Agent Management
Register, profile, and govern every AI agent in your organization. Track ownership, dependencies, costs, and behavioral health across your entire agent estate.
Overview
Every AI agent that sends traffic through Rivaro gets an agent identity — a persistent record with ownership metadata, behavioral metrics, trust score, and lifecycle status. Agents can be registered explicitly or discovered automatically via the proxy.
Agent Identity
Each agent has the following fields:
Core identity
| Field | Description |
|---|---|
agentId | Unique identifier in the format ag_<16chars> |
agentName | Internal name (e.g. customer-support-bot) |
displayName | Human-readable name shown in the dashboard |
description | What this agent does |
adapterType | Provider the agent uses: gpt-4, claude-3, azure-openai, etc. |
appContextId | Linked AppContext (optional — links to provider routing config) |
Ownership & accountability
| Field | Description |
|---|---|
ownerEmail | Email of the person responsible for this agent |
ownerName | Owner's full name |
businessUnit | Department: Finance, Sales, Engineering, Legal, HR, etc. |
environment | DEVELOPMENT, STAGING, or PRODUCTION |
agentType | BROWSER, INTERNAL_CUSTOMER_FACING, INTERNAL_EMPLOYEE_FACING, or THIRD_PARTY |
modelName | The LLM model used (GPT-4, Claude-3, etc.) |
Identity strength
Identity strength reflects how well-verified an agent is. It determines the maximum trust score the agent can earn and serves as a zero-trust signal.
| Strength | Criteria | Max trust score |
|---|---|---|
| BASIC | Unknown or unresolvable — seen in traffic but not registered | 25 |
| STANDARD | Registered agent with no approved assets | 50 |
| VERIFIED | Registered and has at least one approved asset | 80 |
| STRONG | Approved asset + bound to a verified user identity | 95 |
Status & metrics
| Field | Description |
|---|---|
status | PENDING_APPROVAL, ACTIVE, QUARANTINED, or TERMINATED |
trustScore | 0–100. Starts at 0 (zero trust). See Actor Governance |
totalSessions | Lifetime session count |
totalViolations | Lifetime policy violation count |
totalIncidents | Lifetime incident count |
firstSeenAt | When this agent first sent traffic |
lastSeenAt | Most recent activity timestamp |
lastViolationAt | Most recent violation timestamp |
Dependency Tracking
Rivaro tracks which assets each agent uses — both declared (code references, IAM policies) and runtime (live traffic observed through the proxy). This gives you a complete picture of what each agent actually depends on versus what it's supposed to depend on.
Observation types
| Type | Confidence | How detected |
|---|---|---|
RUNTIME_USAGE | CONFIRMED | Agent sent live traffic to this asset through the Rivaro proxy |
CODE_REFERENCE | INFERRED | Found as an import or API call in source code scan |
IAM_POLICY | INFERRED | Service account has an IAM permission to access this asset |
DISCOVERED | SUSPECTED | Found by a discovery scan in the same environment |
Dependency metrics
For each dependency, Rivaro tracks:
usageCount— number of times the agent has called this assettotalCostUsd— cost attribution for calls to this assetlastRuntimeUsage— most recent live call timestampfirstSeen/lastSeen— observation window
Shadow dependencies
A shadow dependency is an asset the agent calls at runtime but that isn't declared in code or IAM. Rivaro surfaces these automatically. Example: an agent that starts calling a new API endpoint not referenced in its codebase — the dependency shows up in runtime observations but has no code reference.
Blast Radius Analysis
For any asset in your inventory, Rivaro can answer: if this asset goes down or is revoked, which agents break? The blast radius calculation returns:
- Affected agent count
- List of affected agents — with their environment, owner, and last usage
- Impact score — a composite severity score
Use this before decommissioning an asset, rotating credentials, or blocking a discovered endpoint.
Orphaned Agents
An agent is orphaned when it has no assigned owner (ownerId is null). Orphaned agents are a governance gap — violations have no responsible party and incidents have no escalation path.
View orphaned agents at Agents > Orphaned in the dashboard, or via GET /api/agents/orphaned. Assign owners directly in the dashboard or via PUT /api/agents/{agentId}.
Agent Lifecycle
Agents follow this lifecycle:
- Discovered — first seen in proxy traffic or via discovery scan, status:
PENDING_APPROVAL - Approved — administrator approves the agent, status:
ACTIVE, initial trust granted - Active — agent sends traffic, trust score builds or degrades based on behavior
- Quarantined — risk threshold exceeded, all requests blocked pending review
- Terminated — permanently blocked; requires admin reactivation to restore
See Actor Governance for the full trust score and escalation mechanics.
Managing Agents
Dashboard
The Agents section of the dashboard provides:
- Full agent inventory with search and filtering by environment, status, business unit
- Per-agent detail: profile, dependency graph, session history, violation timeline
- Access surface summary — what each agent can reach, by asset category
- Production vs. non-production filtering
- Orphaned agent list
Key API endpoints
| Endpoint | Description |
|---|---|
GET /api/agents | List all agents in the organization |
GET /api/agents/{agentId} | Get full agent profile |
PUT /api/agents/{agentId} | Update agent metadata (owner, description, etc.) |
GET /api/agents/orphaned | List agents with no owner assigned |
GET /api/agent-dependencies/{agentId} | Get full dependency graph for an agent |
GET /api/agent-dependencies/blast-radius/{assetId} | Get blast radius for a given asset |
GET /api/agent-dependencies/shadow/{agentId} | Get undeclared (shadow) dependencies |
Next steps
- Actor Governance — Trust scores, quarantine, and termination mechanics
- Sessions — What gets recorded per agent session
- Discovery & Shadow AI — How agents are discovered automatically
- Asset Management — The assets agents depend on