Blog

Research findings, compliance guidance, and engineering insights.

2026-06-29Engineering

Lessons from an In-Place PostgreSQL 17 to 18 Upgrade (the uuidv7 Default That Did Not Switch Over)

An in-place Aurora 17.9 to 18.3 upgrade kept inserting with the uuidv7 polyfill because column defaults are OID-pinned. The trap, the re-point-then-drop fix, the benchmarks (native is 2.6x faster and packs a 33%-smaller index), and a ~10-minute write-outage that self-healed.

2026-06-17Compliance

Your people are already using AI. Make being compliant the easy path.

Shadow AI is a path problem, not a discipline problem: 90% of executives feel in control while 52% of workers use unsanctioned AI. Pave the compliant path so agents take it on their own, and the audit-ready record accrues as a byproduct.

2026-06-12Research

Settlement Evidence for Agentic Commerce: What AP2, ACP, and x402 Leave Out of Scope

The 2026 agentic-payment rails sign the authorization moment, then declare dispute evidence and settlement out of scope - in their own spec language. AP2, Verifiable Intent, Stripe SPTs, and x402 mapped against the settlement-evidence layer none of them carries.

2026-06-11Engineering

We Created and Managed Our AWS Marketplace Listing with Claude Code

Listing copy, pricing, delivery options, a live self-purchase validation that surfaced four real bugs, and the Public submission - a coding agent operated our AWS Marketplace listing end-to-end through the Catalog, Discovery, and Agreements APIs. A worked account.

2026-06-10Research

Intent Before Action: Reconstructed Agent Logs Follow the Outcome, Not the Decision

When the recorded outcome contradicted the real decision, one of four models rewrote its own intent to match the outcome on 5 of 5 contested tasks - sometimes adding "I made an error." Why intent has to be captured before the action, not after.

2026-06-10Research

Can an AI Agent Be Trusted to Write Its Own Audit Log? We Measured It.

Four production-tier models processed payment batches with forced write failures, then wrote their own audit reports. Three of four claimed success for writes that never happened - up to 47%. The independent signed chain caught every phantom record.

2026-06-10Research

Durable Intent, Measured: We Wiped Four Agents and Asked Them to Finish Their Own Work

A cold-recovery experiment: four agents restarted with zero memory had to discover and finish their own work from the signed ledger alone. All four stalled behind a judgment gate; a deterministic gate flipped the weakest model from 0/3 to 3/3.

2026-06-09Essay

Durable Intent: The One Thing Your Agent Will Not Forget or Make Up

Long-running agents lose context, and a model asked to remember will confabulate. Durable intent is a signed, byte-stable record of what an agent was told to do - readable back after the context is gone. Why logging and agent memory do not solve it, and what does.

2026-06-05Engineering

The 88,000-Token Crash: Making gpt-oss-120b Survive Its Full 128K Context on Strix Halo

Past ~80k tokens of prefill, llama.cpp on Strix Halo trips the amdgpu GPU watchdog: ring reset, vk::DeviceLostError, core dump. Flash attention does not fix it; -ub 512 does. The crash matrix, the throughput bill, and 3/3 needle-in-a-haystack at 110k tokens.

2026-05-20Research

SCITT as the Article 12 Implementation Pattern for Autonomous AI Agents

EU AI Act Article 12 requires logs conformant to recognised standards. SCITT is the IETF-track standard designed for this evidence shape. The article-by-article mapping, the gaps SCITT explicitly leaves open, and a concrete implementation pattern.

2026-05-06Engineering

/llms.txt is not enough: a discovery suite for agent-facing APIs

A single Markdown file cannot carry everything an agent needs to plan a session against an API. Five surfaces - link index, OpenAPI, agent-card, scope profiles, verification keys - and one principle: predictable availability.

2026-05-06Engineering

The advisory-lock self-deadlock Postgres can't see

PostgreSQL's deadlock detector walks the row-lock wait graph. Advisory locks held across `await` boundaries can form cycles through application code that the detector cannot see. Reproduction, real diagnostic output, and the structural fix.

2026-05-06Engineering

Near Frontier-Quality LLM, No Cloud, No Subscription, Unlimited Tokens: gpt-oss-120b on Strix Halo + Ubuntu 26.04

A $2,300 96 GB Strix Halo box runs gpt-oss-120b at ~48 tok/s with a stable full 128K context on llama.cpp + Vulkan. Rewritten after a full rebuild - including what the May version of the post got wrong.

2026-05-03Engineering

pg-boss in production: footguns we hit and how to avoid them

Four operational footguns we hit running pg-boss at AGLedger for about a year. One is fixed upstream; the other three still bite. Self-contained reproductions, citations, and the patterns we settled on.

2026-04-19Research

Why receipts must be signed: a threat model for agent accountability

Logging answers "what happened?" Signed receipts answer "can you prove it to someone who does not trust you?" Four scenarios where logs quietly fail and what signing buys you mechanically.

2026-04-18Engineering

Cutting PostgreSQL Audit-Report Query Time 44% with GROUPING SETS and Materialized CTEs

Six aggregations per request became two. Total DB time dropped 44% under sustained load. The anti-pattern, the rewrite, and the honest caveat about why wall-clock p50 did not move.

2026-04-15Research

Frictionless Compliance: How Accountability Gates Guide AI Agents to Success

70 traces, 4 LLM providers. A bare policy denial causes agents to fabricate, quit, or loop. Add a directive and AGLedger tools - agents complete the full accountability lifecycle. No system prompt changes.

2026-04-13Research

What We Learned Adapting to Google A2A v1.0

27 experiments, 30 multi-agent runs. A2A handles task delegation. It does not handle accountability. Here is what the data shows and how AGLedger bridges the gap.

2026-04-13Engineering

Testing to Learn: Deterministic CI, Probabilistic Agents, and the MCP Proxy We Killed

2,900+ deterministic tests per build plus LLM-agent simulations with controlled product awareness. How that mix falsified our MCP-proxy architecture in one month.

2026-04-10Research

Zero Dispatcher Calls: When Accountability Became the Coordination Layer

We removed the task dispatcher from a 3-agent system. Instead of breaking, agents coordinated entirely through accountability tools - 56 receipts, 41 auto-settled, 0 dispatcher calls.

2026-04-07Security

We Published Our Security Whitepaper

AGLedger's security architecture is now public. 18 sections covering trust boundaries, cryptographic design, threat model, compliance mappings, and post-quantum readiness.

2026-04-06Research

Designing APIs for AI Agents: Lessons from 3 LLM Providers

36 tools tanked completion to 0%. 10 focused tools achieved full lifecycle closure. What we learned testing Claude, GPT, and Gemini against the same API.

2026-04-06Research

Budget LLMs Outperform Premium Models at Task Completion

Haiku and GPT-4o-mini beat Sonnet and GPT-4o at actually finishing work. The "Doers vs Planners" phenomenon.

2026-04-06Research

Zero-Scaffolding API Discovery: Can Agents Learn Your API from Scratch?

HTTP + llms.txt achieved 100% record lifecycle completion. SDK achieved 0%. What this means for API design.

2026-06-10Engineering

109 Records per Second on One 2-vCPU Node: AGLedger Performance at Scale

1.0.0 GA stamp on the smallest practical AWS footprint. 109 records/sec notarize on a single pod; 999,006 records through 240 forced pod-kills, zero forks.

2026-04-06Compliance

EU AI Act Article 12: What Event Logging Actually Requires for AI Agents

A deep dive into Article 12 event logging requirements and how structured accountability records satisfy them automatically.

2026-04-06Compliance

NIST AI RMF for AI Agent Operations: A Practical Mapping

How the four NIST AI RMF functions - GOVERN, MAP, MEASURE, MANAGE - map to agent accountability infrastructure.

2026-04-06Compliance

ISO 42001 Certification Evidence: What Auditors Actually Want to See

Practical guidance on generating ISO/IEC 42001:2023 certification evidence as a byproduct of AI agent operations.