Risk Scoring
A daily composite score per agent, used to prioritize review and gate sensitive changes.
Risk scoring computes a single 0.0-1.0 score per agent every day, combining six signals about that agent's stability, ownership, and recent behavior. Use it to decide which agents need attention first — and which need a second pair of eyes before deployment.
How the score is computed
A daily worker runs at 02:00 UTC, evaluates every approved agent, and writes:
MusterAgent.riskScore— the raw decimalMusterAgent.riskLevel— bucketed level (see below)MusterAgent.riskFactors— JSON breakdown of which signals contributedMusterRiskScoreHistory— daily snapshot for trending
The six signals (default weights)
| Signal | Default weight | When it adds risk |
|---|---|---|
| No registered owner | +0.15 | Agent has no team / department set |
Status not yet APPROVED | +0.20 | Agent is DISCOVERED or PENDING_REVIEW |
| Unknown framework | +0.15 | framework = "UNKNOWN" |
| Active anomalies | +0.10 each | Capped at +0.25 (3+ anomalies) |
| Pass rate below 70% | +0.15 | 7-day rolling pass rate on Muster scores |
| Missing description | +0.10 | description is null or empty |
The signals sum, clamp to [0.0, 1.0], and bucket:
| Level | Score range |
|---|---|
LOW | 0.0 - 0.3 |
MEDIUM | 0.3 - 0.5 |
HIGH | 0.5 - 0.7 |
CRITICAL | 0.7+ |
Weights are tunable per project via MusterProjectTuning. The
Auto-Instrumentation flow can suggest
weight changes based on your fleet.
Where you see it
- Agent inventory — every row shows the level (color-coded badge) and the raw score on hover.
- Risk dashboard — project-wide distribution by level plus the movers from yesterday's snapshot.
- Agent detail — full
riskFactorsbreakdown so you can see exactly which signals are triggering.
How risk gates approval workflows
Approval policies (covered in detail in the upcoming Governance guide)
can require additional sign-off based on risk level. The most common
pattern: any transition into APPROVED for an agent currently rated
HIGH or CRITICAL requires a second approver from a designated
group.
This is why the lifecycle and the score are two sides of the same coin: the score tells you which agents need scrutiny, the workflow ensures scrutiny happens before they go live.
Reducing risk
The risk score is read-only — you don't change it directly. To lower an agent's score:
- Assign a
teamanddepartment - Move from
PENDING_REVIEWtoAPPROVED - Set the
frameworkfield to a real value - Resolve open anomalies
- Improve pass rate (fix the underlying agent, not the metric)
- Add a
description
Each fix removes its corresponding signal from the next daily run.