Skip to main content

CollusionDetector

vellaveto_engine::collusion

Struct CollusionDetector 

Source 
pub struct CollusionDetector { /* private fields */ }
Expand description

Multi-agent collusion detector.

Thread-safe via RwLock. All operations are fail-closed on lock poisoning.

Implementations§

Source§

impl CollusionDetector

Source

pub fn new(config: CollusionConfig) -> Result<Self, CollusionError>

Create a new collusion detector with validated configuration.

Source

pub fn is_enabled(&self) -> bool

Check if the detector is enabled.

Source

pub fn config(&self) -> &CollusionConfig

Get the current configuration.

Source

pub fn compute_entropy(data: &[u8]) -> f64

Compute Shannon entropy (bits per byte) of raw data.

Returns a value in [0.0, 8.0]. Values above ~6.5 suggest compressed/encrypted/random data (potential steganographic channel).

Source

pub fn analyze_parameters( &self, agent_id: &str, param_data: &[u8], ) -> Result<Option<CollusionAlert>, CollusionError>

Analyze parameter data for steganographic channels.

Records the entropy observation and returns an alert if the agent has consistently high-entropy parameters.

Source

pub fn record_resource_access( &self, agent_id: &str, resource: &str, tool: &str, timestamp: u64, ) -> Result<Option<CollusionAlert>, CollusionError>

Record a resource access event and check for coordinated access patterns.

Returns an alert if min_coordinated_agents or more distinct agents accessed the same resource within coordination_window_secs.

Source

pub fn record_tool_timing( &self, agent_id: &str, timestamp: u64, ) -> Result<Option<CollusionAlert>, CollusionError>

Record a tool call timestamp for synchronization analysis.

Returns an alert if the agent’s timing is highly correlated with other tracked agents.

Source

pub fn record_denial( &self, agent_id: &str, tool: &str, timestamp: u64, ) -> Result<Option<CollusionAlert>, CollusionError>

Record a policy denial event for an agent and check for reconnaissance probing patterns.

A reconnaissance probe is detected when an agent triggers recon_denial_threshold or more distinct policy denials within recon_window_secs. This indicates the agent is systematically probing permission boundaries before launching an attack (Promptware Kill Chain Stage 3 — Schneier/arXiv:2601.09625).

Returns an alert if the threshold is exceeded.

Source

pub fn record_agent_action( &self, agent_id: &str, denied: bool, timestamp: u64, ) -> Result<Option<CollusionAlert>, CollusionError>

Record a tool call attempt and detect behavioral drift.

Tracks each agent’s action history (allowed vs denied) and compares the denial rate in the first half of the time window (baseline) to the second half (current). If the denial rate increases by more than drift_threshold, an alert is raised indicating the agent may be gradually pushing boundaries.

(Straiker — “salami slicing” agent hijacking over multiple sessions)

Source

pub fn recent_alerts( &self, limit: usize, ) -> Result<Vec<CollusionAlert>, CollusionError>

Get recent alerts (up to limit).

Source

pub fn alert_count(&self) -> Result<usize, CollusionError>

Get total alert count.

Trait Implementations§

Source§

impl Debug for CollusionDetector

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more