Skip to content
Arxo Arxo

Keys and possible values

Keys and possible values

Section titled “Keys and possible values”

This page is generated from the arxo metrics registry --registry-format detailed schema for Agent Architecture (agent_architecture).

Detector keys

Section titled “Detector keys”
Result keyAxisRule IDImpactEffortScore rangeSeverity valuesRecommendation
agent_architecture.loop_guard_absenceReliabilityarxo/agent-loop-guard-absencecriticallow0..1Good, Low, Medium, High, CriticalAdd max_steps, max_iterations, or timeout to agent loops.
agent_architecture.memory_unboundedReliabilityarxo/agent-memory-unboundedhighmedium0..1Good, Low, Medium, High, CriticalAdd memory TTL, summarization, or retention limits.
agent_architecture.context_memory_limits_scoreSafetyarxo/agent-context-memory-limits-gaphighlow0..1Good, Low, Medium, High, CriticalCap context memory with max_token_limit, TTL, or pruning.
agent_architecture.tool_state_limits_scoreSafetyarxo/agent-tool-state-limits-gapmediumlow0..1Good, Low, Medium, High, CriticalLimit scratchpad/intermediate state growth.
agent_architecture.long_term_memory_retention_scoreSafetyarxo/agent-long-term-memory-retention-gapmediummedium0..1Good, Low, Medium, High, CriticalDefine retention and GC policy for long-term memory.
agent_architecture.tool_policy_absenceGovernancearxo/agent-tool-policy-absencecriticalmedium0..1Good, Low, Medium, High, CriticalRestrict tools with allowlists and scoped permissions.
agent_architecture.schema_validation_gapGovernancearxo/agent-schema-validation-gaphighmedium0..1Good, Low, Medium, High, CriticalAdd schema validation for tool inputs and outputs.
agent_architecture.retry_storm_riskReliabilityarxo/agent-retry-storm-riskhighlow0..1Good, Low, Medium, High, CriticalUse exponential backoff, circuit breakers, and retry limits.
agent_architecture.trace_linkage_gapReliabilityarxo/agent-trace-linkage-gaphighlow0..1Good, Low, Medium, High, CriticalInstrument agent calls with trace_id and step/span linkage.
agent_architecture.runtime_slo_coverage_gapReliabilityarxo/agent-runtime-slo-coverage-gaphighlow0..1Good, Low, Medium, High, CriticalInstrument latency/error/cost telemetry for agent execution.
agent_architecture.agent_eval_maturity_gapReliabilityarxo/agent-eval-maturity-gapcriticalmedium0..1Good, Low, Medium, High, CriticalIncrease eval maturity with trajectories, adversarial, and stochastic runs.
agent_architecture.cost_budget_enforcement_gapReliabilityarxo/agent-cost-budget-enforcement-gaphighlow0..1Good, Low, Medium, High, CriticalAdd token caps (max_tokens/max_output_tokens) or cost/budget enforcement to prevent denial-of-wallet (OWASP LLM06).
agent_architecture.coordination_riskCoordinationarxo/agent-coordination-riskmediummedium0..1Good, Low, Medium, High, CriticalDefine typed message/state contracts between roles.
agent_architecture.routing_pattern_riskCoordinationarxo/agent-routing-pattern-riskmediumlow0..1Good, Low, Medium, High, CriticalAdd route confidence thresholds and fallback routes.
agent_architecture.idempotency_gapSafetyarxo/agent-idempotency-gaphighlow0..1Good, Low, Medium, High, CriticalUse idempotency keys for side-effecting operations.
agent_architecture.instruction_boundary_violationCoordinationarxo/agent-instruction-boundary-violationhighmedium0..1Good, Low, Medium, High, CriticalEnforce system/user/assistant role boundaries in prompts.
agent_architecture.deadlock_riskCoordinationarxo/agent-deadlock-riskhighmedium0..1Good, Low, Medium, High, CriticalAdd joins/barriers and concurrency limiters for fanout flows.
agent_architecture.fanout_control_absenceCoordinationarxo/agent-fanout-control-absencemediumlow0..1Good, Low, Medium, High, CriticalSet max_concurrent or semaphore limits on parallel execution.
agent_architecture.state_isolation_riskCoordinationarxo/agent-state-isolation-riskhighmedium0..1Good, Low, Medium, High, CriticalScope mutable state by session/user/request identifiers.
agent_architecture.callback_depth_riskCoordinationarxo/agent-callback-depth-riskmediummedium0..1Good, Low, Medium, High, CriticalReduce deep callback nesting by flattening orchestration logic.
agent_architecture.tool_result_validation_gapGovernancearxo/agent-tool-result-validation-gaphighmedium0..1Good, Low, Medium, High, CriticalValidate tool results before use with explicit output schema checks.
agent_architecture.human_approval_absenceSafetyarxo/agent-human-approval-absencehighlow0..1Good, Low, Medium, High, CriticalRequire human approval for high-risk tool actions.
agent_architecture.handoff_input_filter_gapSafetyarxo/agent-handoff-input-filter-gaphighlow0..1Good, Low, Medium, High, CriticalFilter/sanitize handoff inputs before delegation between agents.
agent_architecture.guardrail_hook_absenceSafetyarxo/agent-guardrail-hook-absencehighmedium0..1Good, Low, Medium, High, CriticalAdd input/output/tool guardrail hooks around prompt and tool surfaces.
agent_architecture.checkpoint_durability_gapReliabilityarxo/agent-checkpoint-durability-gaphighmedium0..1Good, Low, Medium, High, CriticalPersist checkpoints/state for long-running workflows to support durable recovery.
agent_architecture.interrupt_resume_contract_gapReliabilityarxo/agent-interrupt-resume-contract-gapmediummedium0..1Good, Low, Medium, High, CriticalDefine explicit interrupt/resume semantics for long-running or human-gated flows.
agent_architecture.otel_genai_semconv_gapReliabilityarxo/agent-otel-genai-semconv-gapmediumlow0..1Good, Low, Medium, High, CriticalAdopt OTel GenAI semantic conventions for standardized observability.
agent_architecture.otel_genai_event_coverage_gapReliabilityarxo/agent-otel-genai-event-coverage-gapmediumlow0..1Good, Low, Medium, High, CriticalEmit request/response/usage/tool trace events for agent runs.
agent_architecture.decision_observability_gapReliabilityarxo/agent-decision-observability-gaphighmedium0..1Good, Low, Medium, High, CriticalAdd structured logging at decision points: tool choice/retry reason, state transitions (planning/execution/evaluation), confidence/routing, and user-visible outcome tracking.
agent_architecture.agent_shell_capableSafetyarxo/agent-shell-capablecriticalmedium0..1Good, Low, Medium, High, CriticalRestrict or allowlist shell/process tools.
agent_architecture.agent_tools_external_apiSafetyarxo/agent-tools-external-apihighmedium0..1Good, Low, Medium, High, CriticalScope external API tools with rate limits and allowlists.
agent_architecture.mcp_auth_gapSafetyarxo/agent-mcp-auth-gapcriticalmedium0..1Good, Low, Medium, High, CriticalAdd MCP authentication/authorization checks.
agent_architecture.mcp_oauth_resource_binding_gapSafetyarxo/agent-mcp-oauth-resource-binding-gaphighmedium0..1Good, Low, Medium, High, CriticalBind MCP OAuth token requests to resource and audience metadata.
agent_architecture.mcp_tool_annotation_gapSafetyarxo/agent-mcp-tool-annotation-gapmediumlow0..1Good, Low, Medium, High, CriticalAdd MCP tool safety annotations (readOnly/destructive/idempotent hints).
agent_architecture.mcp_structured_output_gapSafetyarxo/agent-mcp-structured-output-gaphighmedium0..1Good, Low, Medium, High, CriticalRequire structuredContent/outputSchema or typed parsing for MCP tools.
agent_architecture.mcp_tool_poisoning_riskSafetyarxo/agent-mcp-tool-poisoning-riskcriticalmedium0..1Good, Low, Medium, High, CriticalAudit MCP tool descriptions for hidden instructions; avoid instruction-like or very long descriptions.
agent_architecture.mcp_rug_pull_riskSafetyarxo/agent-mcp-rug-pull-riskhighmedium0..1Good, Low, Medium, High, CriticalAdd descriptor integrity controls: pinning, content hash, version lock, or signature verification for MCP tools.
agent_architecture.tool_sandbox_enforcement_gapSafetyarxo/agent-tool-sandbox-enforcement-gapcriticalmedium0..1Good, Low, Medium, High, CriticalEnforce sandbox/isolation for process-capable tools.
agent_architecture.tool_approval_bypass_riskSafetyarxo/agent-tool-approval-bypass-riskhighlow0..1Good, Low, Medium, High, CriticalAdd explicit approval gates for high-risk tool actions.
agent_architecture.untrusted_tool_output_boundary_gapSafetyarxo/agent-untrusted-tool-output-boundary-gaphighmedium0..1Good, Low, Medium, High, CriticalSanitize/validate untrusted tool output before prompt use.
agent_architecture.prompt_injection_defense_gapSafetyarxo/agent-prompt-injection-defense-gapcriticalmedium0..1Good, Low, Medium, High, CriticalAdd prompt-injection defenses: guardrail library, message separation (ChatML/roles), or input/output validation (OWASP LLM01).
agent_architecture.sensitive_data_exposure_gapSafetyarxo/agent-sensitive-data-exposure-gaphighmedium0..1Good, Low, Medium, High, CriticalRedact or sanitize PII and credentials before they reach prompts or logs; use Presidio, prompt_hash, or schema validation (OWASP LLM02).
agent_architecture.trace_eval_regression_riskReliabilityarxo/agent-trace-eval-regression-riskhighmedium0..1Good, Low, Medium, High, CriticalAdd trace assertion coverage and regression baselines.
agent_architecture.a2a_agent_card_gapSafetyarxo/agent-a2a-agent-card-gapmediumlow0..1Good, Low, Medium, High, CriticalPublish discoverable A2A agent-card metadata.
agent_architecture.a2a_task_state_machine_gapSafetyarxo/agent-a2a-task-state-machine-gaphighmedium0..1Good, Low, Medium, High, CriticalDefine typed A2A task state-machine contracts.
agent_architecture.a2a_webhook_auth_gapSafetyarxo/agent-a2a-webhook-auth-gaphighmedium0..1Good, Low, Medium, High, CriticalVerify auth/signatures and delivery controls for A2A webhook flows.
agent_architecture.handoff_cycle_riskSafetyarxo/agent-handoff-cycle-riskhighmedium0..1Good, Low, Medium, High, CriticalBreak cyclic handoff graphs or add explicit termination guards.
agent_architecture.circuit_breaker_absenceReliabilityarxo/agent-circuit-breaker-absencehighlow0..1Good, Low, Medium, High, CriticalAdd recursion_limit (LangGraph), max_iter (CrewAI), or circuit breaker / step budget to prevent runaway loops and cost overruns.
agent_architecture.memory_poisoning_defense_gapSafetyarxo/agent-memory-poisoning-defense-gaphighmedium0..1Good, Low, Medium, High, CriticalSanitize or validate inputs before writing to agent memory/RAG; use OWASP Agent Memory Guard or content filtering (OWASP ASI06).
agent_architecture.supply_chain_provenance_gapSafetyarxo/agent-supply-chain-provenance-gaphighlow0..1Good, Low, Medium, High, CriticalPin MCP server and plugin versions (no @latest); use lock files, SBOM, or signed provenance (OWASP ASI04 / MCP04).
agent_architecture.agent_code_execution_sandbox_gapSafetyarxo/agent-code-execution-sandbox-gaphighmedium0..1Good, Low, Medium, High, CriticalSandbox agent-generated code execution (E2B, Pyodide, Docker, RestrictedPython); avoid raw exec/eval on LLM output (OWASP ASI05).
agent_architecture.output_validation_gapReliabilityarxo/agent-output-validation-gaphighmedium0..1Good, Low, Medium, High, CriticalValidate agent/tool outputs with Pydantic, Zod, or response_model before passing to next agent/tool to prevent cascading failures.
agent_architecture.credential_scoping_gapSafetyarxo/agent-credential-scoping-gaphighlow0..1Good, Low, Medium, High, CriticalUse vault or runtime-only injection for secrets; avoid hardcoded API keys; scope tokens (OWASP MCP01).
agent_architecture.mcp_shadow_server_riskSafetyarxo/agent-mcp-shadow-server-riskhighlow0..1Good, Low, Medium, High, CriticalCentralize MCP server governance: allowlist, discovery scans, baseline configs (OWASP MCP09).
agent_architecture.goal_integrity_defense_gapSafetyarxo/agent-goal-integrity-defense-gaphighmedium0..1Good, Low, Medium, High, CriticalAdd goal/instruction delimiters, intent validation, or intent capsule to prevent goal hijack (OWASP ASI01).
agent_architecture.hallucination_propagation_riskReliabilityarxo/agent-hallucination-propagation-riskhighmedium0..1Good, Low, Medium, High, CriticalValidate agent outputs before chaining to next agent; add schema checks or human-in-the-loop at handoffs.

Possible values

Section titled “Possible values”
  • Score: 0.0 = issue detected, 1.0 = healthy. Per-detector scores are combined into axis and overall health.
  • Severity: Good, Low, Medium, High, Critical (from detector MetricScore).