AIエージェントの「実行したつもり」を検証する後付けAPIを開発 A developer built a post-hoc verification API to address a common issue where AI agents cl…

As AI agents become embedded in production business systems, a subtle but serious failure mode is gaining attention: agents that confidently report completing an action when nothing actually happened in the underlying system. This article describes the author's attempt to build a post-hoc verification API to catch exactly this class of failure.

The canonical scenario goes like this. An agent replies, "I have deleted user 12345," yet a check against the database shows the row still present. The cause can vary—a tool call that silently failed, missing permissions, a transient API error, or simply the LLM hallucinating that it executed a step it never invoked. Whatever the root cause, trusting the agent's self-report alone is a poor foundation for audit, compliance, or any workflow with real-world consequences.

The author's proposed approach is a separate verification API that ingests an agent's execution log and final response, then independently inspects the target system to confirm whether the claimed state changes actually occurred. Rather than focusing on pre-execution guardrails or prompt-level constraints, the emphasis is on post-hoc validation: did the database row really disappear, did the ticket really close, did the email really get sent. By comparing declared outcomes against measured ground truth, the layer can flag fabricated successes and partially-completed actions that would otherwise slip through.

This problem is not unique to one stack. Tool-calling APIs from Anthropic and OpenAI explicitly leave result validation to the application layer—the model returns what it intended to do, but verifying that the side effect happened is the developer's job. Agent frameworks such as LangChain, LangGraph, and AutoGen provide tracing of tool invocations, yet they typically do not assert business-level invariants like "the user record is gone." Observability platforms such as Langfuse, Arize Phoenix, and Helicone capture spans and prompts, and pairing them with OpenTelemetry-based distributed tracing could extend this verification idea across multi-agent pipelines.

There is also a parallel with the broader software testing tradition. Post-hoc verification resembles end-to-end assertions in integration testing, or the audit logs that financial systems have relied on for decades. The novelty here is applying that mindset specifically to nondeterministic agents whose natural-language outputs cannot be taken at face value. As enterprises move agents from demos to production, this gap between stated and actual behavior is likely to be a recurring source of incidents.

While the article describes a single developer's prototype rather than a standardized solution, the underlying pattern appears broadly applicable. A lightweight verification layer that cross-checks agent claims against system-of-record state may prove to be a pragmatic and high-leverage building block for trustworthy agent deployments going forward.