[EAAPL-WRK013] Workflow Tracing and Replay
Category: Agentic Workflows
Sub-category: Observability and Audit Architecture
Version: 1.0
Maturity: Emerging
Tags: tracing, replay, observability, audit-log, deterministic-replay, workflow-debugging
Regulatory Relevance: EU AI Act (Art. 12), APRA CPS 230, ISO 42001 §8.4
1. Executive Summary
The Workflow Tracing and Replay Pattern defines the instrumentation, storage, and replay mechanisms for capturing a complete, reproducible record of every agentic workflow execution: every LLM inference call, every tool use, every state transition, every decision, and every intermediate result. The trace is the source of truth for debugging production failures, demonstrating regulatory compliance, replaying executions deterministically for root-cause analysis, and providing the observability foundation for improving workflow performance and quality over time.
For CIO/CTO audiences: in traditional software, logs and debuggers let you understand what happened when something goes wrong. For AI agent workflows, the equivalent is the execution trace — a record of every reasoning step, tool call, and decision the agent made. Without traces, a production failure in an agentic workflow is a black box: something went wrong between input and output, and you have no way to know where or why. With traces, you can replay the exact execution, identify the point of failure, fix the underlying cause, and prove to regulators that your AI system operates as designed. For regulated industries, the trace is not optional — it is the primary evidence of AI system behaviour.
2. Problem Statement
Business Problem
Agentic workflow failures in production — incorrect output, unexpected behaviour, regulatory non-compliance — are extremely difficult to diagnose without a complete execution record. The symptoms (wrong output) are often discovered long after the execution completes, by which time the in-memory state is gone. Without reproducible traces, every investigation requires either reproduction in a test environment (often impossible with live data) or inference from outputs.
Technical Problem
LLM inference is non-deterministic: replaying the same workflow without pinned model versions and captured intermediate state produces different results, making reproduction unreliable. Without explicit trace capture, the only record of a workflow execution is the input and output — the intermediate steps, decisions, and reasoning are lost.
Symptoms of Absence
- Production failures in agentic workflows cannot be diagnosed; every failure requires a support escalation
- No ability to compare two executions of the same workflow on different inputs
- Regulatory inquiries about AI decision-making cannot be answered with evidence
- Performance optimisation is based on guesswork; no per-step latency or cost data
Cost of Inaction
- Operational: Production failures are expensive to diagnose without traces
- Compliance: Cannot demonstrate AI system behaviour to regulators without traces
- Quality: Cannot systematically improve workflow performance without per-step observability data
3. Context
When to Apply
- Agentic workflows operate in production environments
- Regulatory compliance requires evidence of AI system behaviour
- Workflows produce business-critical outputs that may be disputed or audited
- Engineering teams need to debug and improve complex multi-step workflows
When NOT to Apply
- Pure research or development prototypes with no production obligations
- Workflows processing exclusively ephemeral data with no audit requirements
- High-throughput, simple workflows where per-execution trace storage cost is prohibitive (use sampling instead)
Prerequisites
- Trace schema definition (what fields are captured for each event type)
- Trace storage with query capabilities (time-range, workflow ID, event type filters)
- Model version pinning for replay determinism
- Replay infrastructure separate from production to prevent trace pollution
Industry Applicability
| Industry |
Tracing Use Case |
Regulatory Driver |
| Financial Services |
Credit decision audit trail |
ASIC RG 263; responsible lending evidence |
| Legal |
Matter workflow evidence |
Solicitor audit obligations; file management |
| Healthcare |
Clinical AI decision documentation |
Medical device software; clinical audit |
| Government |
Automated decision documentation |
AAT review; FOI; APS AI Ethics requirements |
| Insurance |
Claims processing audit |
ICA Code of Practice; ASIC oversight |
4. Architecture Overview
Workflow tracing is implemented as a cross-cutting concern: trace capture is embedded at every significant event boundary in the workflow without modifying the core workflow logic.
Trace Schema
Each trace record captures: workflow_id (correlates all events in an execution), event_type (LLM_CALL, TOOL_CALL, STATE_TRANSITION, DECISION, ERROR), timestamp, span_id (for sub-workflow correlation), parent_span_id, input_hash (hash of inputs for reproducibility verification), output (structured or serialised), latency_ms, token_usage (prompt tokens, completion tokens, total cost), model_version (pinned), and metadata (tool name, state names, decision labels).
Trace Capture
Trace instrumentation is implemented via callback hooks or middleware that intercept workflow events without modifying core logic: (a) LLM inference interceptors capture every inference call's inputs, outputs, model version, and token usage; (b) tool call interceptors capture every tool invocation's name, parameters, result, and latency; (c) state transition hooks in the state machine engine capture every state change; (d) decision logging captures every conditional branch taken.
Trace Storage
Traces are written to an append-only, immutable store. The immutability is critical: traces must not be modifiable after write (prevents tampering). For high-volume workflows, a two-tier store is used: hot storage (queryable, recent, full-resolution) and cold storage (archived, compressed, long-term retention). Trace retention policy is aligned with the organisation's audit records management policy (typically 7 years for regulated financial processes).
Replay Architecture
To replay a workflow from its trace: (1) load the trace for the target workflow execution, (2) provision a replay environment with the same model versions (pinned), (3) feed the captured inputs to the workflow in isolation from external systems, (4) substitute captured tool results for live tool calls (playback mode), (5) compare the replay output to the original trace. If the outputs match, the execution was deterministic. If they differ, the difference identifies a non-deterministic component that requires investigation.
Observability Dashboards
Traces are the foundation for observability: per-step latency heatmaps, token usage per step, error rate per event type, decision distribution (which branches are taken most), and quality metrics over time. These dashboards enable systematic workflow improvement based on evidence.
5. Architecture Diagram
flowchart TD
subgraph Workflow["Agent Workflow Execution"]
A[LLM Inference Call]
B[Tool Call]
C[State Transition]
D[Conditional Decision]
E[Error Event]
end
subgraph Instrumentation["Trace Instrumentation Layer"]
F[LLM Interceptor]
G[Tool Call Interceptor]
H[State Hook]
I[Decision Logger]
J[Error Capturer]
end
subgraph Storage["Trace Storage"]
K[(Hot Trace Store)]
L[(Cold Archive)]
end
subgraph Replay["Replay Infrastructure"]
M[Trace Loader]
N[Replay Engine]
O[Diff Engine]
end
subgraph Observability["Observability Layer"]
P[Dashboards]
Q[Alerts]
R[Audit Report]
end
A --> F
B --> G
C --> H
D --> I
E --> J
F & G & H & I & J --> K
K --> L
K --> M & P & Q & R
M --> N
N --> O
6. Components
| Component |
Type |
Responsibility |
Technology Options |
Criticality |
| LLM Inference Interceptor |
Middleware |
Captures every LLM call: inputs, outputs, model version, token usage |
LangChain callbacks; OpenTelemetry spans; custom wrapper |
Critical |
| Tool Call Interceptor |
Middleware |
Captures every tool call: name, params, result, latency |
LangChain tool callbacks; custom decorator |
Critical |
| State Transition Hook |
Integration |
Captures every state transition from FSM engine |
State machine engine event hooks |
High |
| Decision Logger |
Middleware |
Captures every conditional branch decision and its classification result |
Custom; LangGraph node outputs |
High |
| Trace Writer |
Integration |
Writes trace events to append-only trace store |
PostgreSQL append-only; Kafka; OpenSearch |
Critical |
| Hot Trace Store |
Storage |
Queryable recent trace storage (last 90 days typical) |
PostgreSQL; ClickHouse; Elasticsearch |
Critical |
| Cold Trace Archive |
Storage |
Long-term trace retention (7 years typical) |
S3; Azure Blob; GCS with lifecycle policy |
High |
| Replay Engine |
Tooling |
Loads trace; provisions replay environment; substitutes captured tool results |
Custom; LangSmith; Weights & Biases |
High |
| Observability Dashboard |
Monitoring |
Visualises per-step latency, cost, quality metrics |
Grafana; Datadog; CloudWatch Dashboards |
Medium |
7. Data Flow
| Step |
Actor |
Action |
Output |
| 1 |
LLM Interceptor |
LLM inference call intercepted |
Trace event: {workflow_id, event: "LLM_CALL", model: "gpt-4o@2025-01", input_hash: "sha256:...", output_hash: "sha256:...", tokens: {prompt: 1200, completion: 450}, latency_ms: 1840} |
| 2 |
Tool Call Interceptor |
Tool call intercepted |
Trace event: {workflow_id, event: "TOOL_CALL", tool: "regulatory_search", params_hash: "...", result_hash: "...", latency_ms: 420} |
| 3 |
Decision Logger |
Branch decision made |
Trace event: {workflow_id, event: "DECISION", branch: "contract", confidence: 0.94} |
| 4 |
Trace Writer |
Writes all events atomically |
Append-only trace store updated |
| 5 |
Investigator (later) |
Workflow produced unexpected output; retrieve trace |
Query: SELECT * FROM traces WHERE workflow_id = 'W-8821' ORDER BY timestamp |
| 6 |
Replay Engine |
Load trace W-8821; provision replay with pinned models |
Replay environment ready |
| 7 |
Replay Engine |
Replay execution; substitute captured tool results |
Replay output matches original — confirms deterministic execution |
| 8 |
Diff Engine |
Compare replay trace to original |
Diff: decision at step 3 took branch "contract" in original, "policy" in replay — classifier drift identified |
Error Flow
| Error |
Detection |
Recovery |
| Trace write failure |
Async write error |
Buffer locally; retry with exponential backoff; alert if buffer threshold exceeded |
| Trace store unavailable |
Health check |
Fail open (workflow continues, tracing suspended with alert) OR fail closed (workflow halted) — configurable per regulatory requirement |
| Replay diverges from original |
Diff Engine |
Flag non-deterministic component; trigger investigation alert |
8. Security Considerations
Trace Sensitivity
- Traces contain every input and output of a workflow, including potentially sensitive intermediate data (PII, commercial-in-confidence information)
- Mitigation: Capture parameter hashes rather than raw values for sensitive fields; full values only for non-sensitive fields; access control on trace query APIs (traces are most-sensitive data in the system)
OWASP LLM Top 10
| OWASP LLM Risk |
Tracing Applicability |
Mitigation |
| LLM06 Sensitive Information |
Traces contain all intermediate data including PII |
PII detection before trace write; PII fields stored as hash only; trace access control |
| LLM09 Overreliance |
Traces may be used to claim "the AI said X" without context |
Trace includes full context; traces always reviewed with workflow specification |
9. Governance Considerations
Trace Immutability
- Traces must be immutable after write: no update or delete operations. A trace that can be modified after the fact does not provide reliable regulatory evidence.
- Implement append-only tables, WORM storage, or cryptographic hash-chain integrity verification
Governance Artefacts
| Artefact |
Owner |
Frequency |
Purpose |
| Trace Retention Policy |
Legal + Compliance |
Annual review |
Documents retention periods per workflow type |
| Trace Schema Registry |
AI Platform |
On schema change |
Version-controlled schema; ensures trace backward-compatibility |
| Trace Integrity Verification Report |
Compliance |
Quarterly |
Confirms trace immutability; detects any tampering |
| Replay Accuracy Report |
ML Engineering |
Monthly |
Tracks replay-vs-original accuracy; detects non-determinism |
10. Operational Considerations
SLOs
| SLO |
Target |
Window |
Alert |
| Trace capture rate (traces written for all workflows) |
100% |
Real-time |
Any gap triggers P1 for regulated workflows |
| Trace write latency p99 |
≤ 100ms |
1-hour rolling |
> 500ms triggers P2 |
| Trace query latency p95 (recent 90 days) |
≤ 5s |
1-hour rolling |
> 15s triggers P3 |
| Replay success rate (replay matches original) |
≥ 99% |
Weekly eval |
< 97% triggers P2; non-determinism investigation |
11. Cost Considerations
| Trace Configuration |
Storage Cost (per 1M workflows) |
Notes |
| Hash-only (params/results as hashes) |
Very Low |
Sufficient for audit; not sufficient for replay |
| Full trace (raw inputs/outputs) |
Medium–High |
Required for replay and deep debugging |
| Full trace with cold archive tiering |
Low–Medium |
Most cost-effective for long retention |
| Sampled tracing (10% of executions) |
Very Low |
Only for high-volume non-regulated workflows |
12. Trade-Off Analysis
| Option |
Audit Coverage |
Replay Capability |
Storage Cost |
Complexity |
Best For |
| A: Full trace with hash-chain integrity (Recommended for regulated) |
Very High |
High |
Medium |
High |
Regulated workflows |
| B: Decision-only trace (state transitions + decisions) |
High |
Low |
Low |
Low |
Non-regulated workflows needing audit |
| C: Sampled full trace |
Medium |
Medium |
Very Low |
Medium |
High-volume non-regulated workflows |
| D: No tracing |
None |
None |
Zero |
None |
Never for production agentic workflows |
13. Failure Modes
| Failure Mode |
Likelihood |
Impact |
Detection |
Recovery |
| Trace store disk full |
Low |
Critical — trace capture stops |
Disk utilisation monitoring |
Automated tier-to-cold-archive; alert; capacity planning |
| Non-deterministic replay (model output changes) |
Medium |
Medium — replay cannot confirm original behaviour |
Replay diff rate monitoring |
Pin model versions in trace; use model snapshot archival |
| Trace schema drift (code change adds fields without schema update) |
Medium |
Medium — queries break |
Schema validation on trace write |
Schema registry; backward-compatible schema evolution |
| Trace data breach (sensitive intermediate data exposed) |
Low |
Critical — privacy/regulatory violation |
Access log anomaly detection |
Encryption at rest + in transit; RBAC; PII hash-only storage |
14. Regulatory Considerations
EU AI Act
- Art. 12 (Record-keeping): High-risk AI systems must automatically record logs enabling ex-post monitoring. The workflow trace is the primary implementation of this requirement. Retention must cover the system's operational period.
APRA CPS 230
- Operational resilience evidence: traces support the ability to reconstruct what happened during an operational incident involving an AI system.
ISO 42001
- §8.4: AI system operational monitoring requirements; traces are the evidence artefact for operational review.
Australian Context
- Privacy Act 1988 (APP 11): Traces containing personal information must be secured with appropriate technical and organisational controls; PII fields must be treated as privacy-sensitive data.
- FOI Act: Government agency workflows may be subject to FOI requests; traces are discoverable records.
15. Reference Implementations
AWS
| Component |
Service |
| Trace Capture |
AWS X-Ray with custom subsegments per workflow event |
| Trace Storage (hot) |
Amazon OpenSearch Serverless (queryable) |
| Trace Archive (cold) |
Amazon S3 with S3 Object Lock (WORM) + Glacier for long-term |
| LLM Call Tracing |
Amazon Bedrock model invocation logging (built-in) |
| Dashboard |
Amazon CloudWatch + OpenSearch Dashboards |
Azure
| Component |
Service |
| Trace Capture |
Azure Monitor + Application Insights custom events |
| Trace Storage |
Azure Data Explorer (ADX — queryable, append-only) |
| Trace Archive |
Azure Blob Storage with immutable storage policy |
| Dashboard |
Azure Monitor Workbooks; Grafana |
On-Premises
| Component |
Technology |
| Trace Capture |
LangSmith tracing; OpenTelemetry + Jaeger; custom callback hooks |
| Trace Storage |
ClickHouse (append-only, columnar, highly queryable) |
| Trace Archive |
MinIO with object lock; PostgreSQL append-only table |
| Pattern |
ID |
Relationship Type |
Notes |
| Workflow State Machine |
EAAPL-WRK012 |
Depends On |
State transition events are primary trace inputs |
| Tool Call Orchestration |
EAAPL-WRK006 |
Depends On |
Tool call audit log feeds into workflow trace |
| ReAct Agent Loop |
EAAPL-WRK001 |
Integrates With |
Every ReAct iteration is a traced event |
| Streaming Progressive Output |
EAAPL-WRK010 |
Integrates With |
Streaming event archive is a trace input |
17. Maturity Assessment
Overall Maturity: Emerging
| Dimension |
Score (1–5) |
Evidence |
| Research Foundation |
3 |
Distributed systems tracing mature (OpenTelemetry); LLM-specific tracing newer |
| Production Deployment |
3 |
LangSmith, W&B, Helicone deployed in production; enterprise adoption growing |
| Framework Support |
3 |
LangSmith; Weights & Biases; Helicone; OpenTelemetry AI semantic conventions |
| Replay Tooling |
2 |
Replay infrastructure largely custom-built; no dominant standard tool |
| Regulatory Use |
2 |
Traces accepted as regulatory evidence in early deployments; standards forming |
18. Revision History
| Version |
Date |
Author |
Changes |
| 1.0 |
2025-06-13 |
Architecture Board |
Initial publication in Agentic Workflows category |