Skip to content
Honeybee AI

Nectar

Nectar is Honeybee’s audit layer. It captures everything an agent does — every prompt, every response, every tool call, every file change, every network request — and correlates it all with a single trace ID.

What gets captured

Section titled “What gets captured”
LayerDataSource
LLM I/OFull prompt + response + token counts + latencyIncubator runner
Tool callsTool name, arguments, result, durationTelemetry pipeline
Carapace scansInput text, score, findings, actionGuard layer
File changesPath, before/after content, diffPropolis / overlay
NetworkDestination, protocol, payload summaryeBPF firewall
Process treeCommand, args, exit code, stdout/stderrShell audit
ACP coordinationClaims, state changes, events publishedIncubator stores

Correlation

Section titled “Correlation”

One trace_id per agent action chain:

trace_id: "t-abc123"
  → LLM call (prompt: "read the config file")
  → Tool call (read_file: "config.yaml")
  → Carapace scan (PASS, score: 5)
  → LLM response ("Here's the config...")
  → Tool call (write_file: "config.yaml")
  → Carapace scan (PASS, score: 2)
  → File change (config.yaml: +3 lines, -1 line)

Everything is queryable:

  • “Show me all BLOCK events for agent drone-3 in the last hour”
  • “Show me every file change in hive X”
  • “Show me the full prompt/response for this specific LLM call”
  • “Show me the complete trace for this task completion”

Storage architecture

Section titled “Storage architecture”
Agent
  → Nectar client (lightweight, fire-and-forget)
    → Local JSONL (always, even offline)
    → Nectar ingest endpoint (opt-in, batched)
      → R2 (bulk: prompts, responses, file contents)
      → D1 (metadata: timestamps, scores, tool names, trace IDs)
      → Dashboard queries D1, fetches payloads from R2 on demand

Two tiers:

  • D1 (queryable metadata): Timestamps, event types, scores, tool names, trace IDs. Fast queries, structured data. Powers dashboard filtering and search.
  • R2 (bulk payloads): Full prompts, full responses, file contents, network payloads. Fetched on demand when you drill into a specific event.

Compliance

Section titled “Compliance”

Nectar provides the answer to “what did the AI do?” that compliance teams need:

  • Complete trail: Every action, every decision, every output
  • Tamper-evident: JSONL with sequential IDs, checksums
  • Exportable: CSV/JSON export for compliance reports
  • Correlated: Follow a single trace from user request through every agent action to final output
  • Retention policies: Configure how long data is kept (per-hive or global)

Local-first

Section titled “Local-first”

Nectar always writes locally first:

~/.honeyb/projects/<slug>/telemetry/<date>.jsonl

Cloud sync is opt-in. Set two environment variables to enable:

Terminal window
export TELEMETRY_ENDPOINT=https://carapace.honeyb.dev/v1/telemetry
export TELEMETRY_API_KEY=your-key

Without these, everything stays on your machine. Full audit capability, zero cloud dependency.