Agents page
View every agent calling Interven, manage per-agent trust scores, and set agent-specific policy overrides.
The Agents page lists every identity that has called Interven on your tenant. "Agent" here is the caller side of any scan โ usually one per LLM agent process, but can also be one per workflow, one per microservice, or one per ephemeral session.
The list view
/agents
| Column | Notes |
|---|---|
| Name | Set on signup or via SDK's agent_name field |
| Runtime | langchain, langgraph, crewai, openai_assistants, mcp, openclaw, custom |
| Total calls | Lifetime; sortable |
| Decisions (24h) | Stacked split: ALLOW / DENY / SANITIZE / REQUIRE_APPROVAL |
| Trust score | 0.00โ1.00; color-coded |
| Last seen | Relative time |
Filters: by runtime type, by trust band, by activity in last N hours.
The detail view
Click any agent to open its full profile:
Header
- Agent name + UUID
- Created date + first-seen date
- Runtime type
- API key prefix (never the full key)
Trust score panel
- Current score with trend line
- Reset Trust button โ sets score back to 1.0 and zeros all 24h counters (deny / approval / high-risk / threat-intel / semantic / critical). Available whenever trust < 1.0; hidden for suspended agents (reactivate first).
- Suspend Agent / Reactivate Agent โ operator-level kill switch. Suspended agents deny every request; reactivating clears the suspension but preserves trust counters (use Reset Trust separately if you also want trust back at 1.0).
Activity panel
- Calls / hour over last 24h with decision color-banding
- Top 10 tools called
- Reason-code distribution for non-ALLOW decisions
Policy overrides
You can attach agent-specific policy rules that override the tenant defaults for this agent only. Common uses:
- Test a stricter rule against one agent before rolling out tenant-wide
- Loosen a rule for a single trusted batch process
- Quarantine โ deny-all for a compromised agent without affecting others
Per-agent policies are evaluated before tenant-wide policies. DENY at any level wins.
Trust scoring
Every agent starts at 1.0. The score moves continuously based on its behavior.
What lowers trust
- DENY decisions
- Threat-intel matches
- Anomaly detections (baseline + correlation)
- Operator denies in the approval queue
What recovers trust
- Clean ALLOW streak (default: 50 consecutive non-DENY)
- Successful approvals (analyst approved, agent retried OK)
- Time decay (slow upward drift on inactivity)
Why it matters
When trust is below the threshold (default: 0.6) the agent enters scrutiny mode:
- Required-approval thresholds tighten โ calls that would normally ALLOW may go to REQUIRE_APPROVAL
- Some risk signals weight higher for this agent
- The agent flag appears in Activity with a yellow "scrutiny" badge
Scrutiny mode is meant to be self-clearing โ keep clean and trust recovers. For manual recovery use Reset trust.
Custom agent identification
When you mint an API key, it's bound to a default agent. You can override per-scan
with the agent_id or agent_name field in the request body โ useful when:
- One key serves many agents (multi-tenant SaaS where the agent is the end-user)
- An ephemeral agent (one-shot script) needs its own scrutiny scope
- Logical grouping for analytics (
agent_name=langgraph-fintech-prodvsagent_name=langgraph-fintech-staging)
See the API reference for the request schema.
API access
GET /api/telemetry/agentsโ list agentsGET /api/telemetry/agents/trust-statesโ current trust state per agentPOST /api/telemetry/agents/{agent_id}/trust/resetโ reset trust to 1.0 and clear countersPOST /api/telemetry/agents/{agent_id}/suspendโ suspend (deny-all)POST /api/telemetry/agents/{agent_id}/reactivateโ undo suspensionDELETE /api/telemetry/agents/{agent_id}โ remove agent + cascade related rows