Struct CollusionConfig 

pub struct CollusionConfig {
    pub enabled: bool,
    pub coordination_window_secs: u64,
    pub entropy_threshold: f64,
    pub min_entropy_observations: u32,
    pub min_coordinated_agents: u32,
    pub sync_threshold: f64,
    pub recon_denial_threshold: u32,
    pub recon_window_secs: u64,
    pub drift_threshold: f64,
    pub drift_window_secs: u64,
    pub drift_min_actions: u32,
}

Configuration for multi-agent collusion detection.

Fields

enabled: bool

Whether collusion detection is enabled. Default: true

coordination_window_secs: u64

Time window (seconds) for coordinated access detection. Two agents accessing the same resource within this window are correlated. Default: 60

entropy_threshold: f64

Minimum Shannon entropy (bits per byte) to flag a parameter as potentially steganographic. Normal text is ~3.5–4.5, compressed/encrypted data is ~7.5+. Default: 6.5

min_entropy_observations: u32

Minimum number of high-entropy observations before flagging an agent. Prevents false positives from occasional base64 parameters. Default: 5

min_coordinated_agents: u32

Number of distinct agents that must access the same resource within coordination_window_secs to trigger a coordinated access alert. Default: 3

sync_threshold: f64

Threshold for temporal synchronization score (0.0–1.0). Higher values require more precise synchronization. Default: 0.7

recon_denial_threshold: u32

R226: Number of distinct policy denials within recon_window_secs that triggers a reconnaissance probe alert. Detects agents systematically probing permission boundaries (Promptware Kill Chain Stage 3). Default: 10

recon_window_secs: u64

R226: Time window (seconds) for reconnaissance probe detection. Default: 60

drift_threshold: f64

R226: Drift detection — minimum change in denial rate (0.0–1.0) across a time window to trigger an alert. E.g., if an agent’s denial rate jumps from 5% to 30%, the drift is 0.25 which exceeds the default 0.20 threshold. Default: 0.20

drift_window_secs: u64

R226: Drift detection — time window (seconds) for comparing behavior baseline vs current. Default: 3600 (1 hour).

drift_min_actions: u32

R226: Drift detection — minimum number of actions before drift detection activates (avoids false alerts on small sample sizes). Default: 20

Implementations

impl CollusionConfig

pub fn validate(&self) -> Result<(), CollusionError>

Validate configuration values.

Trait Implementations

impl Clone for CollusionConfig

fn clone(&self) -> CollusionConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CollusionConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for CollusionConfig

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for CollusionConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for CollusionConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.