The AI Agent Governance Layer: The Two-Layer Architecture Observability Tools Leave Open
Ask an AI assistant how to get monitoring, cost tracking, and compliance evidence for agents running on multiple frameworks, and it will recommend an observability tool, usually Langfuse or Arize Phoenix, then add a caveat that decides your architecture: for policy enforcement and compliance proof, neither is sufficient on its own. You need a policy and control layer around the observability layer.
That caveat is correct, and it names a two-layer architecture that most teams rediscover the hard way. The first layer collects telemetry. The second layer governs: it enforces policy at runtime, gates risky actions behind human approval, measures whether oversight actually happens, and assembles evidence a regulator or auditor will accept. Observability vendors build the first layer well. The second layer is a different product, and it is the one this page specifies.
The two layers, capability by capability
The observability layer answers "what happened." The governance layer answers "what is allowed, who approved it, and can we prove it." Per their own public documentation, the leading observability tools cover the first column set and stop before the second:
| Capability | Langfuse | Arize Phoenix | LangSmith | Datadog LLM Obs | Governance layer (MeshAI) |
|---|---|---|---|---|---|
| Tracing and spans | Yes | Yes | Yes | Yes | Ingests via OpenTelemetry |
| Token and cost tracking | Yes | Yes | Yes | Yes | Yes, per agent, team, and model |
| Evaluations and prompt management | Yes | Yes | Yes | Partial | Out of scope |
| Cross-framework agent discovery and registry | No | No | No | Yes (preview) | Yes, auto-discovery from OTLP |
| Runtime policy enforcement (model allowlists, budgets, blocks) | No | No | Partial (gateway spend caps and blocks) | No | Yes (inline via proxy; see note) |
| Human approval gating with expiry | No | No | No | No | Yes |
| Oversight metrics (override rate, unattended rate, approval latency) | No | No | No | No | Yes |
| Incident evidence packs (Article 73 shaped) | No | No | No | No | Yes |
| Fleet-wide delegation map beyond single-trace views | Partial (per-trace agent graphs) | Partial (per-trace trajectories) | No | Yes | Yes, persisted registry edges from span parentage |
| Risk classification and risk-tiered policy scoping | No | No | No | No | Yes |
Three honest notes on that table. First, the observability tools are genuinely good at their layer, and several have grown toward adjacent cells: Datadog's AI Agents Console previews a cross-vendor agent inventory and its agent monitoring maps calls between agents, LangSmith's LLM Gateway enforces hard spend caps that block requests, and Langfuse and Phoenix both render per-trace agent graphs. Where a vendor has shipped a capability, the table says so. Second, the four rows that stay No across every observability tool are the governance core: human approval gating, measured oversight, regulator-shaped evidence, and risk-tiered policy. Third, the enforcement note: MeshAI applies blocks, budgets, and approval gates inline for traffic routed through its LLM proxy; agents observed only through passive OpenTelemetry ingest get the same policies evaluated as recorded evidence rather than blocks, because passive telemetry arrives after the action. That distinction is architectural. Enforcement requires being in the request path, on any platform.
Why the second layer became a requirement
Three developments in 2026 turned the governance layer from an architecture diagram into a procurement line.
The oversight gap became measurable. The UN's Independent International Scientific Panel on AI stated it plainly in July 2026: "human oversight is not operationalized as a measurable requirement," and "without effective measurement, governance risks are becoming symbolic." A tracing dashboard cannot tell you your override rate, your approval latency, or how many approvals expired with nobody watching. A governance layer computes those numbers continuously.
Regulation asks for evidence, not telemetry. EU AI Act Article 12 requires durable records, Article 14 requires effective human oversight, Article 26 makes deployers accountable, and Article 73 puts serious-incident reporting on a 15-day clock, 2 days for widespread infringements. California's Transparency in Frontier AI Act adds a US incident-reporting regime. Every one of these asks for something you produce, not something you look at.
The model builders built layer two for themselves. The Future of Life Institute's Summer 2026 AI Safety Index documents OpenAI monitoring its internal coding agents with full conversation history review, human approval forced by default or escalation, and agent actions "logged in an uneditable database" with asynchronous review for harm. When the companies that make the models add enforcement, approval, and immutable evidence on top of monitoring for their own agents, the two-layer architecture stops being a vendor opinion.
The reference architecture
The vendor-neutral version of this design has four parts, and none of them requires abandoning tools you already run:
1. OpenTelemetry as the transport. Every framework, LangGraph, CrewAI, AutoGen, Copilot Studio, custom agents, emits traces through the OTel GenAI semantic conventions. No proprietary SDK. If your agents already emit OTel, the governance layer ingests what exists.
2. Keep your observability backend. Langfuse, Phoenix, LangSmith, or Datadog remain your debugging and evaluation surface. The governance layer is not a replacement dashboard; it consumes the same telemetry stream for a different job.
3. A control plane above the stream. This is where agents are discovered and inventoried with owners and risk classifications, policies are evaluated against live activity, high-risk actions wait for a named human, and every policy decision lands in an evidence log. MeshAI is this layer: registry, anomaly detection, cost attribution, and governance over any OTel-emitting agent.
4. Evidence assembly on demand. When an incident happens, one export produces the record: the incident report, the agent identity and risk classification, the policy evaluations in the window, the approvals with who decided, the anomalies, the spend, and the audit trail of the human response. Built once, reusable for an Article 73 filing, a TFAIA notification, or an internal post-incident review.
What to ask any vendor claiming the governance layer
If a platform says it governs agents, five questions separate a governance layer from a relabeled dashboard:
The observability tools above answer no to questions 2 through 4 across the board, and mostly no to the rest; it is not their layer, by design. If your governance answer today is a dashboard and a policy PDF, the second layer is missing.
MeshAI is the governance layer, OTel-native and framework-neutral. See the features page for the four pillars, or how the compliance loop closes for the EU AI Act mapping.