The diff is a summary. The session trace is what actually happened.

Reddit r/AI_Agents News

Summary

An article highlighting that AI agent session traces reveal hidden actions (e.g., undeclared keys, scope creep) that are absent from the final PR diff, and warns that most developers review only the diff, not the full trace, leading to unreviewed risks.

Task: refactor the auth module. Agent ran 34 minutes, 51 logged actions. PR diff showed 46. Hence 5 actions never appeared in the review surface. The five: a file modification adding an undeclared key, a package version bump, a debug log written to a folder, reads on three files outside the task scope including two from the billing module, and a shell command not in the original task plan. The PR looked clean, but nobody pulled the session trace before merging. This is not a "broken agent" problem. The agent completed the task. But the diff is the output surface, not the evidence layer. The session trace is the evidence. Most review workflows review the output. Almost nobody looks at the full session record. From a Sonar survey this year: 96% of developers don't fully trust AI output, but only 48% always verify before committing. The other 52% are trusting the diff. The uncomfortable part is not that 5 actions went unreviewed. It is that you cannot be certain it was the first time. You just happened to look this once.
Original Article

Similar Articles

Few: two instances of the same model don't make the same diff

Reddit r/AI_Agents

An observation that two instances of the same AI model on the same task can produce different internal behavior (e.g., one refactoring a shared utility while the other does not), highlighting the challenge of reviewing agent work by final output alone.

I'm tired of manually debugging traces

Reddit r/AI_Agents

A developer builds a debugging tool for AI agents that compares replays against reference runs to identify where behavior first drifted, expressing frustration with manual trace debugging.