Skip to main content

BehavioralTracker

vellaveto_engine::behavioral

Struct BehavioralTracker

pub struct BehavioralTracker { /* private fields */ }

Expand description

Tracks per-agent tool call frequency patterns and detects anomalies.

Uses exponential moving average (EMA) — deterministic, auditable, no ML. Designed to detect behavioral shifts like an agent suddenly making 500 read_file calls when the historical average is 5.

Implementations§

impl BehavioralTracker

pub fn new(config: BehavioralConfig) -> Result<Self, BehavioralError>

Create a new tracker. Returns an error if the configuration is invalid.

pub fn check_session( &self, agent_id: &str, call_counts: &HashMap<String, u64>, ) -> Vec<AnomalyAlert>

pub fn record_session( &mut self, agent_id: &str, call_counts: &HashMap<String, u64>, )

Update baselines after a session completes.

Call this with the final call counts when a session ends. Tools with zero counts are ignored for recording but existing baselines for tools not present in call_counts are decayed toward zero.

pub fn get_baseline(&self, agent_id: &str, tool: &str) -> Option<&ToolBaseline>

Get the baseline for a specific agent and tool.

pub fn agent_sessions(&self, agent_id: &str) -> Option<u32>

Get the total sessions recorded for an agent.

pub fn agent_count(&self) -> usize

Number of agents being tracked.

pub fn tool_count(&self, agent_id: &str) -> usize

Number of tools tracked for a specific agent.

pub fn config(&self) -> &BehavioralConfig

Access the current configuration.

pub fn snapshot(&self) -> BehavioralSnapshot

Create a serializable snapshot of all tracking state.

pub fn from_snapshot( config: BehavioralConfig, snapshot: BehavioralSnapshot, ) -> Result<Self, BehavioralError>

Restore from a persisted snapshot.

Validates that all EMA values are finite and non-negative.

Auto Trait Implementations§

impl Freeze for BehavioralTracker

impl RefUnwindSafe for BehavioralTracker

impl Send for BehavioralTracker

impl Sync for BehavioralTracker

impl Unpin for BehavioralTracker

impl UnsafeUnpin for BehavioralTracker

impl UnwindSafe for BehavioralTracker

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more