Chapter 32: Special Agents #
Neam v1.0 introduces three special agent types that operate at the platform level rather than the application level. Unlike standard agents that perform user-facing tasks, special agents monitor and manage other agents -- enforcing security policies, bridging communication protocols, and optimizing costs across your entire agent fleet. Together with the 16 agent types from previous versions, Neam now supports 19 distinct agent declarations.
SecuritySentinel Agent #
The securitysentinel agent continuously monitors all running agents for compliance with the OWASP ASI01-10 security controls you learned in Chapter 29. While guardchains protect individual agents at the request level, the SecuritySentinel watches behavioral patterns across the entire system -- detecting goal drift, anomalous tool usage, memory tampering, and unauthorized message flows.
Declaration #
budget SentinelBudget { cost: 100.00, tokens: 1000000 }
securitysentinel agent Sentinel {
provider: "openai",
model: "gpt-4o",
budget: SentinelBudget,
monitors: {
goal_integrity: { check: "per_phase", threshold: 0.75 },
tool_validation: { check: "per_call", block_invalid: true },
behavioral_anomaly: { check: "continuous", sigma: 3.0 },
memory_integrity: { check: "hourly" },
message_authentication: { check: "per_message" }
},
actions: {
on_anomaly: "alert_and_log",
on_critical: "kill_switch",
on_breach: "halt_all_and_escalate"
},
reporting: {
dashboard: true,
slack_alerts: "#security-ops",
compliance_report: "weekly"
}
}SecuritySentinel Fields #
| Field | Required | Description |
|---|---|---|
provider | Yes | LLM provider for anomaly analysis |
model | Yes | Model used for behavioral reasoning |
budget | Yes | Budget declaration for the sentinel's own LLM usage |
monitors | Yes | Which OWASP checks to run and at what frequency |
actions | Yes | Response actions for anomaly, critical, and breach events |
reporting | No | Dashboard, alerting, and compliance report configuration |
Monitor Types #
Each monitor maps to one or more OWASP ASI controls:
| Monitor | OWASP Control | Check Frequencies |
|---|---|---|
goal_integrity | ASI-01 (Unbounded Consumption) | "per_phase", "per_task", "continuous" |
tool_validation | ASI-04 (Insecure Tooling) | "per_call", "per_batch" |
behavioral_anomaly | ASI-09 (Improper Multi-Agent) | "continuous", "per_minute" |
memory_integrity | ASI-06 (Excessive Trust in Output) | "hourly", "per_session" |
message_authentication | ASI-10 (Misaligned Behaviors) | "per_message", "per_batch" |
Action Escalation #
Actions follow a severity ladder. When the sentinel detects an issue, it triggers the corresponding action:
"alert_and_log"-- Log the event and send a notification. The agent continues running."kill_switch"-- Immediately terminate the offending agent and log the event."halt_all_and_escalate"-- Stop all agents, freeze the system, and escalate to human operators.
ProtocolBridge Agent #
The protocolbridge agent secures interoperability between MCP (Model Context Protocol) servers and A2A (Agent-to-Agent) peers. It acts as a security-aware proxy that validates server identities, signs messages, enforces firewall rules, and prevents protocol-level attacks like shadow servers and replay attacks.
Declaration #
budget BridgeBudget { cost: 50.00, tokens: 500000 }
protocolbridge agent Bridge {
provider: "openai",
model: "gpt-4o",
budget: BridgeBudget,
protocols: {
mcp: {
servers: ["filesystem", "database", "web"],
security: {
verify_server_identity: true,
sign_messages: true,
block_shadow_servers: true,
tool_pinning: true
}
},
a2a: {
peers: ["external_agent_1", "partner_system"],
security: {
verify_agent_cards: true,
mutual_tls: true,
replay_protection: true
}
}
},
firewall: {
allowed_actions: ["read", "query"],
blocked_actions: ["delete", "admin"],
max_data_transfer: "10MB"
}
}ProtocolBridge Fields #
| Field | Required | Description |
|---|---|---|
provider | Yes | LLM provider for protocol reasoning |
model | Yes | Model used for message analysis and routing decisions |
budget | Yes | Budget declaration for the bridge's own LLM usage |
protocols | Yes | MCP and A2A protocol configurations with security settings |
firewall | No | Action-level allow/block lists and data transfer limits |
MCP Security Controls #
| Control | Description |
|---|---|
verify_server_identity | Authenticate MCP servers before allowing tool calls |
sign_messages | Cryptographically sign all messages to prevent tampering |
block_shadow_servers | Reject connections from unregistered MCP servers |
tool_pinning | Lock tool definitions to prevent tool-poisoning attacks |
A2A Security Controls #
| Control | Description |
|---|---|
verify_agent_cards | Validate A2A agent cards before establishing peer connections |
mutual_tls | Require mutual TLS for all inter-agent communication |
replay_protection | Detect and reject replayed messages using nonces and timestamps |
CostGuardian Agent #
The costguardian agent provides real-time cost tracking and optimization across your entire agent fleet. While the budget declaration enforces hard limits per agent, the CostGuardian watches spending patterns holistically -- automatically downgrading models when budgets run low, caching repeated queries, and alerting operators before costs spiral.
Declaration #
budget CostBudget { cost: 20.00, tokens: 200000 }
costguardian agent CostOps {
provider: "ollama",
model: "llama3:8b",
budget: CostBudget,
tracking: {
per_agent: true,
per_phase: true,
per_task: true,
per_model: true
},
optimization: {
model_downgrade: {
enabled: true,
condition: "budget_remaining < 20 percent",
from: "gpt-4o",
to: "gpt-4o-mini"
},
cache_responses: {
enabled: true,
ttl: "1h",
similarity_threshold: 0.95
}
},
alerts: {
budget_warning: 0.75,
budget_critical: 0.90,
daily_report: true
}
}CostGuardian Fields #
| Field | Required | Description |
|---|---|---|
provider | Yes | LLM provider (often a local model to minimize cost overhead) |
model | Yes | Model used for cost analysis and optimization decisions |
budget | Yes | Budget for the guardian's own operations |
tracking | Yes | Granularity of cost tracking dimensions |
optimization | No | Automatic cost-saving strategies (model downgrade, caching) |
alerts | No | Warning/critical thresholds and reporting schedule |
Optimization Strategies #
The CostGuardian supports two built-in optimization strategies:
- Model downgrade -- When the remaining budget drops below a threshold, the guardian automatically switches expensive models to cheaper alternatives. The
conditionfield uses a simple percentage expression. The switch is transparent to the calling agent. - Response caching -- Semantically similar queries are served from cache instead of making new LLM calls. The
similarity_thresholdcontrols how close a query must be to a cached one (0.95 = 95% similarity). Thettlsets how long cached responses remain valid.
All 19 Agent Types Together #
Neam v1.0 supports 19 distinct agent declarations spanning four release generations. Here is a program showing representatives from each generation coexisting in a single file:
budget B { cost: 10.00, tokens: 100000 }
// v0.6 stateless agent
agent Legacy { provider: "openai", model: "gpt-4o-mini", system: "helper", budget: B }
// v0.9 data agents
source S { type: "postgres", connection: "pg://localhost" }
sink K { type: "s3", connection: "s3://bucket/" }
data agent DA { provider: "openai", model: "gpt-4o-mini", sources: [S], sinks: [K] }
// v0.9 intelligence agents
datascientist agent DS { provider: "openai", model: "gpt-4o", budget: B }
causal agent CA { provider: "openai", model: "o3-mini", budget: B }
// v0.9.9 orchestrator
dio agent DIO { mode: "auto", task: "test all", provider: "openai", model: "gpt-4o", budget: B }
// v1.0 special agents
securitysentinel agent Sent { provider: "openai", model: "gpt-4o", budget: B, monitors: { all: true } }
protocolbridge agent Br { provider: "openai", model: "gpt-4o", budget: B, protocols: { mcp: true } }
costguardian agent CG { provider: "ollama", model: "llama3:8b", budget: B, tracking: { all: true } }
print("All agent types coexist");This demonstrates the key design principle behind Neam's agent system: every agent type is a first-class declaration. The compiler validates each one according to its own schema, and the VM instantiates them with type-specific runtime behavior. You can freely mix agent types within a single program, and the DIO orchestrator can coordinate across all of them.
For the complete 4-layer data intelligence architecture showing how these special agents integrate with the 14 specialist agents and DIO orchestrator, see The Intelligent Data Organization with Neam.