Agent Radar
A live graph of every agent, tool, and MCP server in your fleet. Four interpretive lenses — Traffic, Policy, Risk, and Shadow — overlaid on the same topology.
What is Agent Radar?
Agent Radar is the live topology view in the ShieldAgent dashboard (/topology). It aggregates the last hour of proxy audit events into a weighted graph:
- NodesAgents and MCP servers registered in your tenant
- EdgesTraffic paths — each edge shows request volume, blocked count, and policy status
- LensesInterpretive overlays that change what each node and edge conveys — without changing the layout
The graph refreshes every 10 seconds. Nodes and edges appear and disappear as agents connect and disconnect from MCP servers. There are no stale architecture diagrams — the graph is the truth.
The Four Lenses
Switch lenses from the toolbar in the graph header. The layout stays the same; only the visual encoding changes. URL parameter: ?lens=traffic|policy|risk|shadow
Traffic Lens
The default lens. Edges are weighted by total request volume over the last hour — thicker edges mean more traffic. Blocked requests appear as a red count badge.
| Signal | Encoding |
|---|---|
| Edge thickness | Proportional to total request volume in the last hour |
| Edge color | Brand accent (indigo) — all traffic |
| Blocked badge | Red count badge on edges with blocked requests |
| Node ring | Green for active agents/servers, gray for inactive |
Policy Lens
Overlays policy decisions on each edge. Color-codes traffic by outcome and highlights connections with no policy coverage (implicit deny paths).
| Color | Meaning |
|---|---|
| Green | Allowed — explicit allow rule matched |
| Red | Denied — explicit deny rule matched |
| Amber / dashed | Shadow — policy evaluated, not enforced |
| Gray / dotted | Uncovered — no matching policy rule (implicit deny) |
Risk Lens
Colors agent nodes by their current risk tier. Critical-tier agents (score 90–100) render with a red warning halo. Inline risk score eliminates the need to drill into agent detail during triage.
| Tier | Score range | Node color |
|---|---|---|
| Normal | 0–59 | Green ring |
| Elevated | 60–79 | Amber ring |
| High | 80–89 | Orange ring |
| Critical | 90–100 | Red ring + warning halo |
Shadow Lens
Shows which agent–server connections are in shadow mode. Displays live counts of shadow-denied events per agent, and the enforcement readiness gauge shows what percentage of connections are ready to move from shadow mode to enforcement.
| Signal | Encoding |
|---|---|
| Shadow edge | Dashed style — policy is watching but not blocking |
| Shadow-denied count | Badge on each shadow edge showing event count in the last hour |
| Enforced edge | Solid style — policy is active and enforcing |
| Readiness gauge | Sidebar panel showing % of connections ready for enforcement |
Plan availability
For lens availability by plan, contact us at info@shieldagent.io.
Insight Panel
Each lens renders a contextual Insight Panel alongside the graph. The panel adapts to the active lens — showing policy violations for the Policy Lens, risk outliers for the Risk Lens, and shadow coverage gaps for the Shadow Lens.
| Lens | Insight panel shows |
|---|---|
| Traffic | Top agents by request volume; servers with the most blocked traffic |
| Policy | Agents with deny events; tools with no policy coverage; uncovered paths |
| Risk | Agents in elevated/high/critical tiers; top risk contributors |
| Shadow | Shadow-denied event counts; agents with high shadow event rate; readiness gauge |
Related
- Risk Scoring Model — How agent risk scores are calculated
- Policy Engine — Define allow, deny, and shadow rules for tool calls
- Shadow Mode — Observe without blocking — safe policy rollout
- Audit Trail — The immutable log behind every Agent Radar edge