hosted coding agents make observability a product feature

The laptop was never the interesting part of coding agents. It was just the first convenient runtime. Your laptop has the repository, the shell, the secrets, the package cache, the local database, the half-working dev server, and whatever credentials you forgot were still loaded in the background. So the early version of agentic coding naturally ran there. It was close to the work. It had all the messy context. It was also a very strange place to run something that might edit code for an hour while calling tools, installing dependencies, and touching private systems. AWS published a Bedrock AgentCore post this month with a very good hook: you should be able to close your laptop while the coding agent keeps working. That is the demo-friendly version. The more important version is this: once the agent leaves the laptop, "what happened?" becomes a production question. And that is where observability stops being a nice enterprise add-on and becomes part of the product. remote is not the same as trustworthy Moving a coding agent to a hosted runtime solves some obvious problems. The agent can keep running after your machine sleeps. Multiple agents can run in parallel without fighting over the same local Postgres port. The filesystem can persist between sessions. The environment can be isolated in a microVM or container instead of sharing your real shell with everything else you do all day. Good. But remote execution also removes a useful kind of accidental visibility. When the agent is on your laptop, you can at least see the terminal, notice the fan spin up, watch the test output, and feel the blast radius because it is your machine. In a hosted runtime, that little bit of intuition disappears. The agent is now somewhere else, with its own filesystem, network path, credentials, tools, retry behavior, and bill. So the platform has to replace intuition with evidence. Not a transcript pasted into a PR. Actual operational evidence: traces, logs, metrics, command history, tool calls, token usage, latency, failures, retries, identity, and cost. Without that, a hosted agent is just a remote terminal with better branding. the trace is the review artifact We still talk about coding agents as if the pull request is the main artifact. That is too small. The PR tells you what changed. It does not tell you enough about how the change was produced. For simple work, that may be fine. For production agent workflows, the process matters. I want to know: who or what started the session which repository and branch were checked out which identity was used for tools which files were inside the allowed scope which commands ran which external tools were called which tests failed before they passed how much time and token budget the task consumed what the agent tried before it settled on the final diff where a human approved or stopped something Some of that belongs in the PR description. Some belongs in the platform that launched the task. Some belongs in traces and logs. The important bit is that the information exists in a place the team can query later. Six months from now, someone will ask why an agent changed an auth middleware, why it contacted a particular internal service, or why a migration took five attempts. "The bot said it was done" will not be a satisfying answer. The trace becomes part of the review artifact because the diff is no longer enough. observability is also a permission model People often separate observability and security too cleanly. For agents, they are tangled together. If an agent can call GitHub, Jira, Slack, a database console, an internal admin API, and a package registry, you need to know more than whether the final tests passed. You need to know which capabilities it actually used. This is why the AWS AgentCore framing around Identity, Gateway, CloudTrail, CloudWatch, and OpenTelemetry is interesting. The details matter less than the shape of the product: the agent runtime is not only where code executes. It is also wh