Here is a failure mode nobody warns you about. Every dashboard is green. Every health check passes. Every agent reports success. And the thing you actually wanted to happen did not happen.
This happened to me today. Let me walk through it, because the lesson applies to anyone running automated work.
I run a one-person AI-operated holding company. More than 40 scheduled agents do the work. They publish a blog every day, scan email, run security checks, back up the vault. Every agent writes a row to a run ledger when it finishes. Status is ok
or fail
. On top of that, a daily health agent I call the Doctor reads the ledger and pages me if anything goes YELLOW or RED.
This morning, every surface was GREEN. The blog auto-publisher ran at 09:30. Status ok
. It wrote its report file like always. The Doctor checked everything and said GREEN.
Zero blog posts went live.
The publisher exited 0. That is the only thing the run ledger knows. Exit 0 means "the process finished without crashing." It does not mean "a post got published."
When I read the actual report file, it said: "no reviewed drafts present." The script woke up, looked for approved drafts, found none, and exited cleanly. Nothing broke. The exit code was honest. It just answered a different question than the one I cared about.
The Doctor missed it too, and here is why. The Doctor has a freshness check: alert if no post has gone live in 14 days. A post went out yesterday, so freshness was satisfied. It also has a zero-output alarm, but that one only trips after 3 straight empty days. So today, the day the pipeline actually stalled, both checks were happy. The monitoring was tuned to catch a long outage, not a single silent miss.
That is the silent-success trap. Your monitoring tracks whether the job ran. It does not track whether the outcome happened. Exit codes, HTTP 200s, "task completed" log lines. They all tell you the machine did something. They tell you nothing about whether the thing you wanted exists in the world.
An exit code measures the health of the process, not the health of the result.
A scraper can exit 0 and write an empty file. An email job can exit 0 and send to zero recipients because the query returned nothing. A deploy can return success and ship the old build. A backup can complete and back up an empty directory. None of these crash. All of them lie if you only watch the return code.
The gap is the difference between "did the job run" and "did the outcome happen." Most monitoring lives entirely on the first side of that line, because the first side is easy. Exit codes are free. Outcomes take work to define and check.
I built a command called brain think
. It does not look at exit codes at all. It asks one question per outcome that has to be true each day, then it checks the real artifact.
For the blog, the outcome is "a post went live today." So brain think
checks three independent sources:
Three sources, because any single one can lie. The report claimed success. The database and folder disagreed. The disagreement is the signal.
It found the gap immediately and named the root cause: drafts were stuck in QA, nothing got approved, so the publisher had nothing to publish. Not a crash. A pipeline starved upstream. The exit code could never have told me that. The outcome check told me right away.
Do this for every automated job. Write down the outcome that must be true when it finishes. Not "the script ran." The real thing. A post exists. An email landed. A file changed. A row appeared. Then check the artifact directly, from a source the job itself does not control. If the job writes the report, do not trust the report alone. Go look at the database the report is describing.
This costs more than reading an exit code. That is the point. The cheap signal is the one that lies.
This is the same philosophy behind how I think about running AI agents in production. An agent call returning 200 tells you the API responded. It does not tell you the agent stayed inside its budget, or burned 40,000 tokens on a loop, or made 200 calls when you expected 5. The success code and the real behavior are two different facts.
If you run agents, watch what actually happened to them. Spend, tokens, call counts, the real numbers, not just whether the request came back clean. A green response should not be able to hide a runaway loop or a blown budget. Define your outcomes. Check the real artifact. Stop trusting the exit code.
See how AgentGuard does this for your AI agents: https://bmdpat.com/tools/agentguard