Agent-Native Pass (agent-as-actor)
wf2 reset after the agent-native audit — drops the egress-traffic lens and treats each agent as an actor (its process = the agent, each call = an action, allow/deny = authorization). All views render one model grounded in real app.qpoint.io fields. Spine: Roster, Tool & Model Use, Authorization & Guardrails.
Phase 2 — divergent wireframes exploring fixes to the wf1 agent-governance deficits.
Design Specs
Pages
wf2 spine — Agent Roster: every agent discovered from sourceExe + credential + pod context (enriched with the MCP registry); master-detail with an identity/tools/models/data-exposed/risk profile. Grounded in real telemetry fields.
wf2 spine — Tool & Model Use: every outbound call reframed as a tool/model invocation, classified (model/MCP/tool/internal/unapproved), by agent or by tool, with authorization + data-exposed per action.
wf2 spine — Action Authorization & Guardrails: default-stance, an agents × action-class matrix (used / unsanctioned / blocked), the @qpoint/* guardrail adapters and their coverage, and an unsanctioned-actions list.
wf2 (replaces audit-trail) — Activity Log: a feed of agent actions/decisions with a per-action detail panel; filter all/flagged/blocked. Each entry is an observed tool/model call.
wf2 (replaces data-flow) — Data Exposure: what sensitive data (qscan sensitiveDataType) agents put into their actions, classified by destination, with the flagged PII-to-unapproved-model case and a data-type breakdown.
wf2 (reframes agent-spend) — Spend: cost estimated from model-call tokens (not egress bytes), by agent and by model provider, flagging the unowned unchargeable agent and unapproved-provider spend.
wf2 (replaces posture-board + risk-report) — Risk & Posture: an agent-native posture index + five categories (Identity/Authorization/Data/Guardrail/Governed) and a findings register, computed from observed actions.