-
Notifications
You must be signed in to change notification settings - Fork 1
feature agentic
Overview Use this tab to automate security triage and remediation with AI. Start in Security to choose Watchdog or Assistant mode and visualize priorities alongside vulnerability findings, continue in History for unified action and per-finding vulnerability review with read-status tracking, open Agents to see the Divergence monitor in either Easy view (source-centric quadrant map with timeline rewind) or Advanced view (behavioral-model hero card, verdict panel, and history sections) via the Easy / Advanced pill toggle with flip animation, and manage portal sign-in, engine cadence, delivery channels, custom LLMs, and MCP access from Settings.
Description: Start here for the quickest AI onboarding flow. Choose Watchdog or Assistant mode, set the loop cadence directly on the radar, sign in if needed, then visually prioritize actions from inner rings (critical) to outer rings (low). Filter by type/status and open highest-priority points first.
| List View | Detail View |
|---|---|
![]() |
![]() |
Screenshot of Security – Easy Onboarding and Visual Action Priority Map - Multi-pane layout showing list and detail views
-
Priority Rings – Spatial Risk Mapping
- Resolve inner-ring items first to reduce critical risk fastest. Then work outward by decreasing priority.
-
Filters – Status and Type Selection
- Use filters to isolate one workload type at a time. This keeps triage focused and avoids missing urgent items.
-
Activation Controls and Loop Cadence – Quick AI Start
- Activate or switch automation mode directly from the radar and tune cadence in place. Confirm sign-in state before launching cloud-backed runs.
Description: Use History as the single review surface for AI decisions and vulnerability findings. Triage actions by status, type, and read state; review vulnerability findings by severity and dismissed state; use Mark all as read for large batches.
| List View | Detail View |
|---|---|
![]() |
![]() |
Screenshot of History – AI Actions and Vulnerability Findings - Multi-pane layout showing list and detail views
-
AI Actions – Complete Audit Trail
- Use this section as your audit trail of AI decisions. Filter by status, type, or read state and apply confirm, undo, or mark-as-read actions safely.
-
Token Usage – Monitor AI Consumption
- Track token usage to control cost and detect spikes. Tune schedule or provider when consumption drifts.
-
Vulnerability Findings – Unified List Rows
- Scan findings in the same list rhythm as actions. Use type and dismissed filters to separate active triage from cleared noise.
-
Finding Detail – Shared AgenticActionDetailsCard
- Use one detail pattern for every history entry so operators never switch mental models between actions and findings.
Description: Use Agents to watch the Divergence monitor in the view that best fits the question. Start in Easy to see, at a glance, which source predicted which process branch, what that branch actually touched, and how far real activity stayed inside the forecast; rewind through recent detector snapshots on the timeline when one moment is not enough. Flip to Advanced to compare declared agent intent against live system telemetry, review behavioral injection and verdict history, confirm via the MCP status badge that external agents can inject intent, and expand the history sections to inspect past injections and verdict outcomes. Both views share the same 'Divergence monitor' headline and the same actions (View session, View process, Mark process safe, Dismiss, Restore). Model-independent vulnerability findings appear in the Security radar; vulnerability findings timeline lives in the History subtab.

Screenshot of Agents – Divergence Monitor with Easy / Advanced Views
-
Easy View – Source Quadrants, Forecast Branches, and Live Activity
- Use the quadrant graph to answer who forecasted what, which process branch ran, and which part of the system that branch touched.
-
Easy View Rewind – Historical Snapshot Scrubber
- Use the timeline when a single snapshot is not enough. Scrub backward to see when a branch first drifted, when it returned to plan, and whether the source/process structure changed meaningfully between detector runs.
-
Easy View Selection Card – Source, Process, Forecast, Activity
- Use the selected card to turn a visual branch signal into a concrete explanation and the right next action without leaving the Easy view.
-
Behavioral Model – Declared Intent Window
- Use this section to confirm which agents contributed to the merged model and what each declared it would do before interpreting any divergence verdict.
-
Divergence Verdict – Correlated Evidence Review
- Use this section to determine whether observed behavior still matches the declared behavioral model.
-
Contributing Agents – Per-Source Intent Breakdown
- Use this section to confirm which agents contributed to the merged model and verify per-source slice details before interpreting any divergence verdict.
-
Injection History – Published Intent Snapshots
- Expand this section to confirm which intent window was active before a later verdict or detector finding appeared.
-
Verdict History – Correlated Outcome Timeline
- Expand this section to see when behavior drifted, when it cleared, and which evidence bundle produced each outcome.
Description: Use Settings as the single admin surface for portal sign-in, custom providers, engine cadence tuning, outbound team delivery, and MCP access. Keep MCP disabled unless external tools need it.

Screenshot of Settings – Provider, Delivery, and MCP Configuration
-
Cloud LLM – EDAMAME Portal AI Service
- Use Cloud LLM for managed setup with minimal friction. Verify account limits and monitor usage regularly.
-
Use Your Own LLM – BYOLLM
- Use BYOLLM for policy, privacy, or local-inference requirements. Test connectivity before enabling large runs.
-
Refresh Frequency – Engine Cadence Control
- Tune engine frequencies to balance responsiveness and resource usage. Use shorter intervals for active investigation, longer intervals for steady-state monitoring.
-
Slack Delivery – Team Notifications
- Send routine summaries and critical escalations to team channels without turning Slack into a control plane.
-
Telegram Delivery – Interactive Predefined Replies
- Use Telegram when you need quick mobile triage with tightly scoped predefined replies.
-
Server Controls – Start/Stop MCP
- Start MCP only when external tools need access. Stop it when idle to reduce exposure.
-
MCP Authentication – Pairing and PSK
- Use app-mediated pairing for desktop clients and shared PSK for CLI/headless tools. Revoke or rotate credentials from the paired clients list.
-
Integration Guide – Cursor, OpenClaw, Claude Desktop
- Install EDAMAME for Cursor from the Cursor Marketplace for two-plane divergence detection. Use EDAMAME for OpenClaw for agent runtime monitoring. Connect Claude Desktop or MCP Inspector for ad-hoc testing.
-
Available Tools – 19 Security APIs
- Review available tools to define a safe access scope. Enable only actions approved by your governance model.
This page was automatically generated from feature definitions.



