Agent Radar
A live graph of every agent, tool, and MCP server in your fleet. Four interpretive lenses — Traffic, Policy, Risk, and Shadow — overlaid on the same topology.
What is Agent Radar?
Agent Radar is the live topology view in the ShieldAgent dashboard (/topology). It aggregates the last hour of proxy audit events into a weighted graph:
- NodesAgents and MCP servers registered in your tenant
- EdgesTraffic paths — each edge shows request volume, blocked count, and policy status
- LensesInterpretive overlays that change what each node and edge conveys — without changing the layout
The graph refreshes every 10 seconds. Nodes and edges appear and disappear as agents connect and disconnect from MCP servers. There are no stale architecture diagrams — the graph is the truth.
The Four Lenses
Switch lenses from the toolbar in the graph header. The layout stays the same; only the visual encoding changes. URL parameter: ?lens=traffic|policy|risk|shadow
Traffic Lens
The default lens. Edges are weighted by total request volume over the last hour — thicker edges mean more traffic. Blocked requests appear as a red count badge.
| Signal | Encoding |
|---|---|
| Edge thickness | Proportional to total request volume in the last hour |
| Edge color | Brand accent (indigo) — all traffic |
| Blocked badge | Red count badge on edges with blocked requests |
| Node ring | Green for active agents/servers, gray for inactive |
Policy Lens
Overlays policy decisions on each edge. Color-codes traffic by outcome and highlights connections with no policy coverage (implicit deny paths).
| Color | Meaning |
|---|---|
| Green | Allowed — explicit allow rule matched |
| Red | Denied — explicit deny rule matched |
| Amber / dashed | Shadow — policy evaluated, not enforced |
| Gray / dotted | Uncovered — no matching policy rule (implicit deny) |
Risk Lens
Colors agent nodes by their current risk tier. Critical-tier agents (score 90–100) render with a red warning halo. Inline risk score eliminates the need to drill into agent detail during triage.
| Tier | Score range | Node color |
|---|---|---|
| Normal | 0–59 | Green ring |
| Elevated | 60–79 | Amber ring |
| High | 80–89 | Orange ring |
| Critical | 90–100 | Red ring + warning halo |
Shadow Lens
Shows which agent–server connections are in shadow mode. Displays live counts of shadow-denied events per agent, and the enforcement readiness gauge shows what percentage of connections are ready to move from shadow mode to enforcement.
| Signal | Encoding |
|---|---|
| Shadow edge | Dashed style — policy is watching but not blocking |
| Shadow-denied count | Badge on each shadow edge showing event count in the last hour |
| Enforced edge | Solid style — policy is active and enforcing |
| Readiness gauge | Sidebar panel showing % of connections ready for enforcement |
Availability
All four lenses are available on every ShieldAgent deployment. The Traffic lens is always on. Policy, Risk, and Shadow lenses activate automatically once you have policies, risk configuration, or shadow mode enabled in your tenant. Contact us for questions about your deployment.
Insight Panel
Each lens renders a contextual Insight Panel alongside the graph. The panel adapts to the active lens — showing policy violations for the Policy Lens, risk outliers for the Risk Lens, and shadow coverage gaps for the Shadow Lens.
| Lens | Insight panel shows |
|---|---|
| Traffic | Top agents by request volume; servers with the most blocked traffic |
| Policy | Agents with deny events; tools with no policy coverage; uncovered paths |
| Risk | Agents in elevated/high/critical tiers; top risk contributors |
| Shadow | Shadow-denied event counts; agents with high shadow event rate; readiness gauge |
Related
- Risk Scoring Model — How agent risk scores are calculated
- Policy Engine — Define allow, deny, and shadow rules for tool calls
- Shadow Mode — Observe without blocking — safe policy rollout
- Audit Trail — The immutable log behind every Agent Radar edge