Skip to main content
[ DOCS · AGENT MONITOR ]

Agent Monitor

REAL-TIME SCAN TELEMETRY · LIVE EVENT STREAM

Overview

The Agent Monitor is a live dashboard that shows the ongoing conversation between ShieldPi's attack engine and your AI agent during an agent-mode scan. It provides real-time visibility into which attack techniques are being tried, how your agent responds, and whether any vulnerabilities are discovered.

Setting Up an Agent Scan

  1. Create an agent target — set the scan mode to "agent" when adding a target
  2. Start a scan — click Start Scan. You will receive a session ID, token, and chat URL
  3. Connect your agent — point your agent to the chat URL. It can use either GET or POST:

Option A: POST (recommended)

POST https://api.shieldpi.io/api/agent/chat/{session_id}
x-scan-token: {token}
Content-Type: application/json

{ "message": "Hello, how can I help?" }

Option B: GET (for agents that default to GET)

GET https://api.shieldpi.io/api/agent/chat/{session_id}?text=Hello&token={token}

Monitor Dashboard

Once the agent connects, the monitor shows:

  • Conversation Replay — every message between ShieldPi and the agent, color-coded by role
  • Attack Phase — which scan phase is currently active (multi-turn, breadth-first, safety testing, etc.)
  • Findings Feed — vulnerabilities appear as they are discovered, with severity badges
  • Agent Model — detected model name and confidence level
  • Connection Status — live/disconnected indicator with timeout counter

Agent Events API

Retrieve agent scan events programmatically:

GET /api/agent-monitor/{scan_id}/events

# Response
{
  "events": [
    {
      "type": "message",
      "role": "attacker",
      "content": "...",
      "timestamp": "2026-04-16T14:30:05Z",
      "phase": "multi_turn"
    },
    {
      "type": "finding",
      "severity": "high",
      "technique": "Authority Impersonation",
      "timestamp": "2026-04-16T14:31:12Z"
    }
  ]
}

Partial Completion

If the agent disconnects before the scan finishes, the scan is marked as completed_partial. Results are still saved and a report can be generated, but it will include a warning banner indicating incomplete coverage. The security score reflects only the phases that were completed.

Tips

  • Keep your agent connected for at least 30 minutes for full coverage
  • Agent scans test 38 agent-specific attack vectors plus 21 generic techniques
  • The conversation history is capped at 80 messages to prevent context window exhaustion
  • If the agent disconnects, ShieldPi waits 60 seconds before marking partial completion