per Second on a Single Replica: AGLedger Performance at Scale
v0.23.0 stamp on the smallest AWS footprint we could deploy. 60 RPS notarize-only sustained, 12 RPS full gated lifecycle, 100% chain integrity under load.
EU AI Act Article 12: What Event Logging Actually Requires for AI Agents
A deep dive into Article 12 event logging requirements and how structured accountability records satisfy them automatically.
NIST AI RMF for AI Agent Operations: A Practical Mapping
How the four NIST AI RMF functions — GOVERN, MAP, MEASURE, MANAGE — map to agent accountability infrastructure.
ISO 42001 Certification Evidence: What Auditors Actually Want to See
Practical guidance on generating ISO/IEC 42001:2023 certification evidence as a byproduct of AI agent operations.