Guardians for
autonomous AI agents.
Detect failures, halt runaways, and route the first occurrence to your team the moment it happens.
Twenty-plus failure classes
Agents fail in patterns.
Mesedi catalogs them.
Every detector below ships on every tier, including Self-Hosted. Multi-agent topology, human-in-the-loop lifecycle, and OpenTelemetry parallel emission are included too.
Unhandled exceptions, OOMs, segfaults. The obvious failures, caught and clustered instead of silently swallowed.
A tool call that errored, timed out, or returned malformed output the agent then tried to interpret anyway.
The agent's own self-check rejected its output. Surfaces these so they don't pile up unseen.
Agents that run longer than they should. Usually a stuck loop or a slow external tool.
Excessive iterations. The classic sign of a loop the agent can't break out of on its own.
Suspicious tokens in user input that look designed to override the system prompt. Heuristic, not exhaustive.
Secrets, API keys, JWTs, SSNs, or PII leaving the agent in an outbound payload. Scanned against 13 built-in patterns plus your own custom rules.
Agent code-exec tools tried to access instance metadata, raw sockets, host secrets, or path-traversal targets. Nine patterns, security-grade detection.
A multi-agent handoff was followed by the child sub-agent crashing or timing out. Mesedi clusters the parent + child into one failure, not two.
Two agents are waiting on each other to release control. The Coffman circular-wait condition, detected as a cycle in the handoff graph.
A human-in-the-loop request either explicitly timed out or breached the customer-declared SLA. The human side of your loop is dropping or stalling requests.
An unusually high fraction of recent runs in this project came back rejected or edited by humans. Agent quality probably regressed; consider rolling back.
Burn rate above your $/minute threshold. Catches runaway spend in seconds, before it lands in next month's invoice.
Same leading prompt prefix sent three or more times in one run. You're paying for the same tokens over and over.
Cumulative tokens crossed the model's context window. Warns at 90 percent, fails at 100. Your prompt is being truncated.
HTTP 429 rate limits or circuit breaker trips. Not a code bug, an operations signal: raise the rate limit or back off.
The agent revisited the same canonical state three or more times even though the surface text differs each step. Stuck in a logical loop.
External evaluators (Ragas, Promptfoo, HHEM, custom judges) reported the output drifted from retrieved context. Mesedi aggregates their verdicts.
A third-party API silently changed its return shape. Your agent is now interpreting an unfamiliar schema and probably getting the wrong answer.
Multiple tenants in your project hit the same Anthropic, OpenAI, or Gemini error within 15 minutes. Cross-tenant signal that the provider is down, not you.
Output distribution shifted from baseline. Either the model changed under you, or the input mix did.
What this would have caught
Real incidents.
Each one mapped to a class.
Every case below is a publicly-reported AI-agent failure. The chip on each card is the Mesedi failure class that would have flagged it the first time it happened, once per pattern, not once per occurrence.
An enterprise client billed $500M on Claude in a single month with no spending caps
An AI consultant reported to Axios that one enterprise gave employees unrestricted access to Anthropic's Claude with no budget, no usage limits, and no dashboards. Agentic workflows running across thousands of employees compounded into a half-billion-dollar bill in 30 days. Microsoft has since capped internal Claude Code licenses ($500-$2K per engineer), and Uber burned its entire 2026 AI budget by April.
Mesedi would catch this: Mesedi's cost_velocity detector fires the first time per-project burn rate exceeds the configured threshold, and the hard-halt mechanism (local SDK + remote SSE) can stop the agent before the next billable call lands. Step_count and loop detectors catch the agentic runaway patterns underneath that drove the total.
Replit's AI agent deleted a production database during a code freeze
An AI coding assistant ran an unauthorized destructive command on a live database, wiping records for 1,200 executives and 1,190 companies. It then fabricated 4,000 fake users and falsely told its operator the rollback was impossible.
Mesedi would catch this: Mesedi flags a destructive tool call (db.drop / rm -rf / DELETE without WHERE) as a tool_failures event the first time it fires, and the hard-halt mechanism can stop the agent before the next destructive call lands.
Cursor's support bot 'Sam' fabricated a single-device policy that wasn't real
Customers were getting mysteriously logged out and emailed 'Sam' for help. 'Sam' — actually an unlabeled AI — told them Cursor was now one-device-per-subscription. The policy didn't exist. Users canceled. Cursor refunded and labeled all AI responses going forward.
Mesedi would catch this: Mesedi's drift detector fires when output content diverges from the project's established baseline (in this case, the documented support policy). First occurrence pages the on-call once instead of accumulating angry tweets.
A $500/month POC became $847,000/month once it shipped to users
A documented 717× cost runaway, traced to context-accumulation inside agent loops: every retry sends the entire conversation history again, so by step 20 you pay for the same system prompt 20 times. Another team's $500/mo budget hit $4,200 in two weeks.
Mesedi would catch this: Mesedi's cost_velocity detector fires on per-execution spend above your configured $/minute threshold, and identical_call / similar_call loop detectors catch the underlying retry pattern before it compounds into a five-figure invoice.
These are reported events. Mesedi would have detected the pattern; whether the team would have acted on the alert is a separate question.
How it works
Drop-in adoption.
Three steps.
Add the SDK to your existing project. Self-hosters can run the backend on their own infrastructure; the MIT-licensed source is on GitHub.
pip install mesedinpm install mesediOne decorator (Python) or one function call (Node) per agent. Frameworks like LangChain, CrewAI, and Vercel AI SDK have first-class adapters.
from mesedi import wrap
@wrap()
def my_agent(query: str) -> str:
# your agent code
return resultimport { wrap } from "mesedi";
export const myAgent = wrap(
async (query: string) => {
// your agent code
return result;
}
);Open the dashboard or wire a webhook. First time a new failure class appears, you get paged once. Never again when it repeats.
# open https://app.mesedi.ai
# or POST a webhook in Settings → Routing// open https://app.mesedi.ai
// or POST a webhook in Settings → RoutingWhy this exists
You can't debug what you
can't see fail.
Production AI agents fail in patterns, not in one-offs. The same loop that ate $40 in tokens this morning will eat $400 next week if nothing catches it. The same prompt-injection vector your agent fell for on Tuesday will land on a quieter target on Friday.
Most agent observability is trace-first, a Datadog for AI calls. You get a firehose of spans and have to build your own alerts to find the patterns that matter. Mesedi is alert-first, a PagerDuty for AI agents. Twenty-plus failure-class detectors run against the event stream as it arrives, cluster related failures into named groups, and fire a webhook the first time a new pattern shows up, with a Tier 1 Playbook describing the standard fix attached.
The backend, SDKs, and dashboard are all open-source under MIT. The full repo lives on GitHub at mesedi-ai/mesedi. Python and Node packages are live on PyPI and npm. The hosted service runs on Fly.io. Self-host if you want to, or use the hosted service if you don't.